Wireless Access

 View Only
last person joined: 21 hours ago 

Access network design for branch, remote, outdoor and campus locations with Aruba access points, and mobility controllers.
Expand all | Collapse all

Wired MDNS traffic

This thread has been viewed 87 times
  • 1.  Wired MDNS traffic

    Posted Sep 19, 2021 05:14 PM
    Hello everyone,

    We upgraded from ArubaOS 6.5 (Master-local) to ArubaOS 8.7.1.4 (MM-MD01-MD02) a month ago. Ever since then, wireless users can not see wired MDNS/AirGroup servers. All of our VLANS exist on the controllers. We ported over the settings from the old config including BCMC opt ON for all VLANS. I know this setting being on can affect wired MDNS traffic but it was on before and it worked.

    TAC has no idea after multiple calls. Can anyone point us in the right direction?

    ------------------------------
    Nathan Kuhl
    ------------------------------


  • 2.  RE: Wired MDNS traffic

    Posted Sep 20, 2021 08:05 AM
    The way Airgroup works changed significantly between AOS6 and AOS8. Did you read the AirGroup Deployment Guide?
    Also, the documentation on AirGroup in the ArubaOS documentation is pretty good.

    If that is TAC's response, ask them to escalate your case to another engineer that does have an idea.

    ------------------------------
    Herman Robers
    ------------------------
    If you have urgent issues, always contact your Aruba partner, distributor, or Aruba TAC Support. Check https://www.arubanetworks.com/support-services/contact-support/ for how to contact Aruba TAC. Any opinions expressed here are solely my own and not necessarily that of Hewlett Packard Enterprise or Aruba Networks.

    In case your problem is solved, please invest the time to post a follow-up with the information on how you solved it. Others can benefit from that.
    ------------------------------



  • 3.  RE: Wired MDNS traffic

    Posted Sep 20, 2021 08:09 AM

    A few questions about how your setup

    Are you running in distributed or Centralized mode?

    How are wired users getting to the MDs? Untrusted VLAN on a port, or are the APs doing Multicast aggregation?

    I assume wireless to wireless airgroup is working as expected?



    ------------------------------
    Chris Wickline | ACCA |
    ------------------------------



  • 4.  RE: Wired MDNS traffic

    Posted Sep 20, 2021 08:19 AM
    Hi Chris,
    We're in Centralized mode. 
    No, the MDs are not seeing any wired traffic even though we have the VLANS entered in on each MD. The VLANs are also tagged on the uplink port on the core.
    We're only using one port on each MD, a 10Gig SFP uplink that is trusted. We are not using multicast agg.  TAC told us that the only way this works is if the AP and the client are on the same VLAN.
    Wireless AirGroup is working perfectly.
    Thanks for the assistance.





  • 5.  RE: Wired MDNS traffic

    Posted Sep 20, 2021 08:57 AM

    So, if you are tagging the wired VLANs, the VLANs will need to be untrusted, so that way those users enter the user table.

    The other option, is to use AP Multicast aggregation which (I think?) is the recommended option. Essentially, you have APs sit in the same subnet as the wired users, and they forward the mDNS traffic to the controllers over a GRE tunnel. That way you don't need all your wired/wireless VLANs on the controllers, just the wireless ones.

    Multicast aggregation is what we use (2 7240 ~6K Wireless users, ~1K wired users) and it works really well. 

    This is something TAC should definitely be aware of and able to help with. I'd either ask for another engineer or for escalation. 



    ------------------------------
    Chris Wickline | ACCA |
    ------------------------------



  • 6.  RE: Wired MDNS traffic

    Posted Sep 20, 2021 10:06 AM
    I don't think we can use AP mulitcast agg. because our APs are on a different VLAN than our wired users. 

    Dumb question but how can we include the VLANs on each controller but make them untrusted? Right now, we have a single 10gig uplink back to our core for each MD.

    ------------------------------
    Nathan Kuhl
    ------------------------------



  • 7.  RE: Wired MDNS traffic

    Posted Sep 20, 2021 11:18 AM

    You can also trunk the VLANs to the AP(s), and do it that way. The first link talks about doing that, the second link shows making trusted and untrusted

    mDNS AP VLAN Aggregation

    Configuring Trusted/Untrusted Ports and VLANs

    .
    (As a side note, I would highly recommend using a unused port when running the untrusted/trusted commands, just to make sure it is doing what you want it to do. We originally did our wired airgroup this way, and it caused us issues, which is why we went with Aggregation route. YMMV)



    ------------------------------
    Chris Wickline | ACCA |
    ------------------------------