So for the past few months I have been fighting with the Cisco APs to make Bonjour and Multicast work. What I would notice is that bonjour would “sorta” work and generally would work for a while before stopping altogether. Worse yet, it seemed like the bonjour services that I cared most about (airplay and airprint) were the ones most likely to not work. Other services seemed pretty “solid” by comparison.
A second issue that came to light while testing all this was that iOS devices seemed to drop off the network after a while. For example we would set the iPad to not auto-lock, connect it to WiFi and then let it sit there. After awhile (anywhere between 5 and 30 minutes) they would just disconnect. This was also a big issue as if you were not paying attention you would assume WiFi is still working and then start downloading content over Cellular instead of WiFi.
I’ll start with the second problem as that seemed to be easier to fix, and I will also note that I will not say these solutions are the proper ones, they are simply the ones that seemed to work for me. Determining what was going on was discovered via the
show dot11 associations xx:xx:xx:xx:xx:xx
and looking at the Connected, Activity Timeout and Last Activity counts. What I noticed first of all was the timeout was set to a maximum of 60 seconds. Secondly, what I noticed is that “Last Activity” always increased, even if I was actively browsing the internet or doing other unicast type traffic like pinging.
The best that I was able to come up with was this due to the fact that I had different WPA settings on different SSIDs. So there are two things I did. First I made all WPA settings the same, which is wpa version 2 on the dot11 ssid configurations and then under the interface Dot11RadioX config sections I set the encryption modes to only aes-ccm; I also added a non-VLAN encryption setting that also set the cipher:
encryption mode ciphers aes-ccm
encryption vlan 1 mode ciphers aes-ccm
encryption vlan 40 mode ciphers aes-ccm
This SEEMS to have resolved the issue of activity. Now the Last Activity shows correctly and properly tracks communication on the device. One last thing I did as well “just because” was to up the timeout to 5 minutes:
dot11 activity-timeout unknown default 300
I may not keep this last setting as I don’t know that it is needed anymore. I put it in initially to try and work around the problem. For completeness of the problem, what seemed to be happening was, as I said, the Aironet thought the device wasn’t talking so after 60 seconds it would disconnect. Now, my laptop experienced the same problem but would keep reconnecting forever. The iOS devices seemed to only reconnect a few times and then they seemed like they gave up, assuming the AP was broken since it kept disconnecting it.
Now back to the first problem of bonjour and multicast. This ended up being an incredibly simple fix, though again I’m not sure this is the “correct” fix but it does seem to work. I will also say it may very well require that the above fix is also put in place too. The problem I would run into is that bonjour and multicast worked great on un-encrypted, WEP and WPA Personal networks. On WPA Enterprise it would not work. Under the interface Dot11RadioX configuration I added a single line:
broadcast-key vlan 1 change 60
According to the documentation, this updates all clients with a new broadcast key every 60 seconds for the specified VLAN. So as I said this has fixed the issue with one caveat. It can sometimes take up to about 30 seconds for all the bonjour stuff to show up. That seems to be related to the broadcast key rotation. My best guess is that if the device comes in towards the end of the broadcast key rotation period it doesn’t get the current key and has to wait for the new key. So if you connect to WiFi and then immediately try to AirPrint or AirPlay it may not show up for a few seconds. So far this has not been a big deal.