Security

Soon I'll be putting together an pretty big IAP cluster with Clearpass.  Airgroup will be enabled, but device registration won't be enforced.

 

Have been reading a lot of good info in various posts and guides, but a couple more things are still not clear to me.

 

• With respect to the location info, how is that worked out?  I see mention that it can use ap-name and ap-group to determine the nearest devices, but in a large IAP deployment, what is used then?  Can the new zones feature accomplish that?
• What about wired bonjour capable devices?  Is it just a case of allowing that vlan in the trunk port to the AP and then the wireless users can see them?

Thanks

Hi

Wondering if you came up with a solution for airgroup wired devices? Planning to tag all of our wired Vlans to the controller to bridge all the bonjour traffic. Is there a way set airgroup location info on a wired interface?

My question was around an IAP deployment.  In that case we are tunking the vlans to the Air Monitors.  Being plugged into different switches (buildings) with different vlans trunked to them should make it automagically know the location.....I hope.

 

For a controller though with all the vlans trunked to it, I'm not sure how it would deduce the location of the AppleTV.

 

Hopefully one of the Aruba guys can chime in with a suggestion.

Your only option would be to connect the devices wirelessly. ClearPass guest does not pull any information around tunnels and VLANs from the controllers.