12-02-2022 04:16 AM
Hello Community,
We are trying to implement Wide Area Bonjour via DNA (on SDA Fabric all cat9300).
With the information found on internet we managed to make this work on EDGE/SDA-agent (+ All connected AP’s) level.
Meaning we can filter Bonjour services we want FROM and direct TO specific EDGE’s. Very nice!
However, this is not granular enough to meet our customer requirements…
(some EDGE’s are stack of many units with 30+ AP’s connected, that’s a way too large “Bonjour domain”)
-> For AP, we assume WLC is not in picture as sdg-agent/service-peer when wireless is running Fabric mode, right?!
I believe the solution could exist in the form of ‘Location Groups’. Where -If I understand it correctly- we should be able to (statically :/) add interfaces (also AP interfaces) to a specific Location Group.
However, we cannot find any documentation about this subject? And we have no clue how to configure this?!
As in;
EDG2(config)#mdns-sd location-group 202 vlan 1021
Error: Snooping not enabled for vlan 1021
What snooping???
Some documentation or examples would really help!
(And if this works… I hope there is a way to assign the Location Group dynamically via ISE or anything? I’m quite allergic to static port config ;))
Thank you!
Kristof
Solved! Go to Solution.
12-04-2022 12:38 PM
Hi Kristof
MDNS snooping is automatically enabled when using MDNS Unicast model instead of Flood model. Flood model is enabled when the mdns-sd gateway command is used under an SVI, Unicast model is enabled when the mdns-sd gateway is used under the VLAN Configuration itself.
Edge-1(config)#mdns location-group 202 vlan 1021
Error: Snooping not enabled for vlan 1021
Edge-1(config)#mdns-sd gateway
Edge-1(config-mdns-sd)#mode sdg
Edge-1(config)#vlan configuration 1021
Edge-1(config-vlan-config)#mdns-sd gateway
Edge-1(config-vlan-mdns-sd)#--- here you add the rest of the mdns config
Edge-1(config)#mdns location-group 202 vlan 1021
Edge-1(config-mdns-lg)#
Verification:
Flood bonjour: SVI mdns
Edge-1(config)#int vlan 1021
Edge-1(config-if)#mdns-sd gateway
Edge-1(config-if-mdns-sd)#end
Edge-1#show pla sof fed sw active ip mdns snooping vlan
Vlan Address Family (1:IPv4 2:IPv6 0:Both)
-----------------------------------------------
Unicast bonjour: VLAN configuration
Edge-1(config)#int vlan 1021
Edge-1(config-if)#no mdns-sd gateway
Edge-1(config)#vlan configuration 1021
Edge-1(config-vlan-config)#mdns-sd gateway
Edge-1#show pla sof fed sw active ip mdns snooping vlan
Vlan Address Family (1:IPv4 2:IPv6 0:Both)
-----------------------------------------------
1021 1 --- MDNS Snoopíng enabled
Edge-1(config)#mdns location-group 202 vlan 1021
Edge-1#show mdns location-group detail
Trusted Trunks : NA
Vlan's : 1021
Total Number of Location Groups: 1
================================================================================
VLAN NUMBER OF LGs LG ID Ports in LG's
================================================================================
1021 2 202 No Active Ports
0 Te1/0/4, Te1/0/8, Ac0,
12-02-2022 08:48 AM
Hey Kristof,
I don't have much experience yet with Bonjour, but I can help a little. That error is referring to mDNS snooping. I looked briefly for how to configure mdns snooping on an access switch and sadly couldn't find an obvious command, like "mdns snooping". Most info seems related to WLCs.
If I were you I would first use the Make a Wish tool in the Cisco DNA GUI to let the Product Managers know you have a need for more granular and centralized control. They are always interested to know how users want to use these features.
12-04-2022 02:25 AM
Hi Preston,
Indeed, finding some more info on mdns snooping could clarify this.
I made the wish… just waiting for the miracle to happen now
K
12-04-2022 12:38 PM
Hi Kristof
MDNS snooping is automatically enabled when using MDNS Unicast model instead of Flood model. Flood model is enabled when the mdns-sd gateway command is used under an SVI, Unicast model is enabled when the mdns-sd gateway is used under the VLAN Configuration itself.
Edge-1(config)#mdns location-group 202 vlan 1021
Error: Snooping not enabled for vlan 1021
Edge-1(config)#mdns-sd gateway
Edge-1(config-mdns-sd)#mode sdg
Edge-1(config)#vlan configuration 1021
Edge-1(config-vlan-config)#mdns-sd gateway
Edge-1(config-vlan-mdns-sd)#--- here you add the rest of the mdns config
Edge-1(config)#mdns location-group 202 vlan 1021
Edge-1(config-mdns-lg)#
Verification:
Flood bonjour: SVI mdns
Edge-1(config)#int vlan 1021
Edge-1(config-if)#mdns-sd gateway
Edge-1(config-if-mdns-sd)#end
Edge-1#show pla sof fed sw active ip mdns snooping vlan
Vlan Address Family (1:IPv4 2:IPv6 0:Both)
-----------------------------------------------
Unicast bonjour: VLAN configuration
Edge-1(config)#int vlan 1021
Edge-1(config-if)#no mdns-sd gateway
Edge-1(config)#vlan configuration 1021
Edge-1(config-vlan-config)#mdns-sd gateway
Edge-1#show pla sof fed sw active ip mdns snooping vlan
Vlan Address Family (1:IPv4 2:IPv6 0:Both)
-----------------------------------------------
1021 1 --- MDNS Snoopíng enabled
Edge-1(config)#mdns location-group 202 vlan 1021
Edge-1#show mdns location-group detail
Trusted Trunks : NA
Vlan's : 1021
Total Number of Location Groups: 1
================================================================================
VLAN NUMBER OF LGs LG ID Ports in LG's
================================================================================
1021 2 202 No Active Ports
0 Te1/0/4, Te1/0/8, Ac0,
12-05-2022 06:20 AM
Hi jalejand, (name!?)
That’s indeed the info I missed! you sure helped me a lot forward here! Big thanks!!
I wasn’t aware the same command would have such a difference between those locations (makes sense… L3 vs L2) Of course now I’m wondering what “mdns unicast model” vs “mdns flood model” actually means? I wasn’t aware of those two flavors?
Bottom-line, it works!
Instead of;
interface Vlan1021
mdns-sd gateway
service-policy LOCAL_AREA_POLICY
active-query timer 60
I now use;
vlan configuration 1021
mdns-sd gateway
service-policy LOCAL_AREA_POLICY
active-query timer 60
and finally I’m able to configure;
mdns-sd location-group 222 vlan 1021
interface Gi1/0/3
mdns-sd location-group 223 vlan 1021
interface Gi1/0/4
On DNA you can see which Location Group services are come from (if you select ANY not Default!). And now I can direct my filters to a specific Location Group, very nice!!
And it also works for Wireless. You cannot add the AP interface port to the location group because of “VLAN mismatch” (In a way that’s normal, Fabric AP reside only in underlay VLAN) However I am able to set the Access-Tunnel corresponding to each AP in the location group. And this works per overlay! Nice!
mdns-sd location-group 222 vlan 1021
interface Gi1/0/3
mdns-sd location-group 223 vlan 1021
interface Gi1/0/4 Ac2
mdns-sd location-group 444 vlan 1022
interface Ac2
I would almost say you solved my question 100% and we are ready to deploy!
However…
All this doesn’t really match with the "Closed Authentication / all dynamic ports" nature you should be using on SDA.
For Wireless I don’t see a big problem (for now?). AP’s typically don’t move often (however you have to manually verify which Access-tunnel the AP is using and match your mdns CLI config per Edge. So not a basic day-N template)
For wired I don’t see the solution? (unless statically assigning the ports, what we don’t like). Sure you can add a dynamic assigned port to the Location Group if the VLAN matches. Though if the port goes down (and back UP again) the port is removed from mdns Location-group ☹ (because of default VLAN 1 or Critical VLAN). I assume we cannot set Location-Group dynamically with ISE since its not port config? (do we?)
Hmmmmm
Actually, I wonder why this “Intent” you create on DNA app isn’t fully translated to the network? DNA has all the info to generate the full mdns CLI config? That would be an amazing feature! Take this as another wish, we are getting close to Christmas so I'm allowed
Thank you very much!
Kristof
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide