Back to Home Back to Archive

Using mDNS Snooping for 'Bonjour' support

February 24, 2014
Long story short: Bonjour service advertisements, including those sent from Apple TV's, have a destination address of link-local multicast 224.0.0.251. What this means is that the advertisements,by spec, will not cross a subnet boundary.
Who cares if at home & kind of a nightmare in the Enterprise.
Apple eventually went to the IETF in search of a standard that was more Enterprise-friendly (IETF link). Until that becomes a reality, vendors have implemented "work-arounds". If you're reading this, I'm guessing you've already experienced the nightmare.
I've wrestled with supporting ATV's, for AirPlay & AirTunes in a number of ways (Avahi-Daemon/Linux, Aerohive Bonjour Gateway & Cisco WLC's).

In my particular environment, I have professors utilizing AirPlay for iOS programming classes, Conference/Class Rooms & AirTunes capable receivers for Music students to share their creations.

Here is a brief how-to/getting started if trying to enable this in a Cisco WLC environment (Based on AirOS). This assumes you've already defined mDNS profiles & applied them to your SSID's via the WLC. Note, even if you only want to support AirPlay, you still need to support AirTunes.

Using mDNS snooping on WLC 7.4 code (snooping via WiFi)

Apple Configurator -- Get it on itunes

Connecting the ATV (or AirServer) to an WPA2-Enterprise (PEAP) 802.1X SSID:
  1. Download/Install "Apple Configuration Utility". This must be done on OSX
  2. Create a new 'profile'. This will contain the settings we are to push to the AppleTV
  3. Under "WiFi" tab; enter or select the following:
  • SSID
  • auto join
  • hidden network (if it's a non-broadcast SSID)
  • Security-type: WPA/WPA2 Enterprise
  • Protcols: PEAP
  • Username/password associated with this particular device.
  • Leave "outer identity" blank
  • Trust: ensure the server certificate is trusted (this is RADIUS server cert)IUS server cert)
To add the RADIUS certificate:
  • Click 'certificates' on the left
  • click the "+" sign, and point to the certificate file. Note, this must be the 'signed' certificate received back from the CA. You may need to modify the certificate file format (I use OpenSSL for this).
You then hit "prepare" and plug the AppleTV into the mac (usb). 
NOTE: You must have the appletv hard-wired (Ethernet) when applying the config. After the config is applied, you can disconnect the wire, and wireless should work. This is because the AppleTV will not be able to sync time without a network connection, and with invalid time 802.1X fails.
NOTE2: 7.4 does not support mDNS snooping for IPv6: link

The 7.5+ way (snooping via Wired) -- called "mDNS AP"

I prefer to deploy it this way, though there are currently limitations.* The 802.11 channel utilization is much lower when both the "sender" & "reciever" are not via WiFi. Also, some devices, like AirTunes capable stereo recievers, Mac Pro's & PC's running AirServer http://www.airserver.com/ do not have WiFi built-in.

  • Configure the .1Q trunk to the AP, so for example in the following I have the MDNS-AP snooping on vlans 52,53,138...etc. and the native vlan is set to 3718, as that is the vlan that the AP management interface resides on.

int gi3/3
switchport trunk native vlan 3718
switchport trunk allowed vlan 52,53,138,280,315,1352,3016,3700,3718

  • Then on the WLC, you need to tell it which vlans to snoop (listen for link-local multicast/Bonjour advertisements). Assume for the following example that "bhs-mdns" is the name of your Access Point:

config mdns ap vlan add 52 bhs-mdns
config mdns ap vlan add 53 bhs-mdns
etc. etc.

You can verify config by issuing the following:
show mdns ap summary
   AP Name              Ethernet MAC       Number of Vlans     VlanIdentifiers
------------------   --------------------  -----------------  -----------------------------
bhs-mdns              c4:6:13:c1:88:bb          8              138,3016,52,200,280,53,315,1352
To prioritize the AppleTV service (see cisco doc. on priority-mac) do the following for each ATV, utilizing the MAC of the AppleTV. This is most likely necessary if your are using 7.4 WLC code:
config mdns service priority-mac add 10:dd:b1:a4:b4:ee AppleTV

*Limitations when using the "mdns-ap" feature are the loss of LSS capabilities. This will likely be addressed in ver. 8.0 WLC code.

Other interesting links on the topic: