08-15-2013 10:31 AM - edited 03-11-2019 07:26 PM
Hi,
I recently purchased an Apple TV and am having trouble using AirPlay on my network. I have an ASA 5505 running 8.4(6) code and an Aironet 1142 access point connected. My laptop and my Apple TV are on the same wireless network, but cannot see eachother for streaming. Is the ASA blocking RTSP traffic or anything like that?
08-15-2013 11:05 AM
It doesn't block rtsp but it does inspect it by default in your version. If it doesn't understnd the way AirPlay is using it, it may drop the packets.
You can disable that by:
ASA(config)#policy-map global_policy ASA(config-pmap)#class inspection_default ASA(config-pmap-c)#no inspect rtsp
08-15-2013 02:07 PM
Thanks for your reply Marvin,
I actually already did what you suggested. I still cannot see the device for streaming. I looked up the ports used by Airplay, and 80 was one of them. I confirmed connectivity by telneting over 80. Also, when I do a packet trace in the ASDM it fails and tells me the packet was dropped by implicit deny. The computer and the Apple TV are in the same subnet. Do I really need rules? So I put an any any rule at the top of my wireless interface and no luck still...
What do you mean "If it doesn't understand the way AirPlay is using it, it may drop the packets"?
Thanks,
Dan
08-15-2013 03:47 PM
Hmm the inspect policy and rules only apply when the traffic flows through the ASA. The inspect rules examine the protocol for compliance (simplistically speaking) and if they feel it is non-compliant, they drop it.
If your devices are on the same network, they should be part of the same security zone and thus not hiot an access-list. Can you share the config or at least the result of packet-tracer (with the detail option turned on)?
03-20-2014 05:12 PM
Hi Marvin,
My case is a little bit more complex, in the lab I could configure mDNS on my 5508 with the global multicast and igmp snooping disabled. Only I needed was Global mDNS multicast enabled (based on Cisco Guide) and it worked fine under the following scenarios:
All the services connected wireless
IPAD on subnet A and Apple TV on subnet B, no Firewall in the middle. Peer to Peer Blocking in the WLC was any DROP or DISABLED and it worked fine.
BUT, when I moved into production environment, the only way that it works is by having both Apple Devices in the same subnet with the Peer to Peer bloking DISABLED. I have a firewall in the middle so I do not know what should I check in the firewall to allow Airplay to work.
There is something really weird. in the IPAD, I can see the AIRPLAY icon at the bottom of the screen, when I click on it, I can see MIRRORING and I moved it to the right to activated it BUT nothing happens on the AppleTV connected to an screen. I mean, looks like the request for MIRRORING from the IPAD to the Apple TV device is not reaching this one. A few seconds after activating MIRRORING in the IPAD looks like the request is dropped since that the mirroring is not active.
I have an open case with TAC but any ideas are welcomed.
By the way, I am running v 7.6 in the WLC in order to implement mDNS (traffic between ssid's subnet managed by the WLC)
thanks
Abraham
08-15-2013 04:19 PM
What does the ASA have to do with it? I will give you a hint... probably nothing. What are you filtering on wireless via your firewall?
http://mrncciew.com/2013/03/27/configuring-mdns-on-wlc-7-4/
Also
http://www.cisco.com/image/gif/paws/113443/cuwn-apple-bonjour-dg-00.pdf
Take a look at this link.
Andrew
08-15-2013 04:42 PM
Thanks for the reply,
I agree, probably nothing to do with the ASA. Before your post, I started looking into multicast on my access point. I tried plugging the apple tv into the wire, and my laptop into the wire, viola! It works. So... The access point is the place to look next. I will read your link soon. Thanks!
D
08-15-2013 05:26 PM
Is it a controller based network or standalone AP?
08-16-2013 06:09 AM
It is standalone.
08-16-2013 09:14 AM
For standalone I am seeing posts saying issue this command:
en
conf t
no ip igmp snooping
Sorry thought you were talking about controller based.
08-16-2013 09:52 AM
I have seen the same. I will try this later on and let you know...
Thanks!
D
08-16-2013 03:26 PM
Looks like the no ip igmp snooping command did not work. Continuing to research multicast.
Thanks again for the help!
D
08-16-2013 03:28 PM
Stupid question but you ran that command on your switch correct? Not the AP?
08-16-2013 03:53 PM
Not a stupid question... I did run it on the AP. There is no switch in my setup. I apologize for not outlining my topology. I have an ASA 5505 with a 1142 AP directly connected to POE port e0/7 in my home. There is not an ip igmp snooping command on the ASA. There is, however, a multicast-routing global command which I have issued. I really don't understand how multicast works so I've been poking in the dark on this issue.
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: