Enterprise and Apple have this love/hate relationship. End users love Apple. IT tends to be hesitant in supporting the awesome features they come with. AirPlay is probably the most requested feature. Cisco didn't officially support Bonjour and AirPlay until version 7.4 in the Wireless LAN Controller. The latest revisions have improvements in supporting Bonjour and especially in the configuration.

In this post I will discuss configuration on the Cisco WLC version 7.6.100.0. What configuration is needed on your switches and how you can verify Bonjour is working. We'll get it working for devices on the same subnet and across different subnets, both wired and wireless.

I was able to test this with multiple iPads and a handful of iPhones. With 3rd party software I was able to use my Windows 8 laptop to AirPlay my screen to an Apple TV. No lag or jitter was encountered during my tests. To be fair, I do not have a lot of users hitting the wireless network to really see any performance hits.

Before configuring Bonjour, I performed a wireless site survey and made adjustments to provide proper coverage for connectivity and ensured there was no interference.

Cisco Wireless LAN Controller Requirements

To allow Bonjour to traverse the wireless network there will need to be some features enabled:

• mDNS
• Broadcast forwarding
• Multicast
• IGMP snooping

Broadcast Forwarding

Within the Cisco WLC interface, click on Controller and ensure you're in the General section. From this section, ensure Broadcast Forwarding is Enabled. This was required by one of our vendors. We use Savant AV equipment and to manage those devices, and to also allow Bonjour, we had to enable this feature. This is a global feature of the wireless LAN controller.

Additionally, change the AP Multicast Mode to Multicast and set a multicast address. When selecting a multicast address, pick one from the private multicast address space.

On the left pane, expand mDNS and click on General. In this window, enable mDNS Global Snooping. The Cisco WLC will enable some services for you. Depending on your needs for Bonjour, you'll either add or remove services.

To add a service, click on the drop down for “Select Service”, select the service required, enable Query Status, and then click Add.

To remove an existing service, hover your mouse over the blue arrow icon and select Remove.

Moving on to Domain Names you will see a list of entries from devices currently communicating via Bonjour. Seeing devices in this section is a good sign.

Notice the “Type” column. Initially, you probably will see only Wireless devices. In order to see Wired devices you must create an interface on the WLC within each subnet needing access to Bonjour services. Within that interface configuration the mDNS Profile should also be selected.

Another location to configure the mDNS Profile is within the WLAN Advanced Settings.

mDNS Browser is a handy tool to view what the controller can find on the network and what service string they are using.

 

Switch Configuration

First feature that must be enabled is multicast. Use this command on your switch to enable multicast:

ip multicast-routing

Next configuration item is to enter the VLAN interface and configure the sparse mode:

interface vlan vlan-id
ip pim sparse-mode

The main command is ip pim sparse-mode. What this command does is allow the SVI to join in sparse mode multicast traffic. The clients in that VLAN will be able to receive multicast traffic from different multicast groups. Sparse mode uses a pull model to deliver multicast traffic.

You can read more about Sparse Mode and the other modes on Cisco.com:

PIM-SM uses a pull model to deliver multicast traffic. Only network segments with active receivers that have explicitly requested the data will receive the traffic.
PIM-SM distributes information about active sources by forwarding data packets on the shared tree. Because PIM-SM uses shared trees (at least, initially), it requires the use of a rendezvous point (RP). The RP must be administratively configured in the network.

Sources register with the RP and then data is forwarded down the shared tree to the receivers. The edge routers learn about a particular source when they receive data packets on the shared tree from that source through the RP. The edge router then sends PIM (S, G) join messages towards that source. Each router along the reverse path compares the unicast routing metric of the RP address to the metric of the source address. If the metric for the source address is better, it will forward a PIM (S, G) join message towards the source. If the metric for the RP is the same or better, then the PIM (S, G) join message will be sent in the same direction as the RP. In this case, the shared tree and the source tree would be considered congruent.

After configuring the sparse mode for the SVI, we now enable IGMP snooping on the switch with this command:

ip igmp snooping vlan vlan-id

Verify IGMP snooping with:

show ip igmp snooping

SDG01-SVRM-CSW-3750-01#show ip igmp snooping
 Global IGMP Snooping configuration:
 -----------------------------------
 IGMP snooping : Enabled
 IGMPv3 snooping (minimal) : Enabled
 Report suppression : Enabled
 TCN solicit query : Disabled
 TCN flood query count : 2
 Last Member Query Interval : 1000

Vlan 1:
 --------
 IGMP snooping : Enabled
 IGMPv2 immediate leave : Disabled
 Explicit host tracking : Enabled
 Multicast router learning mode : pim-dvmrp
 Last Member Query Interval : 1000
 CGMP interoperability mode : IGMP_ONLY

Commands used to verify mDNS on the Cisco WLC:

show mdns profile summary
 show mdns profile detail <profile-name>
 show mdns service summary
 show mdns service detail <service-name>
 show interface det <interface-name>
 show interface group detail <interface-group-name>
 show wlan <wlan-id>
 show client detail <mac-address>
 show network summary

clear mdns service-database <service-name / all>

debug mdns message <enable|disable>
 debug mdns details <enable|disable>
 debug mdns error <enable|disable>
 debug mdns all <enable|disable>

Caveats Noticed

Sometimes I noticed reconnecting to the wifi network fixes any problems with connecting to Bonjour-enabled devices.
For printing, I’ve read that you must use a printer supported by Apple. So far I haven’t been able to get printing done successfully but I am unsure if it’s because I don’t have a printer on Apple’s list. This is after finding that the printer does support Bonjour.

My Thoughts

Cisco has a couple of different guides scattered around. I suggest learning how the Bonjour protocol works, how Cisco handles Bonjour, and learn about multicast.

What I haven’t tried yet is securing Bonjour. An example is not allowing a specific WLAN to see a Bonjour device on another subnet. A real world scenario would be providing a way for teachers to present to an Apple TV without a student interfering by displaying something inappropriate. Following Cisco’s documentation of using the WLC’s ACLs didn’t work for me. I ended up creating ACLs at the switch to control access.

Software that helped me was mDNS browser, AirParrot, and Reflector. All three were used for testing on my Windows 8 laptop and iPhone.

Did this blog post help? Let me know in the comments.