Post on 08-Jan-2017
HOW AIRGROUP SERVICE WORKS IN ARUBA INSTANT APTechnical Climb Webinar10:00 GMT | 11:00 CET | 13:00 GSTJuly 26th, 2016Presenter: Barath Srinivasan
barath.srinivasan@hpe.com
2
Welcome to the Technical Climb Webinar
Listen to this webinar using the computer audio broadcasting or dial in by phone.
The dial in number can be found in the audio panel, click additional numbers to view local dial in numbers.
If you experience any difficulties accessing the webinar contact ususing the questions panel.
3
Housekeeping
Thiswebinarwillberecorded
Alllineswillbemutedduringthewebinar
Howcanyouaskquestions?Usethequestionpanelonyourscreen
TherecordedpresentationwillbepostedonAirheadsCommunity(http://community.arubanetworks.com/)
WHAT IS AIRGROUP FEATURE?
How is Airgroup implemented in Aruba?
5
Introduction: Airgroup
AirGroupisauniqueenterprise-classcapabilitythatleverageszeroconfigurationnetworkingtoenableBonjour®serviceslikeApple®AirPrintandAirPlayfrommobiledevicesinanefficientmanner
AirGroupsolutionsupportsbothwiredandwirelessdevices.WireddeviceswhichsupporttheBonjourservicesaremadepartoftheAirGroupwhentheVLANsofthedevicesareterminatedontheVirtualController.
6
Airgroup and Aruba Clearpass
AirGroupalsosupportsArubaClearPassPolicyManager(CPPM).
WithArubaCPPM:
• Users,suchasstudentsindormroomscanregistertheirpersonaldevicesanddefineagroupofuserswhoareallowedtosharetheusers’registereddevices.
• Administratorscanregisterandmanageanorganization'sshareddeviceslikeprintersandconferenceroomAppleTVs.Anadministratorcangrantglobalaccesstoeachdevice,orrestrictaccessaccordingtotheusername,role,oruserlocation.
7
Airgroup Architecture at a glance
Thedistibuted AirGrouparchitectureallowseachIAPtohandleBonjourqueriesandresponsesindividuallyinsteadofoverloadingaVirtualcontrollerwiththesetasks.ThisresultsinascalableAirGroupsolution.
8
How does Airgroup work?
AirGroupfunctionalityisdescribedinthestepsbelow.ThisflowoccurswhenanArubaWLANispoweredbyanArubaInstantandClearPassPolicyManager.Adevicecanberegisteredbyanadministratororaguestuser.
1. TheAirGroupadministratorgivesanendusertheAirGroupoperatorrolewhichauthorizestheusertoregistertheusersdevice—suchasanAppleTVontheClearPassPolicyManagerplatform.
2. ArubaInstantmaintainsstateinformationforallmDNSservices.ArubaInstantqueriesClearPassPolicyManagertomapeachdevice’saccessprivilegestoavailableservices.
3. ArubaInstantrespondsbacktothequerymadebyadevicebasedoncontextualdata– userrole,username,andlocation.
9
Use case scenario: Airgroup in Enterprise IAP WLAN
10
Features of Airgroup
• AirGroupsendsunicastresponsestomDNSqueriesandreducesmDNStrafficfootprint.
• Ensurecross-VLANvisibilityandavailabilityofmDNSdevicesandservices.
• AlloworblockmDNSservicesforallusers.
• AlloworblockmDNSservicesbasedonuserroles.
• AlloworblockmDNSservicesbasedonVLANs.
• Matchusers’devices,suchasiPads,totheirclosestBonjourdevices,suchasprinters.ThisrequiresCPPMsupport.
11
Clearpass related Airgroup features
• RegistrationportalforWLANuserstoregistertheirpersonaldevices,suchasAppleTVsandprinters.
• RegistrationportalforWLANadministratorstoregistershareddevices,suchasconferenceroomAppleTVsandprinters.
• Operator-defined“personalAirGroups”tospecifyalistofotheruserswhocansharedeviceswiththeoperator.
• Administratordefinedusername,userrole,andlocationattributesforshareddevices.
12
The overall Airgroup Solution
ThecomponentsthatmakeuptheAirGroupSolutionincludetheArubaInstant,ClearPassPolicyManager,andClearPassGuest.
13
Configuring Airgroup on Aruba Instant
ConfiguringAirGroupanditsservicerequiresthatyouenabletheAirGroupfeature.IAPAirGroupsupportstwodefaultservicesi.e.AirPlayandAirPrint.
AsthefirststepinconfiguringAirGroupservices,youmustenableAirGroupintheInstantUI.1. GotoSettings >AirGroup toenablethisfeature.2. SelectEnableAirGroup toviewtheAirGroupSettings.Instantsupportstwotypesdeploymentmodels:• IntraCluster• InterClusterIntheIntraClustermodel,theIAPdoesnotsharethemDNSdatabaseinformationwiththeotherclusters.IntheInterClustermodel,theIAPsharesthemDNSdatabaseinformationwiththeotherclusters.
14
Enabling Airgroup across mobility domains
Enable Air Group across mobility domains—
Select Enable Air Group across mobility domains to enable Inter cluster.
NOTE: By default, this feature is disabled.
Navigate to L3 Mobility tab of Settings to define a set of clusters.
15
Enabling Air Print and Air Play
EnableAirPrint—Whenenabled,thefollowingtwooptionsaremadeavailable:
• AirPrintdisallowedroles— ClientswiththeseroleswillnothaveaccesstoAirPrintdevices.
• AirPrintdisallowedVLANs— NoAirPrintserverswillbeseenontheseVLANs.
EnableAirPlay—Whenenabled,thefollowingtwooptionsaremadeavailable:
• AirPlaydisallowedroles— ClientswiththeseroleswillnothaveaccesstoAirPlaydevices.
• AirPlaydisallowedVLANs— NoAirPlayserverswillbeseenontheseVLANs.
16
Troubleshooting Airgroup
YoucanviewthefollowingAirGroupcommandsintheCommanddrop-downlist.
• APAirGroupCache— DisplaystheBonjourmDNSrecordsfortheselectedIAP(s).• APAirGroupCPPMEntries— DisplaystheAirGroupCPPMpoliciesoftheregistereddevices.• APAirGroupCPPMServers— DisplaystheAirGroupCPPMserverinformation.• APAirGroupDebugStatistics— DisplaysthedebugstatisticsfortheselectedIAP(s).• APAirGroupServers— DisplaysinformationabouttheBonjourdeviceswhichsupportsAirPrintandAirPlay
servicesfortheselectedIAP(s).• APAirGroupUser— DisplaysIP/MACaddress,devicename,VLAN,typeofconnectionoftheBonjourdevices
fortheselectedIAP(s).• VCAirGroupService— DisplaysthebonjourservicessupportedfortheselectedIAP(s).• VCAirGroupStatus— Displaystheenable/disablestatusoftheAirGroupandtheparametersoftheCPPM
serversfortheselectedIAP(s).• VCAirGroupvlan— DisplaystheAirGroupstatusinformationforaVLANoftheselectedIAP(s).
QUESTIONS
Any Questions?