cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1633
Views
0
Helpful
4
Replies

How to restrict mDNS/bonjour to stay within a building/site ?

willsmith1701
Level 1
Level 1

How do I configure a wism2 to pass mDNS/bonjour advertisements between the wired and wireless subnets/networks within a building, but

not propagate to other buildings? The way the wism is currently configured, all mDNS/bonjour advertisements can be seen by all wired and

wireless clients in all 5 buildings of our campus.  Each building does have it's own building specific wired and wireless subnet.  How do

I configure the wism to pass broadcasts between subnets in the same building, but not between buildings? The code version is 7.6. I can upgrade

if necessary to accomplish this.

 

 

4 Replies 4

Freerk Terpstra
Level 7
Level 7

Did you already look into the LSS (Location Specific Services) feature? This is an enhancement introduced since 7.5 code which limits "the range" devices can be "seen" by end-users based on the RF neighborhood. This goes a little further than you request, but is in the end maybe even better?

Scott Fella
Hall of Fame
Hall of Fame

Bonjour gateway on the controller really can't be setup to be specific to a building.  Like Freerk mentioned, LSS can help, but it limits the viability to devices on the same access point or an adjacent neighbor.  The issue is that it doesn't support wired side.  The design with you using the wired side along with wireless is where the controller can't do what you want it to do.  You are better off not using the controller as a bonjour gateway and use something like Avahi gateway at each building as your bonjour gateway, but you would have to implement FlexConnect and local switching.  Then you need to look at the limitations to FlexConnect mode.

-Scott

-Scott
*** Please rate helpful posts ***

My company faces the same issue. I'll tell you our solution - whole not perfect or exactly what you ask for, at least you have an idea. Basically every building has 3 subnets. Guest wireless, internal wireless, and internal wired (and others based on a specific need). We simply allow broadcast traffic on all wireless networks. So if you are on the internal wireless, you can see any other mDNS clients on that network, guest same thing, and ethernet same thing. That way bonjour gateway isn't needed. Sure it doesn't allow wireless and wired clients to see the same mDNS services, but we've made it work. With P2P AirPlay and AirDrop we have been able to avoid a lot of the bonjour issues. 

willsmith1701
Level 1
Level 1

Thank you all for your suggestions.  Cisco support claims this can be accomplished with version 8

code and mdns policies, described in this document:

 

http://www.cisco.com/c/en/us/td/docs/wireless/controller/technotes/8-0/WLAN-Bonjour-DG.html#pgfId-47580

 

It reads to me like it requires ISE, but the support rep says for my specific purpose, it doesn't.  So I'm going to configure a test controller and AP's and see if mdns policies work. If they don't, we may re-examine our need to have the same mDns services available between wired and wireless in the same building and just turn off the bonjour gateway.

Thank you all again.

 

 

 

 

Review Cisco Networking for a $25 gift card