Fabrice,
Thank you for your detailed reply.
I'm a bit distracted by other things at the moment, so I'm not 100% sure I
understand, but:
1. As far as I know, Aruba Airgroup without Clearpass doesn't allow
assigning roles to air groups. You can disallow roles, and disallow vlans, but
I don't see a way to assign roles. So I guess we would just have to disallow
lots of roles. We're running AOS 6.3.1 at the moment.
2. The number of projectors a user would see in Bonjour/Airplay is
controlled by the number of projector roles, yes?
3. You say "the role for the new access point" - do you mean projector?
I should also mention that our network is flat – vlans (and roles) are not
location/building based. But I suppose there's no reason we couldn't have
projector vlans based on building. Also, our projectors are all hard wired to
our Juniper EX4200 switches, which PF now supports more completely, it seems
I also haven't seen Clearpass myself, so I don't know how its configuration
works.
One other feature we are interested in, but I think isn't critical is
Clearpass's portal giving users the ability to add people to their local
airgroup. We are a boarding school, so this would allow a student to include
friends adhoc to a local bonjour group.
We'll keep looking at your layout, but at this point, I believe the decision is
out of my hands. I did post a question about this some months ago, but didn't
receive this sort of feedback. I may not have explained myself very well.
Thank you again,
Tim
From: Fabrice DURAND <[email protected]<mailto:[email protected]>>
Reply-To:
<[email protected]<mailto:[email protected]>>
Date: Wed, 7 May 2014 15:37:37 -0400
To:
<[email protected]<mailto:[email protected]>>
Subject: Re: [PacketFence-users] [PacketFence-announce] ANN: PacketFence 4.2.0
released
Hi,
I understand what you mean but i don´t understand why you think packetfence
can´t do it.
Let me explain a simple case.
First i create 2 roles in the controller, the first one "Project_Bat1_Class1"
with vlan id 10, the second one is "Student_Bat1_Class1" with the vlan id 20.
These 2 roles are in the airgroup Bonjour_Bat1_class1.
So i am in the Building 1, i have a projector in the class 1, the projector has
a role "Projector" in PacketFence.
I am a student with my ipad and i have been register as a student in
PacketFence with the role "Student".
The access point configuration for the class 1 in PacketFence has been
configured like that:
ROLE MAPPING BY SWITCH ROLE:
Projector => Project_Bat1_Class1
Student => Student_Bat1_Class1
So because the 2 devices are in the same airgroup they are able to communicate
with bonjour.
If the student leave the building 1 to go in the building 2 then his role in
packetfence will stay "Student" but the role for the new access point will be
Student_Bat1_ClassX wish is not in the airgroup Bonjour_Bat1_class1.
Regards
Fabrice
Le 2014-05-07 12:12, Palmer, Tim a écrit :
Thanks Jason, that's a clearer answer than I was writing.
Clearpass isn't just an mDNS reflector like avahi, its actual policy based
control of mDNS/Bonjour devices. I believe it involves active manipulation
of the AP configurations, not just controller based - it would have to
since you can limit what devices a user sees, based on location as well as
role. Or at least that what my boss was sold on.
The core problem for us is to allow idiot resistant, cross platform
wireless screen sharing between projectors and laptops. AppleTVs with a
third party app for Windows machines does this, but uses bonjour which of
course should have no place on a non-home network. We haven't found
anything else that works as well.
Tim
On 5/7/14 11:44 AM, "Jason Frisvold"
<[email protected]><mailto:[email protected]> wrote:
Fabrice DURAND wrote:
Hello Tim,
just to know , what Clearpass can do more than PacketFence ?
Aruba has a feature called airgroup. Basically, it's a way of handling
Bonjour over wireless. Clearpass adds the ability to create groups of
devices and users rather than having it all wide open to anyone on the
VLAN.
I'm being pressured somewhat to look into this as well, but I'm hoping
to be able to build something into Packetfence to deal with this instead
of moving to Clearpass. It's expensive and proprietary, and doesn't
have all the features that Packetfence does.
Regards
Fabrice
------------------------------------------------------------------------------
Is your legacy SCM system holding you back? Join Perforce May 7 to find out:
• 3 signs your SCM is hindering your productivity
• Requirements for releasing software faster
• Expert tips and advice for migrating your SCM now
http://p.sf.net/sfu/perforce
_______________________________________________
PacketFence-users mailing list
[email protected]<mailto:[email protected]>https://lists.sourceforge.net/lists/listinfo/packetfence-users
--
Fabrice Durand
[email protected]<mailto:[email protected]> :: +1.514.447.4918 (x135) ::
www.inverse.ca<http://www.inverse.ca>
Inverse inc. :: Leaders behind SOGo (http://www.sogo.nu) and PacketFence
(http://packetfence.org)
------------------------------------------------------------------------------
Is your legacy SCM system holding you back? Join Perforce May 7 to find out: •
3 signs your SCM is hindering your productivity • Requirements for releasing
software faster • Expert tips and advice for migrating your SCM now
http://p.sf.net/sfu/perforce_______________________________________________
PacketFence-users mailing list
[email protected]<mailto:[email protected]>
https://lists.sourceforge.net/lists/listinfo/packetfence-users
------------------------------------------------------------------------------
Is your legacy SCM system holding you back? Join Perforce May 7 to find out:
• 3 signs your SCM is hindering your productivity
• Requirements for releasing software faster
• Expert tips and advice for migrating your SCM now
http://p.sf.net/sfu/perforce
_______________________________________________
PacketFence-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/packetfence-users
