Local Switching, mDNS Snooping and Chromecast

Hello everyone,
we have a Cisco WiFi setup at our company constisting of one WLC (2504) and 5 access points, 4 of which are in the main office and one at a remote location (connected via an IPsec tunnel). The remote AP is configured to FlexConnect mode, and we have set up a staff WLAN using 802.1X auth and local switching. So far, everything works perfect.
However, we now want to support Chromecast devices in our wireless network. I have setup a new WLAN with WPA2-PSK authentication for those devices, added the "Googlecast" entries to the mDNS profile and activated mDNS Snooping on this WLAN. This appears to be working as well, at least I can see the corresponding entries in the mDNS -> Domain Names tab (Chromecast switched from multicast/SSDP to mDNS recently).
However, clients in the staff WLAN are not able to see the devices. My guess is that I would need to also activate mDNS snooping on the staff WLAN, but of course this is not possible because of local switching being enabled.
I tried to create two different AP groups, one for the local APs and another for the remote one. Then I duplicated the staff WLAN, with the idea of deploying one copy on the local AP group with local switching disabled and mDNS snooping enabled and the other copy on the remote AP group, enabling local switching and disabling mDNS snooping. My idea was that this would allow the employees at the local office to use the Chromecast devices, but unfortunately it's not possible to configure two WLANs with the same SSID and L2 security, even if they're not on the same AP / AP group.
Another solution would just be to create a separate WLAN for the remote AP, but that would require to push another profile and inevitably result in confused employees when they first visit the remote branch.
Is there any way to make our Chromecasts work while still using the same WLAN for both locations? Any pointers are greatly appreciated.

I'm not 100%sure about the details and why that works this way. But u can create two SSID as long as u use an ID higher than 16. So start at 17 and it works, maybe that has something to do with the default group they will not belong to..
comming back to your 2504...I see no way to use an ID above 16 because that's the max it supports.
So, please have a look at that Guide for Chromcast, as I run through i see that it hase maybe nothing to do with mDNS..
http://www.cisco.com/c/en/us/td/docs/wireless/controller/technotes/7-6/chromecastDG76/ChromecastDG76.html
Br,
Sebastian
pls. rate if helpful

Similar Messages

  • Switch between iPad and chromecast on my iPad?

    I joined Hulu Plus and installed their app on my mini. I then saw the choice between watching on mhy iPad or casting it to my TV. I cannot access that choice now. Any help?

    What data would you loose?
    Safari and Firefox are Browsers.  To switch between them all you would need to do is choose the relevant Window. ie. open Safari and then Open Firefox, and simply click on either of them to change.
    You can also use the keyboard:  command + tab to move between open windows.

  • MDNS cannot be configured when FlexConnect Local Switching is enabled

    I am running Cisco Prime Infrastructu tore 1.3 and I am trying to push a template to allow flexconect local switching on a wlan.  However, when I attempt this, I get the message "mDNS cannot be configured when FlexConnect Local Switching is enabled" and I cannot save the template or apply it to controllers.  My controllers are WISM 2s running 7.0.235.3.

    Make sure you uncheck the mDNS option on the advanced tab of the WLAN template. You cannot use mDNS in conjunction with Flexconnect locally switched WLANs.
    Sent from Cisco Technical Support iPhone App

  • Centrally Switched and Flex Local Switched WLAN - same SSID

    Hi All
    I am currently working on a WLAN migration from lightweight to autonomous and would like advice on whether the following scenario is possible.
    We've deployed an 8500HA pair at the customer's central HQ with the plan that SSIDs at the central HQ will centrally switch with SSIDs at branch sites locally switching.  AP and Flex groups have been configured for the HQ and branch sites.  There is a legacy SSID at HQ that will need to break out locally so a flex group is required for HQ.
    My original plan was to do this with one WLAN Profile per SSID, configured to locally switch.  The HQ AP group will map WLAN to the relevant IP interface with the SSID omitted from the HQ Flex Group so that the SSID will centrally switch.  The branch AP groups will be configured with the SSIDs required for branch and Flex groups will be configured to break out the SSIDs  into the relevant local VLAN.
    My question is, is it possible for an SSID to be configured as locally switched for branches but also centrally switched for HQ, by configuring it in the HQ AP Group but omitting it from the HQ Flex group?
    Configured as above a client debug gives the below which seems to suggest that it isn't possible, unless I've configured something incorrectly...
    *apfMsConnTask_5: Oct 03 15:48:51.012: c0:18:85:48:c0:5d Central switch is FALSE
    My alternative option is to create a second WLAN profile for each SSID with the same SSID name but centrally switched and then apply that accordingly in the AP groups.
    If someone can verify the above I'd be very grateful.
    Many thanks in advance
    Mark

    Hi Mark
    My question is, is it possible for an SSID to be configured as locally switched for branches but also centrally switched for HQ, by configuring it in the HQ AP Group but omitting it from the HQ Flex group?
    When you configure an SSID for local switching, it is only applicable if AP in Flexconnnect mode. So as long as your HQ APs are in Local mode then all those users traffic will be central switch for the given SSID. At branch those AP are in Flex mode, they will locally switched.
    Pls do not forget to rate our responses if that is useful to you
    HTH
    Rasika

  • Can I use DHCP snooping and IOS DHCP server on the same switch stack

    Hello,
    I am shortly going to be deploying a Cisco CallManager solution for a customer whose network comprises stacks of Catalyst 3850 switches.
    There is no separate core/server farm switch so the CallManager servers, voice gateways and IP phones will all plug into the same stack and be in the same VLAN (not my choice!).
    For security we want to enable DHCP snooping and were planning on using the IOS DHCP server on the Catalyst switch stack.
    Will this work? - when I enable DHCP snooping in networks with separate access layer switches I set the uplinks to the core as trusted links.
    I am not sure whether DHCP snooping will work in this case. Do I need to set the VLAN interface on the switch as trusted, is this even possible?
    Unfortunately I do not have access to a layer 3 switch to test this at the moment.
    Thanks

    Nope.  That's the issue.
    They'll sync on a third device acting as a hotspot, but the device sending a signal is not "on" the network it creates so the airport is all by itself on that network.  At least that is what it looks like to me.  Anyone have another take on it?  Seems pretty silly that an iPad can put out a wifi signal, an Airport Express can receive a wifi signal, and yet there is no simple way to get them to communicate under this particular condition.

  • IOS XR Layer 2 internetworking and layer 2 local switching

    I have 12410 with iox 3.6.1 and sip 501 with spa-5GE I want to configure layer 2 vpns for internetworking and layer 2 local switching. I search in the command reference and I didnt find the connect command nor internetwork ip under the PW class. can any one tell me how to configure it

    Hi,
    Here is an example for local switching:
    RP/0/1/CPU0:router(config-if)#l2vpn
    RP/0/1/CPU0:router(config-l2vpn)#xconnect group local
    RP/0/1/CPU0:router(config-l2vpn-xc)#p2p ac1
    RP/0/1/CPU0:router(config-l2vpn-xc-p2p)#interface gi0/3/0/0
    RP/0/1/CPU0:router(config-l2vpn-xc-p2p)#interface gi0/3/0/1
    RP/0/1/CPU0:router(config-l2vpn-xc-p2p)#commit
    RP/0/1/CPU0:router(config-l2vpn-xc-p2p)#end
    Any-2-Any connection type required 3.8
    HTH
    Laurent.

  • Same wlan both locally switched and centrally switched

    Scenario:
    1 virtual wireless controller
    50 access points, some of them some local to the controller (same site), other on remote sites, all in flexconnect mode.
    Is there a way for a wlan to be locally switched for a group of ap's, essentialy those local to the controller, and centrally switched for other groups of ap's, in fact those placed on remote sites?
    I've tried configuring flexconnect groups, and ap groups, but no luck, I've found no way to override the globally configured flag "flexconnec local switching".
    I've also tried to create two identical wlans, one locally switched and the second globally switched, but the wlc refuses to activate the second one since it has the same ssid of the first one.
    Regards,
    Massimo. 

    Since you have vWLC all AP needs to be in FlexConnect mode (If you got a normal WLC you can keep HQ AP in local mode & Remote AP in Flex mode to achieve this)
    I think in your case you have to either choose "Central Switching" or "local switching" for your APs.
    Regards
    Rasika
    **** Pls rate all useful responses ****

  • Could I configure local switching between sub-interface and global interface on ASR9k?

    Could I configure local switching between sub-interface and global interface on ASR9k?

    For 2 interfaces it is probably best to use an xconnect. It is faster and saves system resources (eg mac learning doesnt apply to xconnect).
    Config example:
    l2vpn
     xconnect group link
      p2p link
       interface Bundle-Ether100.4321
       interface Bundle-Ether500.4321
    EFP config:
    interface Bundle-Ether100.4321 l2transport
     encapsulation dot1q 4000
     rewrite ingress tag pop 1 symmetric
    interface Bundle-Ether500.4321 l2transport
     encapsulation dot1q 2000
     rewrite ingress tag pop 1 symmetric
    This example shows that you can link 2 EFP's with different vlan's together if you'd pop the tags.
    If the EFP's are of the same vlan, then popping the tag can be done but not a must. In general it is recommended to always pop vlan tags so there is a standard EFP design, but not for any technical reasons.
    When you use a bridge domain and using a BVI, you MUST pop the tags as the BVI has no notion of a vlan tag and wants to see "plain ethernet".
    regards
    xander

  • Layer2 Local Switching and SpanningTree

    I setup a connection between two Ethernet Subinterfaces, each on a seperate vlan.
    At the other end of the trunk (on a switch), the port goes into BKN (broken) mode as bpdu's from VLANa are now appearing on VLANb (because of the connect statement on the router).
    Is the correct way to fix this to enable bpdufilter on the switch? This fixes the problem and I'm guessing we shouldn't really be using spanning-tree in this sort of SP environment anyway?
    RC

    Hi Peter,
    in general I would agree with you that disabling STP is a call for troubles.
    But in this very specific case we are dealing with Layer 2 local switching feature which requires the use of locally significant dot1q tags on the subinterfaces that you want to inter-connect.
    So the assumption is (as I wrote in my post) that the vlans 80 and 81 have locally significance only and that even if they are carried in the trunk up to the switch (where interface gi0/32 resides) they don't exist anywhere else.
    The assumptiom comes from the other thread opened by RC on the topic (where I suggested to use L2 local switching) > https://supportforums.cisco.com/message/3450564
    From my understanding after the switch we have the 2 carrier circuits with different tags and beyond that point there is no more tag significance.
    If this is true the use of BPDU filter is equivalent to disabling STP for those 2 vlans.
    Of course if the 2 vlans also belong to a switched network it is not safe to disable STP on the switch as the presence of actual redundant links can create lots of troubles.
    In conclusion I don't think I disagree with you as I was just giving my opinion on a very specific scenario
    Riccardo

  • Flexconnect - Local Switching and DHCP Server Location

    Hello Friends, It is again a conceptual question.
    In Flex-connect Local Switching mode if the Client has to be get the IP address using DHCP, the DHCP server has to be local to the remote site and not centralized location. Though i know, Local switching means that the client traffic is bridged to the local network directly by the AP on the locally connected switch and does not pass through the controller, what does it mean to DHCP server location.
    For example, If I have 2 different WLANs (VLAN 2 and VLAN 3) configured Local Switching and its corresponding VLAN SVIs are configured in the Local L3 Switch and if the DHCP server is centrally located with the scopes for VLAN 2 and VLAN 3, will it have troubles?
    I see in my infrastructure we are working in that way [Local switching with centralized server]
    Thanks in advance
    SAIRAM

    It would be good to have DHCP server at local site.

  • TACACS login 1st attend fail and prompt for local switch password

    Hi,
    The switch will prompt us the local switch password after we key in wrong username and password when prompt by the switch. We are wondering is this behave correct or normal?
    This is because any hacker can just try on first the login which is prompt by TACACS then they can try hacking to the switch using the switch local password.
    This there any work around that each attend is prompts for TACACS login? Only when TACACS server is down will be prompt by the switch local login?

    Hi Farrukh,
    Here is the tacacs-server setting:
    tacacs-server host 10.130.209.23
    tacacs-server host 10.130.209.24
    tacacs-server directed-request
    tacacs-server key xxx
    Result is the same even I have remove those two commands.
    I ahve attached the debug result obtain from the switch without those two commands.
    And below is the scenario on the login when the debug is turn on:
    Username: ivan
    Password:
    Password:
    % Authentication failed
    User Access Verification
    Username: TanCH
    Password:
    Password:
    % Authentication failed
    User Access Verification
    Username: siah
    Password:
    Password:
    % Authentication failed
    =---------------------------------------------------------------=
    All Access to this system will be LOGGED.
    All UNAUTHORISED access is PROHIBITED and will be dealt with seriously.
    =---------------------------------------------------------------=
    User Access Verification
    Username: ivancheng
    Password:
    SWB1111>exit

  • HREAP, Local Switched WLAN and DHCP Address required

    Hi All,
    if i have configure an HREAP AP with a local switched Wlan with "dhcp ADDRESS REQIRED", from my understanding a client will be provided with an ip address from the hreap local infrastructure. How will the controler ensure that no static ip client is able to access the network?
    Any Help Welcome.
    Regards, Michael

    I posted about this subject on my site (see link below). Since the posting I learned that the client needs to minimumally pass a DHCP discovery packet for the controller to then allow traffic to pass to the client. This is how it "safe guards" someone putting a static address on their box ...
    http://www.my80211.com/cisco-wlc-cli-commands/2009/12/30/wlc-dhcp-address-assignment-required-option.html

