Airplay services on a 30 floor building

Unanswered Question
Jul 4th, 2013
User Badges:

Hi all,


There is a requirement to provide Airplay services on our wireless network across a 30 floor building.

Apple TVs will be installed on 2-3 presentation rooms on each floor.


The users will have to use our existing BYOD network and Apple TVs to mirror their iPads screens to larger sreen TVs.


Currently our network consistrs of a pair of 5508s on the Campus site and another pair in the DMZ running 7.2.111.3.

BYOD WLAN is using EAP-TLS and traffic is anchored to the DMZ WLCs where it is routed to the Internet. BYOD traffic has no access back to the Campus LAN. The BYOD network profile and the certificate for each client device are provisioned using Aruba Amigopods. Finally, p2p droping is enable on the WLAN.


We are discussing the following scenarios:


1) Client device connects to BYOD WLAN - Apple TV connects to BYOD WLAN.


This scenario is not possible as Apple TVs do not support EAP-TLS or the provisioning process using the Amigopods. Also p2p would block Airplay services.


2) Client device connects to BYOD WLAN - Apple TV connects to a new "Apple-TV" WLAN.


In this scenario both WLANs will be anchored to the DMZ WLCs. BYOD WLAN in the DMZ WLC will be mapped to an interface assigned to VLAN A and Apple-TV on another interface assigned to VLAN B. P2p blocking will not be enabled ont the Apple-TV WLAN.

In order for this scenario to work we will need to upgrade our DMZ WLCs to version 7.4 to support Bonjour Gateway services.


This scenario was tested in our lab and it is working for a single Apple TV device.

If we applied this scenario on the 30 floor building with all the Apple TVs turned on and connected to the Apple-TV WLAN, will our BYOD device be able to see all the Apple TVs from every floor?


How can we  filter the Apple TVs available depending on the floor the user is located? For example if the user is on floor 1, we would like only Apple TVs from that floor to be available to the user.


Finally, if an ACL is applied on the DMZ WLC interface (VLAN A) blocking traffic to VLAN B, do we need to permit multicast IP 224.0.0.251 on that ACL for Bonjour to work between the 2 VLANs?


Regards,

Theo

          



  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
Scott Fella Thu, 07/04/2013 - 06:30
User Badges:
  • Super Silver, 17500 points or more
  • Hall of Fame,

    The Hall of Fame designation is a lifetime achievement award based on significant overall achievements in the community. 

  • Cisco Designated VIP,

    2017 Wireless

Well that is a tough one... I'm guessing that your setup is one subnet for all BYOD or how are you specifying floor 1 BYOD gets on VLAN X?  Can you describe your design a little more?


With Apple TV, you don't need v7.4 unless you want to use the bonjour gateway, or else you can use the Avahi bonjour gateway.  All devices will be able to see all the Apple TV's  unless you do block bonjour between vlans.  How would this really work though if you have a client that is associated to an AP on a different floor or if a user has a device that associated on the 1st floor when they walked in the building and still was connected when they went up to the 30th floor, then later went to the 20th floor. 


Thanks,

Scott

Help out other by using the rating system and marking answered questions as "Answered"

tsakoulias Thu, 07/04/2013 - 07:06
User Badges:

Hi Scott,


We are using a big subnet on the Anchor WLCs for the BYOD WLAN. Unfortunately, we can't differenciate if a user is on the 1st or 20th floor or use AP Groups with different VLANs per floor, because traffic is anchored.


Is there any way we can change our configuration to support this "segregation" of Apple services per floor?

Can we do something using MSEs (we don't currently use one though)?


Thanks,
Theo





Scott Fella Thu, 07/04/2013 - 09:17
User Badges:
  • Super Silver, 17500 points or more
  • Hall of Fame,

    The Hall of Fame designation is a lifetime achievement award based on significant overall achievements in the community. 

  • Cisco Designated VIP,

    2017 Wireless

Well the issue also is the fact that a client can be associated to an ap above or below. I don't think Cisco has a way to accomplish this. The best way is to either use AP Groups and have a different SSID for this in each floor, then you can place the traffic in its own subnet. Or just name the conference room as the Apple TV name and also put a security on the Apple TV so they have to enter a 4 digit code. You might have to test this as it was broke in the first version in v7.4. Maybe in the future Cisco will have a way of controlling bonjour.

Sent from Cisco Technical Support iPhone App

Actions

This Discussion

 

 

Trending Topics: Other Wireless Mobility

client could not be authenticated
Network Analysis Module (NAM) Products
Cisco 6500 nam
reason 440 driver failure
Cisco password cracker
Cisco Wireless mode