Wireless Access

A few questions about how your setup

Are you running in distributed or Centralized mode?

How are wired users getting to the MDs? Untrusted VLAN on a port, or are the APs doing Multicast aggregation?

I assume wireless to wireless airgroup is working as expected?

------------------------------
Chris Wickline | ACCA |
------------------------------

Original Message:
Sent: Sep 19, 2021 05:14 PM
From: Nathan Kuhl
Subject: Wired MDNS traffic

Hello everyone,

We upgraded from ArubaOS 6.5 (Master-local) to ArubaOS 8.7.1.4 (MM-MD01-MD02) a month ago. Ever since then, wireless users can not see wired MDNS/AirGroup servers. All of our VLANS exist on the controllers. We ported over the settings from the old config including BCMC opt ON for all VLANS. I know this setting being on can affect wired MDNS traffic but it was on before and it worked.

TAC has no idea after multiple calls. Can anyone point us in the right direction?

------------------------------
Nathan Kuhl
------------------------------

A few questions about how your setup

Are you running in distributed or Centralized mode?

How are wired users getting to the MDs? Untrusted VLAN on a port, or are the APs doing Multicast aggregation?

I assume wireless to wireless airgroup is working as expected?

------------------------------
Chris Wickline | ACCA |

Original Message:
Sent: Sep 19, 2021 05:14 PM
From: Nathan Kuhl
Subject: Wired MDNS traffic

Hello everyone,

We upgraded from ArubaOS 6.5 (Master-local) to ArubaOS 8.7.1.4 (MM-MD01-MD02) a month ago. Ever since then, wireless users can not see wired MDNS/AirGroup servers. All of our VLANS exist on the controllers. We ported over the settings from the old config including BCMC opt ON for all VLANS. I know this setting being on can affect wired MDNS traffic but it was on before and it worked.

TAC has no idea after multiple calls. Can anyone point us in the right direction?

------------------------------
Nathan Kuhl
------------------------------

So, if you are tagging the wired VLANs, the VLANs will need to be untrusted, so that way those users enter the user table.

The other option, is to use AP Multicast aggregation which (I think?) is the recommended option. Essentially, you have APs sit in the same subnet as the wired users, and they forward the mDNS traffic to the controllers over a GRE tunnel. That way you don't need all your wired/wireless VLANs on the controllers, just the wireless ones.

Multicast aggregation is what we use (2 7240 ~6K Wireless users, ~1K wired users) and it works really well. 

This is something TAC should definitely be aware of and able to help with. I'd either ask for another engineer or for escalation. 

A few questions about how your setup

Are you running in distributed or Centralized mode?

How are wired users getting to the MDs? Untrusted VLAN on a port, or are the APs doing Multicast aggregation?

I assume wireless to wireless airgroup is working as expected?

------------------------------
Chris Wickline | ACCA |

Original Message:
Sent: Sep 19, 2021 05:14 PM
From: Nathan Kuhl
Subject: Wired MDNS traffic

Hello everyone,

We upgraded from ArubaOS 6.5 (Master-local) to ArubaOS 8.7.1.4 (MM-MD01-MD02) a month ago. Ever since then, wireless users can not see wired MDNS/AirGroup servers. All of our VLANS exist on the controllers. We ported over the settings from the old config including BCMC opt ON for all VLANS. I know this setting being on can affect wired MDNS traffic but it was on before and it worked.

TAC has no idea after multiple calls. Can anyone point us in the right direction?

------------------------------
Nathan Kuhl
------------------------------

So, if you are tagging the wired VLANs, the VLANs will need to be untrusted, so that way those users enter the user table.

The other option, is to use AP Multicast aggregation which (I think?) is the recommended option. Essentially, you have APs sit in the same subnet as the wired users, and they forward the mDNS traffic to the controllers over a GRE tunnel. That way you don't need all your wired/wireless VLANs on the controllers, just the wireless ones.

Multicast aggregation is what we use (2 7240 ~6K Wireless users, ~1K wired users) and it works really well. 

This is something TAC should definitely be aware of and able to help with. I'd either ask for another engineer or for escalation. 

A few questions about how your setup

Are you running in distributed or Centralized mode?

How are wired users getting to the MDs? Untrusted VLAN on a port, or are the APs doing Multicast aggregation?

I assume wireless to wireless airgroup is working as expected?

------------------------------
Chris Wickline | ACCA |

Original Message:
Sent: Sep 19, 2021 05:14 PM
From: Nathan Kuhl
Subject: Wired MDNS traffic

Hello everyone,

We upgraded from ArubaOS 6.5 (Master-local) to ArubaOS 8.7.1.4 (MM-MD01-MD02) a month ago. Ever since then, wireless users can not see wired MDNS/AirGroup servers. All of our VLANS exist on the controllers. We ported over the settings from the old config including BCMC opt ON for all VLANS. I know this setting being on can affect wired MDNS traffic but it was on before and it worked.

TAC has no idea after multiple calls. Can anyone point us in the right direction?

------------------------------
Nathan Kuhl
------------------------------

You can also trunk the VLANs to the AP(s), and do it that way. The first link talks about doing that, the second link shows making trusted and untrusted

mDNS AP VLAN Aggregation

Configuring Trusted/Untrusted Ports and VLANs

.
(As a side note, I would highly recommend using a unused port when running the untrusted/trusted commands, just to make sure it is doing what you want it to do. We originally did our wired airgroup this way, and it caused us issues, which is why we went with Aggregation route. YMMV)

------------------------------
Chris Wickline | ACCA |

Original Message:
Sent: Sep 20, 2021 10:06 AM
From: Nathan Kuhl
Subject: Wired MDNS traffic

I don't think we can use AP mulitcast agg. because our APs are on a different VLAN than our wired users. 

Dumb question but how can we include the VLANs on each controller but make them untrusted? Right now, we have a single 10gig uplink back to our core for each MD.

------------------------------
Nathan Kuhl

Original Message:
Sent: Sep 20, 2021 08:56 AM
From: Christopher Wickline
Subject: Wired MDNS traffic

So, if you are tagging the wired VLANs, the VLANs will need to be untrusted, so that way those users enter the user table.

The other option, is to use AP Multicast aggregation which (I think?) is the recommended option. Essentially, you have APs sit in the same subnet as the wired users, and they forward the mDNS traffic to the controllers over a GRE tunnel. That way you don't need all your wired/wireless VLANs on the controllers, just the wireless ones.

Multicast aggregation is what we use (2 7240 ~6K Wireless users, ~1K wired users) and it works really well. 

This is something TAC should definitely be aware of and able to help with. I'd either ask for another engineer or for escalation. 

A few questions about how your setup

Are you running in distributed or Centralized mode?

How are wired users getting to the MDs? Untrusted VLAN on a port, or are the APs doing Multicast aggregation?

I assume wireless to wireless airgroup is working as expected?

------------------------------
Chris Wickline | ACCA |

Original Message:
Sent: Sep 19, 2021 05:14 PM
From: Nathan Kuhl
Subject: Wired MDNS traffic

Hello everyone,

We upgraded from ArubaOS 6.5 (Master-local) to ArubaOS 8.7.1.4 (MM-MD01-MD02) a month ago. Ever since then, wireless users can not see wired MDNS/AirGroup servers. All of our VLANS exist on the controllers. We ported over the settings from the old config including BCMC opt ON for all VLANS. I know this setting being on can affect wired MDNS traffic but it was on before and it worked.

TAC has no idea after multiple calls. Can anyone point us in the right direction?

------------------------------
Nathan Kuhl
------------------------------

I must have imagined the untrusted VLAN. Not sure where I got that.

That being said, I trunked a trusted VLAN  to test and devices in that VLAN started showing up in our list of Airgroup servers, so what you are trying to do should work. We are on 8.7.1.4 as well.

Just for sanity, do you have the VLANs enabled in the openflow profile? (MD: show openflow-profile)
The trunked VLANs need to be added to that profile on the MDs for the MM to process them, since you are running in centralized mode.

If not, I can share a sanitized version of our config and maybe that'll point something out that maybe you are missing.

------------------------------
Chris Wickline | ACCA |

Original Message:
Sent: Sep 24, 2021 01:25 PM
From: Nathan Kuhl
Subject: Wired MDNS traffic

Just an update on this. TAC escalated me to the next tier. This tech support agent deals mostly with AirGroup. He's unable to determine why we're not seeing any mDNS traffic from wired clients. He said that trusted ports should still be forwarding traffic from wired clients and that making it untrusted is not necessary. We never had untrusted ports before on our controllers running AOS 6.5 in the past so that would seem to be true.

We're currently running AOS 8.7.1.4. He believes that there could be a bug in this version and advised us to upgrade to 8.7.1.5. I'll update this thread with the results when we can do this.

BTW, we're only on 8.7 because we plan on installing an AP-575 outdoors shortly. Otherwise, we'd be on the most stable version of 8.6.

------------------------------
Nathan Kuhl

Original Message:
Sent: Sep 19, 2021 05:14 PM
From: Nathan Kuhl
Subject: Wired MDNS traffic

Hello everyone,

We upgraded from ArubaOS 6.5 (Master-local) to ArubaOS 8.7.1.4 (MM-MD01-MD02) a month ago. Ever since then, wireless users can not see wired MDNS/AirGroup servers. All of our VLANS exist on the controllers. We ported over the settings from the old config including BCMC opt ON for all VLANS. I know this setting being on can affect wired MDNS traffic but it was on before and it worked.

TAC has no idea after multiple calls. Can anyone point us in the right direction?

------------------------------
Nathan Kuhl
------------------------------

I must have imagined the untrusted VLAN. Not sure where I got that.

That being said, I trunked a trusted VLAN  to test and devices in that VLAN started showing up in our list of Airgroup servers, so what you are trying to do should work. We are on 8.7.1.4 as well.

Just for sanity, do you have the VLANs enabled in the openflow profile? (MD: show openflow-profile)
The trunked VLANs need to be added to that profile on the MDs for the MM to process them, since you are running in centralized mode.

If not, I can share a sanitized version of our config and maybe that'll point something out that maybe you are missing.

------------------------------
Chris Wickline | ACCA |

Original Message:
Sent: Sep 24, 2021 01:25 PM
From: Nathan Kuhl
Subject: Wired MDNS traffic

Just an update on this. TAC escalated me to the next tier. This tech support agent deals mostly with AirGroup. He's unable to determine why we're not seeing any mDNS traffic from wired clients. He said that trusted ports should still be forwarding traffic from wired clients and that making it untrusted is not necessary. We never had untrusted ports before on our controllers running AOS 6.5 in the past so that would seem to be true.

We're currently running AOS 8.7.1.4. He believes that there could be a bug in this version and advised us to upgrade to 8.7.1.5. I'll update this thread with the results when we can do this.

BTW, we're only on 8.7 because we plan on installing an AP-575 outdoors shortly. Otherwise, we'd be on the most stable version of 8.6.

------------------------------
Nathan Kuhl

Original Message:
Sent: Sep 19, 2021 05:14 PM
From: Nathan Kuhl
Subject: Wired MDNS traffic

Hello everyone,

We upgraded from ArubaOS 6.5 (Master-local) to ArubaOS 8.7.1.4 (MM-MD01-MD02) a month ago. Ever since then, wireless users can not see wired MDNS/AirGroup servers. All of our VLANS exist on the controllers. We ported over the settings from the old config including BCMC opt ON for all VLANS. I know this setting being on can affect wired MDNS traffic but it was on before and it worked.

TAC has no idea after multiple calls. Can anyone point us in the right direction?

------------------------------
Nathan Kuhl
------------------------------

If you run these commands on the MM,

show openflow-controller
show openflow-controller switches
show openflow-controller flow-table app-name AirGroup (AirGroup is case sensitive)

The first one should show ofc enabled

the second one should show all your MDs as up, with 4 capabilities (Flow, Table, Port and Queue)

The third one, at least for me, shows multiple sessions within.

Just a forewarning, I'm just comparing what I have in these settings and what works for my environment. I'm not saying these are best practice/how it should be.

I must have imagined the untrusted VLAN. Not sure where I got that.

That being said, I trunked a trusted VLAN  to test and devices in that VLAN started showing up in our list of Airgroup servers, so what you are trying to do should work. We are on 8.7.1.4 as well.

Just for sanity, do you have the VLANs enabled in the openflow profile? (MD: show openflow-profile)
The trunked VLANs need to be added to that profile on the MDs for the MM to process them, since you are running in centralized mode.

If not, I can share a sanitized version of our config and maybe that'll point something out that maybe you are missing.

------------------------------
Chris Wickline | ACCA |

Original Message:
Sent: Sep 24, 2021 01:25 PM
From: Nathan Kuhl
Subject: Wired MDNS traffic

Just an update on this. TAC escalated me to the next tier. This tech support agent deals mostly with AirGroup. He's unable to determine why we're not seeing any mDNS traffic from wired clients. He said that trusted ports should still be forwarding traffic from wired clients and that making it untrusted is not necessary. We never had untrusted ports before on our controllers running AOS 6.5 in the past so that would seem to be true.

We're currently running AOS 8.7.1.4. He believes that there could be a bug in this version and advised us to upgrade to 8.7.1.5. I'll update this thread with the results when we can do this.

BTW, we're only on 8.7 because we plan on installing an AP-575 outdoors shortly. Otherwise, we'd be on the most stable version of 8.6.

------------------------------
Nathan Kuhl

Original Message:
Sent: Sep 19, 2021 05:14 PM
From: Nathan Kuhl
Subject: Wired MDNS traffic

Hello everyone,

We upgraded from ArubaOS 6.5 (Master-local) to ArubaOS 8.7.1.4 (MM-MD01-MD02) a month ago. Ever since then, wireless users can not see wired MDNS/AirGroup servers. All of our VLANS exist on the controllers. We ported over the settings from the old config including BCMC opt ON for all VLANS. I know this setting being on can affect wired MDNS traffic but it was on before and it worked.

TAC has no idea after multiple calls. Can anyone point us in the right direction?

------------------------------
Nathan Kuhl
------------------------------

I must have imagined the untrusted VLAN. Not sure where I got that.

That being said, I trunked a trusted VLAN  to test and devices in that VLAN started showing up in our list of Airgroup servers, so what you are trying to do should work. We are on 8.7.1.4 as well.

Just for sanity, do you have the VLANs enabled in the openflow profile? (MD: show openflow-profile)
The trunked VLANs need to be added to that profile on the MDs for the MM to process them, since you are running in centralized mode.

If not, I can share a sanitized version of our config and maybe that'll point something out that maybe you are missing.

------------------------------
Chris Wickline | ACCA |

Original Message:
Sent: Sep 24, 2021 01:25 PM
From: Nathan Kuhl
Subject: Wired MDNS traffic

Just an update on this. TAC escalated me to the next tier. This tech support agent deals mostly with AirGroup. He's unable to determine why we're not seeing any mDNS traffic from wired clients. He said that trusted ports should still be forwarding traffic from wired clients and that making it untrusted is not necessary. We never had untrusted ports before on our controllers running AOS 6.5 in the past so that would seem to be true.

We're currently running AOS 8.7.1.4. He believes that there could be a bug in this version and advised us to upgrade to 8.7.1.5. I'll update this thread with the results when we can do this.

BTW, we're only on 8.7 because we plan on installing an AP-575 outdoors shortly. Otherwise, we'd be on the most stable version of 8.6.

------------------------------
Nathan Kuhl

Original Message:
Sent: Sep 19, 2021 05:14 PM
From: Nathan Kuhl
Subject: Wired MDNS traffic

Hello everyone,

We upgraded from ArubaOS 6.5 (Master-local) to ArubaOS 8.7.1.4 (MM-MD01-MD02) a month ago. Ever since then, wireless users can not see wired MDNS/AirGroup servers. All of our VLANS exist on the controllers. We ported over the settings from the old config including BCMC opt ON for all VLANS. I know this setting being on can affect wired MDNS traffic but it was on before and it worked.

TAC has no idea after multiple calls. Can anyone point us in the right direction?

------------------------------
Nathan Kuhl
------------------------------

• • - Disable AirGroup service
  • - Delete the existing profile
  • - Reboot the MM
  • - Create a new AirGroup profile from /md/Sem folder
  • - Make sure all the configuration for AirGroup are pushed from the upper hierarchy (show airgroup servers (from main folder))

• • - Disable AirGroup service
  • - Delete the existing profile
  • - Reboot the MM
  • - Create a new AirGroup profile from /md/Sem folder
  • - Make sure all the configuration for AirGroup are pushed from the upper hierarchy (show airgroup servers (from main folder))

• • - Disable AirGroup service
  • - Delete the existing profile
  • - Reboot the MM
  • - Create a new AirGroup profile from /md/Sem folder
  • - Make sure all the configuration for AirGroup are pushed from the upper hierarchy (show airgroup servers (from main folder))

• • - Disable AirGroup service
  • - Delete the existing profile
  • - Reboot the MM
  • - Create a new AirGroup profile from /md/Sem folder
  • - Make sure all the configuration for AirGroup are pushed from the upper hierarchy (show airgroup servers (from main folder))

• • - Disable AirGroup service
  • - Delete the existing profile
  • - Reboot the MM
  • - Create a new AirGroup profile from /md/Sem folder
  • - Make sure all the configuration for AirGroup are pushed from the upper hierarchy (show airgroup servers (from main folder))

• • - Disable AirGroup service
  • - Delete the existing profile
  • - Reboot the MM
  • - Create a new AirGroup profile from /md/Sem folder
  • - Make sure all the configuration for AirGroup are pushed from the upper hierarchy (show airgroup servers (from main folder))

• • - Disable AirGroup service
  • - Delete the existing profile
  • - Reboot the MM
  • - Create a new AirGroup profile from /md/Sem folder
  • - Make sure all the configuration for AirGroup are pushed from the upper hierarchy (show airgroup servers (from main folder))

• • - Disable AirGroup service
  • - Delete the existing profile
  • - Reboot the MM
  • - Create a new AirGroup profile from /md/Sem folder
  • - Make sure all the configuration for AirGroup are pushed from the upper hierarchy (show airgroup servers (from main folder))

• • - Disable AirGroup service
  • - Delete the existing profile
  • - Reboot the MM
  • - Create a new AirGroup profile from /md/Sem folder
  • - Make sure all the configuration for AirGroup are pushed from the upper hierarchy (show airgroup servers (from main folder))

• • - Disable AirGroup service
  • - Delete the existing profile
  • - Reboot the MM
  • - Create a new AirGroup profile from /md/Sem folder
  • - Make sure all the configuration for AirGroup are pushed from the upper hierarchy (show airgroup servers (from main folder))