Hi, I am working with a network that spans multiple campuses and we are in the process of installing Apple TVs to conference room projectors in order to do wireless projecting. Our end result is that we want to only have local Apple TVs show up on user's devices(for instance, when connected wirelessly to APs closest to the conference room, only show that Apple TV, and in most general locations, show no Apple TV.) The way our network is set up is that there are 2 major VLANS, the one used for wireless connection via 802.1x, and the wired network.
We have used this guide and deployed the avahi bonjour gateway, which gives us connections over L3. But that is just the issue. Now all Apple TVs will show up to a user's device, regardless of physical location. Does anybody know of an easy way to:
1. Determine the AP a client is connected from(possibly through a SNMP trap?)
2. If the AP is a specified AP, allow the visibility of the specific Apple TV
The only thing I can think of is that in addition of having 1 general purpose wired and wireless VLAN(I'll call them 10 and 11 for namesake), and then create additional VLANS per conference room, for wired devices using the conference room's ethernet jacks(including the Apple TV, it can't do 802.1x), and for the local Access points in that area. So that breaks down to
12-conference room 1 wired/apple TV and nearby wireless APs
13-conference room 2 wired/apple TV and nearby wireless APs
Also, according to many articles online, Cisco is going to be integrating a bonjour gateway into their wireless controllers, which should be able to replace the avahi box. It also states that it will have the ability to create user-based access to certain bonjour devices like Apple TVs, but is there a possibility that there will also be the ability to restrict by connected AP?
I don't think there is a good way to prevent that. I don't think the wlc (future code) will have the ability to deny a client access to a device unless its close to an access point.
The only way I can see this work is if you create a vlan for every Apple TV and and the AP in that room on a different ap group so you can map the Apple TV SSID to that specific vlan. You would need I remove the bonjour gateway though.
This means you have to create more vlans (one per Apple TV), add ap groups and create small subnets.
Of course I'm thinking out loud, but that would be the only way I can see it working right now.