cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
7879
Views
23
Helpful
16
Replies

mDNS config trouble on 9800

Jeff A.
Level 1
Level 1

I’ve got a tricky one which I’m trying to diagnose, but so far have had no luck.

I’ve ended up with a couple spare 9120AXI AP’s from a completed temporary project and decided on setting them up at my home to replace the Wi-Fi portion of my ISP supplied hardware.

Everything works well, except a couple IoT devices relying on mDNS multi-casting (specifically Tado AC controllers over HomeKit). Every so often I will get a No Response message in the Apple Home app indicating that the device is not responding, however the device is online and I can send it commands from the Tado web console or their dedicated cloud app. It’s just not updating over HomeKit.

This behaviour is new with the Cisco network configuration on a fairly vanilla config using the Embedded Wireless Controller software. My relevant config changes from vanilla is as follows:

  • mDNS set to Bridged
  • WMM set to Required
  • PMF set to Optional
  • Default RF Tag set to High Client Density
  • Rogue Detection Security Level set to Low
  • Event Driven RRM including Rogue Contribution set to default values on both bands
  • DCA Interval set to 4 Hours

From the above config, the only setting which I think could be relevant is the RF Tag, but I wanted to run this past the community first and get some thoughts before diving further down this rabbit hole.

The reason I believe I’ve narrowed it down to mDNS is that while on one of the AP’s I was getting the error, then I roamed to another AP, the error went away, so I roamed back to the original al AP where I was having the issue and the error remained away. I could ping the Tado throughout the entire process.

Any thoughts or advice is appreciated.

1 Accepted Solution

Accepted Solutions

A follow up in case anyone else runs into this problem. Many of the articles and videos talk about enabling mdns gateway on the wlan's (Configuration->tags & profiles -> Policy -> Advanced ->mDNS Service Policy) and configuring the mdns mode on the wlan under the Advanced tab. When I did that I got printing and other mdns sevices to work, but not our good friend homekit. 

In my setup I have SVI's created on each of the VLANs because my 4500 switch and serving up DHCP. Without the SVI's I was not getting DHCP addresses. I am new to the 9800 controller, so maybe I had something wrong going on. Under the SVI (Configuration -> Layer 2 -> VLAN -> SVI -> Advanced) there is an option for mDNS Gateway, I set that to enable along with specifying my mDNS Service policy.  I did that for all my SVI's that needed mDNS gateway routing functionality. Once I did that and rebooted, homekit started to work. 

One of the challenges from going through creating a custom mDNS service policy, was what to include in it. Under monitoring -> services -> mdns, it shows you the controller's mdns cache. However, if the entry is blocked based on the service policy that doesn't help tell you what to add. I found this document (https://www.cisco.com/c/en/us/support/docs/wireless/catalyst-9800-series-wireless-controllers/215352-configure-and-troubleshoot-mdns-on-catal.html), at the end there is a small troubleshooting section, and that tells you some good debug to turn on. That allowed me to see the mdns entries that were being blocked from other apps. This wasn't really related to homekit, but just a good thing to know. For example, I found an entry for discovery of my axis camera's (_axis-vdieo._tcp.local). 

I hope this helps and saves some people some time.

View solution in original post

16 Replies 16

I did have a read of that document, however I had two considerations which may not help - firstly, I don’t have the required DNS license, but more importantly I’d prefer to run mDNS bridged than in gateway mode so that I don’t have to manage the mDNS services.

Jeff A.
Level 1
Level 1

I have done some more testing the network with a single AP and mDNS is not passing all the services to all the clients. To me this indicates that there is something in the code which is preventing the AP's from treating mDNS traffic in a standard way.

Hi Jeff,

Most probably you may be right with the code version & could be a limitation. Since you running EWC (Embedded WLC functionality), there may be a certain resources limit on AP to handle mDNS compare to dedicated WLC (virtual or physical).

 

I know you may not able to get TAC support, I would try the latest 17.5.1 & see if that makes any difference.

 

I hope someone in Cisco can clarify if there are certain known issues relate to what you are doing.

 

HTH

Rasika

I've actually raised a case with TAC this morning, so will be working with them on this one and will report back.

I can replicate the issue on 16.12.x and 17.3.x (currently TAC recommended).

If I was running the mDNS gateway, I think your point about resources would make sense. However, my understanding is that when the mDNS is in Bridging mode, there is no additional pressure on the EWC container, so it should be handled solely by the AP. Is this not the case?

 

Hi Jeff - Did you resolve anything with TAC on this mDNS issue?

I too am having Homekit woes (can't connect to devices) with a 9800 WLC system (mine is not eWLC, but WLC-CL 17.3)

 

I also want to just run bridged mDNS mode and not have to manage the specific services - but I can't get it to work with either.

I have also tried with global multicast enabled - still no joy.

 

generic mDNS services work fine (airPrint, airPlay, etc.), it's just homekit that has issues....

 

If someone has a recipe for getting HomeKit services working with 9800-WLC/eWLC please let us know.

The case is still open, with not much progress I'm afraid. I've had to revert back to my old wireless solution in the meantime as the household was not accepting the constant HomeKit issues any longer. There was many an argument when a door didn't unlock, temperature didn't change, or light didn't respond. Have been using the old wireless solution for 1+ week now and everything is responding again.

I'm actually little disappointed in the support I have received from TAC so far. It feels to me that the engineer doesn't quite understand the issue and is barking up the wrong tree.

The Household is VERY intolerant of anything less than five 9's of uptime!!!  And the SLAs are harsh when you don't meet it

 

Can you shoot me the TAC case # (or PM me)?

 

I am actually now running an eWLC on 9120s version 17.5.1, and HomeKit seems to be stable.

I have mDNS bridging on the WLAN, and global mDNS gateway is not enabled.  The only other mDNS setting is in the Policy with the mDNS policy set to the default policy.

 

On a 17.3 WLC-CL, I have had to turn on mDNS gateway both globally and on the WLAN, with mDNS policy set to allow all the listed services both in and out - I have it working, but it doesn't seem stable...

I did try running 17.5.1 on my 9120’s but was still experiencing HomeKit no response issues.

I’ll PM you the ticket number. The engineer didn’t really know anything about HomeKit so it’s focussed on the mDNS aspect which appears to be the cause.

Thanks!

 

So I've experienced troubles with HomeKit on my WLC-CL when mDNS appeared to be working using mDNS bridging (i.e. AirPrint, AirPlay, other Bonjour services work fine) - I haven't looked into the details yet, but HomeKit appears to be a little different than stock mDNS.

In order to get HomeKit working, I had to turn on mDNS gateway functionality in the WLC.

Indeed. I think Cisco's got the mDNS Gateway services working perfectly, in fact I have used these in a business setting with great success in the past.

mDNS bridging seems to be an entirely different ballgame, and likely only useful for small branches or home settings - the latter of which is not a target market for Catalyst hardware.

Do you recall what exactly it took get homekit working? I have mDNS enabled globally and mDNS mode set to gateway on the WLAN's.

TAC couldn’t resolve my issue and we were going in circles. I ended up selling the 9800 setup for a profit to a local MSP, moved to Aruba and have not had issues since.

I actually changed the setup on my switch infrastructure to allow IGMP snooping per VLAN and multicast routing and it fixed my Bonjour issues...

With the 9800 eWLC, all the AP's are in Flex mode, so data packets are flowing out of the local ethernet port (instead of being sent through a CAPWAP tunnel back to the controller).  So Bonjour clients/servers were on different physical switch ports and switches.  So with VLANs enabled, I turned on IGMP snooping and ip multicast routing and things started working.

Review Cisco Networking for a $25 gift card