Just thinking that Apple TV uses the multicast TTL of 1-- hop count of 1. it means it will not broadcast out side of its existing subnet, by limiting the subnet to smaller range can also kill the use of Apple TV.
In the wireless, often limiting the subnet range is not practical, use the tip at your discretion. Sent from my iPhone On Oct 27, 2013, at 11:09 AM, "James Andrewartha" <[email protected]> wrote: > On 27/10/13 9:35 PM, "Marki" <[email protected]> wrote: > >> Hawkins, Michael Stephen <hawkins <at> email.unc.edu> writes: >>> This will work on any Enterasys switch properly setup for NAC. >> >> So what exact policy would the NAC apply to a C-Series switch in that >> case? >> >> If using "set policy rule 6 macsource 00-12-34-00-00-00 mask 24 vlan X" >> does >> not work on C-Series, how would using the NAC make this work nevertheless? >> Would it simply connect to the switch and issue a "set port vlan ..." or >> how >> do I have to imagine this? > > What you need is MAC authentication enabled on the C3, which will then > query NAC over RADIUS, NAC will match the MAC address against a rule and > send back a policy that maps it to vlan X. > > The S/N/K switches can do this without having authentication enabled on > the port, and they can then apply arbitrary policies to that traffic, e.g. > I have one that drops port 5353 (mDNS) from our Apple TVs at the core: > > set policy profile 14 name "Apple TV Block" > set policy rule admin-profile macsource 7c-d1-c3-00-00-00 mask 24 > admin-pid 14 > set policy rule admin-profile macsource 9c-20-7b-00-00-00 mask 24 > admin-pid 14 > set policy rule 14 udpsourceportIP 5353 mask 16 drop > set policy rule 14 udpdestportIP 5353 mask 16 drop > > > Whereas B/C/G can only apply a policy to all of the traffic from that MAC > address. > > -- > James Andrewartha > > Network & Projects Engineer > Christ Church Grammar School > Claremont, Western Australia > Ph. (08) 9442 1757 > Mob. 0424 160 877 > > > > --- > To unsubscribe from enterasys, send email to [email protected] with the body: > unsubscribe enterasys [email protected] --- To unsubscribe from enterasys, send email to [email protected] with the body: unsubscribe enterasys [email protected]
