Wireless Access

Reply
Contributor II
Posts: 64
Registered: ‎09-17-2011

Airgroup and Apple TV - almost works!!!

Hi there

We have just updated to Airgroup version of AOS and it almost, sort of works.

 

We have the Apple TV's now visible on the iPads and showing images from the Photo App works a treat.

However - mirroring does not work (no error - just doesn't work) and movies "try" to work - but fail with a generic Apple TV error of "an error occured"

 

Has anyone got this working in a production environment? We are not using Clearpass

 

Background to the setup:

 

Users are on 802.1x network SSID

Apple TV is on MAC authenticated SSID

Apple TV OS is version 5

Apple iPAD is iOS6

Both devices say they are running latest versions of software.

Airgroup is enabled via CLI - (host) (config) # airgroup enable

Airplay services are enabled

 

AirGroup Feature

----------------

Status

------

Enabled

 

AirGroup Enforce Registration

-----------------------------

Status

------

Disabled

 

AirGroup Service Information

----------------------------

Service   Status

-------   ------

airplay   Enabled

airprint  Enabled

allowall  Enabled

 

Anyone got any ideas?

Wally

Guru Elite
Posts: 20,822
Registered: ‎03-29-2007

Re: Airgroup and Apple TV - almost works!!!

Have you seen the thread here?:  http://community.arubanetworks.com/t5/ArubaOS-and-Mobility-Controllers/AirPlay-mirroring/m-p/28950/highlight/true#M2409  



Colin Joseph
Aruba Customer Engineering

Looking for an Answer? Search the Community Knowledge Base Here: Community Knowledge Base

Contributor II
Posts: 64
Registered: ‎09-17-2011

Re: Airgroup and Apple TV - almost works!!!

Thanks for the pointer - but this thread is Pre Airgroup.

However - IPV6 was disabled on the firewall and I have enabled it.

Both the iPad and the apple TV now show up in the user table with IPV6 addresses as well as the IPV4 address but still no go on the Apple Mirror option.

 

I can get the photo app to display on the Apple TV but that is all - no mirror and no video,

 

Note - the other options in this post are as i said all pre Airgroup.

 

I too have got Apple TV to work seamlessly IF I enable BC/MC and therefore mDNS and Bonjour with two devices on the SAME SSID  - it works fine.

But the whole point of Airgroup I thought was to enable Airplay services to work across the controllers without enabling mDNS and propagating all this traffic. That is the Controller works as mDNS proxy converting the BC/MC to Unicast.

 

So - still stuck here - any other ideas?

Wally

 

Guru Elite
Posts: 20,822
Registered: ‎03-29-2007

Re: Airgroup and Apple TV - almost works!!!

Are you turning on BC/MC optimization on the SSID or on the VLAN?  Turn both of those off and enable drop broadcasts at the Virtual AP.

 

I referred you to the other article because there is an iPv6 component that might have contributed to your issue.

 



Colin Joseph
Aruba Customer Engineering

Looking for an Answer? Search the Community Knowledge Base Here: Community Knowledge Base

Contributor II
Posts: 64
Registered: ‎09-17-2011

Re: Airgroup and Apple TV - almost works!!!

just to confirm that BC/MC optimization is turned off on the VLAN and Drop BC/MC is enabled on the VAP as shown below.

 

Here is the current config: Let me know if you can spot anything wrong....

 

Client VAP:

 

Virtual AP profile "Wireless@TTS-VAP"

-------------------------------------

Parameter                                       Value

---------                                       -----

Virtual AP enable                               Enabled

Allowed band                                    all

AAA Profile                                     TTSAAA-WIRELESS@TTS

802.11K Profile                                 default

SSID Profile                                    WIRELESS@TTS-SSID

VLAN                                            200

Forward mode                                    tunnel

Deny time range                                 N/A

Mobile IP                                       Enabled

HA Discovery on-association                     Disabled

DoS Prevention                                  Enabled

Station Blacklisting                            Enabled

Blacklist Time                                  3600 sec

Dynamic Multicast Optimization (DMO)            Disabled

Dynamic Multicast Optimization (DMO) Threshold  6

Authentication Failure Blacklist Time           3600 sec

Strict Compliance                               Disabled

VLAN Mobility                                   Enabled

Preserve Client VLAN                            Disabled

Remote-AP Operation                             standard

Drop Broadcast and Multicast                    Enabled

Convert Broadcast ARP requests to unicast       Enabled

Deny inter user traffic                         Disabled

Band Steering                                   Enabled

Steering Mode                                   prefer-5ghz

WMM Traffic Management Profile                  N/A

 

AppleTV VAP:

 

Virtual AP profile "Secure@TTS-VAP"

-----------------------------------

Parameter                                       Value

---------                                       -----

Virtual AP enable                               Enabled

Allowed band                                    all

AAA Profile                                     TTSAAA-SECURE

802.11K Profile                                 default

SSID Profile                                    Secure@TTS-SSID

VLAN                                            20

Forward mode                                    tunnel

Deny time range                                 N/A

Mobile IP                                       Enabled

HA Discovery on-association                     Disabled

DoS Prevention                                  Enabled

Station Blacklisting                            Enabled

Blacklist Time                                  3600 sec

Dynamic Multicast Optimization (DMO)            Disabled

Dynamic Multicast Optimization (DMO) Threshold  6

Authentication Failure Blacklist Time           3600 sec

Strict Compliance                               Disabled

VLAN Mobility                                   Enabled

Preserve Client VLAN                            Disabled

Remote-AP Operation                             standard

Drop Broadcast and Multicast                    Enabled

Convert Broadcast ARP requests to unicast       Enabled

Deny inter user traffic                         Disabled

Band Steering                                   Enabled

Steering Mode                                   prefer-5ghz

WMM Traffic Management Profile                  N/A

 

 

And here is the config of the VLAN for

 

VLAN200 is up line protocol is up
Hardware is CPU Interface, Interface address is
Description: 802.1Q VLAN
Internet address is 192.168.208.1  255.255.252.0
IPv6 is enabled, link-local address is
IPv6 Router Advertisements are disabled
Routing interface is enable, Forwarding mode is enable
Directed broadcast is disabled, BCMC Optimization disabled ProxyARP disabled Suppress ARP enable
Encapsulation 802, loopback not set
MTU 1500 bytes
Last clearing of "show interface" counters 6 day 20 hr 24 min 48 sec
link status last changed 6 day 20 hr 21 min 21 sec

Config of VLAN for Apple TV:

 

VLAN20 is up line protocol is up
Hardware is CPU Interface, Interface address is
Description: 802.1Q VLAN
Internet address is 10.1.80.7  255.255.252.0
IPv6 is enabled, link-local address is
IPv6 Router Advertisements are disabled
Routing interface is enable, Forwarding mode is enable
Directed broadcast is disabled, BCMC Optimization disabled ProxyARP disabled Suppress ARP enable
Encapsulation 802, loopback not set
MTU 1500 bytes
Last clearing of "show interface" counters 6 day 21 hr 47 min 4 sec
link status last changed 6 day 21 hr 44 min 45 sec
Tunnels Configured on this Interface:
Tunnel 0
Associated Ports:,GE1/0

Guru Elite
Posts: 20,822
Registered: ‎03-29-2007

Re: Airgroup and Apple TV - almost works!!!

Looks good.  Quick questions:

 

- Do you have NAT between those subnets (ip nat inside on either ip interface)?

- What are the firewall policies for each that are assigned to the role for both devices that would like to connect?

 



Colin Joseph
Aruba Customer Engineering

Looking for an Answer? Search the Community Knowledge Base Here: Community Knowledge Base

Contributor II
Posts: 64
Registered: ‎09-17-2011

Re: Airgroup and Apple TV - almost works!!!

OK - we are so close now....it appears it is the NAT..

Question then is what is the NAT doing that is stopping Mirroring working even if both clients on the same NATed VLAN.

It is our desire if possible to keep the wireless students on this VLAN - happy to put the Apple TV's on as well - but can we get it work with NAT?

 

Here is what I found....

 

NAT got me thinking as the Secure SSID we were using was because it was an existing MAC based SSID we had for some legacy devices that needed VLAN 20 access..and thought we would use it for the Apple TV MAC authentication as well.

 

Also thought about whether same VLAN was required for this to work -so did the following test.

 

Scenario 1:

Apple TV is on Secure SSID - MAC Authentication - no NAT - same IP range as the AP - VLAN20 (10.1.x.x)

Client is on 802.1X SSID - VLAN 200 - NAT in place (192.168.x.x)

 

Result

Photo App works

Videos do not work

Mirror does not work

 

Scenario 2:

Apple TV is on Secure SSID - MAC Authentication - moved to VLAN 200 (same as client) - 192.168.X.X

Client is on 802.1X SSID - VLAN 200 - NAT in place (192.168.x.x)

Reboot everything.

 

Result:

Photo App works

Videos WORK!!!

Mirror does not work

 

Scenario 3:

Apple TV is on Secure SSID - MAC Authentication - moved back to VLAN 20 no NAT - same IP range as the AP - (10.1.x.x)

Client is moved to secure SSID VLAN 20 (as I cannot move the production SSID to a different VLAN) - no NAT - 10.1.x.x

Reboot everything

 

Result:

WORKS!!! Everything works including mirroring.

 

DOUBLE CHECKING:

With the Apple TV and the Client stll connected to the same Non NAT VLAN - BC/MC dropped and conver to unicast turned on. It works.

So did a Conf t - Airgroup disable  - and then Apple TV disappeared from the network. Enabled airgroup and appeared again.

 

 

 So with clients on same NON NATed VLAN and Airgroup enabled - we are away!!

Question is can we get it work with a NATed VLAN?

Wally

 

Guru Elite
Posts: 20,822
Registered: ‎03-29-2007

Re: Airgroup and Apple TV - almost works!!!

The application simply does not work across a NAT boundary.  There is nothing that we can do about that.

 



Colin Joseph
Aruba Customer Engineering

Looking for an Answer? Search the Community Knowledge Base Here: Community Knowledge Base

Contributor II
Posts: 64
Registered: ‎09-17-2011

Re: Airgroup and Apple TV - almost works!!!

Any chance of a technical reason why mirroring wont work across NAT boundary? Is this because we are dropping BC and MC?

Is this unique to Aruba as on a home network the Apple TV and ipad are obviously on a NATed subnet behind a typical home router / firewall.

Wally

Guru Elite
Posts: 20,822
Registered: ‎03-29-2007

Re: Airgroup and Apple TV - almost works!!!

The bonjour protocol is a very simple protocol that is only designed for the home.  It is not meant to be on opposite sides of a NAT translation.



Colin Joseph
Aruba Customer Engineering

Looking for an Answer? Search the Community Knowledge Base Here: Community Knowledge Base

Search Airheads
Showing results for 
Search instead for 
Did you mean: