This document provides information on the theory of operation and
configuration for the Cisco Unified Wireless LAN solution as it pertains to
supporting Multicast applications such as Apple’s Bonjour protocol. This
protocol enables Apple devices to query and announce specific services such as
AirPlay which allows audio and video to be shared between devices
This document is not restricted to specific software and hardware
The information in this document was created from the devices in a
specific lab environment. All of the devices used in this document started with
a cleared (default) configuration. If your network is live, make sure that you
understand the potential impact of any command.
The Bonjour protocol operates on service announcements and service
queries which allow devices to ask and advertise specific applications, such
File sharing services
Remote desktop services
iTunes file sharing
iTunes Wireless iDevice Syncing (in Apple iOS
AirPlay, which offers these streaming services:
Music broadcasting in iOS v4.2+
Video broadcasting in iOS v4.3+
Full screen mirroring in iOS v5.0+ (iPad2, iPhone4S or
Each query or advertisement is sent to the Bonjour multicast address
for delivery to all clients on the subnet. Apple’s Bonjour protocol relies on
Multicast DNS (mDNS) operating at UDP port 5353 and sends to these reserved
IPv4 Group Address - 184.108.40.206
IPv6 Group Address - FF02::FB
The addresses used by the Bonjour protocol are link-local multicast
addresses and thus are only forwarded on the local L2 domain. Routers cannot
use multicast routing to redirect the traffic because the time to live (TTL) is
set to one, and link-local multicast is meant to stay local by
When deploying Bonjour over network, it is important that both the
client and device offering the service are on the same VLAN. For the wireless
network, this means ensuring each client is on the same backend interface in
Note: Apple TV (release v5.0) does not support WPA2-Enterprise
authentication. For 802.1x networks, a workaround is to create a WPA2-PSK WLAN
using the same wired interface.
For a large scale deployment, using a single VLAN may be impossible.
The Apple TV Deployment Using VLAN Select
section of this document details how it is possible to have clients on one VLAN
while the Apple TV devices are on another.
Go to the Controller tab and then the
Multicast link on the left-hand menu. Enable Global
Multicast Mode and IGMP Snooping. In the v7.2
release, you should also enable MLD Snooping in order to deal
with Bonjour over IPv6.
Multicast and snooping mechanisms are outside the scope of this
document. For more background information on these topics, refer to
Multicast Technology Overview.
The Cisco Unified Wireless Network (CUWN) supports two methods of
multicast distribution to access points (APs) associated with the controller.
In both modes, the original multicast packet from the wired network is
encapsulated inside a Layer 3 CAPWAP packet sent via either CAPWAP Unicast or
Multicast to the AP. Since the traffic is CAPWAP encapsulated, APs do not have
to be on the same VLAN as the client Bonjour traffic. The two methods of
Multicast distribution are compared here:
The controller replicates the multicast packet and sends it to
each Access Point in a Unicast CAPWAP Tunnel
The controller sends one copy of the multicast
Multicast-multicast mode is the recommended option for scalability and
wired bandwidth efficiency reasons.
Note: Multicast-multicast mode is required for the 2500-Series Wireless LAN
Go to the Controller tab under the General page and
make sure AP Multicast Mode is configured to use Multicast
mode and that a valid group address is configured. The group address is an IPv4
multicast group and is recommended to be in the 239.x.x.x-220.127.116.11 range
which is scoped for private multicast applications. Do not use the 224.x.x.x,
239.0.0.x or the 239.128.0.x address ranges for the multicast group address.
Addresses in these ranges overlap with the link local MAC addresses and flood
all switch ports, even with IGMP snooping
If the wired network is not properly configured to deliver the CAPWAP
multicast between the controller and AP or FlexConnect mode and APs will be
used for centrally switched WLANs supporting multicast, then unicast-multicast
mode is required.
Go to the Controller tab on the General page and
make sure the AP Multicast Mode is configured to use Unicast
In order to verify that Bonjour is being forwarded correctly, browse to
the Monitor tab and click the Multicast
left-hand menu. The address of 18.104.22.168 should be visible from the list.
Click on the MGID number in order to view the clients which are joined to the
Multicast applications such as Bonjour require special consideration
when being deployed over a wireless network since a multicast in 802.11 is
essentially sent out as a broadcast so all clients can hear it. The actual data
rate used by the AP in order to transmit the Bonjour frames is the highest
mandatory rate configured within that band. For 2.4GHz, this is a default of
11Mbps, and for 5GHz, this is a default of 24Mbps.
In order to optimize the delivery of these frames, it is important to
tune the 802.11 data rates within the controller to allow multicast to be
delivered at the highest rate that the coverage model of the network can
support. For networks with a low density of APs, it may be necessary to keep
the data rates at the default. For a network that does not have any requirement
to support 802.11b clients, tuning the data rate to 12Mbps Mandatory and lower
rates disabled will help to reduce multicast airtime utilization. This is
configured under the Wireless tab and the 802.11b/g/n > Network
Note: The RF Profiles feature available in v7.2 allows per AP-Group
customization of data rates which allows tuning multicast transmission rates
for different coverage areas.
Peer-to-peer blocking is configured on a per-WLAN basis and prevents
clients on the wireless network from communicating with one another. By
default, it is disabled for new WLANs, but if enabled, it can cause issues for
services like AirPlay when the AppleTV is on the wireless network. Any Bonjour
service that relies on communication between wireless clients can be broken by
Under the WLANs tab > Advanced
section of the WLAN configuration, make sure P2P Blocking Action is set to
Apple AirPlay allows the entire screen of an Apple iPad2 or iPhone4S to
be displayed on the Apple TV (Generation 2). The discovery of the AirPlay
service is done via Bonjour, and the subsequent connection is TCP-based
unicasting the screen from the device to the Apple TV.
Check the Settings > AirPlay menu from the home screen in order to
make sure the Apple TV has AirPlay enabled. An optional passcode can be set for
security. This is advised in order to prevent screen stealing during a
On the Apple iOS device, double-click the home button in order to
reveal the multi-tasking view.
Swipe left to right (twice for iPhone, once for iPad) in order to
reveal a menu with the AirPlay icon as depicted
Choose Apple TV from the list, and enable
The status bar at the top of the Apple device will turn blue along
with adding an icon for AirPlay, signifying that you are broadcasting your
screen on the Apple TV.
The limitation of using Bonjour on a single VLAN is difficult to scale
for large campus networks such as a university or enterprise. If a large subnet
is created for all wireless clients,- the multicast Bonjour messages would
quickly consume up valuable airtime across the network. The VLAN Select feature
can be used to assign clients to an array of VLANs on the backend, essentially
breaking up the multicast domain. An option of the VLAN Select feature is the
Multicast VLAN which allows a specific interface to be selected for downstream
Using VLAN Select with the multicast VLAN feature allows a separate
subnet to be used for Apple TV devices, while still enabling AirPlay for use by
all clients on a separate WLAN.
Note: The use of VLAN Select with other Bonjour applications (like
messaging, or iTunes sharing) is limited because they are dependent on end user
devices being able to send out announcements to other end user devices.
Complete these steps:
Go to the Controller tab >
Interfaces on the left-hand menu. Create the necessary
interfaces for the client VLANs (client-a1 and client-a2 in this example) and
also an interface for the Apple TV subnet (client-mcast in this
Note: The Apple TV could also be deployed using the Ethernet interface on
the wired network. Make sure that their VLAN is the same as the multicast VLAN
used. In this example, VLAN 40.
Go to the Controller tab > Interface
Groups on the left-hand menu. Create a new interface group, and add in
the previously created client interfaces (client-a1 and client-a2, in this
Go to the WLANs tab and create the client SSID.
Select the interface group previously created in Step 2. Enable the
Multicast VLAN feature and select the multicast interface
created in Step 1.
Note: The multicast interface feature is one-way, meaning Bonjour
advertisements are sent down to clients, but the Bonjour discovery requests are
not sent upstream to the Apple TV interface. This means the Apple TV should be
forced to announce itself by being put to sleep, and then woken up. For more
information, see the Steps for Users of the VLAN
Select - Apple TV Deployment section of this document.
(Optional if Apple TVs are wired.) Create a new SSID
for the Apple TVs. The security policy should be WPA2-PSK, and
the interface should be the multicast VLAN created in Step 1. It is also
advisable to configure the WLAN radio policy to 802.11a only,
thereby keeping the Apple TV devices on 5GHz.
The Apple Bonjour gateway solves the problem of Bonjour devices being
unable to discover one another in a multi-subnet environment. The Bonjour
gateway runs the open source Avahi (http://avahi.org
) mDNS software which enables the device to
cache and respond to Bonjour queries on other network interfaces.
The Apple Bonjour gateway is designed to sit on multiple network
subnets and “reflect” the Bonjour requests across L3 boundaries. The Bonjour
gateway should be installed on a PC or in a Virtual Machine which is connected
to a trunk port on the network. Alternatively, the Gateway can have multiple
physical Ethernet uplinks in order to connect to multiple
The switch uplink configuration should use a trunk port with a native
VLAN in order to provide management access to the device. The other tagged
VLANs on the port are other subnets which require Bonjour Gateway