This is my case: In the lab I could configure mDNS on my 5508 with the global multicast and igmp snooping disabled. Only I needed was Global mDNS multicast enabled (based on Cisco Guide) and it worked fine under the following scenarios:
All the services connected wireless
IPAD on subnet A and Apple TV on subnet B, no Firewall in the middle. Peer to Peer Blocking in the WLC was any DROP or DISABLED and it worked fine.
BUT, when I moved into production environment, the only way that it works is by having both Apple Devices in the same subnet with the Peer to Peer bloking DISABLED. I have a firewall ASA in the middle so I do not know what should I check in the firewall to allow Airplay to work.
However, there is something really weird. in the IPAD, I can see the AIRPLAY icon at the bottom of the screen, when I click on it, I can see MIRRORING button and I moved it to the right to activated it BUT nothing happens on the AppleTV connected to an screen. I mean, looks like the request for MIRRORING from the IPAD to the Apple TV device is not reaching the last one. A few seconds after activating MIRRORING in the IPAD looks like the request is dropped since that the mirroring is not active.
Is there any particular multicast configuration required in the ASA including ports (like 5353 udp)?
I have an open case with TAC but any ideas are welcomed.
By the way, I am running v 7.6 in the WLC in order to implement mDNS (traffic between ssid's subnet managed by the WLC - Bonjour Gateway is not neccesary)
Let me share with you my findings. Apple TV requires more than 5353 port opened. Please see the following link and include in your ASA those additional ports/range. I mean, 7000, 7100, 5000 (udp/tcp), etc etc.
After opening those ports, the service is working BUT with significant LATENCY/SLOWNESS which we are trying to solve.
We took some packets captures on the ASA ingress/egress interfaces for both contexts (see pictures attached) and I could see many retransmissions and duplicated ACK so I tried something else that worked (see Apple TV Works attached file) BUT this is not the final solution we need so we are still working on this issue in order to check if there is something wrong with our routing/switching process in the 6500 LAN SW.
I created static routes in the ASA contexts to communicate the IPAD to the APPLE TV (ports already opened in the ASA as indicated before) without traversing the Wireless 6500 SW (test performed on VLAN A and VLAN B) and it worked fine. However as I said, this is not the solution we want because the Wireless 6500 SW must manage inter-ASA-contexts traffic.
In addition to that I attached another picture/diagram that shows when Apple TV service fails-latency (traffic crossing the Wireless 6500 SW for communication between ASA contexts).
Important to say that I am NOT using MULTICAST or BROADCAST ENABLED in the WLC. I am based on mDNS as indicated in the Cisco Guide/Instructions for version 7.5 and above.
Apparently we solved the issue. IP REDIRECT is enabled by default in the VLAN that is shared by the ASA and the LAN SW as you can see in the pictures I attached to this post.
Because of this command, the LAN SW would be dropping the packets causing retransmission and dup ack on the IPAD/Apple TV which causes latency/slowness. The LAN SW based on this command sends continuous ICMP Redirect to the ASA telling to this device to no longer forward the traffic to the 6500, but in stead to its L2 adjacent ASA context.
DocumentationCode download linksGoalRequirementLimitationsSupported ISR and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and UCS-E Blades:Step by Step ConfigurationConfigure one of the connectivity options to access the Cisco IMC from the n...
Firepower Threat Defense (NGFWv) on UCS E-series - Transparent Mode in HA
DocumentationCode download linksGoalRequirementLimitationsSupported ISR and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and UCS-E Blades:Step by Step ConfigurationCo...
I am currently unable to specify "crypto keyring" command when configuring VPN connection on my cisco 2901 router.
The following licenses have been activated on my router :