  • Flexconnect Local Switching Hosts Do Not Receive IP Addresses

    Hello,
    My WLC software version is 7.4.110.0. I have a branch office in my lab. The AP in my branch is configured as flexconnect with native VLAN of 700. The SSID that I have in the branch office is configured to do local switching. The show wlan is added below.
    My tunneled SSID still working and I can still receive IP addresses from it. My issue is last week I have the Flexconnect working with no problem, then this morning I can connect to the SSID, but I'm not receiving IP addresses for my test wireless clients.
    Thanks
    [code]
    WLAN Identifier.................................. 2
    Profile Name..................................... ACS Guest
    Network Name (SSID).............................. RMTGuest
    Status........................................... Enabled
    MAC Filtering.................................... Disabled
    Broadcast SSID................................... Enabled
    AAA Policy Override.............................. Disabled
    Network Admission Control
      Client Profiling Status ....................... Disabled
       DHCP ......................................... Disabled
       HTTP ......................................... Disabled
      Radius-NAC State............................... Disabled
      SNMP-NAC State................................. Disabled
      Quarantine VLAN................................ 0
    Maximum number of Associated Clients............. 0
    Maximum number of Clients per AP Radio........... 200
    Number of Active Clients......................... 0
    Exclusionlist Timeout............................ 60 seconds
    Session Timeout.................................. 1800 seconds
    User Idle Timeout................................ 300 seconds
    --More-- or (q)uit
    User Idle Threshold.............................. 0 Bytes
    NAS-identifier................................... RK2WLC5508-01
    CHD per WLAN..................................... Enabled
    Webauth DHCP exclusion........................... Disabled
    Interface........................................ management
    Multicast Interface.............................. Not Configured
    WLAN IPv4 ACL.................................... unconfigured
    WLAN IPv6 ACL.................................... unconfigured
    mDNS Status...................................... Disabled
    mDNS Profile Name................................ unconfigured
    DHCP Server...................................... 172.28.27.130
    DHCP Address Assignment Required................. Disabled
    Static IP client tunneling....................... Disabled
    PMIPv6 Mobility Type............................. none
    Quality of Service............................... Silver
    Per-SSID Rate Limits............................. Upstream          Downstream
    Average Data Rate................................   0                      0
    Average Realtime Data Rate.......................   0                      0
    Burst Data Rate..................................   0                      0
    Burst Realtime Data Rate.........................   0                      0
    Per-Client Rate Limits........................... Upstream          Downstream
    Average Data Rate................................   0                      0
    Average Realtime Data Rate.......................   0                      0
    --More-- or (q)uit
    Burst Data Rate..................................   0                      0
    Burst Realtime Data Rate.........................   0                      0
    Scan Defer Priority.............................. 4,5,6
    Scan Defer Time.................................. 100 milliseconds
    WMM.............................................. Allowed
    WMM UAPSD Compliant Client Support............... Disabled
    Media Stream Multicast-direct.................... Disabled
    CCX - AironetIe Support.......................... Enabled
    CCX - Gratuitous ProbeResponse (GPR)............. Disabled
    CCX - Diagnostics Channel Capability............. Disabled
    Dot11-Phone Mode (7920).......................... Disabled
    Wired Protocol................................... None
    Passive Client Feature........................... Disabled
    Peer-to-Peer Blocking Action..................... Disabled
    Radio Policy..................................... All
    DTIM period for 802.11a radio.................... 1
    DTIM period for 802.11b radio.................... 1
    Radius Servers
       Authentication................................ Disabled
       Accounting.................................... Disabled
       Dynamic Interface............................. Disabled
       Dynamic Interface Priority.................... wlan
    Local EAP Authentication......................... Disabled
    --More-- or (q)uit
    Security
       802.11 Authentication:........................ Open System
       FT Support.................................... Disabled
       Static WEP Keys............................... Disabled
       802.1X........................................ Disabled
       Wi-Fi Protected Access (WPA/WPA2)............. Enabled
          WPA (SSN IE)............................... Disabled
          WPA2 (RSN IE).............................. Enabled
             TKIP Cipher............................. Disabled
             AES Cipher.............................. Enabled
                                                                   Auth Key Management
             802.1x.................................. Disabled
             PSK..................................... Enabled
             CCKM.................................... Disabled
             FT-1X(802.11r).......................... Disabled
             FT-PSK(802.11r)......................... Disabled
             PMF-1X(802.11w)......................... Disabled
             PMF-PSK(802.11w)........................ Disabled
          FT Reassociation Timeout................... 20
          FT Over-The-DS mode........................ Enabled
          GTK Randomization.......................... Disabled
          SKC Cache Support.......................... Disabled
    --More-- or (q)uit
          CCKM TSF Tolerance......................... 1000
       WAPI.......................................... Disabled
       Wi-Fi Direct policy configured................ Disabled
       EAP-Passthrough............................... Disabled
       CKIP ......................................... Disabled
       Web Based Authentication...................... Disabled
       Web-Passthrough............................... Disabled
       Conditional Web Redirect...................... Disabled
       Splash-Page Web Redirect...................... Disabled
       Auto Anchor................................... Disabled
       FlexConnect Local Switching................... Enabled
       flexconnect Central Dhcp Flag................. Disabled
       flexconnect nat-pat Flag...................... Disabled
       flexconnect Dns Override Flag................. Disabled
       FlexConnect Vlan based Central Switching ..... Disabled
       FlexConnect Local Authentication.............. Disabled
       FlexConnect Learn IP Address.................. Enabled
       Client MFP.................................... Optional
       PMF........................................... Disabled
       PMF Association Comeback Time................. 1
       PMF SA Query RetryTimeout..................... 200
       Tkip MIC Countermeasure Hold-down Timer....... 60
    AVC Visibilty.................................... Disabled
    --More-- or (q)uit
    AVC Profile Name................................. None
    Flow Monitor Name................................ None
    Call Snooping.................................... Disabled
    Roamed Call Re-Anchor Policy..................... Disabled
    SIP CAC Fail Send-486-Busy Policy................ Enabled
    SIP CAC Fail Send Dis-Association Policy......... Disabled
    KTS based CAC Policy............................. Disabled
    Assisted Roaming Prediction Optimization......... Disabled
    802.11k Neighbor List............................ Disabled
    802.11k Neighbor List Dual Band.................. Disabled
    Band Select...................................... Disabled
    Load Balancing................................... Disabled
    Multicast Buffer................................. Disabled
    Mobility Anchor List
    WLAN ID     IP Address            Status
    802.11u........................................ Disabled
    MSAP Services.................................. Disabled
    [/code]

    is the VLAN still mapped on the AP, and allowed across the trunk?
    HTH,
    Steve
    Please remember to rate useful posts, and mark questions as answered

  • How to have H-REAP broadcast only specific locally switched SSID's?

    I'm new to this H-REAP configuration, but in the main office we have about 6 WLAN's.  I have a remote office which I want to have 2 new WLAN's and have them switched locally.  How can I only have the H-REAP AP's at this site only broadcast those 2 SSID's vs all 8?  I haven't really read anything about using AP Group VLAN's with H-REAP or know if that's even possible, but is this a possibility and if no,t what would you recommend?
    Thanks for the help!

    I may create another topic - but here it goes...
    I've decided to try to use an existing WLAN in the H-REAP config...
    -I've joined the AP to the remote controller, assigned it an IP, put it in H-REAP mode.
    -I chose a WLAN, enabled local switching
    -I went into the AP, configured the native VLAN, however, I CAN NOT change the vlan of the WLAN listed.  It always goes back to default.
    I verified the vlan exists on the switch, is routable, etc, the switch port is a member of that vlan, it is set as a trunk w/ 802.1q, etc.
    Any ideas on what would cause this?
    I am SOO close   Thanks!

  • Flex connect with a per user ACL with APs locally switched

    Hi all,
    Does flex connect allow a per user ACL to be downloaded to the session with local switched, central authentication? We are using ISE for the central policy engine and have setup dACL for wired but am about to embark on WLAN. The controller is a 5508 and the. APs are 3700's.
    Second question- if the flex connect APs don't do any form of per user ACL, the other option is to have the units in regular mode where they are both centrally switched and centrally authenticated which I understand to support a per user ACL. Our WAN links are between 10mbps - 30mbps and the most latency would be around 40ms. Will this cause issues at all with the size WAN links and latency?
    Thanks
    Sent from Cisco Technical Support iPad App

    Well you are running v7.6 so FlexConnect per user radius ACL's are supported per this doc since v7.5.
    http://www.cisco.com/c/en/us/support/docs/wireless/5500-series-wireless-controllers/112042-technote-product-00.html#anc9
    As far as WAN latency, 200ms is good, but it depends in your WAN utilization now and how many AP's you plan on installing and the increase in wireless traffic across your WAN. There is a minimum requirement, but it's up to you in the end to make sure you have enough bandwidth or else you will need to QoS the capwap traffic to ensure the APs don't bounce from connected to stand alone.
    Sent from Cisco Technical Support iPhone App

Maybe you are looking for