Extreme Networks

mcollins · ‎05-16-2018

I'm looking at blocking inter-station traffic, by unticking 'Enable Inter-Station Traffic' but I'm also looking at using Apple TVs and Chromecasts on the WiFi. Just wondering if anyone has come up with a way to still allow access to services like Apple TVs or Chromecasts without the need to cable them in?

AnonymousM · ‎05-17-2018

That depends a lot on the version of the AppleTVs. The 3rd generation and newer (I think) actually use low power bluetooth for pairing to the iOS device to do the screen share. Meaning they don't even have to be connected to a WLAN to work.

The older ones use the WLAN for all communications.

https://help.apple.com/deployment/ios/#/apd8fc751f59

Bonjour would be needed to traverse VLANs, not SSIDs specifically (unless the SSIDs were attached to different VLANs).

View solution in original post

mcollins · ‎05-17-2018

@Jose Gonzalez What performance issues have you read about? I've personally used Aerohive's Bonjour gateway at many schools, with 1000+ students on BYOD, and it's generally worked well. The only once we had an issue where it had trouble learning all the Apple TVs. Aerohive ended up giving us an on-prem HM VM with a license for just running Bonjour Gateway - it worked fine after that.

What switches are you planning on using for the mDNS routing?

jose_gonzalez · ‎05-16-2018

We do peer to peer blocking as well, large organization. Currently we do not support Chromecast or Apple TVs. We officially support NovaPro / Recordex panels - and they MUST be wired into the network, yes I know big cost difference - SOHO versus Enterprise.

We are in the future looking into supporting Chromecast and Apple TVs. We are looking into enabling mDNS routing on our switches between VLANs. The Chromecast or AppleTV would have to be wired on the network. mDNS "Bonjour routing" on the APs is out of the question for us, due to read about performance issues.

This isn't a Aerohive issue, is a mDNS issue, it was built SOHO and no consideration for enterprise scaling. It has been left up to the vendors to figure out how to deal with it.

AnonymousM · ‎05-16-2018

3 weeks ago. I was told the capabilities would be inside HiveOS 8.3r2, and we already have 8.3r4 (and I could not find anything related in the Release Notes). But I guess this also needs a Hivemanager Update, and it was not clear if this will only get into NG, or Classic as well...

mcollins · ‎05-16-2018

It's good to know someone else feels our pain! 😛

I've also been testing the Firewall rules and experienced the same behaviour as you did. Which is interesting since this article (https://thehivecommunity.aerohive.com/s/article/Chromebooks-and-WiFi) implies that using Firewall rules should block mDNS traffic.

How long ago did you hear that they're working a feature to better handle Multicast traffic?

AnonymousM · ‎05-16-2018

That does not work - if you disable inter-station traffic, your Apple TVs and Chromecasts will not work anymore (unless your Apple TV is cabled).

I know exactly what you are trying to do. We have a similar situation, and we mainly want to get rid of the huge amount of mDNS traffic flooded into the network.

We have added Firewall rules to disallow IP traffic between clients inside the same VLAN, but that does not block Broadcasts nor Multicast. We tried to block mDNS traffic explicitly, but does does not work for the discovery traffic - so you still have mDNS flooding, but Chromecast does not work anymore...

I got told that this is a known issue, and that Aerohive is working on a fix to better handle Multicast traffic (and to be able to block it properly). I do not know what the current release status is, but I will try to remember to post here once I find out .

Extreme Networks

Unticking 'Enable Inter-Station Traffic' while using services such as Apple TVs or Chromecasts

Unticking 'Enable Inter-Station Traffic' while using services such as Apple TVs or Chromecasts