The documentation set for this product strives to use bias-free language. For the purposes of this documentation set, bias-free is defined as language that does not imply discrimination based on age, disability, gender, racial identity, ethnic identity, sexual orientation, socioeconomic status, and intersectionality. Exceptions may be present in the documentation due to language that is hardcoded in the user interfaces of the product software, language used based on RFP documentation, or language that is used by a referenced third-party product. Learn more about how Cisco is using Inclusive Language.
The following topics are covered under this chapter:
To configure and demonstrate the Service Discovery Gateway feature on WLC5760, we created a VLAN interface for Bonjour Services (AirPlay, AirPrint, and so on) on a separate VLAN than the Client VLAN.
Here is an example showing different VLANs, one for Clients (VLAN30) and another one for mDNS services (AirPlay, AirPrint and so on—VLAN31), configured on the WLC5760. Also, these VLANs are tied to the client WLAN (SSID) and the mDNS Services WLAN (SSID) respectively.
Active Queries are specific filters that actively query for services attached to local segments. This helps to keep services "fresh" in the cache. If a device queries for a specific service, the cache already holds a valid record and it does not need to proxy the service query to the attached network segments, but can respond immediately. This also helps to quickly detect the removal of a service (For example: A device is turned off without proper announcement of the service removal).
service-list mdns-sd active-query query service-type _airplay._tcp.local service-type _raop._tcp.local service-type _ipp._tcp.local service-type _sleep-proxy._udp.local service-type _printer._tcp.local service-type _scanner._tcp.local ! service-routing mdns-sd service-policy-query active-query 60
Once clients are connected and Global mDNS are enabled, we can confirm the mDNS services that are discovered and cached by navigating to Monitor > Controller > mDNS > Service Cache.
It is possible to restrict the WLC to only learn and cache services available on specific interfaces. In this example, we will remove the global service-list created in the previous section and create a service-list tied to a specific VLAN interface.
Note | Service Rules are processed in sequence. Also, redistribution is not enabled in this configuration. |
Note | Redistribution is the process of forwarding service announcements to other segments. This is turned off by default. If a service is announced on one segment, it will be recorded in the cache. However, other segments will not see this service instance unless the service is actively queried. If the service should be visible on other segments at the time of its original announcement on the originating segment, redistribution must be enabled. |
Note | This is only supported for wireless mDNS services. Wired services will not be filtered. |
For Example:
In the following example, we will set up a proximity query called query2 (you can assign any name you desire) matching Airplay and with the services limit of 10 (you can assign minimum of 1 and maximum of 100 services for max services option). This will return only 10 Apple TVs that are in the RF-vicinity of this client’s AP.
Complete these steps:
At this point, the Apple Client (iPad) will only list the AppleTVs that are associated to the APs in the neighbor list of its own AP.
Proximity filtering works only if the total number of services in the mDNS cache is greater than 10. For example, if the service provider list has lesser than 10 services, all the services are listed irrespective of the presence of AP in the neighbor list. The filtering for neighboring AP occurs only if the service provider list has more than 10 services.
You can configure static services that are always present in the cache. This is required for passive Bonjour service providers that are either not capable of advertising on their own or do it infrequently.
In the following example, we will create a static service for a printer in the lobby and verify the services cached for the same.
Complete these steps:
To verify the cached static service entry, go to Monitor > Controller > mDNS > Static Service Cache.
When multiple mDNS gateways are configured in the same domain, query and announcement packets are received by all mDNS gateways. Network administrators have the option of configuring a Designated Gateway in a given link local domain to address this issue:
Go to Controller > mNDS > Global > Advanced tab. Enable Self Designated Gateway by checking the Enable check box.
Service Type Enumeration provides an easy way to find the list of advertised service types in large networks where the number of available services are high. When Enumeration is enabled, it will return only one entry in the cache for each service. Note that, this can only be configured via the CLI at this time and no GUI options are available.
service-routing mdns-sd service-policy permit-all IN service-policy permit-all OUT service-policy-query query2 100 service-type-enumeration period 15
show mdns service-types [<SERVICE NAME>] [If-name] _ipp._tcp.local Vl105 _http._tcp.local Vl105 _scanner._tcp.local Vl105 _http-alt._tcp.local Vl105 _printer._tcp.local Vl105 _pdl-datastream._tcp.local Vl105 _airplay._tcp.local Vl31 _raop._tcp.local Vl31 _sleep-proxy._udp.local Vl31 _touch-able._tcp.local Vl31
Wired mDNS service filtering options allow or disallow services that are learnt from or announced to civic location templates. The civic location template includes fields such as country, city, street, building name, and so on. These attributes of the fields are configured and matched with the location template in the wired interface.
In the following example, the filtering enhancement refers to the template ID (corp-office) of the location module, and the actual attributes, for example—city, building name and so on are configured as part of the location template.
location civic-location indentifier corp-office name SJC-14 number 14 floor 1 int gig 1/0/1 no switchport location civic-location-id corp-office ip address 15.1.1.1 255.255.255.0 end service-list mdns-sd Location-1 permit 10 match location civic corp-office service-routing mdns-sd
Example Configuration 2:
The following is a detailed example of the IN and OUT filtering process using civic location criteria with configuration and use cases.
The OUT filtering use case: To prevent clients in Building-2 from learning the printer services advertised in Building-1.
Building 1 devices are in VLAN 200, 400. Building 2 devices are in VLAN 100, 300.
location civic-location identifier Building-1 building Building-1 location civic-location identifier Building-2 building Building-2 service-list mdns-sd building-2-list-out deny 20 match service-type _ipp._tcp.local match location civic Building-1 Service-list mdns-sd building-2-list-out permit 40 service-list mdns-sd building-1-list-out deny 20 match service-type _ipp._tcp.local match location civic Building-2 Service-list mdns-sd building-1-list-out permit 40 Service-list mdns-sd permit-all permit 20 Service-routing mdns-sd Service-policy permit-all in Service-policy permit-all out interface Ethernet0/0 ! Building 2 is connected to the interface in vlan 100 location civic-location-id Building-2 switchport access vlan 100 switchport mode access Service-routing mdns-sd Service-policy building-2-list-out OUT // When a query is received from the client in vlan 100 (building 2), building-2-list-out is applied that denies printers from building 1, but allows everything else. interface Ethernet1/0 location civic-location-id Building-2 switchport access vlan 300 switchport mode access Service-routing mdns-sd Service-policy building-2-list-out OUT interface Ethernet2/0 location civic-location-id Building-1 switchport access vlan 200 switchport mode access Service-routing mdns-sd Service-policy building-1-list-out OUT interface Ethernet3/0 location civic-location-id Building-1 switchport access vlan 400 switchport mode access Service-routing mdns-sd Service-policy building-1-list-out OUT
The IN filtering use case: To prevent the mDNS cache from learning apple TVs advertised in the Dorm-room. In the following example, e0/0 vlan 100 is connected to the Dorm-room, while other ports are terminated in class-rooms.
Note | You can configure ports to be in Dorm-room/Class-room as in example below. |
location civic-location identifier Dorm-room building Dorm-room location civic-location identifier Class-room building class-rooms Service-list mdns-sd example deny 10 Match service-type _airplay._tcp.* Match location Dorm-room Service-list mdns-sd example permit 20 Service-list mdns-sd permit-all permit 20 Service-routing mdns-sd Service-policy example IN Service-policy permit-all OUT interface Ethernet0/0 ! Dorm room is connected to interface in vlan 100 location civic-location-id Dorm-room switchport access vlan 100 switchport mode access interface Ethernet1/0 location civic-location-id Class-room switchport access vlan 300 switchport mode access