Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
New Member

WLC 7.5 Bonjour/mDNS at multiple sites

Hi all,

After reviewing the mDNS/Bonjour features of WLC software 7.5 (although most applies for 7.4 as well), I am left somewhat confused.  It seems that once services are discovered, there is no way to filter them to be advertised only to the site they were discovered at.

To simplify our environment, consider the following scenario:

  • A single WISM2 controller
  • A single SSID using dynamic VLANs deployed across diverse locations, with Wi-Fi mDNS discovery
    • eg. Site A has VLANs 11, 12, 13, Site B has VLANs 21, 22, 23
  • Wired mDNS discovery at both sites
    • eg. Site A has VLANs 101, 102, 103, Site B has VLANs 201, 202, 203

In the instance, let's say a printer, is discovered on wired VLAN 101, and I only want to advertise it to the Site A Wi-Fi VLANs, it seems that I can't.  All VLANs that are configured to advertise the printer mDNS service records receive it, which means Site B sees the printer at Site A.

Is there any way to achieve what I want here?  It seems a crazy limitation that I can't filter the VLANs to what advertisements they receive, considering the service provider database has the learnt VLAN information in it.

Alex

Everyone's tags (4)
24 REPLIES
Cisco Employee

WLC 7.5 Bonjour/mDNS at multiple sites

Hey Alex,

I think the solution here would be to set up an ACL on the WLC and apply them at the respective interfaces to achieve what you want:

http://www.cisco.com/en/US/products/hw/wireless/ps4570/products_tech_note09186a0080bb1d7c.shtml#block

With this, you can filter Bonjour to prevent discovery between specific nodes.

Cheers,
Erwin

______________________________________

How helpful was I? Don't forget to rate me when you have the chance!

Cheers, Erwin ______________________________________ How helpful was I? Don't forget to rate me when you have the chance!
New Member

WLC 7.5 Bonjour/mDNS at multiple sites

Erwin,

     The example you provided appears to block Bonjour completely.  Could you provide an example of how a device on VLAN 101 (Wired at Site A) would appear at site A on wireless VLANs 11,12, and 13 without being visible at site B on VLANs 21,22, and 23?   There would also need to be a reciprocal, so that a device on VLAN 201 would only be visible on 21,22, and 23.

     I think that Location Specific Services (LSS) can do some of this, but it doesn't apply to mDNS-AP discovered devices on the wired VLAN.  It only works with wireless devices, but the purpose of wiring these service providers is to reduce multicast traffic over the wireless. Hopefully a future release will change this behavior.

Mark

Cisco Employee

Re: WLC 7.5 Bonjour/mDNS at multiple sites

Okay, so I see the concern here, and part of the problem is that bonjour is link local and mDNS uses the multicast IP 224.0.0.251 with UDP 5353, so would be difficult to distinguish forwarding client queries with specific advertisements.  One other thing I can think of, but haven't tested to verify, is to create separate mDNS profiles for VLAN 201 and VLAN 101 and making sure the respective WLANs have the attached profile that you want to be forwarded.  However, this would require separate WLANs for each site and still unsure at this point if the WLC would be able to distinguish between the profiles or not.

The only other solution I can think of is to have a controller at each site, ultimately segregating the sites and giving you what you are looking for.

Cheers,
Erwin

______________________________________

How helpful was I? Don't forget to rate me when you have the chance!

Cheers, Erwin ______________________________________ How helpful was I? Don't forget to rate me when you have the chance!
New Member

Re: WLC 7.5 Bonjour/mDNS at multiple sites

Hi Erwin,

The original source IP of the mDNS is replaced with the controller (outbound) interface address when it passes through, so there is no way to apply an ACL to filter out different sites.  If it sent the mDNS packets out with the original source address, I'm sure the ACL would work great!

Also, I assume there would be no way to apply an ACL in any instance to interfaces off an AP (mDNS AP), so I wouldn't be able to filter.

It seems the mDNS profiles have no impact on discovery of services, only on the advertising of services to an interface.  With this in mind, I think a feature request to allow a profile to filter based on a list of VLANs (since this information is in the service provider database), my problem would (almost**) be solved.

Multiple controllers is out of the question unfortunately-- we have 50+ sites on our WISM2s.

Alex

** Using the same VLAN number at multiple sites is a reality when you are discovering at diverse layer-3 sites.  I think we'd prefer the service provider database to have network address the service was discovered on instead, and be able to filter on that.

Hall of Fame Super Silver

WLC 7.5 Bonjour/mDNS at multiple sites

Just wondering if you figured out a way to do this or not.... running into this issue also and looking for a nice clean approach:)

Thanks,

Scott

Help out other by using the rating system and marking answered questions as "Answered"

-Scott
*** Please rate helpful posts ***

Re: WLC 7.5 Bonjour/mDNS at multiple sites

I have been following this thread. This is a good one.

Sent from Cisco Technical Support iPhone App

__________________________________________________________________________________________ "Satisfaction does not come from knowing the solution, it comes from knowing why." - Rosalind Franklin ___________________________________________________________
Hall of Fame Super Silver

Re: WLC 7.5 Bonjour/mDNS at multiple sites

Haha... Same here. My work around is going to have to use FlexConnect and Avahi I think.

Sent from Cisco Technical Support iPhone App

-Scott
*** Please rate helpful posts ***

Re: WLC 7.5 Bonjour/mDNS at multiple sites

Sounds like a tac case / feature enhancement ..

Alex did you open a case for this by chance ?

Sent from Cisco Technical Support iPhone App

__________________________________________________________________________________________ "Satisfaction does not come from knowing the solution, it comes from knowing why." - Rosalind Franklin ___________________________________________________________
Hall of Fame Super Silver

Re: WLC 7.5 Bonjour/mDNS at multiple sites

Well v7.5 does ahv LSS LSS (Location Specific Services) which uses ap groups to filter.

http://www.cisco.com/en/US/partner/docs/wireless/technology/bonjour/7.5/Bonjour_Gateway_Phase-2_WLC_software_release_7.5.html#wp44429

Thanks,


Scott

Help out other by using the rating system and marking answered questions as "Answered"

-Scott
*** Please rate helpful posts ***
New Member

Re: WLC 7.5 Bonjour/mDNS at multiple sites

Scott,

     LSS doesn't support mDNS-AP, it only applies over the wireless: http://www.cisco.com/en/US/docs/wireless/controller/7.5/config_guide/b_cg75_chapter_01011.html – about halfway down under Configuring Multicast Domain Name System, it states that there is no location awareness for wired service provider devices (Apple TVs). It also states that mDNS-AP devices are considered wired – even though these devices were discovered by the APs, they don’t get filtered by LSS.

     If the Service provider is in the same wireless SSID/VLAN, you wouldn't need Bonjour Gateway.  If it's in a different wireless SSID/VLAN, but on the same AP, you'd be hairpinning traffic and doubling up wireless airtime.  LSS doesn't make much sense to me, unless I'm missing something.

     Our solution so far is to extend the wireless VLAN out to a single port on the wired network, but the AppleTV can only be plugged into that port.  It limits our user's mobility with the devices.

     I've sent this on to our Cisco reps, and they are pushing it up the chain for a feature request.

Mark

Hall of Fame Super Silver

Re: WLC 7.5 Bonjour/mDNS at multiple sites

That is correct.... wired isn't supported with this as it required AP Groups.  We are transitioning 300 Apple TV's which some are wired to wireless and going to test this feature out.  Other than that, if your Apple TV's of other devices are wired, Cisco is looking at having something to be able to filter that, but that isn't going to happen anytime soon.

Thanks,

Scott

Help out other by using the rating system and marking answered questions as "Answered"

-Scott
*** Please rate helpful posts ***
New Member

Re: WLC 7.5 Bonjour/mDNS at multiple sites

Yeah, I have now opened a TAC case.  I will let you all know how it progresses.

New Member

WLC 7.5 Bonjour/mDNS at multiple sites

Absolutely subscribed to this one.  Very interested in any results, findings or opinions.  Thx! //art

Hall of Fame Super Silver

WLC 7.5 Bonjour/mDNS at multiple sites

So with v7.5.... did some testing.  If you have an Apple TV, or any device that has bonjour services, any client on the same ap or an adjacent AP, in the ap neighbor table, will be able to see the bonjour services.  So if you have a bonjour printer in the other end of the building, you will not see the bonjour services for that device since the AP you are associated to is most likely not in the ap neighbor list in which the bonjour printer is associated to.

So there is no type of filtering as of yet and I was told that they are looking into it and it may be a function of another device, not the WLC.... but who really knows:)

Thanks,

Scott

Help out other by using the rating system and marking answered questions as "Answered"

-Scott
*** Please rate helpful posts ***
New Member

WLC 7.5 Bonjour/mDNS at multiple sites

Thanks Scott...that's consistent with what I've observed for wireless clients.

With reference to any services discovered by mDNS-AP's - I understand that the information is captured by the ap and then sent back to the controller and placed in a single list and treated at a wired origin.  That's a great first step but it would only take one or two more to make this "usable". 

Given that the mDNS AP is reporting back what it has heard, would it not be possible to prefix the entry in the controller with the AP-Group the reporting ap belongs to?  With such a prefix, the controller could then maintain a list for each ap-group (either seperate lists or a single with a prefix value) and respond to service requests from clients based on their connectivity within an ap group.  To me this would be a good first pass as cutting down the size/inventory of the services being offered for a given area.

So close............

//art

Hall of Fame Super Silver

WLC 7.5 Bonjour/mDNS at multiple sites

Yeah that makes sense to us, but Cisco needs to understand what we need.  It would be nice to define the services per AP Group, but they would had to figure that piece out.  It would also be nice to have an mDNS group feature which you can specify vlans (wired and wireless) to provide services and or filter specific services to be broadcast per user or vlan level. 

Thanks,

Scott

Help out other by using the rating system and marking answered questions as "Answered"

-Scott
*** Please rate helpful posts ***
New Member

Re: WLC 7.5 Bonjour/mDNS at multiple sites

Can't wait for a better solution.

Sent from Cisco Technical Support iPad App

New Member

Re: WLC 7.5 Bonjour/mDNS at multiple sites

All,

The response to my TAC case was:

  • "This feature is not supported as of now."
  • "I would suggest raising this through the local accounts team and taking this further." ... "Any enhancement request coming in through the accounts team will be the best way to get the desired speed."

I will attempt to do as has been suggested, however I'm not convinced that will be the best path.

If anyone else wants to try this as well, feel free to reference my TAC case which is 627112765 (not sure if that helps any!).

Regards,

Alex

Re: WLC 7.5 Bonjour/mDNS at multiple sites

Alex,

Leo, Scott and myself each forwarded this request to our SEs. Great work on your part bringing this to light ..

Sent from Cisco Technical Support iPad App

__________________________________________________________________________________________ "Satisfaction does not come from knowing the solution, it comes from knowing why." - Rosalind Franklin ___________________________________________________________
New Member

WLC 7.5 Bonjour/mDNS at multiple sites

Just asked my SE about this, after reading up on LSS to attempt deploying it. Then I found this thread, now subscribed.

I'm doing mostly "wired" snooping via mDNS-AP.

Hall of Fame Super Gold

WLC 7.5 Bonjour/mDNS at multiple sites

Leo, Scott and myself each forwarded this request to our SEs.

George,

Alex's my supervisor. 

I think our request went into a "null route" because we sent the request, got a confirmation that it's a "good idea" and but the only thing we hear back is cricket noise.

New Member

WLC 7.5 Bonjour/mDNS at multiple sites

They added another filter for mdns in 7.6 for the origin of the service advertisement

http://www.cisco.com/en/US/docs/wireless/controller/7.6/configuration/guide/b_cg76_config_multicast.html#d160379e529a1635

Origin-Based Service Discovery

You  can configure a service to filter inbound traffic that is based on its  origin, that is either wired or wireless. All the services that are  learned from an mDNS AP are treated as wired. When the learn origin is  wired, the LSS cannot be enabled for the service because LSS applies  only to wireless services.

A service that has its origin set to wireless cannot be changed to  wired if the LSS status is enabled for the service because LSS is  applicable only to wireless service provider database. If you change the  origin between wired and wireless, the service provider database  entries with the prior origin type is cleared.

WLC 7.5 Bonjour/mDNS at multiple sites

Hi Alex,

Any updates about this situation?. Did you find any nice clean approach as Scott mentioned above?

thanks

AC

New Member

The limitation of using

The limitation of using Bonjour on a single VLAN is difficult to scale for large campus networks such as a university or enterprise. If a large subnet is created for all wireless clients,- the multicast Bonjour messages would quickly consume up valuable airtime across the network. The VLAN Select feature can be used to assign clients to an array of VLANs on the backend, essentially breaking up the multicast domain. An option of the VLAN Select feature is the Multicast VLAN which allows a specific interface to be selected for downstream multicast traffic.

This is a good link though

https://supportforums.cisco.com/discussion/11994356/pages-cisco-ise-12-says-error-code-wap00008

4319
Views
5
Helpful
24
Replies
CreatePlease to create content