Occasional Contributor I

Public IP's in User Table After Making Port-Channel Untrusted



I want to be able to allow wired users to AirPlay to Apple TV's on the network using AirGroup.  Used to be able to do this easily before  After, wireless user are still able to AirPlay without issues but wired users are not.  TAC informed me that I need to make the physical port untrusted in order for the users from the wired side to be added to the user table.  I have one port-channel trunk connected to our core from the controller.  Currently running The following config is what I have:


interface port-channel x

no trusted

trusted vlan x,y,z
switchport mode trunk
switchport trunk allowed vlan x,y,z

user-role test_wired

 access-list session global-sacl

 access-list session apprf-test_wired-sacl

 access-list session allowall


aaa profile test_wired

   initial-role test_wired

   mac-default-role test_wired

   dot1x-default-role test_wired


aaa authentication wired

   profile test_wired


This allowed wired users to populate the user table and show up in the AirGroup user table but also added every website's public address, internal users accessed, to the user table also.


Does anyone know a better way of doing this?

Guru Elite

Re: Public IP's in User Table After Making Port-Channel Untrusted

| Tim Cappalli | Aruba Security | @timcappalli | |

NOTE: Answers and views expressed by me on this forum are my own and not necessarily the position of Aruba or Hewlett Packard Enterprise.
Search Airheads
Showing results for 
Search instead for 
Did you mean: