Bonjour Traffic \ AirPlay

We are setting up Apple TV’s in a classroom environment to allow faculty to connect via wireless using Airplay Mirroring and project their screen. In general, I'm interested in how others are handling Bonjour traffic on a routed network and\or how network admins are handling this type solution in a bridged at controller environment.

We have setup use of Apple TV via iPads using Airplay in our business conference rooms. We were unable to get this to work in a routed environment do to the mDNS being used. It does work fine if the two devices are on the same L2 subnet. Bridged at the controller should work fine if it all comes back to a single VLAN. It seems I heard that a future relese of firmware for the HiPath wireless system will enable this to work on routed networks, but cannot confirm or deny that statement. We also implemented policies, enforced at the access points, to control access to/from the Apple TV and iPads. Be happy to share details if interested.
Tony/Charlie, Here is a link that explains how Enterasys handles Bonjour. I'm willing to contact you directly to discuss your options based on the equipment you currently have installed. http://pages.enterasys.com/AppleBonjourTrafficManagement_lp.html Regards, Doug Hyde Sr Support Engineer Enterasys Networks
Nice article Doug. It confirms what I discovered when implementing this a few months back. I agree you want to contain the Bonjour traffic to a BZone or VLAN. Policy based filtering and placement is the way to go. Of course policy based equipment and a NAC (Mobile IAM) go along way in achiving it.
I read through the doc you posted, but I don't see technical documentation on how you setup the bonjour traffic policy. We are currently at software version on our controllers and netsight version Thanks,
Hi Javier! I would recommend you create a VLAN only for Bonjour traffic and create a rule that will contain the traffic to that VLAN. The poor man's method is just dropping the traffic on the default Bridged at the AP topology. I'm on my phone but if I'll try to post a screenshot example when I get back to my desk.
So, one vlan contains all bonjour traffic then all bonjour devices are visible to anyone anywhere? You know I'm the difficult one, Branden.
Branden, A help guide would be nice. Would you be able to post some directions or screen shots? Thanks,
You will need to be running 8.31. I'm assuming you have your different wireless networks broken out into different VLANs which is why the iOS devices cannot talk to each other. I'll assume your wired devices are on VLAN 1. See attached screenshot of how you need to build the Rule in your wireless controller so that the Bonjour traffic on your wireless gets dropped into VLAN 1.

Correct Jim. See my post above and just change the VLAN to whatever your "Bonjour" VLAN is.
Thanks, Branden.
Branden, Will having block MU to MU traffic on each VNS disable the devices from being able to speak to one another through this contain to VLAN bonjour rule? Thanks,
Sorry. No. You should not have to enable Multicast traffic on the topology in order for this to work as long as you aren't doing something to block the traffic on your switch infrastructure.
With the new 8.31 code I can isolate bonjour traffic to vlans and assign those to specific buildings. sweet.
If you need more detailed instructions how to implement bonjour enabled networks, ask the EGTAC for the technical reference guide v.1.1 (Sept. 10th, 2012). This paper is available for partners.
Let me check on the status of the whitepaper to see if I can post it. Also if you have any questions on setting it up please let us know by contacting the GTAC directly. We will gladly assist.

If mu to mu is blocked, then the other ports that are needed for airplay are blocked. The initial airplay find works because the multicast is bridged to AP(switch vlan) and not affected by mu to mu block. However, as soon as I try to click on airplay, nothing happens because client to client communication over other ports is required. If I disable mu to mu blocking, then everything works fine. The only viable workaround I can think of is to disable mu to mu blocking and setup filters on the AP that don't allow src client network to talk to dst of client network and then allow airplay ports before the deny. Any other solutions?