Troubleshoot the Cisco Wide Area Bonjour Application

Cisco SDG Agent Connection State Issues

The Cisco SDG Agent can ping Cisco DNA Center, but the Wide Area Bonjour application shows the status of the SDG Agent as Inactive.

Complete the following steps to troubleshoot the issue.

Procedure

Step 1

From the Wide Area Bonjour application home page, under the Monitor drop-down list, select SDG Agent.

Step 2

Navigate to the Cisco DNA Center Inventory and check whether the SDG Agent is reachable.

If the SDG Agent is Unreachable, make sure that the SDG Agent is reachable in the Cisco DNA Center Inventory. If the SDG Agent is reachable in the Cisco DNA Center Inventory, but the state is Inactive in the Wide Area Bonjour application, the issue could most likely be that the IP Address of the SDG Agent is not included as either a Source Agent or a Query Agent in any of the service filters defined in the controller.

For information about creating service filters, see Build Wide Area Bonjour Service Filter Configurations.

Missing Wide Area Bonjour Service Records

If a specific service instance is listed in the SDG Agent's records, but is not listed in the Service Instances page under the Monitor tab, complete the following steps to troubleshoot the issue.

Procedure

Step 1

Ensure that the SDG Agent is reachable and is in the Active state in the Wide Area Bonjour application. See Cisco SDG Agent Connection State Issues.

Step 2

If the SDG Agent state is Active, check whether the service list of the Source Agent is configured to forward announcements of the required type to the controller.

Note 

If you do not find the service instances of a specific service type on the Service Instances page under the Monitor tab of the Wide Area Bonjour application, make sure that the service type is included in one of the match statements on the SDG Agent's out policy for the Controller.

The following is a sample Wide Area Bonjour configuration on the SDG Agent. 

service-export mdns-sd controller WIDE-AREA-BONJOUR-POLICY
    controller-address 10.251.1.1
    controller-port 9991
    controller-service-policy DNAC-CONTROLLER-POLICY OUT
    controller-source-interface Loopback0

mdns-sd service-list DNAC-CONTROLLER-SERVICES OUT
    match airplay
    match apple-rdp
    match apple-file-share
    match google-chromecast


mdns-sd service-policy DNAC-CONTROLLER-POLICY
    service-list DNAC-CONTROLLER-SERVICES OUT

In the above example:

  • The SDG Agent will send an announcement from the mDNS cache to the Controller only if the service type is allowed by DNAC-CONTROLLER-POLICY.

  • DNAC-CONTROLLER-POLICY allows the services that match those defined in the service list DNAC-CONTROLLER-SERVICES

  • DNAC-CONTROLLER-SERVICES matches a service type if it is included in one of the match statements. The service list in the example will only send airplay (Apple TV), Apple-RDP, Apple File Share, and Google Chromecast services to the Controller. Other services which have not been specified here (such as printer service) will be dropped.

Step 3

If the SDG Agent is correctly configured, on Cisco DNA Center, ensure that the service policy has been correctly configured to accept the announcement.

The XLS file lists the dropped announcements along with their causes. The following table lists some of the common causes for dropped announcements and how to fix them.

Possible Causes for Dropped Announcements

Suggested Fixes

The IP addresses of the announcing SDG Agent and source SDG Agent of the service filter do not match.

Correct the service filter. See Build Wide Area Bonjour Service Filter Configurations.

The subnet and mask in the announcement packet do not match those in the service filter.

Correct the service filter. Build Wide Area Bonjour Service Filter Configurations.

The service filter is not enabled.

If the service filter is not enabled, then all the matching announcements and queries are dropped. Enable the service filter from the Wide Area Bonjour application.

The end point MAC address is not included in the list of configured MAC addresses for the service filter. This is applicable only in the case of selective services.

Add the MAC address to the list of configured MAC addresses for the service filter. See Create Selective Service Instance Service Filter.

Step 4

Inspect the sdg-service log on Cisco DNA Center for possible causes of the dropped announcement.

In some cases, it may be useful to view the Cisco DNA Center troubleshooting logs for the sdg-service, since it provides more detailed information, with options for real-time log viewing. To view the Cisco DNA Center debug logs, complete the following steps:

  1. Set the Cisco DNA Center logging level to DEBUG. For information about configuring debugging logs in Cisco DNA Center, see the Cisco Digital Network Architecture Center Administrator Guide.

  2. SSH to Cisco DNA Center and view the logs for the sdg-service.

  3. Turn on DEBUG level logging in Cisco DNA Center, and access the log when the announcements are going on.

  4. In the log, look for the Policy Matcher input string that matches the SDG Agent, Service Type, and Subnet and mask, corresponding to the announcement being sent. Here is a sample Policy Matcher Input string. 

    Policy Matcher Input [ip=10.151.255.1, network=10.151.1.0, mask=28, macAddress=08:66:98:bb:e6:a9, serviceType=_airplay._tcp.local.]

    The above sample string tells that the announcement (or query) for service type _airplayy._tcp.local was sent from the subnet 10.151.1.0/28 of the SDG Agent 0.251.255. The controller matches this input with its configured service filters. If no matching policies is found then the announcement or query is dropped.

    The following is an extract from a log with the error showing that no matching policies have been found for the announcement. 

    2019-07-31 00:23:12,400 | DEBUG | adManager-Announcements-6 |  | c.c.s.r.matchers.RulesEngineManager | Policy Matcher Input [ip=10.151.255.1, network=10.151.1.0, mask=28, macAddress=08:66:98:bb:e6:a9, serviceType=_airplay._tcp.local.] | 

2019-07-31 00:23:12,400 |  <snip> <snip> <snip>

2019-07-31 00:23:12,400 |   INFO | adManager-Announcements-6 |  | c.c.s.p.p.AnnouncementProcessorImpl | No matching policies for valid announcements found. DROPPING THE ANNOUNCEMENT. |

The following are the possible reasons for why the query may be dropped:

  • The service type (such as _airplay._tcp.local) is not included in the policy.

  • The SDG Agent IP address does not match the Announcing SDG Agent.

  • The VLAN (subnet) is not enabled in the policy.

  • The VLAN is not in the SDG Agent,

  • The subnet or mask does not match the policy configuration.

Device Does Not Receive a Response From the Controller

Your device (a laptop for example) does not receive a response to its query from the Cisco DNA Center Controller, for the following possible reasons:

  • Device or VLAN Misconfiguration

    • The device is not connected at all, or is not connected to the correct VLAN. In this case, check the configuration and ping the network.

    • The connected VLAN is not configured with mDNS. In this case, check the VLAN configuration.

    • The query is dropped by the SDG Agent due to incorrect ingress (IN) service list configuration for the VLAN. See the Cisco IOS-XE Service Discovery Gateway for Bonjour User Guide.

No Matching Service Instance Found

Procedure

Step 1

Send a query from the device and access the corresponding log file.
Step 2

In the Cisco DNA Center sdg-service debug log, search for the Policy Matcher Input string, which matches with the SDG Agent, Service Type, and Subnet or Mask, corresponding to the query that was sent.

The following is an extract of a log which has a service instance.

Policy Matcher Input [ip=10.151.255.1, network=10.151.2.0, mask=28, serviceType=_airplay._tcp.local.]
  ...   ...   .....   .....   .....
<snip> ... Found 1 services to respond. Sending.. |

The following is an extract of a log which does not have a service instance.

Found 0 services to respond. Sending...
Step 3

In this case, either there are actually no service instances present, in which case the result is as expected. However, the service policy itself might have a mistake and may need correction.

The Controller OUT Policy in the SDG Agent Drops the Query

To identify whether the query was dropped by the Controller OUT policy on the SDG Agent, examine whether the policy configured in the Wide Area Bonjour configuration allows the service type being queried. The following is an extract from a log where the policy configured in the Wide Area Bonjour configuration allows the service-type being queried. 

service-export mdns-sd controller WIDE-AREA-BONJOUR-POLICY
    controller-address 10.251.1.1
    controller-port 9991
    controller-service-policy DNAC-CONTROLLER-POLICY OUT
    controller-source-interface Loopback0

For the configuration above, ensure that the service policy DNAC-CONTROLLER-POLICY includes the service-type being queried. If not, then the SDG Agent will not route the query to the controller.

Cisco DNA Center Drops the Query Because it Does Not Match Its Policy

Procedure

Step 1

Access the Cisco DNA Center sdg-service debug logs.

Step 2

Look for the Policy Matcher Input string that matches the SDG Agent, Service Type, and Subnet or Mask, corresponding to the query being sent.

The following is an extract from a log with the error showing that no matching policies have been found.

2019-08-02 16:17:48,462 |  DEBUG | ueryProcessingCategory-14 |  | c.c.s.r.matchers.RulesEngineManager | Policy Matcher Input [ip=10.151.255.1, network=10.151.2.0, mask=28, serviceType=_airplay._tcp.local.] | 

2019-08-02 16:17:48,462 |  DEBUG | ueryProcessingCategory-14 |  | c.c.a.r.engine.impl.RulesEngineImpl | Matched rules are:  | 
2019-08-02 16:17:48,462 |  DEBUG | ueryProcessingCategory-14 |  | c.c.a.r.engine.impl.RulesEngineImpl |  | 
2019-08-02 16:17:48,462 |  DEBUG | ueryProcessingCategory-14 |  | c.c.s.p.p.QueryProcessorImpl | No Matching Policies found , returning |

The following are the possible reasons for why the query was dropped:

  • The service type _airplay._tcp.local is not included in policy.

  • The SDG Agent does not match the Query SDG Agent.

  • The VLAN (subnet) is not enabled in the policy.

  • The VLAN is not in the SDG Agent.

  • The subnet or mask does not match the policy configuration. Correct the service filter appropriately.