Wireless Access

Hello all,

 

I have a 1 master / 2 local architecture with controlers in 6.3.1.2. All the WLANs are in tunnel mode.

 

My needs seem very basic:

• One of my VLAN / WLAN is dedicated to wired and wireless printers (for regular computers), 
• Another VLAN / WLAN is dedicated to internal iPhone and iPad (last iOS versions),
• I would like to use Airgroup to make iPhone/iPad print on 2 wireless printers...
• I would like to deploy AppleTVs within the VLAN of iPhone / iPad
• I don't want the other VLAN / WLAN to receive the Bonjour announce.

I did read that (please correct me if i'm wrong :) )

• Airgroup is involved only for the search and answer steps... then it's regular unicast flow (and so through the default gateway...),
• Bonjour is multicast DNS so i need to check on the concerned VLANs that multicast packets are not dropped,
• If i deploy AppleTV in the same VLANs of iPhone/iPad, i need to check that inter-user trafic is allowed
• Airgroup can be disallowed for specific VLANs,
• I need Clearpass to restrict AirGroup within an AP-Group.

So first problem about my printing needs:

• I try to set up Airgroup: iPhone find the printer and the flow is OK but other devices on "disallowed" VLANs can see the printer...

Second problem about AppleTV:

• Other devices can also see the AppleTV on "disallowed" VLANs,
• On iPhone, if Bluetooth is off, AirPlay doesn't appear... Does it mean that AppleTV and the iPhone have to be close to each other ?

I can't find any resolved issues on the release notes about that kind of problems.

 

Thanks for your help.

Rgds

 

That would mean it's most likely using Bluetooth discovery to find the device. This is a new feature on iOS and can't be controlled from the wireless since we don't have control over Bluetooth. You'd need to disable the Bluetooth discovery on the Apple TV.

We see the same issue of being able to discover Apple TV's from a disallowed vlan.

It is not via Bluetooth, as it works from a Windows Box (using AirParrot), or an OS X box with Bluetooth disabled.

 

In short, the Apple TV is connected to an allowed vlan.

Client device is connected to a disallowed vlan.

Client device can see the Apple TV.

 

I'm working with support on a resolution now

did you ever work this out Ben?

 

i have seen the same and believe the newer apple tvs allow so direct access via wifi channels, but not via an AP.

I believe the disallow was only for Airgroup servers, not for clients.

 

We ended up setting a guest role for the users on our Public Wireless, and disallowing the mdns service to the guest role.