What could be a possible reason for airplay to fail across vlans, when airprint works without any problem?

Aruba Employee
Question What could be a possible reason for airplay to fail across vlans, when airprint works without any problem?
Environment This article applies to Aruba Mobility Controllers running ArubaOS 6.3.0.0 or higher.

 

The AirPlay feature on Apple TV will not work if NAT’ting is enabled on the user VLAN interface. The issue is due to the inability of RTSP protocol to work across NAT devices.
 
AirPlay uses a variant of Real-Time streaming protocol (RTSP) to stream media from iOS devices to the Apple TV. It uses embedded IP addresses and ports in the application data for clients to communicate.
 
So if an iPad is on a VLAN interface that has NAT enabled, it will be able to discover an Apple TV on a different VLAN using AirGroup, but will be unable to mirror it’s screen to an Apple TV. The control traffic initiated from the Apple TV to a client behind NAT are dropped by the controller and hence screen mirroring fails.
 
Airgroup itself works whether there is a NAT between VLANs - i.e., discovery of these servers and all the filtering capabilities in Airgroup are independent of whether inter-VLAN NATs are used. But some of the services may break if they aren't compatible with NATs. For example, AirPrint should work fine in the presence of NATs, but AirPlay may not.

One of the work around as of now, is NOT to enable NAT’ting on the user VLAN interfaces of the controller.

But as the user or guest subnet would be a non routable disbaling NAT'ing on the user valn would break the connectivity to internet and to other subnets. In such cases, you can use ‘route src-nat’ option in the ACLs to NAT all packets that has to go to internet and not NAT any Airplay traffic.
 
Use a role like the one with policies shown below as a workaround. But take a note that the ports under the airplay ACL are the ones used for “AirPlay” alone. They could differ from application to application.
 
access-list List
----------------
Position  Name          Location
--------  ----          --------
1         dhcp-acl
2         dns-nat
3         mdns
4         icmp-acl
5         airplay
6         allowall-nat
 
dhcp-acl
--------
Priority  Source  Destination  Service   Action  TimeRange  Log  Expired  Queue  TOS  8021P  Blacklist  Mirror  DisScan  ClassifyMedia  IPv4/6
--------  ------  -----------  -------   ------  ---------  ---  -------  -----  ---  -----  ---------  ------  -------  -------------  ------
1         any     any          svc-dhcp  permit                           Low                                                           4

dns-nat
-------
Priority  Source  Destination  Service  Action         TimeRange  Log  Expired  Queue  TOS  8021P  Blacklist  Mirror  DisScan  ClassifyMedia  IPv4/6
--------  ------  -----------  -------  ------         ---------  ---  -------  -----  ---  -----  ---------  ------  -------  -------------  ------
1         any     any          svc-dns  route src-nat                           Low                                                           4

mdns
----
Priority  Source  Destination  Service   Action  TimeRange  Log  Expired  Queue  TOS  8021P  Blacklist  Mirror  DisScan  ClassifyMedia  IPv4/6
--------  ------  -----------  -------   ------  ---------  ---  -------  -----  ---  -----  ---------  ------  -------  -------------  ------
1         any     any          udp 5353  permit                           Low                                                           4

icmp-acl
--------
Priority  Source  Destination  Service   Action  TimeRange  Log  Expired  Queue  TOS  8021P  Blacklist  Mirror  DisScan  ClassifyMedia  IPv4/6
--------  ------  -----------  -------   ------  ---------  ---  -------  -----  ---  -----  ---------  ------  -------  -------------  ------
1         any     any          svc-icmp  permit                           Low                                                           4

airplay
-------
Priority  Source  Destination  Service          Action  TimeRange  Log  Expired  Queue  TOS  8021P  Blacklist  Mirror  DisScan  ClassifyMedia  IPv4/6
--------  ------  -----------  -------          ------  ---------  ---  -------  -----  ---  -----  ---------  ------  -------  -------------  ------
1         any     any          tcp 7000         permit                           Low                                                           4
2         any     any          udp 7011         permit                           Low                                                           4
3         any     any          tcp 8612         permit                           Low                                                           4
4         any     any          udp 8612         permit                           Low                                                           4
5         any     any          udp 49152-65535  permit                           Low                                                           4
6         any     any          tcp 49152-65535  permit                           Low                                                           4
7         any     any          tcp 5000         permit                           Low                                                           4
8         any     any          tcp 7100         permit                           Low                                                           4
9         any     any          udp 7010         permit                           Low                                                           4

allowall-nat
------------
Priority  Source  Destination  Service  Action         TimeRange  Log  Expired  Queue  TOS  8021P  Blacklist  Mirror  DisScan  ClassifyMedia  IPv4/6
--------  ------  -----------  -------  ------         ---------  ---  -------  -----  ---  -----  ---------  ------  -------  -------------  ------
1         any     any          any      route src-nat                           Low                                                           4
 
Expired Policies (due to time constraints) = 0
Version history
Revision #:
1 of 1
Last update:
‎07-11-2014 05:09 PM
 
Labels (1)
Contributors
Tags (1)
Search Airheads
cancel
Showing results for 
Search instead for 
Did you mean: