Having got basic Airgroup functionality up and running (can limit visibility based upon shared AP or AP group) I'm now wanting to control who can see/access what based upon a clearpass user role of some sort. Looking at the Aruba RADIUS VSA list I can see attributes such as
Aruba-Airgroup-Shared-Role
Aruba-Airgroup-Shared-User
Aruba-Airgroup-Shared-Group
and
Aruba-CPPM-Role
And some of them are used in the default Airgroup Shared device profile.
so I guess these are the ones I configure to pass info back to the controller.
Info on CPPM / Airgroup integration seems to be a bit sparse ( there's info on how to set up cppm guest to manage personal Airgroup access and how to define groups that a shared device is in,but not on how to set up shared airgroup access from the clearpass client device perspective, e.g.
If I set up an apple TV to be accessible by everyone in "Faculty of maths" when defining it in clearpass guest, hoe do I pass back info from clearpass to enable group access from the personal devicepoint of view?. Do I do it in a copy of [AirGroup Personal Device] profile and add a shared role that says "you can access everything shared in faculty of maths" I've seen a lot of pretty diagrams that show what you do logically, just not an actual real example of how to set it up.
Rgds
Alex