When a airgroup service is disabled on a guest vlan, can the users still discover the servers in their own subnet?

Aruba Employee

This articles applies to Aruba Mobility Controllers running ArubaOS version 6.3 or above.

 

When Airgroup is enabled, controller act as an mDNS proxy. It terminates all mDNS packets received and initiate new query/response mDNS packets. 

When the forward mode is tunnel, AP sends all 802.11 data packets over a GRE tunnel to the controller for processing. Therefore mDNS query being a part of data packet would also get terminated on the controller.
The mDNS process on controller will receive all mDNS packets destined to UDP port 5353 with destination IP address 224.0.0.251, irrespective of whether the packet is coming from a wired client or from a wireless client.

Therefore, even though guests clients might offer airplay, airprint and any other mDNS service, they will not discovered that service is disabled in airgroup on a guest vlan.


For example, if vlan 10 is a guest vlan and would like to disable airplay, then screenshots show how to disable a airplay service and how to verify thereafter:

 

rtaImage.jpg

 

rtaImage (1).jpg

Version history
Revision #:
1 of 1
Last update:
‎06-26-2014 12:15 PM
Updated by:
 
Labels (1)
Contributors
Search Airheads
cancel
Showing results for 
Search instead for 
Did you mean: