The documentation set for this product strives to use bias-free language. For the purposes of this documentation set, bias-free is defined as language that does not imply discrimination based on age, disability, gender, racial identity, ethnic identity, sexual orientation, socioeconomic status, and intersectionality. Exceptions may be present in the documentation due to language that is hardcoded in the user interfaces of the product software, language used based on RFP documentation, or language that is used by a referenced third-party product. Learn more about how Cisco is using Inclusive Language.
This document describes how to configure the multicast Domain Name Services (mDNS) Gateway feature on Catalyst 9800 Wireless Controllers.
Cisco recommends that you have knowledge of these topics:
The information in this document is based on these software and hardware versions:
The information in this document was created from the devices in a specific lab environment. All of the devices used in this document started with a cleared (default) configuration. If your network is live, ensure that you understand the potential impact of any command.
This document also explains how this special multicast traffic known as mDNS (or Bonjour) is handled by C9800 controllers.
In C9800 Architecture, mDNS (Bonjour Protocol) Bridging refers to the same L2 broadcast domain Bonjour TTL=1 protocol packet forwarding. The dataplane enables mDNS bridging functionality for packets received on the wired ports and wireless interfaces for each WLAN by default. This is the default behavior without specific configuration required, as not even Global mDNS needs to be enabled to allow mDNS Bridging to work, however, you can disable it per WLAN if needed by changing the mDNS mode at WLAN settings. If Access Point (AP) Control and Provisioning of Wireless Access Points (CAPWAP) Multicast-Multicast mode is enabled, C9800 bridges each mDNS packet to the AP multicast group configured on the controller so wireless clients can receive it, otherwise, it can create a copy of each mDNS packet received, which is then bridged individually to every single AP via CAPWAP unicast tunnel. Both scenarios, C9800 also bridges the mDNS packets into the wired at the VLAN of the client that originated the mDNS packet.
Therefore, mDNS can work in C9800 without special configuration as long as the devices involved in mDNS handshake (like client and Chromecast for example) are on the same subnet. Ideally, it is better to filter mDNS traffic with the use of mDNS Gateway as explained in the next section.
The mDNS Gateway feature introduced on AireOS Wireless Controllers is also supported on Catalyst 9800 Wireless Controllers from 16.11.1. This feature is disabled by default and you can enable/disable it per WLAN after you enable it globally.
The mDNS Gateway feature works the same way like in previous AireOS Wireless Controller, the C9800 listens for Bonjour services (mDNS advertisements and queries) on wired and wireless interfaces, caches these Bonjour services (AirPlay, AirPrint, Googlecast, and so on) advertised from each source/host in an internal database and is able to bridge those mDNS packets between different broadcast domains while it filters unneeded services and avoids their multicast flow in the network. This way you can have the sources and clients of such services in different subnets, and also control mDNS traffic in your network.
The C9800 that acts as mDNS Gateway replies to mDNS queries from clients (for cached services) sourcing these mDNS responses with the use of its IP address for the VLAN assigned to the client that asks for the service. This is why all VLANs on the C9800 controller where there are clients that require mDNS/Bonjour services must have a valid IP address configured at the Switched Virtual Interface (SVI).
For more information about the Bonjour/mDNS Gateway feature, refer to AireOS Wireless LAN Controller Bonjour Phase III Deployment Guide.
This is the diagram of the example setup. The purpose is to allow wireless clients to use mDNS services from a different subnet, which requires mDNS Gateway as shown in the image.
Step 1. In order to enable mDNS Gateway globally, navigate to Configuration > Services > mDNS. Under Global, switch to Enable mDNS Gateway and select Apply as shown in the image.
Step 2 (Optional). Configure a custom mDNS Service List for a custom Service Policy. If you want to use default mDNS Service List and Service Policy, move to Step 5.
Under Configuration > Services > mDNS, in the Service Policy tab, configure new Service Lists as required. C9800 has predefined common services used by most wireless devices. If you do not need a special (not available) service, you can create a List with predefined available Services, but if needed, you can also add new services (with Service Definition).
You need both, a Service List for Incoming (IN) direction and a Service List for Outgoing (OUT) direction (so required services are filtered when coming into the C9800 and when going out from it; hence, both lists are supposed to have the same services).
1. Define a Service List Name for IN services.
2. Choose IN direction.
3. Choose Add Services.
4. Available Services drop-down list is displayed. Choose the desired Service and Message Type any.
5. Repeat steps to add more services as required.
6. Choose Apply to Device as shown in the image.
1. Define a Service List Name for OUT services.
2. Choose OUT direction.
3. Move Available Services into the Assigned Services list.
5. Repeat steps to add more services as required.
6. Choose Apply to Device as shown in the image.
Tip: Upon migration task from previous AireOS WLC, you can build your new list based on AireOS default mDNS list.
Step 3 (Optional). If you use a custom Service List (Step 2.), you need to define a custom mDNS Service Policy to be used with those customized Service Lists. Navigate to Configuration > Services > mDNS > Service Policy. Choose Service Policy and perform the next steps:
1. Define a Service Policy Name.
2. Add your custom Service List IN to Service List Input.
3. Add your customer Service List OUT to Service List Output.
4. Under Location, choose site-tag, Location Specific Services (LSS), or your preferred available option. In this example, site-tag is used as shown in the image.
Step 4. (Optional). Passing the mDNS Service Policy to a Policy Profile.
Navigate to Configuration > Tags & Profiles > Policy > Policy Profile Name > Advanced and choose from the mDNS Service Policy drop-down list, the custom mDNS Service Policy previously created (in this example mdns-policy1), and then choose Update and Apply to Device as shown in the image.
Step 5. Navigate to Configuration > Tags & Profiles > WLANs > WLAN > Advanced and choose Gateway on mDNS mode drop-down list and then Update and Apply to Device. The default mode is Bridging (you can use Drop to disable/drop mDNS services on the WLAN) as shown in the image.
If a custom Service Policy is not used, the WLAN uses the default-mdns-service-policy assigned to the Policy Profile, which uses the mDNS default-service-list. You can verify the list of default services with the use of this command:
C9800#show running-config mdns-sd default-service-list ======================================================================= mDNS Default Service List ======================================================================= Service Name PTR Name ======================================================================= airtunes : _raop._tcp.local airplay : _airplay._tcp.local homesharing : _home-sharing._tcp.local google-chromecast : _googlecast._tcp.local printer-ipp : _ipp._tcp.local printer-ipps : _ipps._tcp.local printer-lpd : _printer._tcp.local printer-socket : _pdl-datastream._tcp.local itune-wireless-devicesharing2 : _apple-mobdev2._tcp.local
Step 1. Enable mDNS globally with the use of these commands:
C9800#conf t Enter configuration commands, one per line. End with CNTL/Z. C9800(config)#mdns-sd gateway C9800(config-mdns-sd)#transport both C9800(config-mdns-sd)#active-query timer 30 C9800(config-mdns-sd)#exit C9800(config)#
Step 2 (optional). Configure a custom Service List for IN services, and add the different services required from the available list:
C9800(config)#mdns-sd service-list my-mdns-list IN C9800(config-mdns-sl-in)#match ? airplay airplay airserver airserver airtunes airtunes amazon-fire-tv amazon-fire-tv apple-airprint apple-airprint apple-continuity apple-continuity apple-file-share apple-file-share apple-homekit apple-homekit apple-itunes-library apple-itunes-library apple-itunes-music apple-itunes-music apple-itunes-photo apple-itunes-photo apple-keynote apple-keynote apple-rdp apple-rdp apple-remote-events apple-remote-events apple-remote-login apple-remote-login apple-screen-share apple-screen-share apple-timecapsule apple-timecapsule apple-timecapsule-mgmt apple-timecapsule-mgmt apple-windows-fileshare apple-windows-fileshare fax fax google-chromecast google-chromecast homesharing homesharing itune-wireless-devicesharing2 itune-wireless-devicesharing2 multifunction-printer multifunction-printer phillips-hue-lights phillips-hue-lights printer-ipp printer-ipp printer-ipps printer-ipps printer-lpd printer-lpd printer-socket printer-socket roku roku scanner scanner spotify spotify web-server web-server workstation workstation C9800(config-mdns-sl-in)#match airtunes message-type any
C9800(config-mdns-sl-in)#exit
Configure a custom Service List for OUT services, and add the different services required from the available list:
C9800(config)#mdns-sd service-list my-mdns-list-out OUT
C9800(config-mdns-sl-out)#match ?
airplay airplay
airserver airserver
airtunes airtunes
amazon-fire-tv amazon-fire-tv
apple-airprint apple-airprint
apple-continuity apple-continuity
apple-file-share apple-file-share
apple-homekit apple-homekit
apple-itunes-library apple-itunes-library
apple-itunes-music apple-itunes-music
apple-itunes-photo apple-itunes-photo
apple-keynote apple-keynote
apple-rdp apple-rdp
apple-remote-events apple-remote-events
apple-remote-login apple-remote-login
apple-screen-share apple-screen-share
apple-timecapsule apple-timecapsule
apple-timecapsule-mgmt apple-timecapsule-mgmt
apple-windows-fileshare apple-windows-fileshare
fax fax
google-chromecast google-chromecast
homesharing homesharing
itune-wireless-devicesharing2 itune-wireless-devicesharing2
multifunction-printer multifunction-printer
phillips-hue-lights phillips-hue-lights
printer-ipp printer-ipp
printer-ipps printer-ipps
printer-lpd printer-lpd
printer-socket printer-socket
roku roku
scanner scanner
spotify spotify
web-server web-server
workstation workstation
C9800(config-mdns-sl-out)#match airplay
C9800(config-mdns-sl-out)#exit
Step 3 (optional). Create a mDNS Service Policy with the use of these commands:
C9800(config)#mdns-sd service-policy mdns-policy1 C9800(config-mdns-ser-pol)#location site-tag C9800(config-mdns-ser-pol)#service-list my-mdns-list IN
C9800(config-mdns-ser-pol)#service-list my-mdns-list-out OUT
C9800(config-mdns-ser-pol)#exit C9800(config)#
Step 4 (optional). Add the mDNS Service Policy to the Policy Profile with the use of these commands:
C9800(config)#wireless profile policy my-policy-profile C9800(config-wireless-policy)#mdns-sd service-policy mdns-policy1 Warning! Ensure mDNS service policy is configured globally. C9800(config-wireless-policy)#exit
Step 5. Enable mDNS Gateway in the WLAN with the use of these commands:
C9800(config)#wlan 9800-mdns C9800(config-wlan)#shut C9800(config-wlan)#mdns-sd gateway Warning! Ensure global mDNS gateway is configured. C9800(config-wlan)#no shut C9800(config-wlan)#exit
When you implement the mDNS Gateway feature in a mobility Anchor WLAN, where both the Foreign and Anchor WLCs are C9800 and the wireless clients obtain their IP address from VLAN(s) in the Anchor controller, this is the behavior and the required setup:
Use this section in order to confirm that your configuration works properly.
Use commands:
C9800#show mdns-sd summary mDNS Gateway: Enabled Active Query: Enabled Periodicity (in minutes): 30 Transport Type: Both IPv4 and IPv6
Review if WLC is actually caching mDNS services and which ones (in a mobility Anchor WLAN, this cache can be checked on the Anchor controller), by listing the mDNS cached services with this command, where you can see the source MAC address of the device that offers the service and even its IP address, along with other mDNS details:
C9800#show mdns-sd cache ------------------------------------------------------------- PTR Records ------------------------------------------------------------- RECORD-NAME TTL TYPE ID CLIENT-MAC RR-RECORD-DATA --------------------------------------------------------------------------------------------------------------------------------------- _googlecast._tcp.local 4500 WLAN 2 48d6.d50c.a620 Chromecast-Ultra-687f65f66d478b2c787eac8bc7c9efad. ------------------------------------------------------------- SRV Records ------------------------------------------------------------- RECORD-NAME TTL TYPE ID CLIENT-MAC RR-RECORD-DATA --------------------------------------------------------------------------------------------------------------------------------------- Chromecast-Ultra-687f65f66d478b2c787eac8bc7c9 4500 WLAN 2 48d6.d50c.a620 0 0 8009 687f65f6-6d47-8b2c-787e-ac8bc7c9efad.loca ------------------------------------------------------------ A/AAAA Records ----------------------------------------------------------- RECORD-NAME TTL TYPE ID CLIENT-MAC RR-RECORD-DATA --------------------------------------------------------------------------------------------------------------------------------------- 687f65f6-6d47-8b2c-787e-ac8bc7c9efad.local 4500 WLAN 2 48d6.d50c.a620 172.16.9.11 ------------------------------------------------------------- TXT Records ------------------------------------------------------------- RECORD-NAME TTL TYPE ID CLIENT-MAC RR-RECORD-DATA --------------------------------------------------------------------------------------------------------------------------------------- Chromecast-Ultra-687f65f66d478b2c787eac8bc7c9 4500 WLAN 2 48d6.d50c.a620 [172]'id=687f65f66d478b2c787eac8bc7c9efad''cd=9A10 C9800#
This section provides information you can use in order to troubleshoot your configuration.
If you need to check more details about all the exchanges that happen on the C9800, queries, caching behavior, responses, drops, errors, and more, gather these traces at the C9800 while you recreate the issue (connect the device that offers the service and the client asks for the service, let them try to discover the services required):
Revision | Publish Date | Comments |
---|---|---|
2.0 |
25-May-2023 |
Updated Introduction, Machine Translation, Style Requirements, SEO, Gerunds, Alt Text, and Formatting. |
1.0 |
21-Apr-2020 |
Initial Release |