Local Switching, mDNS Snooping and Chromecast
Hello everyone,
we have a Cisco WiFi setup at our company constisting of one WLC (2504) and 5 access points, 4 of which are in the main office and one at a remote location (connected via an IPsec tunnel). The remote AP is configured to FlexConnect mode, and we have set up a staff WLAN using 802.1X auth and local switching. So far, everything works perfect.
However, we now want to support Chromecast devices in our wireless network. I have setup a new WLAN with WPA2-PSK authentication for those devices, added the "Googlecast" entries to the mDNS profile and activated mDNS Snooping on this WLAN. This appears to be working as well, at least I can see the corresponding entries in the mDNS -> Domain Names tab (Chromecast switched from multicast/SSDP to mDNS recently).
However, clients in the staff WLAN are not able to see the devices. My guess is that I would need to also activate mDNS snooping on the staff WLAN, but of course this is not possible because of local switching being enabled.
I tried to create two different AP groups, one for the local APs and another for the remote one. Then I duplicated the staff WLAN, with the idea of deploying one copy on the local AP group with local switching disabled and mDNS snooping enabled and the other copy on the remote AP group, enabling local switching and disabling mDNS snooping. My idea was that this would allow the employees at the local office to use the Chromecast devices, but unfortunately it's not possible to configure two WLANs with the same SSID and L2 security, even if they're not on the same AP / AP group.
Another solution would just be to create a separate WLAN for the remote AP, but that would require to push another profile and inevitably result in confused employees when they first visit the remote branch.
Is there any way to make our Chromecasts work while still using the same WLAN for both locations? Any pointers are greatly appreciated.
I'm not 100%sure about the details and why that works this way. But u can create two SSID as long as u use an ID higher than 16. So start at 17 and it works, maybe that has something to do with the default group they will not belong to..
comming back to your 2504...I see no way to use an ID above 16 because that's the max it supports.
So, please have a look at that Guide for Chromcast, as I run through i see that it hase maybe nothing to do with mDNS..
http://www.cisco.com/c/en/us/td/docs/wireless/controller/technotes/7-6/chromecastDG76/ChromecastDG76.html
Br,
Sebastian
pls. rate if helpful
Similar Messages
-
Switch between iPad and chromecast on my iPad?
I joined Hulu Plus and installed their app on my mini. I then saw the choice between watching on mhy iPad or casting it to my TV. I cannot access that choice now. Any help?
What data would you loose?
Safari and Firefox are Browsers. To switch between them all you would need to do is choose the relevant Window. ie. open Safari and then Open Firefox, and simply click on either of them to change.
You can also use the keyboard: command + tab to move between open windows. -
MDNS cannot be configured when FlexConnect Local Switching is enabled
I am running Cisco Prime Infrastructu tore 1.3 and I am trying to push a template to allow flexconect local switching on a wlan. However, when I attempt this, I get the message "mDNS cannot be configured when FlexConnect Local Switching is enabled" and I cannot save the template or apply it to controllers. My controllers are WISM 2s running 7.0.235.3.
Make sure you uncheck the mDNS option on the advanced tab of the WLAN template. You cannot use mDNS in conjunction with Flexconnect locally switched WLANs.
Sent from Cisco Technical Support iPhone App -
Centrally Switched and Flex Local Switched WLAN - same SSID
Hi All
I am currently working on a WLAN migration from lightweight to autonomous and would like advice on whether the following scenario is possible.
We've deployed an 8500HA pair at the customer's central HQ with the plan that SSIDs at the central HQ will centrally switch with SSIDs at branch sites locally switching. AP and Flex groups have been configured for the HQ and branch sites. There is a legacy SSID at HQ that will need to break out locally so a flex group is required for HQ.
My original plan was to do this with one WLAN Profile per SSID, configured to locally switch. The HQ AP group will map WLAN to the relevant IP interface with the SSID omitted from the HQ Flex Group so that the SSID will centrally switch. The branch AP groups will be configured with the SSIDs required for branch and Flex groups will be configured to break out the SSIDs into the relevant local VLAN.
