Security

Hi,

 

I have a bit of a weird issue with AirGroup. Specifically with Google Chrome being able to cast.

 

I configured AirGroup on our IAP VC.

When AirGroup is configured without any integration to ClearPass

• Android devices, and Windows with Google Chrome can cast to the Chromecast device.
• I did a wireshark on the Windows device can see the MDNS queries going, and the response back with the PTR records for the Chromecast device.

When I turn on the integration to ClearPass

• The Windows device can no longer see the Chromecast device via Google Chrome.
• The Android devices can still cast.
• I did a wireshark on the Windows device and can see the MDNS queries going out, but there is no response.

In ClearPass, I have setup the following:

• The registration portal to register new devices in the Guest > Manage Devices.
• Added an AirGroup controller for my test AP and configure both the 5999 shared secret and SSH information.
• I have enabled the default AirGroup ClearPass services. These have no been modified in anyway as I honestly don't really understand what they enable me to do.
• For the registered device, I have tried defining filters and not defining filters. There appears to be zero impact whether a filter is defined or not. By filter I am referring to entries in the "Shared" sections of the registered device.
• From the ClearPass AirGroup controller section, I am able to query the IAP VC and retrieve the list of roles, but I do not see any IAPs or group listed (not sure if this is important or not).

On the IAP VC

• Under AirGroup > Chrome Cast device > Red pin for CPPM, I do not see any information from ClearPass. No device name, device-owner, shared location-id, etc.
• For both the user role and the device/Chromecast role I have set the rules to be "any any".
• I do have ARP filter turned
• I do not have inter user bridging turned on

IAP Firmed: 6.5.4.10

CPPM: 6.6.8

 

I do have a ticket open with TAC, but I have been on 3 calls with them totally close to 6 hours and we are still no closer to a resolution.

 

Curious if anyone has run into any issues with using the Cast feature from Google Chrome on Windows when the IAP VC is integrated with ClearPass?

 

Cheers

Do you have the same level of access for the windows device/user in ClearPass?
How is the chromecast device registered ? Personal , Shared ?

Sent from Mail for Windows 10

---

@Victor Fabian wrote:
Do you have the same level of access for the windows device/user in ClearPass?
How is the chromecast device registered ? Personal , Shared ?

Sent from Mail for Windows 10

---

Do you have the same level of access for the windows device/user in ClearPass?

• I am not entirely sure I understand why you mean by this. Are you referring to the roles I would be passing back to the Windows device after it authenticates via ClearPass?
• I also currently not differentiating between Android and Windows devices in terms of access to the Chromecast device. Things are basically "completely open" at the moment for testing purposes since I have never used AirGroup before.

The Chromecast device is set as a shared device.

 

One other thing that may be important, which I forgot to mention. I am using our Guest network configured with MAC Caching to push the Chromecast into an alternate VLAN and user role. As I understand, this is fairly common.

Figured out what the issue was.

The password for the "shared secret" in the AirGroup Controller configuration section in ClearPass was wrong :(

Instead of typing it out, I copied and pasted it, shortly after that everything started working!

 

Completely myself, should have been the first thing I checked.

To troubleshoot this in the future, you can use the Application Log in the under Administration > Support > Application Log. If you try and make an update to a registered device, the log will produce an error saying that the CoA failed back to the controller.