RE: [WIRELESS-LAN] support of L2 peering devices?

[Cappalli, Tim (Aruba)]

Policy based on AirGroup authorizations from ClearPass.

 

If I have a Chromecast/AppleTV/whatever on subnet A, when that device 
authenticates to the network, the controller will send an AirGroup 
Authorization Request to ClearPass. ClearPass will return sharing properties of 
the device (personal vs shared and who it should be shared with, ap group 
restrictions, time restrictions etc). At that point, the device is placed into 
the AirGroup table on the controller.

 

When my client device in subnet B does a discover for services, any service 
advertisements that I’m allowed to see (based on the policy from ClearPass) 
will be send out onto subnet B by the controller. 

 

Note that policy via ClearPass is not required, but recommended.

 

From: The EDUCAUSE Wireless Issues Constituent Group Listserv 
[mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Tim Tyler
Sent: Wednesday, November 30, 2016 11:20
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: Re: [WIRELESS-LAN] support of L2 peering devices?

 

Tim,

  “subnet based on policy”?  I have a pool of 6 vlans of which devices get 
randomly assigned to one of the 6 subnets.   How does Airgoup know which 
subnets the two pairing devices are in?  I thought it required a broadcast to 
find each other.  I would think that would require a broadcast going out to all 
6 vlans.    I am not quite sure what you mean by “policy”.   

  I should note that all Bonjour devices work fine.  I just can’t get 
Chromecast and other peering devices to work.  And I have enabled just about 
everything under AirGroup at one point or another.  If Chromecast should peer 
across multiple vlan (subnets), then I may need to contact tech support again.  
 I keep wondering what I am missing. 

 Tim

 

From: The EDUCAUSE Wireless Issues Constituent Group Listserv 
[mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU 
<mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU> ] On Behalf Of Cappalli, Tim (Aruba)
Sent: Wednesday, November 30, 2016 9:43 AM
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU 
<mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU> 
Subject: Re: [WIRELESS-LAN] support of L2 peering devices?

 

Yes, AirGroup sends the mDNS or SSDP advertisement out onto the subnet where 
the user is based on policy.

 

 

From: The EDUCAUSE Wireless Issues Constituent Group Listserv 
[mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Tim Tyler
Sent: Wednesday, November 30, 2016 10:32
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU 
<mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU> 
Subject: Re: [WIRELESS-LAN] support of L2 peering devices?

 

Tim,

So even if the two peering devices are on two different subnets, it should 
still work?  

Tim

 

From: The EDUCAUSE Wireless Issues Constituent Group Listserv 
[mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU 
<mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU> ] On Behalf Of Cappalli, Tim (Aruba)
Sent: Wednesday, November 30, 2016 8:41 AM
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU 
<mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU> 
Subject: Re: [WIRELESS-LAN] support of L2 peering devices?

 

Tim,

 

Chromecast will work with the AirGroup service Googlecast enabled and with drop 
broadcast/multicast enabled on the VAP.

 

This can work in large subnets or multiple smaller subnets.

 

Tim

Aruba ClearPass Team

 

From: The EDUCAUSE Wireless Issues Constituent Group Listserv 
[mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Tim Tyler
Sent: Wednesday, November 30, 2016 09:38
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU 
<mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU> 
Subject: Re: [WIRELESS-LAN] support of L2 peering devices?

 

Jon

   We do have the AirGroup functionality enabled.  But I also have a pool of 6 
/23 vlans.  So my first question is did you set up an independent SSID for L2 
devices to register?   Did you use one vlan (subnet)?  What size?   I am 
curious about the details to allow broadcast, but I am guessing I can ask that 
of an Aruba engineer if I need.  The ability to allow broadcast seems critical 
to getting Chromecast to work.

Tim

 

From: The EDUCAUSE Wireless Issues Constituent Group Listserv 
[mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU 
<mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU> ] On Behalf Of Jonathan Miller
Sent: Wednesday, November 30, 2016 8:27 AM
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU 
<mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU> 
Subject: Re: [WIRELESS-LAN] support of L2 peering devices?

 

Tim,

 

The AirGroup functionality in Aruba ClearPass is probably what you're looking 
for.  You can set it up so that when students register their devices, they can 
choose whether those devices are allowed to use broadcast/multicast to talk to 
their other devices, or even allow sharing to other users (potentially, 
depending on your setup).

 

We've seen it work fairly well, although sometimes a chromecast or something 
will freak out and lose connectivity briefly with devices that it's supposed to 
be allowed to talk to.

 

Jon Miller

Network Analyst

Franklin and Marshall College





Jonathan Miller

Network Analyst

Franklin and Marshall College

 

On Wed, Nov 30, 2016 at 9:22 AM, Tim Tyler <ty...@beloit.edu 
<mailto:ty...@beloit.edu> > wrote:

 

Wireless Lan members,

We use Aruba Networks for our wireless solution and we do have many L2 devices 
working that leverage Bonjour, etc.  We simply do mac address authentication 
for them.   Most L2 devices work fine.    My big goal is to find out the 
different methods that some of you might be using to support the most difficult 
L2 devices such as Chromecast, Sonos speakers, and other L2 devices that need 
to peer with another device in order to work.   These type of devices 
ultimately need to broadcast to see each other.  Chromecast generally needs to 
broadcast to the phone app so that the phone app can see it and establish a 
connection with one another.   If you create another SSID for it, what are the 
key factors in making it work?

Back in the earlier Fall, a number of you stated that you were using /16 
subnets or very large subnets so that you only needed one subnet for your 
residential wireless network.   So the question I have is did you do this to 
better support L2 devices?   If so, do you allow broadcasts on your large 
wireless subnet or did you simply do one /16 subnet to simplify the 
administration of your wireless network?

Bottom line, how are some of you supporting L2 devices that allow Chromecast 
and other peering L2 devices to work?

 

 

Tim Tyler

Network Engineer

Beloit College

 

********** Participation and subscription information for this EDUCAUSE 
Constituent Group discussion list can be found at 
http://www.educause.edu/groups/. 

 

********** Participation and subscription information for this EDUCAUSE 
Constituent Group discussion list can be found at 
http://www.educause.edu/groups/. 

********** Participation and subscription information for this EDUCAUSE 
Constituent Group discussion list can be found at 
http://www.educause.edu/groups/. 

********** Participation and subscription information for this EDUCAUSE 
Constituent Group discussion list can be found at 
http://www.educause.edu/groups/. 

********** Participation and subscription information for this EDUCAUSE 
Constituent Group discussion list can be found at 
http://www.educause.edu/groups/. 

********** Participation and subscription information for this EDUCAUSE 
Constituent Group discussion list can be found at 
http://www.educause.edu/groups/. 

********** Participation and subscription information for this EDUCAUSE 
Constituent Group discussion list can be found at 
http://www.educause.edu/groups/. 


**********
Participation and subscription information for this EDUCAUSE Constituent Group 
discussion list can be found at http://www.educause.edu/groups/.

smime.p7s
Description: S/MIME cryptographic signature