• Home

  • Documents

  • Bonjour mDNS enhancements in Phase III rel 8 - Cisco · Bonjour mDNS enhancements in Phase III rel...
4
Bonjour mDNS enhancements in Phase III rel 8.0 Introduction to Bonjour Policies, page 1 Client Context Attributes, page 2 mDNS Profile Attached to Local Policies, page 2 Introduction to Bonjour Policies Starting 8.0 release; the following new capabilities will be added to the Bonjour Services Directory functionality: Ability to apply granular access policies per unique service instance Ability to apply granular access policies based upon user-groups so two users can have differentiated access even though they are connected to the same SSID and get and IP address from the same VLAN Ability to define granular location per wired as well as wireless Bonjour Service(per Access Point or AP Group) In release 8.0 the IT administrators can define how the service instance is shared, which is articulated as "service instance is shared with whom" i.e. user-id, "service instance is shared with which role/s" i.e. client-role and "what is the location allowed to access the service instance" i.e. client location. This configuration can be applied to wired and wireless service instances and the response to any query will solely be based on the policy configured for each service instance. This allows selective sharing of service instances based on the location, user-id or role. Several customers have expressed preference to connect their Apple TV via the wired ethernet connection due to 802.1x capabilities. The 8.0 release allows filtering of wired services at par with wireless service instances. While mDNS profile associated with the client checks for service type being queried before responding to the query, the access policy further allows filtering of specific service instances based on querying client location and role or user-id. With Bonjour access policy there will now be two levels of filtering client queries, one (1) at the service type level by using the mDNS profile and then (2) at the service instance level using the access policy associated with the service each instance. A service instance or a set of service instances discovered and cached by the WLC could be associated with an access policy filter which acts like a lens that determines which clients and what kind of client context [ role or user-id ] can see and access the service instance. Bonjour access policy filters can be configured for specific service instances identified by the MAC address of the devices publishing the services. Apple Bonjour Services on the Cisco mDNS Enabled Controllers 1

Bonjour mDNS enhancements in Phase III rel 8 - Cisco · Bonjour mDNS enhancements in Phase III rel 8.0 • IntroductiontoBonjourPolicies,page1 • ClientContextAttributes,page2 •

  • Upload
    others

  • View
    5

  • Download
    0

Embed Size (px)

Citation preview

  • Bonjour mDNS enhancements in Phase III rel 8.0

    • Introduction to Bonjour Policies, page 1

    • Client Context Attributes, page 2

    • mDNS Profile Attached to Local Policies, page 2

    Introduction to Bonjour PoliciesStarting 8.0 release; the following new capabilities will be added to the Bonjour Services Directory functionality:

    • Ability to apply granular access policies per unique service instance

    • Ability to apply granular access policies based upon user-groups so two users can have differentiatedaccess even though they are connected to the same SSID and get and IP address from the same VLAN

    • Ability to define granular location per wired as well as wireless Bonjour Service(per Access Point orAP Group)

    In release 8.0 the IT administrators can define how the service instance is shared, which is articulated as"service instance is shared with whom" i.e. user-id, "service instance is shared with which role/s" i.e. client-roleand "what is the location allowed to access the service instance" i.e. client location. This configuration canbe applied to wired and wireless service instances and the response to any query will solely be based on thepolicy configured for each service instance. This allows selective sharing of service instances based on thelocation, user-id or role.

    Several customers have expressed preference to connect their Apple TV via the wired ethernet connectiondue to 802.1x capabilities. The 8.0 release allows filtering of wired services at par with wireless serviceinstances. While mDNS profile associated with the client checks for service type being queried beforeresponding to the query, the access policy further allows filtering of specific service instances based onquerying client location and role or user-id.With Bonjour access policy there will now be two levels of filteringclient queries, one (1) at the service type level by using the mDNS profile and then (2) at the service instancelevel using the access policy associated with the service each instance.

    A service instance or a set of service instances discovered and cached by the WLC could be associated withan access policy filter which acts like a lens that determines which clients and what kind of client context [role or user-id ] can see and access the service instance. Bonjour access policy filters can be configured forspecific service instances identified by the MAC address of the devices publishing the services.

    Apple Bonjour Services on the Cisco mDNS Enabled Controllers 1

  • • Bonjour access policy is associated with a service group name which is composed of one or more MACaddresses of the devices publishing Bonjour services.

    • The service group name is then attached to the service instance when it is discovered and cached at theWLC.

    •While traversing the list of service instances in response to a client query each instance will be evaluatedto verify if the querying client location, role or user-id are allowed access to the service instance beforeincluding the same in the response.

    Currently we support a maximum of 5 service groups for a single MAC address.

    Client Context AttributesAny client initiating an mDNS query can be associated with a set of attributes that describe the context of theclient and attributes like "location" can change dynamically when clients move to a different location. Theuser can formulate a rule by combining attributes with logicalOR operations and attach the rule to the policy.A policy is composed of one single rule, even though we could provision for multiple rules.

    mDNS Profile Attached to Local PoliciesJust like all clients associated with a SSID pick the same Bonjour profile and allow the services configuredfor the profile, a Bonjour profile could be attached to a local policy for a client with a particular device typeand ensure each policy can be configured with a different mDNS profile name to restrict the policy from beingable to use the services allowed by the profile. Eventually the device gets access to the service instance basedon the access policy tagged to the specific service instance. There are two levels of filtering:

    • Local policy just decides/controls if the service type is allowed or not

    • Bonjour access policy for the specific service instance will eventually decide if the client can use theservice.

    Apple Bonjour Services on the Cisco mDNS Enabled Controllers2

    Bonjour mDNS enhancements in Phase III rel 8.0Client Context Attributes

  • Summary:

    As shown in the examples above Teacher will have access to certain Apple TVs such as : Apple TV 1 andApple TV 2 in specific location .

    Student based on the policy designed will have only access to the Apple TV2 in specific location.

    Guest User will not have access to any services on this WLAN.

    Apple Bonjour Services on the Cisco mDNS Enabled Controllers 3

    Bonjour mDNS enhancements in Phase III rel 8.0mDNS Profile Attached to Local Policies

  • Apple Bonjour Services on the Cisco mDNS Enabled Controllers4

    Bonjour mDNS enhancements in Phase III rel 8.0mDNS Profile Attached to Local Policies

    Bonjour mDNS enhancements in Phase III rel 8.0Introduction to Bonjour PoliciesClient Context AttributesmDNS Profile Attached to Local Policies


Managing Bonjour Services for BYOD - cisco.com · mDNS queries for any network service on the host comp uter or iOS ... either by design or because of ... Figure 25-1 Bonjour Service

Managing Bonjour Services for BYOD - cisco.com · mDNS queries for any network service on the host comp uter or iOS ... either by design or because of ... Figure 25-1 Bonjour Service

Documents
Bonjour, iCloud

Bonjour, iCloud

Technology
Apple Bonjour Services on the Cisco mDNS Enabled Controllers · Apple Bonjour Services on the Cisco mDNS Enabled Controllers Last Modified: December24,2014 Americas Headquarters Cisco

Apple Bonjour Services on the Cisco mDNS Enabled Controllers · Apple Bonjour Services on the Cisco mDNS Enabled Controllers Last Modified: December24,2014 Americas Headquarters Cisco

Documents
Bonjour Vietnam

Bonjour Vietnam

Entertainment & Humor
Fois (n.) La fréquence Fluffy a dit bonjour deux fois. Bonjour bonjour !

Fois (n.) La fréquence Fluffy a dit bonjour deux fois. Bonjour bonjour !

Documents
Bonjour docteur

Bonjour docteur

Entertainment & Humor
Mitigated Determination of Non-Significance (MDNS) · Mitigated Determination of Non-Significance (MDNS) November 16, 2016 Page 5 of 11 Phase 1. Phases 2 and 3 will update the Conceptual

Mitigated Determination of Non-Significance (MDNS) · Mitigated Determination of Non-Significance (MDNS) November 16, 2016 Page 5 of 11 Phase 1. Phases 2 and 3 will update the Conceptual

Documents
Formel / Informel Bonjour! Bonjour! Bonsoir! (for evening) Bonsoir! (for evening) Salut! Salut! Bonjour! Bonjour! Bonsoir! Bonsoir!

Formel / Informel Bonjour! Bonjour! Bonsoir! (for evening) Bonsoir! (for evening) Salut! Salut! Bonjour! Bonjour! Bonsoir! Bonsoir!

Documents
Café Dubois Par: Dominique Dubois. Bonjour Madame! Bonjour!

Café Dubois Par: Dominique Dubois. Bonjour Madame! Bonjour!

Documents
State of Washington Department of Natural Resources Hilary ... · 3 Cowlitz 96936 BAGEL MDNS 3 4 Cowlitz 96937 SUN PORCH MDNS 3 5 Grays Harbor/ Thurston 95864 ABANDONED FOX DNS 3

State of Washington Department of Natural Resources Hilary ... · 3 Cowlitz 96936 BAGEL MDNS 3 4 Cowlitz 96937 SUN PORCH MDNS 3 5 Grays Harbor/ Thurston 95864 ABANDONED FOX DNS 3

Documents
Impresora láser Dell 5230dn · tipo SAP PCL. Protocolo de red TCP ... BOOTP, RARP, APIPA (AutoIP), DHCP, ICMP, DNS, SNMPv2c, Bonjour, DDNS, mDNS, ARP, NTP, Telnet, Finger *Este producto

Impresora láser Dell 5230dn · tipo SAP PCL. Protocolo de red TCP ... BOOTP, RARP, APIPA (AutoIP), DHCP, ICMP, DNS, SNMPv2c, Bonjour, DDNS, mDNS, ARP, NTP, Telnet, Finger *Este producto

Documents
Resuelva problemas y entienda el gateway del mDNS … · Resuelva problemas y entienda el gateway del mDNS en el regulador del Wireless LAN (el WLC) Contenido Introducción ... aplicaciones

Resuelva problemas y entienda el gateway del mDNS … · Resuelva problemas y entienda el gateway del mDNS en el regulador del Wireless LAN (el WLC) Contenido Introducción ... aplicaciones

Documents
Chromecast como o serviço do mDNS a fim moldar a ... · HP_Photosmart_Printer_1 HP_Photosmart_Printer_2 Printer chromecast Do GUI, escolha o controlador > o mDNS > os perfis. Verifique

Chromecast como o serviço do mDNS a fim moldar a ... · HP_Photosmart_Printer_1 HP_Photosmart_Printer_2 Printer chromecast Do GUI, escolha o controlador > o mDNS > os perfis. Verifique

Documents
Bonjour BOEr - Inagro Bonjour... · 2015. 2. 25. · qu'est-ce que “BONJOUR BOER” ? “Bonjour Boer” s'insere dans le projet transfrontalier Interreg IV “Accueil a la ferme

Bonjour BOEr - Inagro Bonjour... · 2015. 2. 25. · qu'est-ce que “BONJOUR BOER” ? “Bonjour Boer” s'insere dans le projet transfrontalier Interreg IV “Accueil a la ferme

Documents
Bonjour, Monsieur! Bonjour, Mademoiselle! Comment ça va aujourd’hui ?

Bonjour, Monsieur! Bonjour, Mademoiselle! Comment ça va aujourd’hui ?

Documents
Salut. Bonjour

Salut. Bonjour

Entertainment & Humor
Cisco Wireless LAN Controller Bonjour Phase III Deployment ... · Apple’s Bonjour protocol relies on mDNS operating at UDP port 5353 and sent to the following reserved group addresses:

Cisco Wireless LAN Controller Bonjour Phase III Deployment ... · Apple’s Bonjour protocol relies on mDNS operating at UDP port 5353 and sent to the following reserved group addresses:

Documents
Bonjour !

Bonjour !

Documents
Bonjour! Oceane

Bonjour! Oceane

Documents
Bonjour monsieur

Bonjour monsieur

Documents
Bonjour!!! Julie

Bonjour!!! Julie

Documents
mDNS (ICM3400)

mDNS (ICM3400)

Documents
Hello Bonjour

Hello Bonjour

Documents
Miniature Day/Night Sight (MDNS) Development · Miniature Day/Night Sight (MDNS) OVERVIEW Description Schedule Contract Award (Mar 04– May 05) DT/OT (Aug 04 – Jul 05) FY04 FY05

Miniature Day/Night Sight (MDNS) Development · Miniature Day/Night Sight (MDNS) OVERVIEW Description Schedule Contract Award (Mar 04– May 05) DT/OT (Aug 04 – Jul 05) FY04 FY05

Documents
Frances Bonjour

Frances Bonjour

Documents
Bonjour Vietnam

Bonjour Vietnam

Documents
!!! bonjour !!!

!!! bonjour !!!

Documents
mDNS ICE Candidates

mDNS ICE Candidates

Documents
Bonjour im WLAN - dfn.de · Netzwekberatung Kunzek Oktober 2013 Bonjour (mDNS) Subnetz- übergreifend Subnetz WLAN A Subnetz WLAN B VLAN Bojour Services • Proxy- bzw. Weiterleitungs-Funktion

Bonjour im WLAN - dfn.de · Netzwekberatung Kunzek Oktober 2013 Bonjour (mDNS) Subnetz- übergreifend Subnetz WLAN A Subnetz WLAN B VLAN Bojour Services • Proxy- bzw. Weiterleitungs-Funktion

Documents
Bonjour Salut

Bonjour Salut

Documents