Wireless Access

Reply
Highlighted
Contributor II

Airgroup with Clearpass

Hi all,

 

I am planning to install the code 6.3 to enable airgroup.

 

We have 3 kinds of users in the network. Domain users, Onboarded BYOD's and Guest. I am allowing domain users to pass through core network. I have dedicated one port directly to core network to pass the traffic.

 

And for Onboarded devices and guest, they are completely isolated from network  and they assigned to one port which directly goes to firewall ( default gateway for BYOD'S and guests) and then internet.

 

Now if i want domain users, BYOD's and guest to access bonjour devices which i may place in BYOD subnet. Will all three kinds of users can access bonjour devices or else all three vlans should be able to communicate i mean inter vlan routing. Present situation , these three subnets cant reach each other.

 

 

 

Thanks

srikanth


Accepted Solutions
Highlighted
Moderator

Re: Airgroup with Clearpass

All AirGroup does is proxy and re-advertise the requests. The actual media traffic is unicast so if the Android device is in one segment of the network and the chromecast in another, they will need to be able to reach each other.


If this response is more than 1 year old, it may no longer be accurate. Please consult official Aruba documentation, TAC or your Aruba SE.

| Aruba Alumni | @timcappalli | timcappalli.me |

View solution in original post


All Replies
Highlighted
Moderator

Re: Airgroup with Clearpass

All AirGroup does is proxy and re-advertise the requests. The actual media traffic is unicast so if the Android device is in one segment of the network and the chromecast in another, they will need to be able to reach each other.


If this response is more than 1 year old, it may no longer be accurate. Please consult official Aruba documentation, TAC or your Aruba SE.

| Aruba Alumni | @timcappalli | timcappalli.me |

View solution in original post

Highlighted
Contributor II

Re: Airgroup with Clearpass

So they should be able to reach other.

 

So in my case, if i do routing between these 3 segments from firewall would be fine ri8.

 

Does NATing breaks air group requests or will it forward ??

 

Warm regards

srikanth

Highlighted
Moderator

Re: Airgroup with Clearpass

AirGroup does not work across NAT boundaries.


If this response is more than 1 year old, it may no longer be accurate. Please consult official Aruba documentation, TAC or your Aruba SE.

| Aruba Alumni | @timcappalli | timcappalli.me |

Highlighted
Contributor II

Re: Airgroup with Clearpass

U mean to say I can't route from firewall or I shoudnt do nating.

Highlighted
Moderator

Re: Airgroup with Clearpass

If you're doing NAT on the firewall, you joules be all set. You just can't cross NAT boundaries.


If this response is more than 1 year old, it may no longer be accurate. Please consult official Aruba documentation, TAC or your Aruba SE.

| Aruba Alumni | @timcappalli | timcappalli.me |

Highlighted
Contributor II

Re: Airgroup with Clearpass

I understood that airgroup does proxy for user requests and unicast responses.

 

Airgroup controller will discover all the devcies providing bonjour services.

If i am trying to find apple tv from ipad where this both in different vlans. So airgroup jus recieves the mdns query (ipad) and ipad will see the devices which are cached in airgroup table or else it will readvertise across all the vlans on the controller as L3 multicast to discover the bonjour devices.

 

Highlighted
Moderator

Re: Airgroup with Clearpass

At a high level, yes that's correct.


If this response is more than 1 year old, it may no longer be accurate. Please consult official Aruba documentation, TAC or your Aruba SE.

| Aruba Alumni | @timcappalli | timcappalli.me |

Highlighted
Contributor II

Re: Airgroup with Clearpass

And will it readvertise  from source ip(ipad) to 224.0.0.251 ??

 

 

So controller re advertises accross the vlans and gets MDNS responses for MDNS queries and converts them to unicast mdns response and directs to User who initiated MDNS query.

 

So in that case there is no intervlan routing happening. Controller jus recieving MDNS responses/queries and forwarding to user????

Highlighted
Moderator

Re: Airgroup with Clearpass

The controller actively searches for mDNS and SSDP services and/or listens for advertisements. The controller receives the advertisements and then based on rules and roles, the controller will send a new advertisement out the user VLAN.

The user subnet needs to be routable to the media server as the actual media transmission is unicast.


If this response is more than 1 year old, it may no longer be accurate. Please consult official Aruba documentation, TAC or your Aruba SE.

| Aruba Alumni | @timcappalli | timcappalli.me |

Search Airheads
cancel
Showing results for 
Search instead for 
Did you mean: