Wired Intelligent Edge

Hi, on Aruba 5406 i've some device that i need to enable all the mdns traffic from. how do i enable all mdns traffic from that device so others device can find that device services ?

i've enabled mdns service rule filtering, but so far still confuse with mdns filtering and igmp filtering works.

IGMP Service VLAN Config

VLAN ID : 45
VLAN NAME : VLAN45
IGMP Enabled [No] : Yes
Querier Allowed [Yes] : Yes
IGMP Version [2] : 2
Strict Mode : No
Last Member Query Interval (Seconds) [1] : 1
Querier Interval [125] : 125
Query Max. Response Time (Seconds) [10] : 10
Robustness Count [2] : 2

Port Type | Port Mode Forced Fast Leave Fast Leave
------- ---------- + --------- ----------------- ----------
A1 1000T | Auto No Yes
C1 1000T | Auto No Yes

Thank you

Hi,

You can use VLAN base ACL to hide mDNS service on Particular VLAN

hi, is there any documentation regarding this ?

Hi Mallikarjun,

Aruba Mobility Controllers Support any Standard Radius Servers. But Radius Servers have different capabilities to Authenticate from various user directories.

Most vendors have published how their radius server integrates with ArubaOS Controller and ArubaOS Switch.

Aruba ClearPass: https://www.arubanetworks.com/techdocs/ClearPass/6.9/Aruba_DeployGd_HTML/Default.htm

Cisco ISE: https://www.cisco.com/c/en/us/support/docs/security/identity-services-engine/200270-ISE-2-0-3rd-Party-integration-with-Aruba.html

Forescout: https://www.forescout.com/company/resources/integration-with-aruba-controllers-configuration-guide/

You can do something like this.

Create ACL

ip access-list session DenymDNS
any host 224.0.0.250 any deny
any host 224.0.0.251 any deny
any any any permit

Apply to specific VLAN which you need to block mDNS