1027| AirGroup AOS-W 6.5.3.x| User Guide
If an AirGroup server is not registered on a CPPM server, by default, the server will be visible to all AirGroup
users. The administrator must register an AirGroup server to allow or disallow this server from being visible to
specific AirGroup users.
The following procedure registers an AirGroup server on a CPPM server:
In the WebUI
To configure using the switch WebUI:
1. Navigate to Configuration > Advanced Services > AirGroup.
2. Select the AirGroup Settings tab.
3. Under Global Setting > AirGroup CPPM enforce registration, select Enabled from the drop-down list.
4. Click Apply.
In the CLI
Use the following command to force AirGroup servers to register with CPPM. This option is disabled by default:
(host) (config) #airgroup cppm-server enforce-registration
To verify the CPPM Registration Enforcement status, use the following command:
(host) #show airgroup status
For more information, see AOS-W 6.4 Command-Line Interface Reference Guide.
Group-Based Device Sharing
AOS-W 6.5.3.x AirGroup supports sharing AirGroup devices such as AppleTV, Printer, and so on to a User
Group using CPPM. This is an add-on to the existing device sharing mechanisms such as username, user-role,
and location based device sharing. A User Group is a logical association of users.
A user can be a part of groups that are defined in Active Directory. User group attribute for each user in a
switch is learnt, when a user is associated to wireless network. In AOS-W, this is initially learnt in auth module
(authentication process). Auth module sends RADIUS request to RADIUS server as a part of 802.1X
authentication and the RADIUS server fetches the user group attribute in the form of vendor specific attribute
(VSA) from the Active Directory. Subsequently, AirGroup obtains this information from Auth module. This is
similar to user’s role, however, a user can be a part of more than one groups.
When AirGroup learns about a new device, it interacts with ClearPass Guest to obtain the shared attributes.
The shared group(s) attribute is also obtained along with the following attributes:
n Device owner
n Shared location(s)
n Shared user(s)
n Shared role(s)
The group based device sharing feature is supported in CPPM 6.3 and higher versions.
A user can be a part of maximum 32 user groups. This needs to be defined as comma separated string in Active
directory. Each group name can contain a maximum of 63 characters and the entire group name strings cannot
exceed 320 characters.
The AirGroup policy engine is enhanced to compare the user’s group membership (obtained using auth
module) and shared groups to determine if a user can discover the specific AirGroup server or not.
To Next Page
Loading...