cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
5314
Views
5
Helpful
24
Replies
alex.duckworth
Beginner

WLC 7.5 Bonjour/mDNS at multiple sites

Hi all,

After reviewing the mDNS/Bonjour features of WLC software 7.5 (although most applies for 7.4 as well), I am left somewhat confused.  It seems that once services are discovered, there is no way to filter them to be advertised only to the site they were discovered at.

To simplify our environment, consider the following scenario:

  • A single WISM2 controller
  • A single SSID using dynamic VLANs deployed across diverse locations, with Wi-Fi mDNS discovery
    • eg. Site A has VLANs 11, 12, 13, Site B has VLANs 21, 22, 23
  • Wired mDNS discovery at both sites
    • eg. Site A has VLANs 101, 102, 103, Site B has VLANs 201, 202, 203

In the instance, let's say a printer, is discovered on wired VLAN 101, and I only want to advertise it to the Site A Wi-Fi VLANs, it seems that I can't.  All VLANs that are configured to advertise the printer mDNS service records receive it, which means Site B sees the printer at Site A.

Is there any way to achieve what I want here?  It seems a crazy limitation that I can't filter the VLANs to what advertisements they receive, considering the service provider database has the learnt VLAN information in it.

Alex

24 REPLIES 24
Erwin Salazar
Cisco Employee

Hey Alex,

I think the solution here would be to set up an ACL on the WLC and apply them at the respective interfaces to achieve what you want:

http://www.cisco.com/en/US/products/hw/wireless/ps4570/products_tech_note09186a0080bb1d7c.shtml#block

With this, you can filter Bonjour to prevent discovery between specific nodes.

Cheers,
Erwin

______________________________________

How helpful was I? Don't forget to rate me when you have the chance!

Cheers, Erwin ______________________________________ How helpful was I? Don't forget to rate me when you have the chance!

Erwin,

     The example you provided appears to block Bonjour completely.  Could you provide an example of how a device on VLAN 101 (Wired at Site A) would appear at site A on wireless VLANs 11,12, and 13 without being visible at site B on VLANs 21,22, and 23?   There would also need to be a reciprocal, so that a device on VLAN 201 would only be visible on 21,22, and 23.

     I think that Location Specific Services (LSS) can do some of this, but it doesn't apply to mDNS-AP discovered devices on the wired VLAN.  It only works with wireless devices, but the purpose of wiring these service providers is to reduce multicast traffic over the wireless. Hopefully a future release will change this behavior.

Mark

Okay, so I see the concern here, and part of the problem is that bonjour is link local and mDNS uses the multicast IP 224.0.0.251 with UDP 5353, so would be difficult to distinguish forwarding client queries with specific advertisements.  One other thing I can think of, but haven't tested to verify, is to create separate mDNS profiles for VLAN 201 and VLAN 101 and making sure the respective WLANs have the attached profile that you want to be forwarded.  However, this would require separate WLANs for each site and still unsure at this point if the WLC would be able to distinguish between the profiles or not.

The only other solution I can think of is to have a controller at each site, ultimately segregating the sites and giving you what you are looking for.

Cheers,
Erwin

______________________________________

How helpful was I? Don't forget to rate me when you have the chance!

Cheers, Erwin ______________________________________ How helpful was I? Don't forget to rate me when you have the chance!

Hi Erwin,

The original source IP of the mDNS is replaced with the controller (outbound) interface address when it passes through, so there is no way to apply an ACL to filter out different sites.  If it sent the mDNS packets out with the original source address, I'm sure the ACL would work great!

Also, I assume there would be no way to apply an ACL in any instance to interfaces off an AP (mDNS AP), so I wouldn't be able to filter.

It seems the mDNS profiles have no impact on discovery of services, only on the advertising of services to an interface.  With this in mind, I think a feature request to allow a profile to filter based on a list of VLANs (since this information is in the service provider database), my problem would (almost**) be solved.

Multiple controllers is out of the question unfortunately-- we have 50+ sites on our WISM2s.

Alex

** Using the same VLAN number at multiple sites is a reality when you are discovering at diverse layer-3 sites.  I think we'd prefer the service provider database to have network address the service was discovered on instead, and be able to filter on that.

Just wondering if you figured out a way to do this or not.... running into this issue also and looking for a nice clean approach:)

Thanks,

Scott

Help out other by using the rating system and marking answered questions as "Answered"

-Scott
*** Please rate helpful posts ***

I have been following this thread. This is a good one.

Sent from Cisco Technical Support iPhone App

"Satisfaction does not come from knowing the solution, it comes from knowing why." - Rosalind Franklin
___________________________________________________________

Haha... Same here. My work around is going to have to use FlexConnect and Avahi I think.

Sent from Cisco Technical Support iPhone App

-Scott
*** Please rate helpful posts ***

Sounds like a tac case / feature enhancement ..

Alex did you open a case for this by chance ?

Sent from Cisco Technical Support iPhone App

"Satisfaction does not come from knowing the solution, it comes from knowing why." - Rosalind Franklin
___________________________________________________________

Well v7.5 does ahv LSS LSS (Location Specific Services) which uses ap groups to filter.

http://www.cisco.com/en/US/partner/docs/wireless/technology/bonjour/7.5/Bonjour_Gateway_Phase-2_WLC_software_release_7.5.html#wp44429

Thanks,


Scott

Help out other by using the rating system and marking answered questions as "Answered"

-Scott
*** Please rate helpful posts ***

Scott,

     LSS doesn't support mDNS-AP, it only applies over the wireless: http://www.cisco.com/en/US/docs/wireless/controller/7.5/config_guide/b_cg75_chapter_01011.html – about halfway down under Configuring Multicast Domain Name System, it states that there is no location awareness for wired service provider devices (Apple TVs). It also states that mDNS-AP devices are considered wired – even though these devices were discovered by the APs, they don’t get filtered by LSS.

     If the Service provider is in the same wireless SSID/VLAN, you wouldn't need Bonjour Gateway.  If it's in a different wireless SSID/VLAN, but on the same AP, you'd be hairpinning traffic and doubling up wireless airtime.  LSS doesn't make much sense to me, unless I'm missing something.

     Our solution so far is to extend the wireless VLAN out to a single port on the wired network, but the AppleTV can only be plugged into that port.  It limits our user's mobility with the devices.

     I've sent this on to our Cisco reps, and they are pushing it up the chain for a feature request.

Mark

That is correct.... wired isn't supported with this as it required AP Groups.  We are transitioning 300 Apple TV's which some are wired to wireless and going to test this feature out.  Other than that, if your Apple TV's of other devices are wired, Cisco is looking at having something to be able to filter that, but that isn't going to happen anytime soon.

Thanks,

Scott

Help out other by using the rating system and marking answered questions as "Answered"

-Scott
*** Please rate helpful posts ***

Yeah, I have now opened a TAC case.  I will let you all know how it progresses.

art-barrera
Beginner

Absolutely subscribed to this one.  Very interested in any results, findings or opinions.  Thx! //art

So with v7.5.... did some testing.  If you have an Apple TV, or any device that has bonjour services, any client on the same ap or an adjacent AP, in the ap neighbor table, will be able to see the bonjour services.  So if you have a bonjour printer in the other end of the building, you will not see the bonjour services for that device since the AP you are associated to is most likely not in the ap neighbor list in which the bonjour printer is associated to.

So there is no type of filtering as of yet and I was told that they are looking into it and it may be a function of another device, not the WLC.... but who really knows:)

Thanks,

Scott

Help out other by using the rating system and marking answered questions as "Answered"

-Scott
*** Please rate helpful posts ***
Content for Community-Ad