Understand mDNS on Catalyst 9800 Wireless Controller
Available Languages
Contents
Introduction
This document describes how to configure the multicast Domain Name Services (mDNS) Gateway feature on Catalyst 9800 Wireless Controllers.
Prerequisites
Requirements
Cisco recommends that you have knowledge of these topics:
- mDNS Bonjour Protocol
- Catalyst 9800 Wireless Controller
Components Used
The information in this document is based on these software and hardware versions:
- C9800-CL-K9 version 16.12.1s
- WS-C3560CX-12PC-S
- C9117AXI-A
- Chromecast NC2-6A5-D
- MacbookPro 10.14.5
The information in this document was created from the devices in a specific lab environment. All of the devices used in this document started with a cleared (default) configuration. If your network is live, ensure that you understand the potential impact of any command.
Background Information
This document also explains how this special multicast traffic known as mDNS (or Bonjour) is handled by C9800 controllers.
mDNS Bridging
In the C9800 Architecture, mDNS (Bonjour Protocol) Bridging refers to the forwarding of Bonjour TTL=1 protocol packets within the same L2 broadcast domain. By default, the dataplane enables mDNS bridging functionality for packets received on both wired ports and wireless interfaces for each WLAN. This means that mDNS Bridging works without any specific configuration, and even Global mDNS does not need to be enabled.
However, if necessary, you can disable mDNS Bridging per WLAN by changing the mDNS mode in the WLAN settings. When Access Point (AP) Control and Provisioning of Wireless Access Points (CAPWAP) Multicast-Multicast mode is enabled, the C9800 bridges each mDNS packet to the AP multicast group configured on the controller. This ensures that wireless clients can receive the packets.
If CAPWAP Multicast-Multicast mode is not enabled, the C9800 creates a copy of each mDNS packet received and bridges it individually to every single AP via a CAPWAP unicast tunnel. In both scenarios, the C9800 also bridges the mDNS packets into the wired network at the VLAN of the client that originated the mDNS packet.
Configure
Configure Multicast Mode in your C9800 controller
Step 1. Go to Configuration -> Services -> multicast
Step 2. Enable "Global Wireless Multicast Mode"
Step 3. Set AP CAPWAP Multicast to "Multicast"
Step 4. Assign Multicast IP in "AP CAPWAP IPv4 Multicast group Address" (range 224.0.0.0 to 239.255.255.255)
Step 5. "AP CAPWAP IPv6 Multicast group Address" is optional
Step 6. Enable "Wireless mDNS Bridging"
Step 7. Enable "IGMP Snooping"
Configure multicast routing with PIM sparse-dense mode on a Layer 3 switch
Step 1. Enable Multicast routing and igmp snooping.
Switch# config t
Switch(config)# ip multicast-routing
Switch(config)# interface vlan <vlan-id>
Switch(config-if)# ip igmp snooping
Switch(config)# end
Step 2. Enable PIM on the VLAN interfaces where you want to route multicast traffic.
Switch> enable
Switch# config t
Switch(config)# interface vlan <vlan-id>
Switch(config-if)# ip pim sparse-dense-mode
Switch(config-if)# end
Verify
Use this section in order to confirm that your configuration works properly.
C9800 commands:
C9800# show wireless multicast
C9800# show ap multicast mom
Switch# show ip pim interface
mDNS can work in C9800 without requiring any special configuration, as long as the devices involved in the mDNS handshake (such as a client and Chromecast) are on the same subnet. However, it is recommended to filter mDNS traffic using an mDNS Gateway, as explained in the next section.
mDNS Gateway
The mDNS Gateway feature introduced on AireOS Wireless Controllers is also supported on Catalyst 9800 Wireless Controllers from 16.11.1. This feature is disabled by default and you can enable/disable it per WLAN after you enable it globally.
The mDNS Gateway feature works the same way like in previous AireOS Wireless Controller, the C9800 listens for Bonjour services (mDNS advertisements and queries) on wired and wireless interfaces, caches these Bonjour services (AirPlay, AirPrint, Googlecast, and so on) advertised from each source/host in an internal database and is able to bridge those mDNS packets between different broadcast domains while it filters unneeded services and avoids their multicast flow in the network. This way you can have the sources and clients of such services in different subnets, and also control mDNS traffic in your network.
The C9800 that acts as mDNS Gateway replies to mDNS queries from clients (for cached services) sourcing these mDNS responses with the use of its IP address for the VLAN assigned to the client that asks for the service. This is why all VLANs on the C9800 controller where there are clients that require mDNS/Bonjour services must have a valid IP address configured at the Switched Virtual Interface (SVI).
For more information about the Bonjour/mDNS Gateway feature, refer to AireOS Wireless LAN Controller Bonjour Phase III Deployment Guide.
Configure
Network Diagram
This is the diagram of the example setup. The purpose is to allow wireless clients to use mDNS services from a different subnet, which requires mDNS Gateway as shown in the image.
Configure mDNS Gateway via Graphical User Interface
Step 1. In order to enable mDNS Gateway globally, navigate to Configuration > Services > mDNS. Under Global, switch to Enable mDNS Gateway and select Apply as shown in the image.
Step 2 (Optional). Configure a custom mDNS Service List for a custom Service Policy. If you want to use default mDNS Service List and Service Policy, move to Step 5.
Under Configuration > Services > mDNS, in the Service Policy tab, configure new Service Lists as required. C9800 has predefined common services used by most wireless devices. If you do not need a special (not available) service, you can create a List with predefined available Services, but if needed, you can also add new services (with Service Definition).
You need both, a Service List for Incoming (IN) direction and a Service List for Outgoing (OUT) direction (so required services are filtered when coming into the C9800 and when going out from it; hence, both lists are supposed to have the same services).
1. Define a Service List Name for IN services.
2. Choose IN direction.
3. Choose Add Services.
4. Available Services drop-down list is displayed. Choose the desired Service and Message Type any.
5. Repeat steps to add more services as required.
6. Choose Apply to Device as shown in the image.
1. Define a Service List Name for OUT services.
2. Choose OUT direction.
3. Move Available Services into the Assigned Services list.
5. Repeat steps to add more services as required.
6. Choose Apply to Device as shown in the image.
Step 3 (Optional). If you use a custom Service List (Step 2.), you need to define a custom mDNS Service Policy to be used with those customized Service Lists. Navigate to Configuration > Services > mDNS > Service Policy. Choose Service Policy and perform the next steps:
1. Define a Service Policy Name.
2. Add your custom Service List IN to Service List Input.
3. Add your customer Service List OUT to Service List Output.
4. Under Location, choose site-tag, Location Specific Services (LSS), or your preferred available option. In this example, site-tag is used as shown in the image.
Step 4. (Optional). Passing the mDNS Service Policy to a Policy Profile.
Navigate to Configuration > Tags & Profiles > Policy > Policy Profile Name > Advanced and choose from the mDNS Service Policy drop-down list, the custom mDNS Service Policy previously created (in this example mdns-policy1), and then choose Update and Apply to Device as shown in the image.
Step 5. Navigate to Configuration > Tags & Profiles > WLANs > WLAN > Advanced and choose Gateway on mDNS mode drop-down list and then Update and Apply to Device. The default mode is Bridging (you can use Drop to disable/drop mDNS services on the WLAN) as shown in the image.
If a custom Service Policy is not used, the WLAN uses the default-mdns-service-policy assigned to the Policy Profile, which uses the mDNS default-service-list. You can verify the list of default services with the use of this command:
C9800#show running-config mdns-sd default-service-list
=======================================================================
mDNS Default Service List
=======================================================================
Service Name PTR Name
=======================================================================
airtunes : _raop._tcp.local
airplay : _airplay._tcp.local
homesharing : _home-sharing._tcp.local
google-chromecast : _googlecast._tcp.local
printer-ipp : _ipp._tcp.local
printer-ipps : _ipps._tcp.local
printer-lpd : _printer._tcp.local
printer-socket : _pdl-datastream._tcp.local
itune-wireless-devicesharing2 : _apple-mobdev2._tcp.local
Configure mDNS Gateway via Command Line Interface
Step 1. Enable mDNS globally with the use of these commands:
C9800#conf t Enter configuration commands, one per line. End with CNTL/Z. C9800(config)#mdns-sd gateway C9800(config-mdns-sd)#transport both C9800(config-mdns-sd)#active-query timer 30 C9800(config-mdns-sd)#exit C9800(config)#
Step 2 (optional). Configure a custom Service List for IN services, and add the different services required from the available list:
C9800(config)#mdns-sd service-list my-mdns-list IN C9800(config-mdns-sl-in)#match ? airplay airplay airserver airserver airtunes airtunes amazon-fire-tv amazon-fire-tv apple-airprint apple-airprint apple-continuity apple-continuity apple-file-share apple-file-share apple-homekit apple-homekit apple-itunes-library apple-itunes-library apple-itunes-music apple-itunes-music apple-itunes-photo apple-itunes-photo apple-keynote apple-keynote apple-rdp apple-rdp apple-remote-events apple-remote-events apple-remote-login apple-remote-login apple-screen-share apple-screen-share apple-timecapsule apple-timecapsule apple-timecapsule-mgmt apple-timecapsule-mgmt apple-windows-fileshare apple-windows-fileshare fax fax google-chromecast google-chromecast homesharing homesharing itune-wireless-devicesharing2 itune-wireless-devicesharing2 multifunction-printer multifunction-printer phillips-hue-lights phillips-hue-lights printer-ipp printer-ipp printer-ipps printer-ipps printer-lpd printer-lpd printer-socket printer-socket roku roku scanner scanner spotify spotify web-server web-server workstation workstation C9800(config-mdns-sl-in)#match airtunes message-type any
C9800(config-mdns-sl-in)#exit
Configure a custom Service List for OUT services, and add the different services required from the available list:
C9800(config)#mdns-sd service-list my-mdns-list-out OUT
C9800(config-mdns-sl-out)#match ?
airplay airplay
airserver airserver
airtunes airtunes
amazon-fire-tv amazon-fire-tv
apple-airprint apple-airprint
apple-continuity apple-continuity
apple-file-share apple-file-share
apple-homekit apple-homekit
apple-itunes-library apple-itunes-library
apple-itunes-music apple-itunes-music
apple-itunes-photo apple-itunes-photo
apple-keynote apple-keynote
apple-rdp apple-rdp
apple-remote-events apple-remote-events
apple-remote-login apple-remote-login
apple-screen-share apple-screen-share
apple-timecapsule apple-timecapsule
apple-timecapsule-mgmt apple-timecapsule-mgmt
apple-windows-fileshare apple-windows-fileshare
fax fax
google-chromecast google-chromecast
homesharing homesharing
itune-wireless-devicesharing2 itune-wireless-devicesharing2
multifunction-printer multifunction-printer
phillips-hue-lights phillips-hue-lights
printer-ipp printer-ipp
printer-ipps printer-ipps
printer-lpd printer-lpd
printer-socket printer-socket
roku roku
scanner scanner
spotify spotify
web-server web-server
workstation workstation
C9800(config-mdns-sl-out)#match airplay
C9800(config-mdns-sl-out)#exit
Step 3 (optional). Create a mDNS Service Policy with the use of these commands:
C9800(config)#mdns-sd service-policy mdns-policy1 C9800(config-mdns-ser-pol)#location site-tag C9800(config-mdns-ser-pol)#service-list my-mdns-list IN
C9800(config-mdns-ser-pol)#service-list my-mdns-list-out OUT
C9800(config-mdns-ser-pol)#exit C9800(config)#
Step 4 (optional). Add the mDNS Service Policy to the Policy Profile with the use of these commands:
C9800(config)#wireless profile policy my-policy-profile C9800(config-wireless-policy)#mdns-sd service-policy mdns-policy1 Warning! Ensure mDNS service policy is configured globally. C9800(config-wireless-policy)#exit
Step 5. Enable mDNS Gateway in the WLAN with the use of these commands:
C9800(config)#wlan 9800-mdns C9800(config-wlan)#shut C9800(config-wlan)#mdns-sd gateway Warning! Ensure global mDNS gateway is configured. C9800(config-wlan)#no shut C9800(config-wlan)#exit
Anchor-Foreign Scenario
When you implement the mDNS Gateway feature in a mobility Anchor WLAN, where both the Foreign and Anchor WLCs are C9800 and the wireless clients obtain their IP address from VLAN(s) in the Anchor controller, this is the behavior and the required setup:
- The Anchor controller is the one that acts as the mDNS Gateway, caching the services from all the devices connected to that Anchor WLAN and the respective VLAN, and responds for queries to those services cached.
- When it responds to queries, the C9800 Anchor controller can source responses and use its SVI IP address of the VLAN assigned to the client that asks for the service. Hence, all client VLANs requiring mDNS Services must have an IP address at the SVI in the Anchor.
- mDNS Gateway must be globally enabled on both the Foreign and Anchor WLCs.
- Both the Foreign and Anchor controllers can use the same mDNS Service Policy with same services (default or custom), which can be assigned to the Policy Profile linked to this Anchor WLAN. All these configuration settings are the same steps already covered in this document.
- The only configuration difference for a mobility Anchor WLAN setup is this; navigate to WLAN > Advanced settings, the mDNS Mode, in the Foreign C9800 must be Bridging and in the Anchor C9800 it must be Gateway.
Verify
Use this section in order to confirm that your configuration works properly.
Use commands:
C9800#show mdns-sd summary mDNS Gateway: Enabled Active Query: Enabled Periodicity (in minutes): 30 Transport Type: Both IPv4 and IPv6
Review if WLC is actually caching mDNS services and which ones (in a mobility Anchor WLAN, this cache can be checked on the Anchor controller), by listing the mDNS cached services with this command, where you can see the source MAC address of the device that offers the service and even its IP address, along with other mDNS details:
C9800#show mdns-sd cache ------------------------------------------------------------- PTR Records ------------------------------------------------------------- RECORD-NAME TTL TYPE ID CLIENT-MAC RR-RECORD-DATA --------------------------------------------------------------------------------------------------------------------------------------- _googlecast._tcp.local 4500 WLAN 2 48d6.d50c.a620 Chromecast-Ultra-687f65f66d478b2c787eac8bc7c9efad. ------------------------------------------------------------- SRV Records ------------------------------------------------------------- RECORD-NAME TTL TYPE ID CLIENT-MAC RR-RECORD-DATA --------------------------------------------------------------------------------------------------------------------------------------- Chromecast-Ultra-687f65f66d478b2c787eac8bc7c9 4500 WLAN 2 48d6.d50c.a620 0 0 8009 687f65f6-6d47-8b2c-787e-ac8bc7c9efad.loca ------------------------------------------------------------ A/AAAA Records ----------------------------------------------------------- RECORD-NAME TTL TYPE ID CLIENT-MAC RR-RECORD-DATA --------------------------------------------------------------------------------------------------------------------------------------- 687f65f6-6d47-8b2c-787e-ac8bc7c9efad.local 4500 WLAN 2 48d6.d50c.a620 172.16.9.11 ------------------------------------------------------------- TXT Records ------------------------------------------------------------- RECORD-NAME TTL TYPE ID CLIENT-MAC RR-RECORD-DATA --------------------------------------------------------------------------------------------------------------------------------------- Chromecast-Ultra-687f65f66d478b2c787eac8bc7c9 4500 WLAN 2 48d6.d50c.a620 [172]'id=687f65f66d478b2c787eac8bc7c9efad''cd=9A10 C9800#
Troubleshoot
This section provides information you can use in order to troubleshoot your configuration.
If you need to check more details about all the exchanges that happen on the C9800, queries, caching behavior, responses, drops, errors, and more, gather these traces at the C9800 while you recreate the issue (connect the device that offers the service and the client asks for the service, let them try to discover the services required):
- Run this command at C9800: set platform software trace wncd <0-7> chassis active R0 mdns debug
- Reproduce the issue.
- Finally, run this command to gather the traces enabled: show platform software trace message wncd <0-7> chassis active R0
Related Information
Revision History
| Revision | Publish Date | Comments |
|---|---|---|
4.0 |
10-Jul-2024 |
Updated Introduction, Redacted outdated paragraphs, Machine Translation, Style Requirements, SEO, Gerunds, Alt Text, and Formatting. |
2.0 |
25-May-2023 |
Updated Introduction, Machine Translation, Style Requirements, SEO, Gerunds, Alt Text, and Formatting. |
1.0 |
21-Apr-2020 |
Initial Release |
FeedbackContact Cisco
- Open a Support Case
- (Requires a Cisco Service Contract)