Information about Multicast Domain Name System
Multicast Domain Name System (mDNS) service discovery provides a way to announce and discover the services on the local network. The mDNS service discovery enables wireless clients to access Apple services such as Apple Printer and Apple TV advertised in a different Layer 3 network. mDNS performs DNS queries over IP multicast. mDNS supports zero-configuration IP networking. As a standard, mDNS uses multicast IP address 224.0.0.251 as the destination address and 5353 as the UDP destination port.
Location Specific Services
The processing of mDNS service advertisements and mDNS query packets support Location Specific Services (LSS). All the valid mDNS service advertisements that are received by the controller are tagged with the MAC address of the AP that is associated with the service advertisement from the service provider while inserting the new entry into the service provider database. The response formulation to the client query filters the wireless entries in the SP-DB using the MAC address of the AP associated with the querying client. The wireless service provider database entries are filtered based on the AP-NEIGHBOR-LIST if LSS is enabled for the service. If LSS is disabled for any service, the wireless service provider database entries are not filtered when they respond to any query from a wireless client for the service.
LSS applies only to wireless service provider database entries. There is no location awareness for wired service provider devices.
The status of LSS cannot be enabled for services with the ORIGIN set to wired and vice versa.
mDNS Policy
This section explains how you can define a policy to access a specific service provider. The access policy explains the client attributes, the constructs, and the rule components that make up the policy; and how rules and policies are evaluated. This helps in deciding whether the given service provider should be included in the mDNS response for the client (that made the mDNS query).
When LSS is enabled, it provides the information only about nearby service providers. But, MDNS Policy enables you to define a policy that is even more granular.
mDNS policies can be framed based on:
-
User
-
Role
-
AP Name
-
AP Location
-
AP Group
mDNS Policy Limitations
The limitations of the mDNS policy are as follows:
-
LSS cannot be applied in conjunction with the mDNS policy.
-
Role and User info is provided from the ISE server.
-
If the keyword Any is used as a rule parameter value, then that check is bypassed.
-
Since the rule is applied based on Service Provider MAC, the rule is evaluated for all the services advertised by the service provider.
-
mDNS Policy is applied based on Service Provider MAC and not based on the mDNS Service.
-
mDNS Policy will be active only when mDNS Snooping is enabled.
-
The maximum number of policies that can be configured per MAC address is limited to five policies.
Client Attributes in an mDNS Policy
Any client initiating an mDNS query is associated with a set of attributes that describe the context of the client. The list of attributes can be Role, User-Id, associated AP Name, associated AP Location, and associated AP Group. Only these enumerated attributes are used to articulate an access policy rule.
The attribute Location, for example, dynamically changes when the client move to a different location. You can formulate a rule by combining these attributes with logical OR operations and attach the rule to the policy.
A service group can have one or more rules.
mDNS AP
The mDNS AP feature allows the controller to have visibility of the wired service providers that are on VLAN. You must configure VLANs on all APs. VLAN visibility on the controller is achieved by the APs that forward the mDNS advertisements to the controller.
Use the configurable knob that is provided on the controller to start or stop mDNS packet forwarding, through the internal AP. You can also use this configuration to specify the VLANs from which the AP should snoop the mDNS advertisements from the wired side. The maximum number of VLANs that an AP can snoop is 10.
Note |
By default, the mDNS AP does not snoop on any VLAN, you must specify the Management VLAN to snoop on the mDNS packets. The mDNS AP configuration is retained on those mDNS APs even if global mDNs snooping is disabled. |
Priority MAC Support
You can configure up to 50 MAC addresses per service; these MAC addresses are the service provider MAC addresses that require priority. This guarantees that any service advertisements originating from these MAC addresses for the configured services are learned even if the service provider database is full by deleting the last nonpriority service provider from the service that has the highest number of service providers. When you configure the priority MAC address for a service, there is an optional parameter called ap-group, which is applicable only to wired service providers to associate a sense of location to the wired service provider devices. When a client mDNS query originates from this ap-group, the wired entries with priority MAC and ap-group are looked up and the wired entries are listed first in the aggregated response.
Origin-Based Service Discovery
You can configure a service to filter inbound traffic that is based on its origin, that is either wired or wireless. All the services that are learned from an mDNS AP are treated as wired. When the learn origin is wired, the LSS cannot be enabled for the service because LSS applies only to wireless services.
A service that has its origin set to wireless cannot be changed to wired if the LSS status is enabled for the service because LSS is applicable only to wireless service provider database. If you change the origin between wired and wireless, the service provider database entries with the prior origin type are cleared.