Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
2660
Views
0
Helpful
8
Replies

mDNS Policies (using WLC 8.0) not working

vava2avit
Level 1
Level 1

‎11-02-2015 09:02 AM - edited ‎07-05-2021 04:09 AM

I am triyng to get the mDNS Bonjour service working in WLC 8.0. I have followed the Phase III Cisco guide and I've got all my AppleTV's showing up in the mDNS browser.

However all the devices are being rebroadcasted over my WLAN, I want to use policies to restrict them to only certain areas. Why are all of them appearing? I thought by default it would not broadcast them unless I've setup a policy to allow it?

Labels:
0 Helpful
8 Replies 8

vava2avit
Level 1
Level 1

‎11-02-2015 09:04 AM

Sorry for the vague description above, my original longer post wouldn't post as for some reason the forums spam filter would stop it. Here is my original post in full,

"Hey guys,

So I am testing the new mDNS snooping capabilities in WLC 8.0 (previously used Avahi to
rebroadcast mDNS traffic). I have got it setup as per all the Cisco examples.


All my Airplay devices and clients show up in WLC, and when I configure my WLAN for mDNS
snooping then my iPhone can see all my AppleTVs on all my various VLANs.

So far so good. But what I can't get to work is my mDNS policies. I want to limit the
AppleTV's based on their locations so that you can only see the ones closed to your
physical location. But I can't get this to work for me at all. I just keep seeing every
single device, I can't seem to limit it to just the Apple TVs in my policy.

Any ideas why? I guess the policies themselves might be working, but I can't tell because
my WLC is just spewing out every single device it sees. I must have something setup
incorrectly, but what?

Thanks in advance!

p.s, here are a few settings that I have which might be related/good to know,

mDNS Global Snooping - Enabled
mDNS Policy - Enabled
WLAN - Advanced - Flex Connect Local Switching - Disabled
WLAN - Advanced - mDNS Snooping - Enabled (and correct profile configured and selected)
Broadcast forwarding - Enabled
AP Multicast Mode - Unicast
Controller Intefaces - mDNS Profile: same as the WLAN's profile
Controller Multicast - Enable Global Multicast Mode - Enabled
Controller Multicast - Enable IGMP Snooping - Enabled"

0 Helpful

David Vaquerano
Level 1
Level 1
In response to vava2avit

‎11-02-2015 01:15 PM

Can we take a look at the mDNS policies, did you configured the mDNS policies based on AP-name, location or AP group?

And I believe(I could be wrong) that you need some av-pair to be returned from a AAA server in order to enforce the policy, maybe someone can confirm or refute this.

0 Helpful

vava2avit
Level 1
Level 1
In response to David Vaquerano

‎11-03-2015 03:08 AM

Hi David,

Thanks for the quick reply! I started very basic, I added just one policy for testing which contains only 1 mac address of one of the Apple TVs. It's Location Type is set to AP Group and there I selected my "default-group". Role and User I set to "any".

All my AP's are part of the "default-group". So with this one test policy I was expecting that all my clients on all my APs would be able to see just this one Apple TV.

I've got no way really to confirm if the policy is working or not, because the issue I am having is that my clients still see every single ATV (about 16 of them). But from the Cisco documentation I was expecting it to only rebroadcast the annoucements that match my policy?

Edit: Also note saying that I suspected the "default-mdns-policy" might have been causing all the devices to be broadcasted. So I changed its User Names to a dummy user to try to cancel it out, but it had no effect. 

0 Helpful

Rasika Nayanajith
VIP
VIP
In response to vava2avit

‎11-26-2015 11:17 AM

See whether below videos heps

http://www.labminutes.com/wl0024_wlc_mdns_profile_policy_1

http://www.labminutes.com/wl0024_wlc_mdns_profile_policy_2

HTH

Rasika

*** Pls rate all useful responses ***

0 Helpful

vava2avit
Level 1
Level 1
In response to Rasika Nayanajith

‎11-28-2015 03:55 AM

Hi Manannalage,

Thanks. The videos helped in the way that it confirmed that I do have everything setup correctly and my understanding of it is correct. The way it differs from me is that when I enable the "mDNS Policy" tickbox, then according to the video the mDNS services should default to deny all unless you have a policy definied to allows specific services, but that is not happening in my case.


So unless someone knows of any limitations other limitations? (maybe mDNS policies don't work on vWLC's etc? Is there some other feature that would disable mDNS policies if I had it enabled in conjuction with mDNS policies?)?

I think the next step now is to get a smartNet contract in place and raise this issue with TAC.

Thanks for all your help!

0 Helpful

Scott Fella
Hall of Fame
Hall of Fame
In response to vava2avit

‎11-28-2015 04:22 AM

The vWLC is supported but if your locally switching, then the controller is not going to manage bonjour. mDNS works like all the other controllers if centrally switched. 

http://www.cisco.com/c/en/us/td/docs/wireless/controller/technotes/8-0/WLAN-Bonjour-DG.html

-Scott

-Scott
*** Please rate helpful posts ***
0 Helpful

vava2avit
Level 1
Level 1
In response to Scott Fella

‎11-28-2015 05:05 AM

We used to use FC local switching but we switched this off in order to use mDNS.

0 Helpful

Christian Eriksson
Level 1
Level 1
In response to vava2avit

‎07-07-2016 06:58 AM

Did you get this to work? I am experiencing the same thing

Have enabled multicast globally together with snooping
Created aninterface for all the AppleTV's
Mapped the interface to the SSID multicast interface(the SSID the iPad is connected to)
Activated mDNS, created a profile with service AppleTV. Mapped this profile to the AppleTV interface and enabled mDNS policy

Can still see the AppleTV with my iPad

Any clues?

Regards

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card