Home > Security Appliances > Other Topics > Configuring Bonjour forwarding for the MX Security Appliance in Passthrough mode

Configuring Bonjour forwarding for the MX Security Appliance in Passthrough mode

Table of contents
No headers

The Cisco Meraki MX Security Appliance can be configured to forward Bonjour mDNS traffic across VLANs, even when in Passthrough mode. For information on configuring Bonjour forwarding when the MX is in NAT mode, refer to this article

This functionality is useful when deploying the MX below a Layer 3 switch or other appliance that can define VLANs, but cannot forward Bonjour traffic across them. An MX in passthrough will intercept the traffic and forward it from service VLANs to client VLANs. This allows clients on one VLAN to utilize Bonjour services like AirPlay or wireless printing when the service is in another broadcast domain.

 This article explains the network design required for the functionality to work and then provides instructions on how to enable Bonjour forwarding in Dashboard. 

Caveats and explanation of how Bonjour forwarding works in Passthrough mode

 

The MX accomplishes Bonjour forwarding in Passthrough mode by inspecting traffic for 802.1Q VLAN tags in each packet that passes through the appliance. If a packet has a VLAN tag, the Bonjour forwarding rules are referenced and if a match is identified, the packet is forwarded across to the other broadcast domain.

 

Therefore, in order for Bonjour forwarding to work in Passthrough mode, traffic must be tagged with a VLAN ID before it passes through the MX. Forwarding from the native VLAN is not possible in Passthrough mode because no explicit 802.1Q VLAN tag exists for traffic on the native VLAN. Traffic can be tagged in a number of ways, either by employing SSID VLAN tagging or by configuring an access port on a Layer 2 switch.

 

If traffic is not explicitly tagged downstream of the MX, it will not be identified for forwarding and will pass through upstream to the Layer 3 switch or security appliance incapable of forwarding Bonjour traffic.

 

Example topology for successful Bonjour forwarding

63683196-f1ad-4a8d-b2d2-ee80ffd29b92

Enabling Bonjour forwarding in Dashboard

 

  1. Configure the MX for use in Passthrough mode
  2. Navigate to Configure > Firewall > Bonjour forwarding
  3. Add rules to forward each VLAN across. In the case above, add one rule for VLAN ID 20 > VLAN ID 30 and another for VLAN ID 30 > VLAN ID 20 (as shown below, with VLAN names displayed)

This configuration will ensure that traffic is forwarded for all Bonjour services from the Apple TV on VLAN 20 to the MacBook Pro connected to an SSID tagging traffic for VLAN 30. 

You must to post a comment.
Last modified
08:37, 27 Jul 2017

Tags

Classifications

This page has no classifications.

Explore Meraki

You can find out more about Cisco Meraki on our main site, including information on products, contacting sales and finding a vendor.

Explore Meraki

Contact Support

Most questions can be answered by reviewing our documentation, but if you need more help, Cisco Meraki Support is ready to work with you.

Open a Case

Ask the Community

In the Meraki Community, you can keep track of the latest announcements, find answers provided by fellow Meraki users and ask questions of your own.

Visit the Community