Wired mDNS (bonjour gateway) support using a centralized 5508 across 3 layer sites

Similar Messages

• I am using forms Central from my MUSE site. Since Forms Central is closing up shop, What other forms service is available as a replacement?

  I am using forms Central from my MUSE site. Since Forms Central is closing up shop, What other forms service is available as a replacement?

  janicek63007226 They do not have pricing listed on the site. What are the costs?  THANK YOU !!!!

• CSCuh52683 - Bonjour mDNS proxy print servers not supported on mDNS Bonjour Gateway

  Since 3rd party print servers are not supported. The question becomes what print servers do you recommend and are supported?

  I moved this to the more appropriate "Mac OS X Technologies > Networking and the Web" forum, since it's become apparent that it involves more than Time Capsules.

• 5508 mDNS (Bonjour Gateway) Communication Error

  Hi all,
  I have configured mDNS on my 5508 controller for AirPrint but clients are experiencing communication errors when trying to print to the device. I believe the config is accurate on the controller (8.0.100.0) and the device is visible:
  Global multicast mode and IGMP snooping enabled
  AP multicast mode (multicast): 224.0.0.251 (i'm not 100% sure this multicast address should be used according to a config document I have read)
  Default mdns profile has been added to a single interface (which is a member of an interface group)
  P2P blocking is disabled
  Switch config:
  ip multicast routing enabled and pim sparse-mode enabled under the vlan interface.
  Any suggestion would be most welcome.
  Thanks.

  Your multicast should be changed to 239.x.x.x, which maybe use the last three octets of your wlc management ip.  Make sure that you have both AppleTV and AirTunes enabled for bonjour services (for Mirror), but make sure you have the specific services for that printer.  Make sure mDNS Global Snooping is also enabled.  This is really all you need as long as nothing is blocking bonjour.  You should also see the devices in the mDNS Domain Names.
  Scott

• Bonjour Gateway on 7.4

  I work in a k-12 school district and we have around 100 ipads, 10 apple tvs, a half dozen air print capable printers, and about 300 mac computers.
  I'm running vwlc 7.4 with fifty 3602i ap's.
  I'm unable to get the mdns / bonjour gatway to work.  I have it enabled it, added the different services I want, and enabled the profiles on the wlans.
  I have followed the guide @ http://www.cisco.com/en/US/docs/wireless/technology/bonjour/Bonjour_DG_Guide.pdf which seems pretty simple.
  Is there anything I need to do to my switches?  Do I need to enable multicast or pim?
  I have the ipads and the apple tvs on the same subnet/vlan.  It seems to flap.  Sometimes when I try to airplay from a ipad, the apple tvs will show up right away.  The next time they won't (this is most of the time).
  I also have a imac that has apple remote desktop installed.  If the imac is on the wired network, it can pull up all the other computers that are on the wired network with it, but no wireless clients.  When I put the imac onto the wireless network along with the other wirless mac's, apple remote desktop does not pull up any clients from either the wired or wireless.
  Non of the ipads can see any of the air print pinters on my wired network.
  Is there something more I need to do on my switching, or shouldn't the bounjour gateway take care of this?

  #Display the Multicast config, try with Multicast mode Unicast.
  #mDNS does two things
  a) Eliminate Multicast Routing being enabled on Wired side when WLC and AP on different subnet to avoid Multicast capwap routing.
  b) Voluntarily display the Bonjour services on other wired/wireless vlan based on the configuration.
  #Rules, Limitations and Guidelines when using Multicasting on Wireless Controller.
  https://supportforums.cisco.com/docs/DOC-32337
  #Multicast mode Multicast is for wireless Multicast traffic efficiency on capwap only(btw WLC to AP) and it doesn't affect the actual Multicast traffic and with mDNS, M-M mode is optional and can also say it is of not much use because only Bonjour Discovery is Multicast and real data connection is P2P tcp unicast.

• WLC 5508 -7.4.100 mDNS Bonjour snooping

  Hello
  Have 7.4 installed and configured for Bonjour Snooping. All is working, but working too well. We have a large campus that house 2 schools and each school is complaining that they can see the other schools AppleTV devices.
  I have played around with a few different scenarios to see if I can localize the bonjour traffic.
  I guess I am looking to create a logical split for bonjour devices amoung the schools.
  Apple came to the school and informed us that the IPAD has a limit of 64 devices that can be seen via the bonjour. At some point we will have over 100 AppleTV added.
  so we have 3 wlc 5508's with 7.4.100
  we have 2 SSIDs that span the whole campus
  using AP groups to segment the floors in buildings
  So the schools are logically split with AP groups
  Here is what I have tried
  I created few mDNS profiles and assigned the services for Apple TV - let's call them school1 and school2
  I assign the mDNS profiles to the interfaces dedicated each school
  enable snooping on the WLAN with profile of none
  The end result is that devices from both schools can be seen.
  I tried to create new ssid for apple TVs and a new ssid for 1 schools teachers
  I followed the vlan select example
  http://www.cisco.com/en/US/products/hw/wireless/ps4570/products_tech_note09186a0080bb1d7c.shtml
  end result is that devices from both schools can be seen
  I have tried the mDNS without multicast enabled just like the video shows to no avail - I assume maybe my AP groups might be more complicated then the example of just 2 vlans
  https://supportforums.cisco.com/community/netpro/wireless-mobility/begin-wireless/blog/2013/01/01/wireless-lan-controller-wlc-release-74--bonjour-gateway-configuration-example
  I have tried combinations of things, but I must be missing something
  In the webinar, Cisco said it will use filtering to restrict which  clients can see which services (Apple TV's, etc). What will Cisco use to  filter Bonjour requests?
  according to this article
  http://www.pcadvisor.co.uk/news/network-wifi/3376119/cisco-answers-user-questions-about-upcoming-apple-bonjour-gateway/#ixzz2SIDqFH49
  The filtering options are: · Per WLAN/SSID · Per VLAN or AP  Group · Per Interface Group (which is a group of VLANs pooled together).
  A Bonjour service policy can be created and applied on any one of  the above criteria. In the future, we will support per-user Bonjour  service policies which will come as a RADIUS attribute from the AAA server.
  Read more: http://www.pcadvisor.co.uk/news/network-wifi/3376119/cisco-answers-user-questions-about-upcoming-apple-bonjour-gateway/#ixzz2SZqMYpdh
  Cheers
  Any insight would be appreciated

  Here are the ACLs for the controller
  acl create BlockBonjour
  acl apply BlockBonjour
  acl counter start
  acl rule add BlockBonjour 1
  acl rule add BlockBonjour 2
  acl rule action BlockBonjour 1 deny
  acl rule action BlockBonjour 2 permit
  acl rule destination address BlockBonjour 1 224.0.0.251 255.255.255.255
  acl rule destination address BlockBonjour 2 0.0.0.0 0.0.0.0
  acl rule destination port range BlockBonjour 1 0 65535
  acl rule destination port range BlockBonjour 2 0 65535
  acl rule source address BlockBonjour 1 0.0.0.0 0.0.0.0
  acl rule source address BlockBonjour 2 0.0.0.0 0.0.0.0
  acl rule source port range BlockBonjour 1 0 65535
  acl rule source port range BlockBonjour 2 0 65535
  acl rule direction BlockBonjour 1  In 
  acl rule direction BlockBonjour 2 Any 
  acl rule dscp BlockBonjour 1  Any 
  acl rule dscp BlockBonjour 2  Any 
  acl rule protocol BlockBonjour 1  Any 
  acl rule protocol BlockBonjour 2  Any 
  acl apply BlockBonjour ipv6 acl create BlockAllIPv6
  ipv6 acl apply BlockAllIPv6
  ipv6 acl rule add BlockAllIPv6 1
  ipv6 acl rule action BlockAllIPv6 1 deny
  ipv6 acl rule destination address BlockAllIPv6 1 :: 0
  ipv6 acl rule destination port range BlockAllIPv6 1 0 65535
  ipv6 acl rule source address BlockAllIPv6 1 :: 0
  ipv6 acl rule source port range BlockAllIPv6 1 0 65535
  ipv6 acl rule direction BlockAllIPv6 1 Any 
  ipv6 acl rule dscp BlockAllIPv6 1  Any 
  ipv6 acl rule protocol BlockAllIPv6 1 Any
  ipv6 acl apply BlockAllIPv6
  Apply to wlan:  The wlan index is used in this case, the first wlan created on controller
  wlan acl 1 BlockBonjour
  wlan ipv6 acl 1 BlockAllIPv6

• Bonjour Gateway - Airplay / AirServer - Random Disconnects

  I am experiencing random disconnects during an Airplay session to AirServer. Airserver disappears from the screen and Airplay session is gone. Here is the details of my setup:
  WLC 5508 7.5.102.0
  1142n APs
  AirServer (1.9.4) installed on wired PCs.
  Wireless clients (iOS Devices 7.x and 6.x) use Airplay to mirror to the PCs running AirServer.
  APs are in mDNS mode and snooping the vlan the PCs reside in.
  Wireless clients in separate BYOD WLAN.
  Enabled bonjour gateway and mDNS AP (trunk mode)
  http://www.cisco.com/en/US/docs/wireless/technology/bonjour/7.5/Bonjour_Gateway_Phase-2_WLC_software_release_7.5.html#wp44311
  Enabled videostream
  http://www.cisco.com/en/US/products/ps10315/products_tech_note09186a0080b6e11e.shtml
  Verified via packet capture the client traffic is being marked for QoS (and Gold enabled on BYOD WLAN)
  Differentiated Services Field: 0x80 (DSCP 0x20: Class Selector 4; ECN: 0x00:  Not-ECT (Not ECN-Capable Transport))
  This is an intermittent issue. I can play a YouTube video for 60 mins with no issues sometimes. Sometimes the disconnect happens. WLC mdns error debug output does not look significantly different when the crash happens.
  Any thoughts? Similar experience?

  Alright, long story short: Got a wirless repeater, set the printer up to connect wireless, now everything works fine, including AirPrint.
  Btw.: Even though it says it is not possible, it is actually possible to access the printer via WLAN and LAN (wired) simultaneosly.
  Thanks anyway. I think this can be marked as solved

• Remote Desktop Gateway Support One Time Passwords?

  We are considering setting up a Remote Desktop Gateway server so users can remote control their office desktop PCs from home without needing VPN.
  The plan is for it to only be a secure pass-through from the Internet to their desktop PC.  There will be not be any terminal services login or web apps hosted on the server.  We have not decided if RDWeb will be available.  It is likely that
  users will just use a RDP client such as the Microsoft MSTSC.exe Remote Desktop client in Windows or similar app for iOS, Android or OSX rather than use a browser to reach their PC.
  I noticed that most RDP clients, mobile apps and web browsers have an option to remember credentials so they can log in without typing credentials the next time they connect.  This will be a security threat if their PC is stolen and not encrypted.  Is
  there any way to provide access, but prevent users from reusing saved passwords to connect to the Remote Desktop Gateway without using smart cards?
  I had that the idea of having some kind of one time password system to authenticate through the RD Gateway so saved passwords would be useless.  What does Remote Desktop Gateway support that can do this?

  Hi,
  Thanks for your posting in Windows Server Forum.
  I consider that you are trying to find the solution as per below article. Please go through carefully.
  1. Configuring the TS Gateway OTP Scenario
  2. RD Gateway deployment in a perimeter network & Firewall rules
  Hope it helps!
  Thanks,
  Dharmesh

• Firefox opens websites when hard wired to router, but when using wireless I get a server not found message.

  Firefox (3.6.10) opens websites when hard wired to router, but when using wireless I get message: SERVER NOT FOUND FIREFOX CAN'T FIND THE SERVER AT SEARCH.AVG.COM. My homepage is http://www.google.com/firefox?client=firefox-a&rls=org.mozilla:en-US:official. My anti-virus is AVG free 8.5.448. What can cause this?
  If Work Offline is checked in Firefox File, I can get to Google search site. When I un-check it I still get the Server Not Found message

  Did you check the connection settings?
  *Tools > Options > Advanced > Network : Connection > Settings
  *https://support.mozilla.org/kb/Options+window+-+Advanced+panel
  If you do not need to use a proxy to connect to internet then try to select "No Proxy" if "Use the system proxy settings" or one of the others do not work properly.
  See "Firefox connection settings":
  *https://support.mozilla.org/kb/Firefox+cannot+load+websites+but+other+programs+can

• Is it possible to insert tables using Form Central?

  Is it possible to insert tables using Form Central?

  Unfortuately Formscentral does not support tables at this time.
  Andrew

• How many gateway supported by PGW ?

  Does anyone know that the number of maximum gateway support of PGW ?

  Each instance of AE can only access a maximum of 4 GB of RAM (on Vista64). With the "Render multiple frames simultaneously" option in the preferences, AE CS3 and later can start several hidden copies of itself in the background, which can each address that maxmium amount of RAM, so your machine would ideally use 5 processor cores (5 x 4 = 20 GB and leave 4 GB for the OS.)
  In CS4 you can set the number of cores to use, in CS3 you have to do it via a text file, detailed in this post:
  i http://generalspecialist.com/2007/02/troubleshooting-after-effects-7.asp (look for "MaxNumberOfProcesses")
  PS. On OS X, each instance can address 3.5 GB and on Windows XP and Windows Vista 2 GB (or 3 GB if you are adventurous:
  i http://generalspecialist.com/2006/05/using-more-than-2gb-of-ram-in-after.asp )
  - Jonas Hummelstrand
  http://generalspecialist.com/

• Firewall causes slow mDNS (Bonjour) Lookups

  I'm planning to upgrade our company's tiger server to leopard soon and for testing purposes I'm running Leopard server (10.5.5) on another machine. I've worked out most of the issues except for one major one.
  mDNS (Bonjour) lookups take about 60-90 seconds to resolve when the server's firewall is running. This is the same problem across lookups for any service (SSH via terminal, web, AFP). I don't plan to use mDNS on our network as the server will be running DNS for our LAN, but Time Machine backups always connect to the AFP share using the mDNS name rather than the server's Fully Qualified Domain Name. When this lookup takes such a long time it will more or less freeze the client system during this time.
  Client machines aren't running firewalls locally.
  This happens with both tiger and leopard clients.
  I have tried setting the firewall to allow all connections from "any" to "any" but it still doesn't work.
  I am not running DNS on the server but I have tried turning it on with still no luck.
  Here are the results from running "sudo ipfw list":
  00001 allow udp from any 626 to any dst-port 626
  01000 allow ip from any to any via lo0
  01010 deny log logamount 1000 ip from any to 127.0.0.0/8
  01020 deny log logamount 1000 ip from 224.0.0.0/4 to any in
  12300 allow tcp from any to any established
  12301 allow tcp from any to any out
  12302 allow udp from any to any out keep-state
  12303 allow tcp from any to any dst-port 53 out keep-state
  12303 allow udp from any to any dst-port 53 out keep-state
  12304 allow udp from any to any in frag
  12305 allow tcp from any to any dst-port 311
  12306 allow tcp from any to any dst-port 625
  12307 allow udp from any to any dst-port 626
  12308 allow icmp from any to any icmptypes 8
  12309 allow icmp from any to any icmptypes 0
  12310 allow igmp from any to any
  12311 allow esp from any to any
  12312 allow gre from any to any
  12313 allow udp from any to any dst-port 4500
  12314 allow ip from 192.168.15.0/24 to any via en0 keep-state
  12314 allow ip from 192.168.16.0/24 to any via en0 keep-state
  12315 allow udp from any 68 to any dst-port 67 via en0
  65534 deny log logamount 1000 ip from any to any
  65535 allow ip from any to any
  Note that this should block most services but allow machines on our internal subnets (192.168.15.0 and 192.168.16.0) to connect.
  Any help or advice will be greatly appreciated.
  Thanks.

  I have independently confirmed Baerner's results. Last week I installed ethereal and Wireshark from the fink project and traced the IPP data packets between my desktop client and the print server. Bonjour is definitely using IPV6 in Leopard for printing services.
  Reading the Wikipedia page, http://en.wikipedia.org/wiki/IPv6#Special_addresses, I used the ip6fw utility to add the firewall rule:
  *01101 allow ipv6 from fe80::/10 to fe80::/10*
  which allows link-local addresses to communicate with the server.
  Printing on the server works well with the new firewall rule. I just need to find out how to get the Server Admin tool to set the rule from the FireWall GUI.

• MDNS/Bonjour switchs randomly between multiple NICs

  Dear Community,
  I have a problem with a MacServer and multiple NICs...lets name it MSERV
  NIC1 goes into the WWW (194.x.x.x) (Protected with ASA firewall)
  NIC2 goes into LAN (172.x.x.x) (no firewall)
  I need the WWW NIC for ProfileManager and also the LAN NIC for filesharing and TMB.
  Both IPs are reachable from our LAN. DNS is good (nslookup shows up as expected) but mDNS/Bonjour makes some problems:
  If I do ping MSERV.local sometimes it resolves the 194 and sometimes the 172 address.
  This is a big problem for our time machine server backups! When clients choose the 194-path when they discover their backup target on the server, we generate a HUGE load on our ASA firewall.
  How can I force Bonjour only to use the 172er LAN NIC.
  Or did I get something dramatically wrong?
  Any suggestions?

