Network Management

Ok, I am stumped on how to configure AirGroup properly.  Maybe I am missing something.  I can't get any wired mdns servers to show up on quieres for wireless devices.

 

This configuration is a 3200 running 6.4 with a cisco switch doing the L2/L3 management.  Vlan 1 is wired and Vlan 2 is the wireless.  The controller has an ip on each vlan.  AirGroup shows the devices, servers on the wired and clients on the wireless yet the clients can't see the servers at all.  When I did a debug on mdns it said no query was returned to the client every time.  Is this a supported setup?  Did I miss something?  I've poured through the documentation and I can't find anything that makes any difference.  I don't have an airgroup domain defined, I didn't see anything that said a single controller needed it.  I don't have any ACLs on either side that should be blocking 5353 traffic.  So I'm stumped, if anyone has any advice I'd apprecate it.

Thanks.

 

AirGroup Service Information
----------------------------
Service Status
------- ------
airplay Enabled
airprint Enabled
itunes Enabled
remotemgmt Disabled
sharing Disabled
chat Disabled
googlecast Enabled
DIAL Enabled
DLNA Media Enabled
DLNA Print Enabled
allowall Disabled

 

 AirGroup Servers
----------------
MAC IP Type Host Name Service VLAN Wired/Wireless Role Group Username AP-Name
--- -- ---- --------- ------- ---- -------------- ---- ----- -------- -------
08:00:37:xx:xx:xx fe80::a00:37ff:xxxx:xxxx mDNS dellcolor airprint 1 N/A
00:18:dd:xx:xx:xx 192.168.xx.xx DLNA DLNA Media 1 N/A
Num Servers: 2, Max Servers: 500.

 

AirGroup Users
--------------
MAC IP Type Host Name VLAN Role Group Username AP-Name
--- -- ---- --------- ---- ---- ----- -------- -------
b8:e8:56:e8:xx:xxf fe80::485:xxxx:xxxx:xxxx mDNS,DLNA 2 authenticated userid ap4
00:0d:4b:xx:xx:xx 192.168.xx.xx DLNA 1
24:77:03:xx:xx:xx 192.168.xx.xx mDNS HOSTNAME 2 authenticated userid ap4

 

 

 

 

Are you doing ClearPass registration? If not, be sure the checkbox is disabled.


Thanks,
Tim

Thanks Tim, I don't have any of the clearpass stuff turned no.  Here is the stauts output, I didn't want to put it because it was so long.  I have toggled the ipv6 (we do have working ipv6 in the environent) but it doesn't work on or off.

 

AirGroup Feature
----------------
Status
------
Enabled

AirGroup- MDNS Feature
----------------------
Status
------
Enabled

AirGroup- DLNA Feature
----------------------
Status
------
Enabled

AirGroup Location Discovery
---------------------------
Status
------
Disabled

AirGroup Active Wireless Discovery
----------------------------------
Status
------
Disabled

AirGroup Enforce Registration
-----------------------------
Status
------
Disabled

AirGroup IPV6 Support
---------------------
Status
------
Enabled

AirGroup Service Information
----------------------------
Service Status
------- ------
airplay Enabled
airprint Enabled
itunes Enabled
remotemgmt Disabled
sharing Disabled
chat Disabled
googlecast Enabled
DIAL Enabled
DLNA Media Enabled
DLNA Print Enabled
allowall Disabled

Hi,

Did you find a solution to this issue? I am experiencing the the same, with a little difference that I trunked the wired vlan all the way to the controller.

Thank you!

No I haven't found a solution, I'm sure i am doing something wrong. I have
2 vlans, one dedicated for wifi and one dedicated for wired. The APS are
on the wired vlan, the wireless is a tunneled vlan. The controller has
interfaces on both vlans. I can't see mdns items on the wired vlans from
the wireless. I did do a debug logging and the mdns queries were making it
to the controller, but the controller would reply with "no services
available" or something like that. If you figure it out let me know!
-Mike

--
* note the new email address - memcunning@gmail.com!

Sure, Mike! Thanks for the reply! I am doing some packet capture and reviewing controller configurations to try to figure it out. I´ll let you know if find something!

Heraldo.

arubasecrets,

 

Can you see your wired mdns devices in "show airgroup servers"?

What mdns devices are you trying to expose to the wireless users?

What routes the traffic from the wireless to the wired devices?

 

Hi Cjoseph,

 

I am experiencing a similar issue as Arubasecrets, expect that my wired vlan is tagged all the way to the controller. I do see my Air Group servers in "show airgroup servers" (below). They are all AirPrint servers.

(CTL_WLAN-01) #show airgroup servers

AirGroup Servers
----------------
MAC                IP            Type  Host Name  Service   VLAN  Wired/Wireless  Role  Group  Username  AP-Name
---                --            ----  ---------  -------   ----  --------------  ----  -----  --------  -------
00:26:73:58:b3:6c  172.30.1.53   mDNS  IE0505     airprint  4     N/A
00:26:73:4b:a5:2a  172.30.1.88   mDNS  IE0135     airprint  4     N/A
00:26:73:52:03:cd  172.30.1.130  mDNS  IE0772     airprint  4     N/A
00:26:73:58:f8:65  172.30.1.137  mDNS  IE0490     airprint  4     N/A
00:26:73:47:e6:64  172.30.1.95   mDNS  IE0686     airprint  4     N/A
Num Servers: 5.

 

The route from the controller to the wired AirGroup servers is successfully traced from the controller (below).

 

Network > Traceroute

traceroute to 172.30.1.95 (172.30.1.95), 30 hops max, 38 byte packets
1 172.16.80.1 (172.16.80.1) 0.676 ms 0.412 ms 0.467 ms
2 172.31.0.2 (172.31.0.2) 1.570 ms 3.882 ms 1.530 ms
3 172.31.242.1 (172.31.242.1) 9.823 ms 10.212 ms 6.853 ms
4 172.30.1.95 (172.30.1.95) 0.463 ms 0.381 ms 0.468 ms

 

If I try to to see the AirGroup/airPrint servers from my iPhone in the wireless network, which is in another vlan (192 in my case), no answers are received as you can see in the process log below.

Aug 7 14:40:37	mdns[2693]: <527000> <DBUG> |mdns| mdns_parse_packet_from_sos 793 pkt from SOS: vlan 192, mac 64:9a:be:99:99:99 ip 172.16.200.44
Aug 7 14:40:37	mdns[2693]: <527000> <DBUG> |mdns| mdns_parse_packet 2751 ********** mdns query packet received **********- info; mac=64:9a:be:99:99:99, ip=172.16.200.44, origin=1
Aug 7 14:40:37	mdns[2693]: <527000> <DBUG> |mdns| mdns_parse_query_packet 2062 There was no response to query from mac:64:9a:be:99:99:99, ip: 172.16.200.44

However, If there is an AirPrint server in the wireless vlan 192, I can see it in my iPhone!

Thanks,

 

Heraldo.

---

@Heraldo wrote:

Hi Cjoseph,

 

I am experiencing a similar issue as Arubasecrets, expect that my wired vlan is tagged all the way to the controller. I do see my Air Group servers in "show airgroup servers" (below). They are all AirPrint servers.

(CTL_WLAN-01) #show airgroup servers

AirGroup Servers
----------------
MAC                IP            Type  Host Name  Service   VLAN  Wired/Wireless  Role  Group  Username  AP-Name
---                --            ----  ---------  -------   ----  --------------  ----  -----  --------  -------
00:26:73:58:b3:6c  172.30.1.53   mDNS  IE0505     airprint  4     N/A
00:26:73:4b:a5:2a  172.30.1.88   mDNS  IE0135     airprint  4     N/A
00:26:73:52:03:cd  172.30.1.130  mDNS  IE0772     airprint  4     N/A
00:26:73:58:f8:65  172.30.1.137  mDNS  IE0490     airprint  4     N/A
00:26:73:47:e6:64  172.30.1.95   mDNS  IE0686     airprint  4     N/A
Num Servers: 5.

 

The route from the controller to the wired AirGroup servers is successfully traced from the controller (below).

 

Network > Traceroute

IP Address

Source

 

traceroute to 172.30.1.95 (172.30.1.95), 30 hops max, 38 byte packets
1 172.16.80.1 (172.16.80.1) 0.676 ms 0.412 ms 0.467 ms
2 172.31.0.2 (172.31.0.2) 1.570 ms 3.882 ms 1.530 ms
3 172.31.242.1 (172.31.242.1) 9.823 ms 10.212 ms 6.853 ms
4 172.30.1.95 (172.30.1.95) 0.463 ms 0.381 ms 0.468 ms

 

If I try to to see the AirGroup/airPrint servers from my iPhone in the wireless network, which is in another vlan (192 in my case), no answers are received as you can see in the process log below.

Aug 7 14:40:37	mdns[2693]: <527000> <DBUG> |mdns| mdns_parse_packet_from_sos 793 pkt from SOS: vlan 192, mac 64:9a:be:99:99:99 ip 172.16.200.44
Aug 7 14:40:37	mdns[2693]: <527000> <DBUG> |mdns| mdns_parse_packet 2751 ********** mdns query packet received **********- info; mac=64:9a:be:99:99:99, ip=172.16.200.44, origin=1
Aug 7 14:40:37	mdns[2693]: <527000> <DBUG> |mdns| mdns_parse_query_packet 2062 There was no response to query from mac:64:9a:be:99:99:99, ip: 172.16.200.44

However, If there is an AirPrint server in the wireless vlan 192, I can see it in my iPhone!

Thanks,

 

Heraldo.

---

Please make sure you do not have "ip nat inside" on that interface or there is no natting between the two vlans.

 

Hi Colin,

Thanks for the reply!

I`ve already made sure there is no NAT between the wired and the wireless vlans. And there is no ip nat inside the wireless vlan interface. The wired vlan is tagged all the way to the controller and was created on the controller too. There is no IP address on the wired vlan in the controller ( I also tried to assign an IP address, but made no difference!). I don´t understand why it is not working.

Thanks again.

 

Heraldo.

my show airgroup servers shows this:

 

MAC IP Type Host Name Service VLAN Wired/Wireless Role Group Username AP-Name
--- -- ---- --------- ------- ---- -------------- ---- ----- -------- -------
00:18:dd:31:23:eb 192.168.78.54 DLNA DLNA Media 1 N/A
Num Servers: 1, Max Servers: 500.

 

I can't see this on the wireless lan via my iphone which shows up in the client list.  IT should be an airprint server.  It also doesn't show up if I use the Discovery app for the iphone (which shows all bonjour services).

I don't have any natting on the interface and a cisco switch is routing between with no firewall rules.

Hope this makes sense, let me know if you need more info.

-Mike

Do you have any vlan specific or role specific airgroup settings? Do you see your device as an airgroup user?

I do see my device and many others in there as clients, they can see each other on the wireless but not the wired devices, it does show up as a server.  I don't think I have any airgroup specific role rules, where would those be set?

-Mike

The wired vlan does need to have an IP address. Are you blocking any traffic in your wireless user role?

Hi Colin,

The wired vlan has an IP address in the switch that routes it (where the Airprint server in that vlan is connected).

Is it necessary to assign an IP address to the wired vlan I created in the controller too?

I´m not blocking any traffic in the wireless user role.

Thank you!

Heraldo.

It is probably better that you open a TAC case, so that they can see everything you are doing and possibly come up with a solution.  I am only guessing based on the information that you are giving me.  The only thing I would ask is to make sure you don't have Airgroup CPPM Enforce Registration on...

 

Hi Colin,

Thanks for the reply. Although we have CPPM configured for AirGroup, I´ve already checked and confirmed that registration is not enforced.