Contributor I

AirPlay with AirGroup for Guests



we are already using AirGroup an AirPlay in our environment but now we have the special requirement that guests should be able to connect to our Apple TV boxes in the conference rooms.


The Guests are usually separated into there own VLAN 98 going out to one interface of the 650 controller to the internet uplink.

The Apple TV resides in the VLAN 100. Firewall Rules explicitly deny all traffic from guest nets to the internal networks. Additionally I always disable "inter vlan routing" and enable "inter user bridging" and "inter user traffic".


The point is that I'm only able to see AirGroup users from the VLAN 100 if I do a "show airgroup users" and no client (like iPad) from the VLAN 98. But if I do a "show airgroup vlan" I can see that air group is enabled for all VLANs. Why?


And generally: Is AirGroup a "secure" solution to give Guests Access to the Apple TV? Or is it more a way to allow Bonjour accross different subnetworks...?


Thanks in advance,





Guru Elite

Re: AirPlay with AirGroup for Guests

Utimately, what you allow from a protocol and firewall perspective will dictate your security posture.  Airgroup is not a security mechanism and anyone that you don't want talking across VLANs with certain protocols, you should block.  Airgroup does not violate security policy but ensures that users who would not normally see bonjour devices across subnets will then be able to.  if you have port udp 5353 blocked, they will not be able to see regardless.


*Answers and views expressed by me on this forum are my own and not necessarily the position of Aruba Networks or Hewlett Packard Enterprise.*
ArubaOS 8.3 User Guide
InstantOS 8.3 User Guide
Airheads Knowledgebase
Airheads Learning Videos
Search Airheads
Showing results for 
Search instead for 
Did you mean: