- Preface
- Using the Command-Line Interface
- Using the Web Graphical User Interface
-
- Configuring the Switch for Access Point Discovery
- Configuring Data Encryption
- Configuring Retransmission Interval and Retry Count
- Configuring Adaptive Wireless Intrusion Prevention System
- Configuring Authentication for Access Points
- Converting Autonomous Access Points to Lightweight Mode
- Using Cisco Workgroup Bridges
- Configuring Probe Request Forwarding
- Optimizing RFID Tracking
- Configuring Country Codes
- Configuring Link Latency
- Configuring Power over Ethernet
-
- Preventing Unauthorized Access
- Controlling Switch Access with Passwords and Privilege Levels
- Configuring TACACS+
- Configuring RADIUS
- Configuring Kerberos
- Configuring Local Authentication and Authorization
- Configuring Secure Shell (SSH)
- Configuring Secure Socket Layer HTTP
- Configuring IPv4 ACLs
- Configuring IPv6 ACLs
- Configuring DHCP
- Configuring IP Source Guard
- Configuring Dynamic ARP Inspection
- Configuring IEEE 802.1x Port-Based Authentication
- Configuring Web-Based Authentication
- Configuring Port-Based Traffic Control
- Configuring IPv6 First Hop Security
- Configuring Cisco TrustSec
- Configuring Wireless Guest Access
- Managing Rogue Devices
- Classifying Rogue Access Points
- Configuring wIPS
- Configuring Intrusion Detection System
-
- Administering the System
- Performing Switch Setup Configuration
- Configuring Right-To-Use Licenses
- Configuring Administrator Usernames and Passwords
- Configuring 802.11 parameters and Band Selection
- Configuring Aggressive Load Balancing
- Configuring Client Roaming
- Configuring Application Visibility and Control
- Configuring Voice and Video Parameters
- Configuring RFID Tag Tracking
- Configuring Location Settings
- Monitoring Flow Control
- Configuring SDM Templates
- Configuring System Message Logs
- Configuring Online Diagnostics
- Managing Configuration Files
- Configuration Replace and Configuration Rollback
- Working with the Flash File System
- Working with Cisco IOS XE Software Bundles
- Troubleshooting the Software Configuration
- Index
- Finding Feature Information
- Restrictions for Configuring the Service Discovery Gateway
- Information about the Service Discovery Gateway and mDNS
- Service Discovery Gateway
- Example: Specify Alternative Source Interface for Outgoing mDNS Packets
- Example: Redistribute Service Announcements
- Example: Disable Bridging of mDNS Packets to Wireless Clients
- Example: Creating a Service-List, Applying a Filter and Configuring Parameters
- Example: Enabling mDNS Gateway and Redistributing Services
- Example: Global mDNS Configuration
- Example: Interface mDNS Configuration
Configuring the Service Discovery Gateway
- Finding Feature Information
- Restrictions for Configuring the Service Discovery Gateway
- Information about the Service Discovery Gateway and mDNS
- How to Configure the Service Discovery Gateway
- Monitoring Service Discovery Gateway
- Configuration Examples
- Where to Go Next for Configuring Services Discovery Gateway
- Additional References
- Feature History and Information for Services Discovery Gateway
Finding Feature Information
Your software release may not support all the features documented in this module. For the latest feature information and caveats, see the release notes for your platform and software release.
Use Cisco Feature Navigator to find information about platform support and Cisco software image support. To access Cisco Feature Navigator, go to http://www.cisco.com/go/cfn. An account on Cisco.com is not required.
Restrictions for Configuring the Service Discovery Gateway
The following are restrictions for configuring the Service Discovery Gateway:
Information about the Service Discovery Gateway and mDNS
mDNS
mDNS was defined to achieve zero configuration, with zero configuration being defined as providing the following features:
-
Addressing—Allocating IP addresses to hosts
-
Naming—Using names to refer to hosts instead of IP addresses
-
Service discovery—Finding services automatically on the network
With mDNS, network users no longer have to assign IP addresses, assign host names, or type in names to access services on the network. Users only need to ask to see what network services are available, and choose from a list.
With mDNS, addressing is accomplished through the use of DHCP/DHCPv6 or IPv4 and IPv6 Link Local scoped addresses. The benefit of zero-configuration occurs when no infrastructure services such as DHCP or DNS are present and self-assigned link-local addressing can be used. The client can then select a random IPv4 address in the link-local range (169.254.0.0/24) or use its IPv6 link-local address (FE80::/10) for communication.
With mDNS, naming (name-to-address translation on a local network using mDNS) queries are sent over the local network using link-local scoped IP multicast. Because these DNS queries are sent to a multicast address (IPv4 address 224.0.0.251 or IPv6 address FF02::FB), no single DNS server with global knowledge is required to answer the queries. When a service or device sees a query for any service it is aware of, it provides a DNS response with the information from its cache.
With mDNS, service discovery is accomplished by browsing. An mDNS query is sent out for a given service type and domain, and any device that is aware of matching services replies with service information. The result is a list of available services for the user to choose from.
The mDNS protocol (mDNS-RFC), together with DNS Service Discovery (DNS-SD-RFC) achieves the zero-configuration addressing, naming, and service discovery.
mDNS-SD
Multicast DNS Service Discovery (mDNS-SD) uses DNS protocol semantics and multicast over well-known multicast addresses to achieve zero configuration service discovery. DNS packets are sent to and received on port 5353 using a multicast address of 224.0.0.251 and its IPv6 equivalent FF02::FB.
Because mDNS uses a link-local multicast address, its scope is limited to a single physical or logical LAN. If the networking reach needs to be extended to a distributed campus or to a wide-area environment consisting of many different networking technologies, mDNS gateway is implemented. An mDNS gateway provides a transport for mDNS packets across Layer 3 boundaries by filtering, caching, and redistributing services from one Layer 3 domain to another.
mDNS-SD Considerations for Wireless Clients
-
mDNS packets can be sent out of Layer 3 interfaces that might not have an IP address.
-
Packets with mDNS multicast IP and multicast MAC are sent on a multicast CAPWAP tunnel, if multicast-multicast mode is enabled. A multicast CAPWAP tunnel is a special CAPWAP tunnel used for reducing the number of copies of multicast packet that are required to be generated for each AP CAPWAP tunnel. Sending packets on the multicast CAPWAP tunnel requires the outer IP header to be destined to the multicast CAPWAP tunnel's address, which all APs are subscribed to.
-
All mDNS packet handling is done at a foreign switch for roamed clients. A foreign switch is the new switch that a roamed wireless client is actually attached to, which is called the point of attachment.
Service Discovery Gateway
The Service Discovery Gateway feature enables multicast Domain Name System (mDNS) to operate across Layer 3 boundaries (different subnets). An mDNS gateway provides transport for service discovery across Layer 3 boundaries by filtering, caching, and redistributing services from one Layer 3 domain (subnet) to another. Prior to implementation of this feature, mDNS was limited in scope to within a subnet because of the use of link-local scoped multicast addresses. This feature enhances Bring Your Own Device (BYOD).
mDNS Gateway and Subnets
You need to enable an mDNS gateway for service discovery to operate across subnets. You can enable mDNS gateway for a device or for an interface.
Note | You need to configure service routing globally before configuring at the interface level. |
After the device or interface is enabled, you can redistribute service discovery information across subnets. You can create service policies and apply filters on either incoming service discovery information (called IN-bound filtering) or outgoing service discovery information (called OUT-bound filtering).
Note | If redistribution is enabled globally, global configuration is given higher priority than interface configuration. |
Filtering
After configuring the mDNS gateway and subnets, you can filter services that you want to redistribute. While creating a service list, the permit or deny command options are used:
The permit command option allows you to permit or transport specific service list information.
The deny option allows you to deny service list information that is available to be transported to other subnets.
You need to include a sequence number when using the permit or deny command option. The same service list name can be associated with multiple sequence numbers and each sequence number will be mapped to a rule.
Note | If no filters are configured, then the default action is to deny service list information to be transported through the device or interface. |
Query is another option provided when creating service lists. You can create queries using a service list. If you want to browse for a service, then active queries can be used. This function is helpful to keep the records refreshed in the cache.
Note | Active queries can only be used globally and cannot be used at the interface level. |
A service end-point (such as a printer or fax) sends unsolicited announcements when a service starts up. After that, it sends unsolicited announcements whenever a network change event occurs (such as an interface coming up or going down). The device always respond to queries.
After creating a service list and using the permit or deny command options, you can filter using match statements (commands) based on service-instance, service-type, or message-type (announcement or query).
How to Configure the Service Discovery Gateway
Configuring the Service List (CLI)
This procedure describes how to create a service list, apply a filter for the service list, and configure parameters for the service list name.
1.
enable
3.
service-list mdns-sd
service-list-name {deny
sequence-number |
permit
sequence-number |
query}
4.
match message-type
{announcement |
any |
query}
5.
match
service-instance { LINE }
6.
match service-type
{LINE }
DETAILED STEPS
Proceed to enable the mDNS gateway and redistribution of services.
Configuring Service List (GUI)
1. Choose .
2. Click Create Service.
3. In the Service List Name text box, enter the service list name.
4.
From the
Service rule drop-down list, choose from the
following options:
5. In the Sequence number text box, enter the priority of the rule.
6.
From the
Message type drop-down list, choose the
message type to match from the following options:
7. In the Service instance text box, enter the service instance to match.
8. In the Custom text box, enter the mDNS service type string to match.
9. Click Apply.
10. Click Save Configuration.
DETAILED STEPS
Step 1 | Choose . |
Step 2 | Click Create Service. The page is displayed. |
Step 3 | In the Service List Name text box, enter the service list name. |
Step 4 | From the Service rule drop-down list, choose from the following options: |
Step 5 | In the Sequence number text box, enter the priority of the rule. A rule with a lower sequence number is selected first and the service announcement or query is allowed or denied accordingly. You define the sequence number as per your network requirements. |
Step 6 | From the
Message type drop-down list, choose the
message type to match from the following options:
Multiple service maps of the same name with different sequence numbers can be created and the evaluation of the filters will be ordered on the sequence number. Service lists are an ordered sequence of individual statements, each one has a permit or deny result. Evaluation of service list consists of a list scan, in a predetermined order, and an evaluation of the criteria of each statement that matches. A list scan is stopped once the first statement match is found and an action permit/deny associated with the statement match is performed. The default action after scanning through the entire list is to deny. |
Step 7 | In the Service instance text box, enter the service instance to match. |
Step 8 | In the Custom text box, enter the mDNS service type string to match. The Learned Service box shows the services that are added after enabling the learned service type configured by navigating to . For example, _roap._tcp.local. The Selected Service box shows the learned service that you have selected for an mDNS service. |
Step 9 | Click Apply. |
Step 10 | Click Save Configuration. |
What to Do Next
Proceed to enable the mDNS gateway and redistribution of services.
Enabling mDNS Gateway and Redistributing Services (CLI)
After enabling mDNS gateway for a device, you can apply filters (apply IN-bound filtering or OUT-bound filtering) and active queries by using service-policy and service-policy-query commands, respectively. You can redistribute services and service announcements using the redistribute mdns-sd command, and set some part of the system memory for cache using the cache-memory-max command.
Note | By default, mDNS gateway is disabled on all interfaces. |
1.
enable
3.
service-routing mdns-sd
4.
service-policy
service-policy-name {IN |
OUT}
5.
redistribute mdns-sd
6.
cache-memory-max
cache-config-percentage
7.
service-policy-query
service-list-query-name
service-list-query-periodicity
8.
exit
9.
wireless multicast
10.
no wireless mdns-bridging
DETAILED STEPS
Command or Action | Purpose | |||||
---|---|---|---|---|---|---|
Step 1 |
enable
Example:
Switch> enable
|
Enables privileged EXEC mode. | ||||
Step 2 | configure terminal Example: Switch# configure terminal | |||||
Step 3 |
service-routing mdns-sd
Example:
Switch (config)# service-routing mdns-sd
|
Enables mDNS gateway functionality for a device and enters multicast DNS configuration (config-mdns) mode.
| ||||
Step 4 |
service-policy
service-policy-name {IN |
OUT}
Example:
Switch (config-mdns)# service-policy serv-pol1 IN
|
(Optional) For a service list, applies a filter on incoming service discovery information (IN-bound filtering) or outgoing service discovery information (OUT-bound filtering). | ||||
Step 5 | redistribute mdns-sd
Example:
Switch (config-mdns)# redistribute mdns-sd
|
(Optional) Redistributes services or service announcements across subnets.
| ||||
Step 6 | cache-memory-max
cache-config-percentage
Example:
Switch (config-mdns)# cache-memory-max 20
|
(Optional) Sets some part of the system memory (in percentage) for cache.
| ||||
Step 7 |
service-policy-query
service-list-query-name
service-list-query-periodicity
Example:
Switch (config-mdns)# service-policy-query sl-query1 100
|
(Optional) Configures service list-query periodicity. | ||||
Step 8 | exit
Example:
Switch (config-mdns)#exit
|
(Optional) Returns to global configuration mode. | ||||
Step 9 | wireless multicast
Example: Switch (config)# wireless multicast |
(Optional) Enables wireless Ethernet multicast support. | ||||
Step 10 | no wireless mdns-bridging
Example: Switch (config)# no wireless mdns-bridging |
(Optional) Disables bridging of mDNS packets to wireless clients. | ||||
Step 11 | end
Example: Switch(config)# end |
Enabling Multicast DNS Gateway (GUI)
- Enable— Allows the switch to learn all the announced services. It is used to learn services by enabling all announcement/queries by using Service Policy IN of type GUI-permit-all and in Service Policy OUT of type GUI-deny-all.
- Disable— Denies all the traffics IN and OUT. It is used to deny services by disabling all announcement/queries by using Service Policy IN of type GUI-deny-all and in Service Policy OUT of type GUI-deny-all.
- Custom— You can set your own IN and OUT policy. It allows you to define a custom service list.
1. Choose .
2. Select the mDNS gateway check box.
3.
From the
Learn Service drop-down list, choose from the
following options:
4. Click Apply.
5. Click Save Configuration.
DETAILED STEPS
Step 1 | Choose
.
The Global Service Rules page is displayed. |
Step 2 | Select the mDNS gateway check box. |
Step 3 | From the
Learn Service drop-down list, choose from the
following options:
|
Step 4 | Click Apply. |
Step 5 | Click Save Configuration. |
Monitoring Service Discovery Gateway
Command |
Purpose |
---|---|
show mdns requests [detail | name record-name| type record-type [ name record-name]] |
This command displays information for outstanding mDNS requests, including record name and record type information. |
show mdns cache [interface type number | name record-name [type record-type]| type record-type] |
This command displays mDNS cache information. |
show mdns statistics {all | service-list list-name | service-policy {all | interface type number }} |
This command displays mDNS statistics. |
Configuration Examples
Example: Specify Alternative Source Interface for Outgoing mDNS Packets
The following example displays how to specify an alternate source interface for outgoing mDNS packets, so its IP address can be used when there is none configured on the outgoing interface.
Switch(config)# service-routing mdns-sd Switch(config-mdns)# source-interface if-name
Example: Redistribute Service Announcements
The following example displays how to redistribute service announcements received on one interface over all the interfaces or over a specific interface.
Switch(config)# service-routing mdns-sd Switch(config-mdns)# Redistribute mdns-sd if-name
Example: Disable Bridging of mDNS Packets to Wireless Clients
The following example displays how to disable bridging of mDNS packets to wireless clients.
Switch(config)# wireless multicast Switch(config)# no wireless mdns-bridging
Example: Creating a Service-List, Applying a Filter and Configuring Parameters
The following example shows the creation of a service-list sl1. The permit command option is being applied on sequence number 3 and all services with message-type announcement are filtered and available for transport across various subnets associated with the device.
Switch# configure terminal Switch(config)# service-list mdns-sd sl1 permit 3 Switch(config-mdns-sd-sl)#match message-type announcement Switch(config-mdns)# exit
Example: Enabling mDNS Gateway and Redistributing Services
The following example shows how to enable an mDNS gateway for a device and enable redistribution of services across subnets. IN-bound filtering is applied on the service-list serv-pol1. Twenty percent of system memory is made available for cache and service-list-query periodicity is configured at 100 seconds.
Switch# configure terminal Switch# service-routing mdns-sd Switch(config-mdns)# service-policy serv-pol1 IN Switch(config-mdns)# redistribute mdns-sd Switch(config-mdns)# cache-memory-max 20 Switch(config-mdns)# service-policy-query sl-query1 100 Switch(config-mdns)# exit
Example: Global mDNS Configuration
The following example displays how to globally configure mDNS.
Switch# configure terminal Switch(config)# service-list mdns-sd mypermit-all permit 10 Switch(config-mdns-sd-s1)# exit Switch(config)# service-list mdns-sd querier query Switch(config-mdns-sd-s1)# service-type _dns._udp Switch(config-mdns-sd-s1)# end Switch# configure terminal Switch(config)# service-routing mdns-sd Switch(config-mdns)# service-policy mypermit-all IN Switch(config-mdns)# service-policy mypermit-all OUT
Example: Interface mDNS Configuration
The following example displays how to configure mDNS for an interface.
Switch(config)#interface Vlan136 Switch(config-if)# description *** Mgmt VLAN *** Switch(config-if)# ip address 9.7.136.10 255.255.255.0 Switch(config-if)# ip helper-address 9.1.0.100 Switch(config-if)# service-routing mdns-sd Switch(config-if-mdns-sd)# service-policy mypermit-all IN Switch(config-if-mdns-sd)# service-policy mypermit-all OUT Switch(config-if-mdns-sd)# service-policy-query querier 60
Where to Go Next for Configuring Services Discovery Gateway
You can configure the following:
Additional References
Related Documents
Related Topic | Document Title |
---|---|
Configuring DNS |
IP Addressing: DNS Configuration Guide, Cisco IOS XE Release 3SE |
DNS conceptual information |
'Information About DNS' section in IP Addressing: DNS Configuration Guide, Cisco IOS XE Release 3SE |
Platform-independent configuration information |
IP Addressing: DNS Configuration Guide, Cisco IOS XE Release 3SE |
Error Message Decoder
Description | Link |
---|---|
To help you research and resolve system error messages in this release, use the Error Message Decoder tool. |
https://www.cisco.com/cgi-bin/Support/Errordecoder/index.cgi |
Standards and RFCs
Standard/RFC | Title |
---|---|
RFC 6763 |
DNS-Based Service Discovery |
Multicast DNS Internet-Draft |
MIBs
MIB | MIBs Link |
---|---|
All supported MIBs for this release. |
To locate and download MIBs for selected platforms, Cisco IOS releases, and feature sets, use Cisco MIB Locator found at the following URL: |
Technical Assistance
Description | Link |
---|---|
The Cisco Support website provides extensive online resources, including documentation and tools for troubleshooting and resolving technical issues with Cisco products and technologies. To receive security and technical information about your products, you can subscribe to various services, such as the Product Alert Tool (accessed from Field Notices), the Cisco Technical Services Newsletter, and Really Simple Syndication (RSS) Feeds. Access to most tools on the Cisco Support website requires a Cisco.com user ID and password. |
Feature History and Information for Services Discovery Gateway
Release |
Modification |
---|---|
Cisco IOS XE 3.3SE |
This feature was introduced. |