My question is, is it possible for an SSID to be configured as locally switched for branches but also centrally switched for HQ, by configuring it in the HQ AP Group but omitting it from the HQ Flex group?
Configured as above a client debug gives the below which seems to suggest that it isn't possible, unless I've configured something incorrectly...
*apfMsConnTask_5: Oct 03 15:48:51.012: c0:18:85:48:c0:5d Central switch is FALSE
My alternative option is to create a second WLAN profile for each SSID with the same SSID name but centrally switched and then apply that accordingly in the AP groups.
If someone can verify the above I'd be very grateful.
Many thanks in advance
MarkHi Mark
My question is, is it possible for an SSID to be configured as locally switched for branches but also centrally switched for HQ, by configuring it in the HQ AP Group but omitting it from the HQ Flex group?
When you configure an SSID for local switching, it is only applicable if AP in Flexconnnect mode. So as long as your HQ APs are in Local mode then all those users traffic will be central switch for the given SSID. At branch those AP are in Flex mode, they will locally switched.
Pls do not forget to rate our responses if that is useful to you
HTH
Rasika -
Can I use DHCP snooping and IOS DHCP server on the same switch stack
Hello,
I am shortly going to be deploying a Cisco CallManager solution for a customer whose network comprises stacks of Catalyst 3850 switches.
There is no separate core/server farm switch so the CallManager servers, voice gateways and IP phones will all plug into the same stack and be in the same VLAN (not my choice!).
For security we want to enable DHCP snooping and were planning on using the IOS DHCP server on the Catalyst switch stack.
Will this work? - when I enable DHCP snooping in networks with separate access layer switches I set the uplinks to the core as trusted links.
I am not sure whether DHCP snooping will work in this case. Do I need to set the VLAN interface on the switch as trusted, is this even possible?
Unfortunately I do not have access to a layer 3 switch to test this at the moment.
ThanksNope. That's the issue.
They'll sync on a third device acting as a hotspot, but the device sending a signal is not "on" the network it creates so the airport is all by itself on that network. At least that is what it looks like to me. Anyone have another take on it? Seems pretty silly that an iPad can put out a wifi signal, an Airport Express can receive a wifi signal, and yet there is no simple way to get them to communicate under this particular condition. -
IOS XR Layer 2 internetworking and layer 2 local switching
I have 12410 with iox 3.6.1 and sip 501 with spa-5GE I want to configure layer 2 vpns for internetworking and layer 2 local switching. I search in the command reference and I didnt find the connect command nor internetwork ip under the PW class. can any one tell me how to configure it
Hi,
Here is an example for local switching:
RP/0/1/CPU0:router(config-if)#l2vpn
RP/0/1/CPU0:router(config-l2vpn)#xconnect group local
RP/0/1/CPU0:router(config-l2vpn-xc)#p2p ac1
RP/0/1/CPU0:router(config-l2vpn-xc-p2p)#interface gi0/3/0/0
RP/0/1/CPU0:router(config-l2vpn-xc-p2p)#interface gi0/3/0/1
RP/0/1/CPU0:router(config-l2vpn-xc-p2p)#commit
RP/0/1/CPU0:router(config-l2vpn-xc-p2p)#end
Any-2-Any connection type required 3.8
HTH
Laurent. -
Same wlan both locally switched and centrally switched
Scenario:
1 virtual wireless controller
50 access points, some of them some local to the controller (same site), other on remote sites, all in flexconnect mode.
Is there a way for a wlan to be locally switched for a group of ap's, essentialy those local to the controller, and centrally switched for other groups of ap's, in fact those placed on remote sites?
I've tried configuring flexconnect groups, and ap groups, but no luck, I've found no way to override the globally configured flag "flexconnec local switching".
I've also tried to create two identical wlans, one locally switched and the second globally switched, but the wlc refuses to activate the second one since it has the same ssid of the first one.
Regards,
Massimo.Since you have vWLC all AP needs to be in FlexConnect mode (If you got a normal WLC you can keep HQ AP in local mode & Remote AP in Flex mode to achieve this)
I think in your case you have to either choose "Central Switching" or "local switching" for your APs.
Regards
Rasika
**** Pls rate all useful responses **** -
Could I configure local switching between sub-interface and global interface on ASR9k?
Could I configure local switching between sub-interface and global interface on ASR9k?
For 2 interfaces it is probably best to use an xconnect. It is faster and saves system resources (eg mac learning doesnt apply to xconnect).
Config example:
l2vpn
xconnect group link
p2p link
interface Bundle-Ether100.4321
interface Bundle-Ether500.4321
EFP config:
interface Bundle-Ether100.4321 l2transport
encapsulation dot1q 4000
rewrite ingress tag pop 1 symmetric
interface Bundle-Ether500.4321 l2transport
encapsulation dot1q 2000
rewrite ingress tag pop 1 symmetric
This example shows that you can link 2 EFP's with different vlan's together if you'd pop the tags.
If the EFP's are of the same vlan, then popping the tag can be done but not a must. In general it is recommended to always pop vlan tags so there is a standard EFP design, but not for any technical reasons.
When you use a bridge domain and using a BVI, you MUST pop the tags as the BVI has no notion of a vlan tag and wants to see "plain ethernet".
regards
xander -
Layer2 Local Switching and SpanningTree
I setup a connection between two Ethernet Subinterfaces, each on a seperate vlan.
At the other end of the trunk (on a switch), the port goes into BKN (broken) mode as bpdu's from VLANa are now appearing on VLANb (because of the connect statement on the router).
Is the correct way to fix this to enable bpdufilter on the switch? This fixes the problem and I'm guessing we shouldn't really be using spanning-tree in this sort of SP environment anyway?
RCHi Peter,
in general I would agree with you that disabling STP is a call for troubles.
But in this very specific case we are dealing with Layer 2 local switching feature which requires the use of locally significant dot1q tags on the subinterfaces that you want to inter-connect.
So the assumption is (as I wrote in my post) that the vlans 80 and 81 have locally significance only and that even if they are carried in the trunk up to the switch (where interface gi0/32 resides) they don't exist anywhere else.
The assumptiom comes from the other thread opened by RC on the topic (where I suggested to use L2 local switching) > https://supportforums.cisco.com/message/3450564
From my understanding after the switch we have the 2 carrier circuits with different tags and beyond that point there is no more tag significance.
If this is true the use of BPDU filter is equivalent to disabling STP for those 2 vlans.
Of course if the 2 vlans also belong to a switched network it is not safe to disable STP on the switch as the presence of actual redundant links can create lots of troubles.
In conclusion I don't think I disagree with you as I was just giving my opinion on a very specific scenario
Riccardo -
Flexconnect - Local Switching and DHCP Server Location
Hello Friends, It is again a conceptual question.
In Flex-connect Local Switching mode if the Client has to be get the IP address using DHCP, the DHCP server has to be local to the remote site and not centralized location. Though i know, Local switching means that the client traffic is bridged to the local network directly by the AP on the locally connected switch and does not pass through the controller, what does it mean to DHCP server location.
For example, If I have 2 different WLANs (VLAN 2 and VLAN 3) configured Local Switching and its corresponding VLAN SVIs are configured in the Local L3 Switch and if the DHCP server is centrally located with the scopes for VLAN 2 and VLAN 3, will it have troubles?
I see in my infrastructure we are working in that way [Local switching with centralized server]
Thanks in advance
SAIRAMIt would be good to have DHCP server at local site.
-
TACACS login 1st attend fail and prompt for local switch password
Hi,
The switch will prompt us the local switch password after we key in wrong username and password when prompt by the switch. We are wondering is this behave correct or normal?
This is because any hacker can just try on first the login which is prompt by TACACS then they can try hacking to the switch using the switch local password.
This there any work around that each attend is prompts for TACACS login? Only when TACACS server is down will be prompt by the switch local login?Hi Farrukh,
Here is the tacacs-server setting:
tacacs-server host 10.130.209.23
tacacs-server host 10.130.209.24
tacacs-server directed-request
tacacs-server key xxx
Result is the same even I have remove those two commands.
I ahve attached the debug result obtain from the switch without those two commands.
And below is the scenario on the login when the debug is turn on:
Username: ivan
Password:
Password:
% Authentication failed
User Access Verification
Username: TanCH
Password:
Password:
% Authentication failed
User Access Verification
Username: siah
Password:
Password:
% Authentication failed
=---------------------------------------------------------------=
All Access to this system will be LOGGED.
All UNAUTHORISED access is PROHIBITED and will be dealt with seriously.
=---------------------------------------------------------------=
User Access Verification
Username: ivancheng
Password:
SWB1111>exit -
HREAP, Local Switched WLAN and DHCP Address required
Hi All,
if i have configure an HREAP AP with a local switched Wlan with "dhcp ADDRESS REQIRED", from my understanding a client will be provided with an ip address from the hreap local infrastructure. How will the controler ensure that no static ip client is able to access the network?
Any Help Welcome.
Regards, MichaelI posted about this subject on my site (see link below). Since the posting I learned that the client needs to minimumally pass a DHCP discovery packet for the controller to then allow traffic to pass to the client. This is how it "safe guards" someone putting a static address on their box ...
http://www.my80211.com/cisco-wlc-cli-commands/2009/12/30/wlc-dhcp-address-assignment-required-option.html -
Flexconnect Local Switching Hosts Do Not Receive IP Addresses
Hello,
My WLC software version is 7.4.110.0. I have a branch office in my lab. The AP in my branch is configured as flexconnect with native VLAN of 700. The SSID that I have in the branch office is configured to do local switching. The show wlan is added below.
My tunneled SSID still working and I can still receive IP addresses from it. My issue is last week I have the Flexconnect working with no problem, then this morning I can connect to the SSID, but I'm not receiving IP addresses for my test wireless clients.
Thanks
[code]
WLAN Identifier.................................. 2
Profile Name..................................... ACS Guest
Network Name (SSID).............................. RMTGuest
Status........................................... Enabled
MAC Filtering.................................... Disabled
Broadcast SSID................................... Enabled
AAA Policy Override.............................. Disabled
Network Admission Control
Client Profiling Status ....................... Disabled
DHCP ......................................... Disabled
HTTP ......................................... Disabled
Radius-NAC State............................... Disabled
SNMP-NAC State................................. Disabled
Quarantine VLAN................................ 0
Maximum number of Associated Clients............. 0
Maximum number of Clients per AP Radio........... 200
Number of Active Clients......................... 0
Exclusionlist Timeout............................ 60 seconds
Session Timeout.................................. 1800 seconds
User Idle Timeout................................ 300 seconds
--More-- or (q)uit
User Idle Threshold.............................. 0 Bytes
NAS-identifier................................... RK2WLC5508-01
CHD per WLAN..................................... Enabled
Webauth DHCP exclusion........................... Disabled
Interface........................................ management
Multicast Interface.............................. Not Configured
WLAN IPv4 ACL.................................... unconfigured
WLAN IPv6 ACL.................................... unconfigured
mDNS Status...................................... Disabled
mDNS Profile Name................................ unconfigured
DHCP Server...................................... 172.28.27.130
DHCP Address Assignment Required................. Disabled
Static IP client tunneling....................... Disabled
PMIPv6 Mobility Type............................. none
Quality of Service............................... Silver
Per-SSID Rate Limits............................. Upstream Downstream
Average Data Rate................................ 0 0
Average Realtime Data Rate....................... 0 0
Burst Data Rate.................................. 0 0
Burst Realtime Data Rate......................... 0 0
Per-Client Rate Limits........................... Upstream Downstream
Average Data Rate................................ 0 0
Average Realtime Data Rate....................... 0 0
--More-- or (q)uit
Burst Data Rate.................................. 0 0
Burst Realtime Data Rate......................... 0 0
Scan Defer Priority.............................. 4,5,6
Scan Defer Time.................................. 100 milliseconds
WMM.............................................. Allowed
WMM UAPSD Compliant Client Support............... Disabled
Media Stream Multicast-direct.................... Disabled
CCX - AironetIe Support.......................... Enabled
CCX - Gratuitous ProbeResponse (GPR)............. Disabled
CCX - Diagnostics Channel Capability............. Disabled
Dot11-Phone Mode (7920).......................... Disabled
Wired Protocol................................... None
Passive Client Feature........................... Disabled
Peer-to-Peer Blocking Action..................... Disabled
Radio Policy..................................... All
DTIM period for 802.11a radio.................... 1
DTIM period for 802.11b radio.................... 1
Radius Servers
Authentication................................ Disabled
Accounting.................................... Disabled
Dynamic Interface............................. Disabled
Dynamic Interface Priority.................... wlan
Local EAP Authentication......................... Disabled
--More-- or (q)uit
Security
802.11 Authentication:........................ Open System
FT Support.................................... Disabled
Static WEP Keys............................... Disabled
802.1X........................................ Disabled
Wi-Fi Protected Access (WPA/WPA2)............. Enabled
WPA (SSN IE)............................... Disabled
WPA2 (RSN IE).............................. Enabled
TKIP Cipher............................. Disabled
AES Cipher.............................. Enabled
Auth Key Management
802.1x.................................. Disabled
PSK..................................... Enabled
CCKM.................................... Disabled
FT-1X(802.11r).......................... Disabled
FT-PSK(802.11r)......................... Disabled
PMF-1X(802.11w)......................... Disabled
PMF-PSK(802.11w)........................ Disabled
FT Reassociation Timeout................... 20
FT Over-The-DS mode........................ Enabled
GTK Randomization.......................... Disabled
SKC Cache Support.......................... Disabled
--More-- or (q)uit
CCKM TSF Tolerance......................... 1000
WAPI.......................................... Disabled
Wi-Fi Direct policy configured................ Disabled
EAP-Passthrough............................... Disabled
CKIP ......................................... Disabled
Web Based Authentication...................... Disabled
Web-Passthrough............................... Disabled
Conditional Web Redirect...................... Disabled
Splash-Page Web Redirect...................... Disabled
Auto Anchor................................... Disabled
FlexConnect Local Switching................... Enabled
flexconnect Central Dhcp Flag................. Disabled
flexconnect nat-pat Flag...................... Disabled
flexconnect Dns Override Flag................. Disabled
FlexConnect Vlan based Central Switching ..... Disabled
FlexConnect Local Authentication.............. Disabled
FlexConnect Learn IP Address.................. Enabled
Client MFP.................................... Optional
PMF........................................... Disabled
PMF Association Comeback Time................. 1
PMF SA Query RetryTimeout..................... 200
Tkip MIC Countermeasure Hold-down Timer....... 60
AVC Visibilty.................................... Disabled
--More-- or (q)uit
AVC Profile Name................................. None
Flow Monitor Name................................ None
Call Snooping.................................... Disabled
Roamed Call Re-Anchor Policy..................... Disabled
SIP CAC Fail Send-486-Busy Policy................ Enabled
SIP CAC Fail Send Dis-Association Policy......... Disabled
KTS based CAC Policy............................. Disabled
Assisted Roaming Prediction Optimization......... Disabled
802.11k Neighbor List............................ Disabled
802.11k Neighbor List Dual Band.................. Disabled
Band Select...................................... Disabled
Load Balancing................................... Disabled
Multicast Buffer................................. Disabled
Mobility Anchor List
WLAN ID IP Address Status
802.11u........................................ Disabled
MSAP Services.................................. Disabled
[/code]is the VLAN still mapped on the AP, and allowed across the trunk?
