AirPlay mirroring not working across VLANs with Bonjour Gateway

  • 1
  • Question
  • Updated 4 years ago
  • Answered
Hi everyone,

Our school has moved to a new physical location and I have built a new network from the ground up. We have brought our existing AP121 units with us, but we are implementing Bonjour Gateway for the first time.

I have put some printers and my Apple TVs on my student VLAN and am advertising to the two VLANs my staff uses. The Apple TVs are wired and using DHCP to get network settings. Printing works fine across the VLANs; there's no problem there, so I know the Bonjour Gateway is working as it should.

When I try to AirPlay mirror from an iPad connected to the student VLAN, the mirroring works perfectly. But when I put the iPad on my staff VLAN, while I can see the Apple TV being advertised, when I connect to it it takes a good 20-30 seconds for the TV screen to react, and then all I get is a black screen.

I have ruled out my firewall rules governing traffic between the VLANs by temporarily moving my any/any rule to the top of the list, so there is unfettered traffic flow between the VLANs. That hasn't made any difference.

If I can't figure this out, I can always have my staff connect to the student network to AirPlay, but I'd love to not have them have to do that.

My APs are running 6.1r6 are are managed by an HMOL instance, in case that's useful information.

Any troubleshooting leads would be appreciated.
Photo of Devin Rambo

Devin Rambo

  • 5 Posts
  • 0 Reply Likes

Posted 4 years ago

  • 1
Photo of David Simon

David Simon

  • 18 Posts
  • 1 Reply Like
Can you first post a screenshot of your Bonjour Gateway: HMOL -> Monitor -> Bonjour Gateway
Photo of Devin Rambo

Devin Rambo

  • 5 Posts
  • 0 Reply Likes
Hi David,

See below. VLAN 1 is my student VLAN. VLAN 10 is the staff VLAN that will usually be accessing advertised resources in VLAN 1. The Staff VLAN group also includes VLANS 20 and 100 as well, FYI.

Admissions and LC 1 are the two Apple TVs I'm testing with at the moment. Thanks.

Photo of Carsten Buchenau

Carsten Buchenau, Champ

  • 356 Posts
  • 117 Reply Likes
Hmmm... long time ago, but I remember I took some tweaking...

In your list I am missing *._appletv*._tcp. Try to add it... this is what I have configured:



And yes, make sure your firewall allows traffic in both directions.

Hope this helps.
Photo of Andrew MacTaggart

Andrew MacTaggart, Champ

  • 483 Posts
  • 86 Reply Likes
if you can see the airplay icon, and the appletv then the bonjour gateway has done it's job.

it is most likely a lack of required connectivity between staff vlan and student vlan

this could be a inter vlan routing issue
but most likely the ports are blocked in one direction or the other

as Carsten Stated both directions

is your firewall stateful?
look at your firewall logs to see if traffic is being drop

here is apple's required ports

http://support.apple.com/kb/HT2463

http://support.apple.com/kb/HT6175?viewlocale=en_US
Photo of J. Goodnough

J. Goodnough, Champ

  • 266 Posts
  • 32 Reply Likes
I have AirPlay working in the opposite direction - Airplaying from the Student network to the Faculty network; my BG gateway is as simple as this 

I'd post the Firewall rules as well, but you seem to have ruled this out. You could also look into your router's ACLs, make sure that the appropriate protocols are being allowed to cross VLANs.
Photo of Andrew MacTaggart

Andrew MacTaggart, Champ

  • 483 Posts
  • 86 Reply Likes
It might worth doing a packet capture, I seem to recall my ipad preferring to use ipv6 to try to connect to the appletv.
Photo of Devin Rambo

Devin Rambo

  • 5 Posts
  • 0 Reply Likes
So after taking another good look at my firewall rules at Andrew's suggestion, I realized that although my any/any rule was all well and good, it also was configured to use NAT, which was part of my problem.

I've created a new firewall rule allowing Airplay traffic between the relevant VLANs using a recipe I found in Fortigate's document repository (link to the PDF here if anyone's interested: http://docs-legacy.fortinet.com/cb/recipes/using-AirPlay-with-iOS-AppleTV-FortiAP-and-a-FortiGate-un...) and I've also set my Bonjour Gateway to allow all traffic from and to any VLAN. Lo and behold, Airplay now works beautifully from my staff VLAN to my student VLAN.

At this point, I just need to play with the Bonjour Gateway settings to see how far I can narrow down what I need advertised across my VLANs, but I think I've got this under control. Thanks to everyone for the helpful suggestions.
Photo of Nick Gammon

Nick Gammon

  • 2 Posts
  • 0 Reply Likes
I came across this yesterday because I am having similar problems. I've done everything you have done with aerohive but I'm not sure if I've configured my firewall correctly. I couldn't get your link to work for me. Here are some screen shots. Any help would be appreciated!

Photo of Devin Rambo

Devin Rambo

  • 5 Posts
  • 0 Reply Likes
Hi Nick,

Here are the ports I opened up for AirPlay that worked for me:

From the network where the Apple TVs are homed, you need to open up TCP 7000 and UDP 1-65535 to the network where the source devices are homed.

From the network where the devices are, you need to open up TCP 7000, 7100, and 49152-50000 and UDP 1-65535 to the network where the Apple TVs are.

Otherwise, I think your BG rules look OK.
Photo of Nick Gammon

Nick Gammon

  • 2 Posts
  • 0 Reply Likes
I just found out it was my webfilter that was blocking the traffic between the vlans for certain things. Thank you so much for the fast reply it helped me so much.
Photo of Devin Rambo

Devin Rambo

  • 5 Posts
  • 0 Reply Likes
Awesome! Glad I could help.