There is a requirement to provide Airplay services on our wireless network across a 30 floor building.
Apple TVs will be installed on 2-3 presentation rooms on each floor.
The users will have to use our existing BYOD network and Apple TVs to mirror their iPads screens to larger sreen TVs.
Currently our network consistrs of a pair of 5508s on the Campus site and another pair in the DMZ running 126.96.36.199.
BYOD WLAN is using EAP-TLS and traffic is anchored to the DMZ WLCs where it is routed to the Internet. BYOD traffic has no access back to the Campus LAN. The BYOD network profile and the certificate for each client device are provisioned using Aruba Amigopods. Finally, p2p droping is enable on the WLAN.
We are discussing the following scenarios:
1) Client device connects to BYOD WLAN - Apple TV connects to BYOD WLAN.
This scenario is not possible as Apple TVs do not support EAP-TLS or the provisioning process using the Amigopods. Also p2p would block Airplay services.
2) Client device connects to BYOD WLAN - Apple TV connects to a new "Apple-TV" WLAN.
In this scenario both WLANs will be anchored to the DMZ WLCs. BYOD WLAN in the DMZ WLC will be mapped to an interface assigned to VLAN A and Apple-TV on another interface assigned to VLAN B. P2p blocking will not be enabled ont the Apple-TV WLAN.
In order for this scenario to work we will need to upgrade our DMZ WLCs to version 7.4 to support Bonjour Gateway services.
This scenario was tested in our lab and it is working for a single Apple TV device.
If we applied this scenario on the 30 floor building with all the Apple TVs turned on and connected to the Apple-TV WLAN, will our BYOD device be able to see all the Apple TVs from every floor?
How can we filter the Apple TVs available depending on the floor the user is located? For example if the user is on floor 1, we would like only Apple TVs from that floor to be available to the user.
Finally, if an ACL is applied on the DMZ WLC interface (VLAN A) blocking traffic to VLAN B, do we need to permit multicast IP 188.8.131.52 on that ACL for Bonjour to work between the 2 VLANs?
Well that is a tough one... I'm guessing that your setup is one subnet for all BYOD or how are you specifying floor 1 BYOD gets on VLAN X? Can you describe your design a little more?
With Apple TV, you don't need v7.4 unless you want to use the bonjour gateway, or else you can use the Avahi bonjour gateway. All devices will be able to see all the Apple TV's unless you do block bonjour between vlans. How would this really work though if you have a client that is associated to an AP on a different floor or if a user has a device that associated on the 1st floor when they walked in the building and still was connected when they went up to the 30th floor, then later went to the 20th floor.
Help out other by using the rating system and marking answered questions as "Answered"
We are using a big subnet on the Anchor WLCs for the BYOD WLAN. Unfortunately, we can't differenciate if a user is on the 1st or 20th floor or use AP Groups with different VLANs per floor, because traffic is anchored.
Is there any way we can change our configuration to support this "segregation" of Apple services per floor?
Can we do something using MSEs (we don't currently use one though)?
Well the issue also is the fact that a client can be associated to an ap above or below. I don't think Cisco has a way to accomplish this. The best way is to either use AP Groups and have a different SSID for this in each floor, then you can place the traffic in its own subnet. Or just name the conference room as the Apple TV name and also put a security on the Apple TV so they have to enter a 4 digit code. You might have to test this as it was broke in the first version in v7.4. Maybe in the future Cisco will have a way of controlling bonjour.
Transferring Crash file from standby:
Login to the Active WLC in HA.
(Cisco Controller) >transfer upload datatype crash
(Cisco Controller) >transfer upload filename <Desired filename>
(Cisco Controller) >transfer up...
This is the start of a display filter cross reference between Wireshark and OmniPeek.
The 1st installment is a table of advanced filters. More filters will be added as time allows.
It is a living doc, so check back for changes every so often
Please feel ...
I have created a Powershell script to automatically add a Wireless Guest User on Cisco WLCs. (tested on 2500 Series)
The script should be completely self explanatory.
Powershell SNMP Module (Install-Module -Name SNMP)
SNMP Write Access to...