Hej Community,

I know there is a lot of documentation, configuration/deployment guides, articles and discussion around mDNS and Bonjour usage in wireless infrastructure. For my actual customer requiremens I need a simple clarification on the following, because I´m still not sure about this:

We have a switched wired network with some separated VLANs that use a firewall as GW and are separated from infrastructure VLAN. In these areas we run CAPWAP Accesspoints with WPA2/802.1x Enterprise SSID using ISE and AAA-Override for VLAN assignment. The WLC has interfaces in these separated VLANs. User in these separated VLANS can use wired and wireless clients to cummunicate with each other within VLAN without restrictions.

How can I ensure, almost every network service (Multicast mDNS Bonjour) is forwarded within VLAN wired/wireless while not allowed to escape own VLAN while not accessible from other VLANs? This is already perfectly working for wired site since (since Multicast TTL 0 is not routed).

As I understand, mDNS gateway functionality brings some visibility to mDNS services and possibility to configure granular policy (user/group based) for each single service. This is a huge administrative effort, and the customer does not need this ability of monitoring and controlling.

I tried to simple disable mDNS Global Snooping + mDNS Policy and only rely on wireless Multicast configuration (Global Multicast Mode enabled, IGMP Snooping enabled, AP Multicast Mode enabled, Broadcast Forwarding disabled).

Has anyone similar implementation or comments/suggestions?

Thanks in advance, Ben