  Tearjerker wrote:
  Thank you for your reply!
  So you mean to disable Bonjour on the server and set up DNS name as TM target?
  Problem is here: How can I do this? Only way I know to connect to my backup server on clients is
  System Prefs. -> TM -> Choose Disk. And as far as I know is this a Bonjour connection, right?
  When I disable Bonjour service on the server (already tried!) my clients are unable to connect to their target.
  Any thoughts?
  You should not need to disable Bonjour. Bonjour aka. mDNS uses the .local domain suffix if you use a hostname like MSERV.local it will use Bonjour to try and find the TCP/IP address. (We will ignore the possibility someone might use the .local domain in an Active Directory setup.)
  If your using a full-blown DNS e.g. server.domain.com then this is nothing to do with Bonjour and where it will point to is up to your DNS server. In this case you would point it to the 172.x.x.x IP address of the server.
  As you want the same server to be contactable via the WAN interface as well for the rest of the work to access what you will want to do is have a 'split-horizon' DNS setup. With this the internal machines use an internal DNS server which points to the internal IP address of the server. You will also have the same domain hosted externally and the same server name but pointing to the external WAN IP address. What you do then have to be careful about is to ensure that all the external host names in that domain are defined also on the internal DNS server even if they are servers hosted externally. For example if you have a www.domain.com server hosted externally so it only has an external (public) IP address then you will still need to define this on your internal DNS server so your internal machines know where to find it, since your internal machines will be using your internal DNS server. If you fail to do this then while the outside world using an external DNS server may be able to access your www server, your internal machines would not be able to because your internal DNS server would otherwise say it does not exist.

• MDNS/Bonjour port 0 service registration broken on Solaris 11 Express

  I'm using Solaris 11 Express on x86-64, and found a pretty bad bug with registering mDNS/Bonjour services. Most service registration works fine, but registering a service that uses port 0 does not work. It claims to work, but the service never gets registered, and can't be browsed for.
  It's easy to reproduce: in one window, run
  $ dns-sd -B test.tcp
  You should see 'Browsing for test.tcp', and no services found.
  Then, in another window, run
  $ dns-sd -R solaris test.tcp local. 0
  to register a test.tcp service on port 0. It seems to succeed, but the first window doesn't show the new service.
  Now, kill the 'dns-sd -R' registration process with ctrl-c, and run
  $ dns-sd -R solaris test.tcp local. 1
  This time, the first window will show the service. Registering on port 1 works fine, but port 0 does not.
  Port 0 service registration works fine on every other OS, and many services use port 0 by convention if they aren't advertising an actual service. For example, netatalk can register a device-info.tcp service to mimic a certain Mac model (so your Solaris server shows up with an Xserve icon). This "service" uses port 0, and doesn't work on S11 Express unless the source is changed to a non-zero port.
  Can someone test this out on Solaris 11 EA and other versions, to see if it's been fixed or not?
  Edited by: 887058 on Sep 22, 2011 11:57 PM

  It is registering fine with port 0. You can test by trying to register the same service on another host in the local network
  with the same service name and port. You will see the service name automatically renamed.
  For example:
  root@estrada:~# dns-sd -R solaris test.tcp local. 0
  Registering Service solaris._test._tcp.local. port 0
  Got a reply for solaris._test._tcp.local.: Name now registered and active
  root@testz:~# dns-sd -R solaris test.tcp local. 0
  Registering Service solaris._test._tcp.local. port 0
  Got a reply for solaris (2)._test._tcp.local.: Name now registered and active
  ^C
  You can also query and see the SRV record for it:
  # dns-sd -Q solaris._test._tcp.local. SRV
  Timestamp A/R Flags if Name T C Rdata
  23:38:58.949 Add 2 2 solaris._test._tcp.local. 33 1 21 bytes: 00 00 00 00 00 00 07 65 73 74 72 61 64 61 05 6C 6F 63 61 6C 00
  It appears to me the service is not seen in the service browse call. These port 0 registrations are used to indicate the service
  is not available on the host so this could be by design. I have tested the same on Mac OS X 10.6.8 and observe the same
  results.
  Rishi

• How do I upload a form to my website using form central?

  How do I upload a form to my website using form central?

  Using Form Central you can distribute your form as a web-based HTML form, a fillable PDF form, or both.
  You can copy the URL or the embed code for the form and post it on your website. When a respondent clicks the link, the fillable form opens in a browser window.
  The only exception: These options don’t apply to fillable PDF forms that you imported into Adobe FormsCentral.
  Please refer to the article http://help.adobe.com/en_US/formscentral/using/WSd789abd336388b16-9d277de12da94c8037-8000. html#WS49f7d3dd80da808f7c9fcbc138d00a7399-8000.