Community Tribal Knowledge Base

Apple - Macbook - Airplay - Apple TV - firewall port findings

alc
Retired Employee

Symptoms

Just in case some one else may share a similar experience.

Controller software version 5.0.3.3 - trying to setup firewall policy to allow ipad, iphone, macbook, and appletv to share photo's, music, videos, and presentations in a customer conference room on a single SSID and single vlan.  initial policy was set to only allow http(s), dns, and dhcp.

Diagnosis

Apples documentation for typical ports, airplay ports, ect., did not work, and only assisted in getting the 'option' to share to an appletv to finally show up on devices.

Other post mentioned ipv6 and qos struff that did not seem to apply to us.

Solution

 

After working with Aruba support (Sreejith Mankiavil - was incredibly helpful), we were able to obtain a list of ports that were being used, but not listed in the apple docs...Not that I could find.

Sreejith showed me an incredibly helpful command to identify attempted, and failed, port utilization.

 

show datapath session table <clientIPaddress>

 

After that, we were quickly able to find the ports needed to do what we needed.  Sreejith provided port recommendations, but I did go back and test one at a time until I got something I felt would be ok...maybe?

 

The ports that were missing from Apple docs (that i found) were 5000 > 7000 > 7001 > 7100 > 7010 > 7011.

 

The firewall policy we put together to get the Apple macbook, iphone, and ipad to work together using AirPlay, and AppleTV, on a local network included the addition of the following permits:

LocalAlias   >   224.0.0.251   >   tcp  >  port - 5353  (mdns - apple BS)

LocalAlias   >   224.0.0.251   >   udp >  port - 5353

LocalAlias   >   LocalAlias     >    tcp  >  port - 5000  (seen with music)

LocalAlias   >   LocalAlias     >    tcp  >  port - 7001  (seen with video)

LocalAlias   >   LocalAlias     >    tcp  >  port - 7000  (seen with picture/file)

LocalAlias   >   LocalAlias     >    tcp  >  port - 7100  (seen with display-mirroring)

LocalAlias   >   LocalAlias     >    udp >  port - 7010  (seen with display-mirroring)

LocalAlias   >   LocalAlias     >    udp >  port - 7011  (seen with display-mirroring)

LocalAlias   >   LocalAlias     >    tcp  >  port - 3689  (don't remember needing it, but added it for iTunes music sharing)

LocalAlias   >   LocalAlias     >    tcp  >  port - 49152-65535 (dynamic ports)  (!!!-REALLY...LOL...I know, right...but it works)

LocalAlias   >   LocalAlias     >    udp >  port - 49152-65535 (dynamic ports)  (Still LOL...)

any              >   any               >    tcp  >  port  - 123  (so appletv can get time)

any              >   any               >    udp >  port  - 123  (so appletv can get time)

 

Have no idea if this will help any one, but I just know I would love to have found this at the begining of the week.

 

Version history
Revision #:
1 of 1
Last update:
‎06-11-2013 10:52 AM
Updated by:
alc
 
Contributors
Search Airheads
cancel
Showing results for 
Search instead for 
Did you mean: 
Is this a frequent problem?

Request an official Aruba knowledge base article to be written by our experts.