Cisco Cisco 5520 Wireless Controller Referencia técnica
6
Cisco Wireless LAN Controller Bonjour Phase III Deployment Guide, Release 8.0
OL-xxxxx-xx <required for IOS documentation>
Introduction to Bonjour Policies and New Requirements
Bonjour Service Groups
A service group name can be associated with a set of MAC addresses, and the maximum MAC addresses
that can be configured for any service group is limited by the platform dependent global maximum
number of service instances that can be discovered, that is,
that can be configured for any service group is limited by the platform dependent global maximum
number of service instances that can be discovered, that is,
Service limit: 6400 on 2500, 5508, WiSM2 and vWLC and 16000 services on 7510 and 8510 UC
Controllers.
Controllers.
Each MAC address is configured with a unique name, which can be the service instance name, and the
location of the MAC address for both wired and or wireless.
location of the MAC address for both wired and or wireless.
1.
Since flexibility is desired when configuring the location using the AP-NAME, AP-GROUP, or
AP-LOCATION, the administrator has to configure the type of location that is desired. This
configuration implies that only clients from the same location as that of the device publishing the
service can access the service. As long as the global maximum limit of MAC addresses is not
exceeded, any service group can configure as many MAC addresses as desired.
AP-LOCATION, the administrator has to configure the type of location that is desired. This
configuration implies that only clients from the same location as that of the device publishing the
service can access the service. As long as the global maximum limit of MAC addresses is not
exceeded, any service group can configure as many MAC addresses as desired.
In case of wireless service instances, the device location can change. Yet, if you want only those
devices whose location is same as that of the service instance, the keyword “same” could be
configured for such wireless service providers.
devices whose location is same as that of the service instance, the keyword “same” could be
configured for such wireless service providers.
In case of wired services, the same location does not apply because wired clients do not get
associated to the AP.
associated to the AP.
2.
If the keyword “Any” is configured for location, it implies that there is no location based filtering
for the clients trying to access the device. This means the clients from any location can access the
service subject to role and user-id credentials being allowed by the policy associated with the service
group for that MAC address.
for the clients trying to access the device. This means the clients from any location can access the
service subject to role and user-id credentials being allowed by the policy associated with the service
group for that MAC address.
3.
If the keyword “ap-name” is used, only clients associated to that AP can access the service instance.
Note
Location validation is implicit and will be the first level of access policy filtering even before ROLE and
USER-ID credentials of the client are verified.
USER-ID credentials of the client are verified.
depicts a possible policy configuration with the service group named AppleTV-teachers.
Table 2
Example for Policy Configuration with the Service Group Name
Service
Group Name
Group Name
MAC Address
Service Name
Location Type
Location
AppleTV-tea
chers
chers
e8:b7:48:9b:f0:20
AppleTV-class1
AP-GROUP
6-FLR
e8:b7:48:9b:f0:21
AppleTV-class2
AP-NAME
AP4403.a740.bc97
—
—
—
—
e2:34:23:11:32:eb
AppleTV-class9
AP-NAME
same
—
—
—
—
e8:c7:38:9c:f1:32
AppleTV -class3
AP-GROUP
any