Clearpass 6.7.0 / AOS 8.3.0
I believe I have AOS / Airgroup setup correctly:
Configured under managed node (contains two clustered controllers)
Distributed mode, RFC 3576 / AAA servers pointing to CPPM. Default-allowall service. Forced Registration is enabled.
I see the CPPM entries and appropriate servers and users in the various Airgroup diag commands.
CPPM: I enabled Airgroup service, I see successful requests coming across. I added the particular device to test with (as admin). I shared it with a user that is not logged on anywhere on the network.
1. I logged into the network as a different .1X user. I can still see every mDNS device. (even when force registration is on) including the one that I registered.
2. Logging into the .1X network with the user I shared the device, I can see every device.
It was my understanding that if I enable "AirGroup server enforce registration", then no devices should be visible to anyone.. It's like the controllers are 'viewing' the requests, but are not enforcing anything.