Security

last person joined: 23 hours ago 

Forum to discuss Enterprise security using HPE Aruba Networking NAC solutions (ClearPass), Introspect, VIA, 360 Security Exchange, Extensions, and Policy Enforcement Firewall (PEF).
Back to discussions
Expand all | Collapse all

Unpredictable Airgroup Behavior

This thread has been viewed 0 times

  • 1.  Unpredictable Airgroup Behavior

    Posted Nov 23, 2016 10:34 AM

    We're in the process of configuring our infrastructure for Airgroup functionality and finding very inconsistent and unpredictable behavior when making changes. Our current testing has been exclusively with an Apple TV device and a device added in guest manager. When the device is set to "personal", multiple people are able to see and mirror to the device - that doesn't seem to be the appropriate behavior.

     

    Changing to "shared" and sharing with various users does not produce consistent results. At certain instances the device is not viewable by anyone while at other times the device is viewable by everyone, including those not specifically listed in the shared users list.

     

    I'm wondering if anyone has experienced this inconsistent behavior - I'm sure we're missing something either in policy or the controller, but I'm stumped!



  • 2.  RE: Unpredictable Airgroup Behavior

    EMPLOYEE
    Posted Nov 23, 2016 10:40 AM
    What authentication method is in use on your internal SSID?

    What controller code are you running?

    Are you seeing AirGroup Authorization messages in ClearPass?

    Are you seeing the sharing information in "show airgroup cppm entries"?


  • 3.  RE: Unpredictable Airgroup Behavior

    Posted Nov 23, 2016 10:45 AM

    Hello Tim,

     

    For media devices such as these we're using MAC authentication. I can see the device in Clearpass with the correct airgroup setting - sharing enabled, the list of users, etc. as well as the Airgroup Authorization messages. If I force a Radius CoA on the device the information is correctly reflected in Access Tracker. Controllers are running 6.4.4.9.



  • 4.  RE: Unpredictable Airgroup Behavior

    EMPLOYEE
    Posted Nov 23, 2016 10:49 AM
    The network where your users are, what authentication method is in use?

    Are you seeing the sharing information in "show airgroup cppm entries"?


  • 5.  RE: Unpredictable Airgroup Behavior

    Posted Nov 23, 2016 10:51 AM

    MAC authentication as well as 802.1x EAP-TLS and EAP-PEAP.

     

    Yes - I can see the device running that command on the controller.



  • 6.  RE: Unpredictable Airgroup Behavior

    Posted Dec 06, 2016 06:32 PM

    One thing that helped our AppleTV's was limiting them to the local AP.

     

    The setting is in Airgroup on the controller. Click a device then under 'associate with server' choose the AP name.

     

    Not sure if that is a complete solution but it sure went a long way towards stabilizing AirPlay in my environment.

     

    PS- If I had a choice I would never do AppleTV in an enterprise network. They are made for home enviroments and they do not play nicely on complex networks.

     

     

     

     

     

     



  • 7.  RE: Unpredictable Airgroup Behavior

    Posted Dec 06, 2016 06:34 PM

    Also, in old code we had issues with the mDNS process crashing on the controller. ATV uses mDNS for discovery. Seems to be stable in newer versions of code.