Solved: Re: Can't get iTunes sync over wifi to work with iOS devices

Hello,

3400 controller AOS 6.4.3.1, Aruba MAS 7.4.0.3, Campus AP-225, iTunes library connected wired in the mas and a seperate library connected via wifi. Using 802.1x ssid on all devices (also tried PSK for giggles). Everything (osx clients/itunes servers, iOS devices, switch, and controller) is on a single vlan (10) and using a 10.1/16 network.

I can not get any iOS device to connect/sync to any itunes library. Airgroup seems to be working (see snip)...

Is this expected behaviour (i hope not), what am I missing?

Thanks...

#show airgroup st

AirGroup Feature
----------------
Status
------
Enabled

AirGroup- MDNS Feature
----------------------
Status
------
Enabled

AirGroup- DLNA Feature
----------------------
Status
------
Enabled

AirGroup Location Discovery
---------------------------
Status
------
Enabled                                           

AirGroup Active Wireless Discovery
----------------------------------
Status
------
Enabled

AirGroup Enforce Registration
-----------------------------
Status
------
Disabled

AirGroup IPV6 Support
---------------------
Status
------
Disabled

AirGroup Service Information
----------------------------
Service     Status
-------     ------
airplay     Enabled
airprint    Enabled
itunes      Enabled
remotemgmt  Enabled
sharing     Enabled
chat        Enabled
googlecast  Enabled
DIAL        Enabled
DLNA Media  Enabled
DLNA Print  Enabled
allowall    Enabled

You either need to either: trunk your wired VLANs to the controller, use the
multicast aggregation feature in AOS 6.4.3, or configure a tunnel between
the switch and the controller to route mDNS packets to the controller.

NOTE: Answers and views expressed by me on this forum are my own and not necessarily the position of Aruba or Hewlett Packard Enterprise.

Tim, Thanks for the input, I forgot to mention in my setup, there is only 1 vlan across the controller, mas, ap, and macs running itunes.

I would expect it to work taking the switch ou tof the equation with a wireless osx itunes library and a wireless ios device on the same vlan. however, no joy.

Highlighted

Do you see the services advertised in the AirGroup server table?

NOTE: Answers and views expressed by me on this forum are my own and not necessarily the position of Aruba or Hewlett Packard Enterprise.

Yes, and in fact the appletvs can pull media from itunes, it's purely ios wifi sync.

As a curiostiy, and for my own sanity, i set up a linksys ap and joined a phone and the mac pro from the earlier post to the linksys wifi network that is attached to vlan 10. iTunes wifi sync works as expected.

So I disconnected the Mac Pro from the linksys wireless network and put it back on the MAS with the iphone still connected to the rogue linksys ap. Wifi sync still works.

Then i swapped them around, mac pro back on the linksys ap, iphone on the aruba ap, no sync.

Seems to me that i’ve narrowed down the problem to being related to only the Aruba WLAN, i’ve tried “airplay disable” with no luck, and reenabled.

Airgroup seems to have itunes service correctly configured, vlan 10 is where everything is living.

If anyone can verify that itunes wifi sync does in fact work on their aruba wlan and send me a config export i'd be grateful so i could compare.

James.Vaught,

Are you allowing the ports necessary for Itunes Sync in the user roles for the wireless devices? https://support.apple.com/en-us/HT204089 "iTunes uses TCP ports 123 and 3689 as well as UDP ports 123 and 5353. If iTunes can’t communicate on port 3689, iTunes will not be able to sync over Wi-Fi. "

Airgroup only provides two things:

- Discovery of MDNS and DLNA devices across subnets

- Discovery of MDNS and DLNA devices when "Broadcast Filter All" is enabled.

If the port(s) necessary for your MDNS and DLNA service are not being permitted, your devices will not be able to communicate. Please type "show datapath session table <ip address of device>" while doing the discovery to ensure the necessary ports are not being blocked. If nothing is being blocked and you see the ports for the application being permitted, please make sure you only have "broadcast filter arp" and not "broadcast filter on" to make the wlan exactly like the linksys.

*Answers and views expressed by me on this forum are my own and not necessarily the position of Aruba Networks or Hewlett Packard Enterprise.*
ArubaOS 8.4 User Guide
InstantOS 8.3 User Guide
Airheads Knowledgebase
Airheads Learning Videos
Aruba Central Documentation
Sign up for Security Alerts
Aruba Technical Webinars

I’ve moved this situation to my lab for greater flexibility by adding a controller in as a local, then moving it to the lab and making it a master so it has the same configs.

Colin,

Thanks for the advice, but i'm pretty sure thats not it...

My wlan clients get put in the authenticated role, which has an “any any any” permission assigned to it, my phone is connected to the dot1x vap, has any any any permissions, and i've been using "broadcast filter arp" not "broadcast filter all". No luck. Please see snips below...

wlan virtual-ap "tunneled-dot1x-vap-ase_rf"         
   aaa-profile "dot1x>authenticated"              
   ssid-profile “dot1x-ssid-ase_rf"                 
   vlan 10                                        
   band-steering                                  
   dynamic-mcast-optimization                     
   dos-prevention                                 
   no mobile-ip                                                                
!                                                 
wlan virtual-ap "tunneled-psk-vap-ase_rf"        
   aaa-profile "psk>authenticated"                
   ssid-profile “psk-ssid-ase_rf"                
   vlan 10                                        
   band-steering                                  
   dynamic-mcast-optimization                     
   dos-prevention                                 
   no mobile-ip                                   
   vlan-mobility

show rights authenticated

Valid = 'Yes'
CleanedUp = 'No'
Derived Role = 'authenticated'
 Up BW:No Limit   Down BW:No Limit  
 L2TP Pool = default-l2tp-pool
 PPTP Pool = default-pptp-pool
 Number of users referencing it = 90
 Periodic reauthentication: Disabled
 DPI Classification: Enabled
 Youtube education: Disabled
 Web Content Classification: Enabled
 ACL Number = 103/0
 Max Sessions = 65535

 Check CP Profile for Accounting = TRUE

Application Exception List
--------------------------
Name  Type
----  ----

Application BW-Contract List
----------------------------
Name  Type  BW Contract  Id  Direction
----  ----  -----------  --  ---------

access-list List
----------------
Position  Name                      Type     Location
--------  ----                      ----     --------
1         global-sacl               session  
2         apprf-authenticated-sacl  session  
3         ra-guard                  session  
4         allowall                  session  
5         v6-allowall               session  
                                                  
global-sacl                                       
-----------                                       
Priority  Source  Destination  Service  Application  Action  TimeRange  Log  Expired  Queue  TOS  8021P  Blacklist  Mirror  DisScan  ClassifyMedia  IPv4/6  Contract
--------  ------  -----------  -------  -----------  ------  ---------  ---  -------  -----  ---  -----  ---------  ------  -------  -------------  ------  --------
apprf-authenticated-sacl                          
------------------------                          
Priority  Source  Destination  Service  Application  Action  TimeRange  Log  Expired  Queue  TOS  8021P  Blacklist  Mirror  DisScan  ClassifyMedia  IPv4/6  Contract
--------  ------  -----------  -------  -----------  ------  ---------  ---  -------  -----  ---  -----  ---------  ------  -------  -------------  ------  --------
ra-guard                                          
--------                                          
Priority  Source  Destination  Service           Application  Action  TimeRange  Log  Expired  Queue  TOS  8021P  Blacklist  Mirror  DisScan  ClassifyMedia  IPv4/6  Contract
--------  ------  -----------  -------           -----------  ------  ---------  ---  -------  -----  ---  -----  ---------  ------  -------  -------------  ------  --------
1         user    any          icmpv6 rtr-adv                 deny                             Low                                                           6       
allowall                                          
--------                                          
Priority  Source  Destination  Service  Application  Action  TimeRange  Log  Expired  Queue  TOS  8021P  Blacklist  Mirror  DisScan  ClassifyMedia  IPv4/6  Contract
--------  ------  -----------  -------  -----------  ------  ---------  ---  -------  -----  ---  -----  ---------  ------  -------  -------------  ------  --------
1         any     any          any                   permit                           Low                                                           4        
v6-allowall                                       
-----------                                       
Priority  Source  Destination  Service  Application  Action  TimeRange  Log  Expired  Queue  TOS  8021P  Blacklist  Mirror  DisScan  ClassifyMedia  IPv4/6  Contract
--------  ------  -----------  -------  -----------  ------  ---------  ---  -------  -----  ---  -----  ---------  ------  -------  -------------  ------  --------
1         any     any          any-v6                permit                           Low                                                           6        
                                                  
Expired Policies (due to time constraints) = 0

show user

10.1.15.4        80:be:05:31:34:7b  jim                            authenticated        00:00:00    802.1x            Lab           Wireless  dot1x/9c:1c:12:88:2e:f2/a-VHT               dot1x>authenticated  tunnel        iPhone   Jims-iPhone-6

show datapath session table 10.1.15.4

show datapath session table 10.1.15.4
Datapath Session Table Entries
------------------------------

Flags: F - fast age, S - src NAT, N - dest NAT
       D - deny, R - redirect, Y - no syn
       H - high prio, P - set prio, T - set ToS
       C - client, M - mirror, V - VOIP
       Q - Real-Time Quality analysis
       I - Deep inspect, U - Locally destined
       E - Media Deep Inspect, G - media signal
       r - Route Nexthop


Source IP       Destination IP  Prot SPort DPort  Cntr    Prio ToS Age Destination TAge Packets    Bytes      Flags           
--------------- --------------- ---- ----- ----- -------- ---- --- --- ----------- ---- ---------  --------- --------------- 
17.133.232.9    10.1.15.4       6    993   49839  0/0     0    24  0   tunnel 49   7    25         7130                       
17.133.232.9    10.1.15.4       6    993   49837  0/0     0    24  0   tunnel 49   c    27         7351                       
10.1.15.4       10.1.13.10      17   50515 53     0/0     6    56  0   tunnel 49   3    1          76         FTCI            
10.1.15.4       10.1.13.10      17   51026 53     0/0     6    56  1   tunnel 49   c    1          71         FTCI            
10.1.15.4       10.1.13.10      17   55734 53     0/0     6    56  1   tunnel 49   c    1          60         FTCI            
10.1.15.4       10.1.13.10      17   61078 53     0/0     6    56  0   tunnel 49   3    1          88         FTCI            
10.1.15.4       10.1.13.10      17   58304 53     0/0     6    56  0   tunnel 49   3    1          83         FTCI            
10.1.15.4       10.1.13.10      17   64911 53     0/0     6    56  0   tunnel 49   7    1          60         FTCI            
10.1.15.4       10.1.13.10      17   62066 53     0/0     1    8   1   tunnel 49   c    1          66         FTCI            
10.1.15.4       10.1.13.10      17   63361 53     0/0     6    56  1   tunnel 49   c    1          66         FTCI            
134.170.0.200   10.1.15.4       6    443   49836  0/0     0    8   0   tunnel 49   c    10         4099                       
165.254.42.97   10.1.15.4       6    80    49840  0/0     0    24  0   tunnel 49   7    4          504        F               
10.1.13.10      10.1.15.4       17   53    51026  0/0     0    56  1   tunnel 49   c    1          87         FI              
10.1.13.10      10.1.15.4       17   53    50515  0/0     0    56  0   tunnel 49   3    1          141        FI              
10.1.15.4       74.125.20.109   6    49838 993    0/0     0    24  1   tunnel 49   c    49         3802       TC              
10.1.15.4       74.125.20.108   6    49841 993    0/0     0    24  0   tunnel 49   6    43         3557       TC              
10.1.13.10      10.1.15.4       17   53    55734  0/0     0    56  1   tunnel 49   c    1          126        FI              
10.1.13.10      10.1.15.4       17   53    58304  0/0     0    56  0   tunnel 49   3    1          163        FI              
10.1.13.10      10.1.15.4       17   53    61078  0/0     0    56  0   tunnel 49   3    1          168        FI              
10.1.13.10      10.1.15.4       17   53    62066  0/0     0    8   1   tunnel 49   c    1          82         FI              
10.1.13.10      10.1.15.4       17   53    63361  0/0     0    56  1   tunnel 49   d    1          127        FI              
74.125.20.109   10.1.15.4       6    993   49838  0/0     0    24  1   tunnel 49   d    47         16731                      
74.125.20.108   10.1.15.4       6    993   49841  0/0     0    24  0   tunnel 49   7    41         8166                       
10.1.13.10      10.1.15.4       17   53    64911  0/0     0    56  1   tunnel 49   8    1          199        FI              
10.1.15.4       134.170.0.200   6    49836 443    0/0     1    8   1   tunnel 49   d    15         4185       TC              
10.1.15.4       165.254.42.97   6    49840 80     0/0     1    24  1   tunnel 49   8    6          620        FTC             
10.1.15.4       17.133.232.9    6    49837 993    0/0     0    24  1   tunnel 49   d    29         2939       TC              
10.1.15.4       17.133.232.9    6    49839 993    0/0     0    24  1   tunnel 49   8    26         2661       TC              
10.1.15.4       224.0.0.22      2    2     2      0/0     0    24  0   tunnel 49   c    2          80         FTCI            
10.1.15.4       224.0.0.251     17   5353  5353   0/0     0    24  0   tunnel 49   4e   10         3069       FTCI

james.vaught,

If

- you Do not have drop broadcast and multicast enabled

- all your clients are on the same VLAN

There is no advantage to you using airgroup and you should disable it.

*Answers and views expressed by me on this forum are my own and not necessarily the position of Aruba Networks or Hewlett Packard Enterprise.*
ArubaOS 8.4 User Guide
InstantOS 8.3 User Guide
Airheads Knowledgebase
Airheads Learning Videos
Aruba Central Documentation
Sign up for Security Alerts
Aruba Technical Webinars

all clients are on same vlan.

broadcast filter arp is on. not filtering all bc/mc.

i've disabled airgroup.

still no itunes wifi sync.

has anyone actually *seen* this work? because i haven't.

Wireless Access

Can't get iTunes sync over wifi to work with iOS devices

Re: Can't get iTunes sync over wifi to work with iOS devices

Re: Can't get iTunes sync over wifi to work with iOS devices

Re: Can't get iTunes sync over wifi to work with iOS devices

Re: Can't get iTunes sync over wifi to work with iOS devices

Re: Can't get iTunes sync over wifi to work with iOS devices

Re: Can't get iTunes sync over wifi to work with iOS devices

Re: Can't get iTunes sync over wifi to work with iOS devices

Re: Can't get iTunes sync over wifi to work with iOS devices

Re: Can't get iTunes sync over wifi to work with iOS devices

AP Management lockdown

Channel Bonding on AP-105 for 802.11n networks

900mbit Wireless Laptop Adapters

Copy and paste whole buildings in VisualRF?

iPad 2 Issues

Aruba Deployment with Firewalls

Remote AP

ap uptime

COTD: Configuring ARM scanning for any client type

COTD: View the 802.1x Authentication Process

WPA-PSK and VLAN assignment via MAC address

Cisco ACS and Aruba Radius Auth

Rolling out 802.1x with GTC

Making DHCP mandatory on Aruba WLAN

Wireless Group Policy on Windows 2008

Aruba Instant 6.4.2.6-4.1.1.10 Released 9/28/15

ArubaOS Downloads

Aruba Instant 6.4.2.6-4.1.1.11 Released 11/27/2015

Remote AP Networks

Indoor 802.11n Site Survey and Planning

AOS 6.4.1 HTML Technical Document

Lync Over Aruba WiFi

ClearPass 6.4.0 Release Notes

Wireless Access

Can't get iTunes sync over wifi to work with iOS devices

Re: Can't get iTunes sync over wifi to work with iOS devices

Re: Can't get iTunes sync over wifi to work with iOS devices

Re: Can't get iTunes sync over wifi to work with iOS devices

Re: Can't get iTunes sync over wifi to work with iOS devices

Re: Can't get iTunes sync over wifi to work with iOS devices

Re: Can't get iTunes sync over wifi to work with iOS devices

Re: Can't get iTunes sync over wifi to work with iOS devices

Re: Can't get iTunes sync over wifi to work with iOS devices

Re: Can't get iTunes sync over wifi to work with iOS devices

Follow Us