HTH,
Steve
Please remember to rate useful posts, and mark questions as answered -
How to have H-REAP broadcast only specific locally switched SSID's?
I'm new to this H-REAP configuration, but in the main office we have about 6 WLAN's. I have a remote office which I want to have 2 new WLAN's and have them switched locally. How can I only have the H-REAP AP's at this site only broadcast those 2 SSID's vs all 8? I haven't really read anything about using AP Group VLAN's with H-REAP or know if that's even possible, but is this a possibility and if no,t what would you recommend?
Thanks for the help!I may create another topic - but here it goes...
I've decided to try to use an existing WLAN in the H-REAP config...
-I've joined the AP to the remote controller, assigned it an IP, put it in H-REAP mode.
-I chose a WLAN, enabled local switching
-I went into the AP, configured the native VLAN, however, I CAN NOT change the vlan of the WLAN listed. It always goes back to default.
I verified the vlan exists on the switch, is routable, etc, the switch port is a member of that vlan, it is set as a trunk w/ 802.1q, etc.
Any ideas on what would cause this?
I am SOO close Thanks! -
Flex connect with a per user ACL with APs locally switched
Hi all,
Does flex connect allow a per user ACL to be downloaded to the session with local switched, central authentication? We are using ISE for the central policy engine and have setup dACL for wired but am about to embark on WLAN. The controller is a 5508 and the. APs are 3700's.
Second question- if the flex connect APs don't do any form of per user ACL, the other option is to have the units in regular mode where they are both centrally switched and centrally authenticated which I understand to support a per user ACL. Our WAN links are between 10mbps - 30mbps and the most latency would be around 40ms. Will this cause issues at all with the size WAN links and latency?
Thanks
Sent from Cisco Technical Support iPad AppWell you are running v7.6 so FlexConnect per user radius ACL's are supported per this doc since v7.5.
http://www.cisco.com/c/en/us/support/docs/wireless/5500-series-wireless-controllers/112042-technote-product-00.html#anc9
As far as WAN latency, 200ms is good, but it depends in your WAN utilization now and how many AP's you plan on installing and the increase in wireless traffic across your WAN. There is a minimum requirement, but it's up to you in the end to make sure you have enough bandwidth or else you will need to QoS the capwap traffic to ensure the APs don't bounce from connected to stand alone.
Sent from Cisco Technical Support iPhone App
Maybe you are looking for
-
Well that's pretty much it. The foxfire help page, now that I've upgraded to the newest version says to look for the "foxfire" button at the top left which would be located in the blue bar that instead still tells me what the name of that particular
-
Hello, So I am installing all the CC versions of the software and all but Photoshop, Bridge, After Effects, and Flash installed without a hitch. On those 4 programs I get the same error code: 34. I am able to install the CS6 variants of them without
-
I got a big Problem. i lost my iphone 3g a half year ago and bought myself a iphone 4s. Now my 3g found its way back to me and i need to get the messages from the 3g to my 4s. I didnt start the 4s with the backup. i made a new iphone so i dont have t
-
System not allowing to use park workflow only for GL
Hi Gurus, We have created workflow variant and selected release posting and release payment. We want to use workflow only for GL document but when we are parking vendor invoice in fv60, system is not allowing to post parked vendor invoice and saying
-
How to open a GeoRaster Theme on Mapviewer?
Hello, I would like to open a Georaster theme on DEMO map. I'm using MVDEMO datasource, so all settings are set to default values. In MapBuilder, "Themes > GeoRaster Themes > WORLD_RASTER" is defined as demo data and I can preview it too. The XML is