The easier solution is to turn off Bluetooth on the Apple TV. 
Of course, this will not work if you are using a Bluetooth keyboard with the 
Apple TV.

Bruce Osborne
Network Engineer - Wireless Team
IT Network Services

(434) 592-4229

LIBERTY UNIVERSITY
Training Champions for Christ since 1971

-----Original Message-----
From: Jason Watts [mailto:[email protected]] 
Sent: Tuesday, March 18, 2014 2:07 PM
Subject: Re: Discover Apple TV over Bluetooth

Tim,

That seems fairly clean based on the fact that the user authentication is done 
at the AP and isn't needed past that.

Does the way Airgroup works make this automatically apply to people locating 
the ATV via Bluetooth, as in, does the Airgroup policy or control automatically 
filter all traffic to devices for which a user is not authorized? Or does it 
just prevent the client from getting service announcements from the serving 
device?

BTW, I'm realizing as I think this through that as long as you have a way to 
apply ACLs separately to students/faculty/staff and you keep your ATVs in a 
specific VLAN from which student, but not faculty traffic, is blocked then the 
point about authenticating at the ATV is moot.

Even if they can "see" it with Bluetooth if you position the ATVs out of 
student reach on the network then you have no issue.


-- 
Jason Watts
Pratt Institute, Academic Computing
Senior Network Administrator


Tim Cappalli wrote:
> We're doing this with AirGroup.
>
>
> Tim Cappalli  | CWNA / ACCP / ACMP / CCNA
> Mobility Engineer  |  Brandeis University
> [email protected] | (617) 701-7149
> @tcappy0707 | linkedin.com/in/timcappalli/
>
> -----Original Message-----
> From: The EDUCAUSE Wireless Issues Constituent Group Listserv
> [mailto:[email protected]] On Behalf Of Dan Brisson
> Sent: Tuesday, March 18, 2014 1:49 PM
> To: [email protected]
> Subject: Re: [WIRELESS-LAN] Discover Apple TV over Bluetooth
>
> While I agree that Radius authentication would be a nice option, getting
> Apple to add an enterprise feature like that is probably pushing it for a
> "consumer" device.  I'm just happy they added in Enterprise 802.1x for
> wireless.
>
> :)
>
> -dan
>
>
> Dan Brisson
> Network Engineer
> University of Vermont
>
> On 3/18/14, 11:44 AM, Jason Watts wrote:
>> I don't know if it's the feature Tony mentions but there is a PIN
>> feature that is essentially like an OTP that can be used as a barrier
>> to entry.
>>
>> When Airplay is started the ATV displays the PIN on screen and it must
>> be entered at the device before connecting. I believe it changes each
>> time.
>>
>> Only issue is that it displays on the screen. If you have a fast
>> student with mischief on their mind then I suppose it is still a
> problem.
>>
>> For the record, I agree, having the Airplay service be able to be
>> authenticated against Radius or the like would be ideal so that only
>> certain user roles could connect to certain ATVs.
>>
>
> **********
> Participation and subscription information for this EDUCAUSE Constituent
> Group discussion list can be found at http://www.educause.edu/groups/.
>
> **********
> Participation and subscription information for this EDUCAUSE Constituent 
> Group discussion list can be found at http://www.educause.edu/groups/.
>

**********
Participation and subscription information for this EDUCAUSE Constituent Group 
discussion list can be found at http://www.educause.edu/groups/.

**********
Participation and subscription information for this EDUCAUSE Constituent Group 
discussion list can be found at http://www.educause.edu/groups/.

Reply via email to