Wireless Access

Occasional Contributor II

AirGroup disallowed VLANs / AppleTV deployment

Hello all,


I have a 1 master / 2 local architecture with controlers in All the WLANs are in tunnel mode.


My needs seem very basic:

  • One of my VLAN / WLAN is dedicated to wired and wireless printers (for regular computers), 
  • Another VLAN / WLAN is dedicated to internal iPhone and iPad (last iOS versions),
  • I would like to use Airgroup to make iPhone/iPad print on 2 wireless printers...
  • I would like to deploy AppleTVs within the VLAN of iPhone / iPad
  • I don't want the other VLAN / WLAN to receive the Bonjour announce.

I did read that (please correct me if i'm wrong :) )

  • Airgroup is involved only for the search and answer steps... then it's regular unicast flow (and so through the default gateway...),
  • Bonjour is multicast DNS so i need to check on the concerned VLANs that multicast packets are not dropped,
  • If i deploy AppleTV in the same VLANs of iPhone/iPad, i need to check that inter-user trafic is allowed
  • Airgroup can be disallowed for specific VLANs,
  • I need Clearpass to restrict AirGroup within an AP-Group.

So first problem about my printing needs:

  • I try to set up Airgroup: iPhone find the printer and the flow is OK but other devices on "disallowed" VLANs can see the printer...

Second problem about AppleTV:

  • Other devices can also see the AppleTV on "disallowed" VLANs,
  • On iPhone, if Bluetooth is off, AirPlay doesn't appear... Does it mean that AppleTV and the iPhone have to be close to each other ?

I can't find any resolved issues on the release notes about that kind of problems.


Thanks for your help.



Super Contributor I

Re: AirGroup disallowed VLANs / AppleTV deployment

That would mean it's most likely using Bluetooth discovery to find the device. This is a new feature on iOS and can't be controlled from the wireless since we don't have control over Bluetooth. You'd need to disable the Bluetooth discovery on the Apple TV.
ACDX #419 | ACMP |
Contributor II

Re: AirGroup disallowed VLANs / AppleTV deployment

We see the same issue of being able to discover Apple TV's from a disallowed vlan.

It is not via Bluetooth, as it works from a Windows Box (using AirParrot), or an OS X box with Bluetooth disabled.


In short, the Apple TV is connected to an allowed vlan.

Client device is connected to a disallowed vlan.

Client device can see the Apple TV.


I'm working with support on a resolution now

Trusted Contributor I

Re: AirGroup disallowed VLANs / AppleTV deployment

did you ever work this out Ben?


i have seen the same and believe the newer apple tvs allow so direct access via wifi channels, but not via an AP.

Contributor II

Re: AirGroup disallowed VLANs / AppleTV deployment

I believe the disallow was only for Airgroup servers, not for clients.


We ended up setting a guest role for the users on our Public Wireless, and disallowing the mdns service to the guest role.



Search Airheads
Showing results for 
Search instead for 
Did you mean: