You asked about better ways of containing this. The Aruba AirGroup has provided this functionality for years on the Aruba wireless system. You will likely find it less expensive than the Cisco alternative too.
Our users connect to our 802.1X secure SSID while the devices connect to our device SSID. You can restrict by username, AP, AP Group, firewall User Role, or any combination. Bruce Osborne Senior Network Engineer Network Operations - Wireless (434) 592-4229 LIBERTY UNIVERSITY Training Champions for Christ since 1971 -----Original Message----- From: Christina Klam [mailto:ck...@ias.edu] Sent: Wednesday, May 31, 2017 9:36 AM Subject: mDNS Containment with Meraki or WLC All, We are building housing for our emeritus faculty members. These will be private townhouses on our campus that will be networked by us. We are now discussing whether the switches and AP should be Cisco or Meraki (I realize Meraki is now Cisco). The decision point lies in how the two product lines handle BonJour/mDNS. GOAL: Residents in one townhouse can only connect to the mDNS devices located in their homes or devices associated with their userid. Ideally, we want to broadcast the same SSIDs as on campus to reduce confusion. Proposed Way of Doing This: One way we are thinking this can be done is to use the info already in our self-registeration portal. In that database, we have user name and mac address; so we will know which devices belong to whom. Using this information, we hope to limit mDNS access to devices within the private homes to just the devices registered to that home. Questions: Are there better ways of accomplishing the goal? Can this be done by either product? I will be testing mDNS Service Groups on our WLC running 8.2.121.0 this week. Should we just create a SSID per home (thus containing the mDNS to each home. Note: This doesn't work on the WLCs as you are forced to use a single multicast VLAN used by ALL SSIDs) and broadcast a shared "guest" SSID among the townhouses so that people can visit each other? How have you addressed this issue on your Residence Halls? Thank you, Christina Klam Network Engineer Institute for Advanced Study 609-734-8154 ck...@ias.edu ********** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/discuss. ********** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/discuss.
