Security

last person joined: yesterday 

Forum to discuss Enterprise security using HPE Aruba Networking NAC solutions (ClearPass), Introspect, VIA, 360 Security Exchange, Extensions, and Policy Enforcement Firewall (PEF).
Back to discussions
Expand all | Collapse all

Air group - appletv mirroring across vlans

This thread has been viewed 0 times

  • 1.  Air group - appletv mirroring across vlans

    EMPLOYEE
    Posted Nov 09, 2014 12:41 PM

    I've not had the pleasure of setting up air group etc, but found myself having to that a few times recently. I understand Airgroup is used to discover devices across different vlans.

     

    After discovering, if you wanted to connect and do a mirroring, then that traffic would be unicast, correct?

     

    So, any firewall between the two vlans would need to permit that traffic....and obviously needs to be routeable?



  • 2.  RE: Air group - appletv mirroring across vlans
    Best Answer

    EMPLOYEE
    Posted Nov 09, 2014 12:43 PM
    Correct. AirGroup just solved the L2 discovery issue. After that, traffic is unicast.


  • 3.  RE: Air group - appletv mirroring across vlans

    EMPLOYEE
    Posted Nov 09, 2014 12:52 PM
    That's also the reason it's important to disable Bluetooth discovery on the newer software because it will bypass any role based discovery restrictions you are doing with AirGroup.


  • 4.  RE: Air group - appletv mirroring across vlans

    EMPLOYEE
    Posted Nov 10, 2014 06:10 AM

    Thanks Tim....I thought as much. So in terms of the firewall on the Aruba, that would just need to allow 'apple-airplay', or is there any other I should let through as well?



  • 5.  RE: Air group - appletv mirroring across vlans

    EMPLOYEE
    Posted Nov 18, 2014 02:40 PM

    UPDATE.  I'm going a bit round the twist with this now, and the mirroring is not quite working for some strange reason.

     

    • No traffic is being dropped at the AP or firewall level between the two subnets.
    • No traffic is being NAT’d between the two subnets in either direction.

     

    What we are seeing is the following.

     

    • Sharing pictures to the AppleTV works.
    • Sharing a youtube video to the AppleTV works.
    • Mirroring from an iPhone to the AppleTV fails across vlans.
    • Mirroring from an iPhone to the AppleTV works when on the same vlan.
    • What we see on the device is that the mirroring button appears for a few seconds, then dissappears, then appears again and so on.

     

    Doing a packet analysis, we found the following.

     

    • The iPhone tries to establish a mirroring session which works up to the point when the device tries to setup an RTSP session.
    • The AppleTV sends a ‘Sever 400 error’, which resets the connection and causes the mirroring to fail.

    Given we can stream a Youtube video easily, it is rather frustrating.

     

    Any suggestion greatly appreciated.



  • 6.  RE: Air group - appletv mirroring across vlans

    EMPLOYEE
    Posted Nov 19, 2014 01:04 PM

    ok, so after reading some other threads and observations today, it turns out ipv6 is necessary for the mirroring to work.

     

    Here's another thing we found though.  When connected to the same AP as the TV, it works across vlans.  When connected to a different AP than the TV, it doesn't work.



  • 7.  RE: Air group - appletv mirroring across vlans

    EMPLOYEE
    Posted Nov 21, 2014 09:28 AM

    ok, so turns out there were some additional UDP ports that needed to be allowed through the firewall.  It is all working fine now.

     

    Interestingly, when on the same vlan, the communication between the device and the AppleTV is ipv6.

     

    :-)



  • 8.  RE: Air group - appletv mirroring across vlans

    Posted Apr 10, 2019 12:28 PM

    "ok, so turns out there were some additional UDP ports that needed to be allowed through the firewall. It is all working fine now."
    "If my post is helpful please give kudos, or mark as solved if it answers your post."

    A list of ports could have been usefull...