We have had major issues getting Apple TV to work in our school - it is almost a year now and we have made a lot of progress with Aruba but are still not there yet.
As you mention - one vlan with broadcast turned on (that is Bonjour enabled) and it works fine. But this goes against good network design. We have multiple VLANS and drop broadcast and multicast - so the first issue was even getting the Apple TV's to show up.
Also - bonjour does not work across a NAT'd subnet - another thing to watch out for...
Anyway - when Airgroup was released we thought we had found the answers to all our issues. But their initial release failed to mention that it didn't;t support multiple controllers - so we (our vendor and eventually Aruba) spent weeks trying to work out why it wouldn't.
Eventually the word filtered down from the US that multi controller would be supported in the next firmware release.
Great - no issues - at least we know why. So Apple TV now does work - but because we want to roll out 100 of them across campus - we needed a solution to restrict who could see what - Clearpass!!
Yes - clearpass advertises quite clearly that it supports restrict airplay devices by user and or locations. Perfect - we have clearpass already so let's go for it. Nope...Can't get it to work. Again over a week with engineers on site to finally tell us the issue is that it doesn't work with VRRP - only LMS. Really??? REALLY??? Why is this not written on the box? Anyway - again - look at the big picture and if they have finally worked out why and we need to use LMS instead of VRRP then OK.
Implement the first restriction to limit the Year 6 Apple TV's to only be seen by clients on the Year 6 105 AP's and it sort of works. Sometimes you cannot see them other times you can...it is anything but stable.
Over 2 weeks now and they still do not have a solution. To their credit they are obviously not giving up and agree that it should work - but still struggling to work out why.
As an aside - with the latest update in Apple TV you can now have the APple TV prompt for an onscreen random password each time you connect. This means that only people in the room who can see the screen can therefore see the password and connect.
This is better for us than having to remember static passwords and manage the issues if they leak. Also - as the kids are still on a NAT'd "guest" vlan they can't connect anyway - only the teachers on the internal vlan...but that is another thing we need to address....sigh.....
