Security

Reply
Highlighted
MVP

AirGroup and Google Chrome Cast

Hi,

 

I have a bit of a weird issue with AirGroup. Specifically with Google Chrome being able to cast.

 

I configured AirGroup on our IAP VC.

When AirGroup is configured without any integration to ClearPass

  • Android devices, and Windows with Google Chrome can cast to the Chromecast device.
  • I did a wireshark on the Windows device can see the MDNS queries going, and the response back with the PTR records for the Chromecast device.

When I turn on the integration to ClearPass

  • The Windows device can no longer see the Chromecast device via Google Chrome.
  • The Android devices can still cast.
  • I did a wireshark on the Windows device and can see the MDNS queries going out, but there is no response.

In ClearPass, I have setup the following:

  • The registration portal to register new devices in the Guest > Manage Devices.
  • Added an AirGroup controller for my test AP and configure both the 5999 shared secret and SSH information.
  • I have enabled the default AirGroup ClearPass services. These have no been modified in anyway as I honestly don't really understand what they enable me to do.
  • For the registered device, I have tried defining filters and not defining filters. There appears to be zero impact whether a filter is defined or not. By filter I am referring to entries in the "Shared" sections of the registered device.
  • From the ClearPass AirGroup controller section, I am able to query the IAP VC and retrieve the list of roles, but I do not see any IAPs or group listed (not sure if this is important or not).

On the IAP VC

  • Under AirGroup > Chrome Cast device > Red pin for CPPM, I do not see any information from ClearPass. No device name, device-owner, shared location-id, etc.
  • For both the user role and the device/Chromecast role I have set the rules to be "any any".
  • I do have ARP filter turned
  • I do not have inter user bridging turned on

IAP Firmed: 6.5.4.10

CPPM: 6.6.8

 

I do have a ticket open with TAC, but I have been on 3 calls with them totally close to 6 hours and we are still no closer to a resolution.

 

Curious if anyone has run into any issues with using the Cast feature from Google Chrome on Windows when the IAP VC is integrated with ClearPass?

 

Cheers

MVP Guru

Re: AirGroup and Google Chrome Cast

Do you have the same level of access for the windows device/user in ClearPass?
How is the chromecast device registered ? Personal , Shared ?

Sent from Mail for Windows 10
Thank you

Victor Fabian
Lead Mobility Architect @WEI
AMFX | ACMX | ACDX | ACCX | CWAP | CWDP | CWNA
MVP

Re: AirGroup and Google Chrome Cast


@Victor Fabian wrote:
Do you have the same level of access for the windows device/user in ClearPass?
How is the chromecast device registered ? Personal , Shared ?

Sent from Mail for Windows 10

Do you have the same level of access for the windows device/user in ClearPass?

  • I am not entirely sure I understand why you mean by this. Are you referring to the roles I would be passing back to the Windows device after it authenticates via ClearPass?
  • I also currently not differentiating between Android and Windows devices in terms of access to the Chromecast device. Things are basically "completely open" at the moment for testing purposes since I have never used AirGroup before.

The Chromecast device is set as a shared device.

 

One other thing that may be important, which I forgot to mention. I am using our Guest network configured with MAC Caching to push the Chromecast into an alternate VLAN and user role. As I understand, this is fairly common.

MVP

Re: AirGroup and Google Chrome Cast

Figured out what the issue was.

The password for the "shared secret" in the AirGroup Controller configuration section in ClearPass was wrong :(

Instead of typing it out, I copied and pasted it, shortly after that everything started working!

 

Completely myself, should have been the first thing I checked.

To troubleshoot this in the future, you can use the Application Log in the under Administration > Support > Application Log. If you try and make an update to a registered device, the log will produce an error saying that the CoA failed back to the controller.

Search Airheads
cancel
Showing results for 
Search instead for 
Did you mean: