USG Flex 200 Airplay across VLAN1 and VLAN2
Hotel configuration for airplay streaming to Airplay enabled TV's
On Vlan1 (192.168.1.x) my access point WAX510D are connected.
on VLan2 (192.168.2.x) Airplay enabled TV is connected.
I can't manage to have Airplay working across Vlan1 and Vlan2.
Could some some help me in solving this problem with detailed explanations.
Thanks so much.
just a couple of questions: vlan1 only manages your AP's or is the vlan for your guest device?
a security policy vlan1 > Vlan2 and Vlan2 > Vlan1 where all the needed ports/services are allowed ?
Here a list of services for Airplay
80 TCP HTTP - AirPlay
320 UDP PTPv2 - Precision Time Protocol
443 TCP HTTPS - AirPlay
554 UDP/TCP RTSP - AirPlay
1900 UDP SSDP - Bonjour
3689 TCP DAAP - AirPlay
5000 TCP - Mirroring
5297 TCP - Bonjour
5298 TCP/UDP - Bonjour
5350 UDP NAT Port Mapping Protocol Bonjour
5351 UDP NAT Port Mapping Protocol Bonjour
49159 UDP MDNS (Windows) - AirPlay / Bonjour
49163 UDP MDNS (Windows) - AirPlay / Bonjour
tcp > port - 5000 (seen with music)
tcp > port - 7001 (seen with video)
tcp > port - 7000 (seen with picture/file)
tcp > port - 7100 (seen with display-mirroring)
udp > port - 7010 (seen with display-mirroring)
udp > port - 7011 (seen with display-mirroring)
tcp > port - 3689 (iTunes music sharing)
tcp > port - 49152-65535 (dynamic ports)
udp > port - 49152-65535 (dynamic ports)
tcp > port - 123 (so appletv can get time)
udp > port - 123 (so appletv can get time)
Hope this can help
Vlan1 is dedicated to 12 WAX510D for guest wifi.
Vlan2 is dedicated to in room Airplay TV (20 set) connected by ethernet
I did this for isolation BUT for exemple a client iPhone connected to wifi (vlan1) needs to have to possibility to stream to it's room TV set (vlan2).0
Sorry for obvious questions...
Have you created a zone for each vlan? Configuration>Object>Zone (i.e. Vlan1_Zone; Vlan2_Zone)
Did you make the association of the vlan with it's zone? Configuration>Interface>Vlan
Have you Configured all the services listed above? (and grouped them...)
Have you configured security policy
Vlan1_Zone to Vlan2_Zone
Vlan2_Zone to Vlan1_Zone
where services are allowed?
Hello @IMD,Airplay streaming only works when client and server are in the same IP subnet.If you would like to Airplay works across VLAN1 and VLAN2, the device must support multicast cross subnet routing. However, currently, ZyWall only supports IGMP proxy.I will raise this feature to the feature evaluation queue, thanks for your feedback.James.0
i did the same configuration a couple of years ago with an ATP200 in a B&B and it worked quite fine.
Sorry i can't handle the davice any more, B&B closed due to a pandemy.
Fist of all thank you very in trying help and solve my problem.
I managed to do some of the tricks you ask but I still have to clarify the situation.
1) USG Flex settings
On Port P2 is wan1 First provider on optical fiber (192.168.1.1)
On port P3 is wan2 Second provider on cable (192.168.0.1)
I did a load balancing using spillover Method (and its works)
Here is what I had in mind:
I used Lan Port P4 (192.168.1.1) to a POE switch for 12 WAX510D fo the hotel whole wifi (grouped by floors)
I used Lan Port P5 (192.168.2.1) to a Switch for 22 Sony TV set Apple and Google Enabled.
(Manager of the hotel asked that a guest connected to wifi be able to stream to it's room TV set, each Sony TV set can be renamed Rom XX : easy to identify).
Finally Lan port P6 (192.168.3.1) to a switch dedicated to internal use: Front desk computer, printer,
video security, credit card reader and so on.
What I did:
In Configuration>Object>Service I created all the rules necessary for apple device (All prefixed by A_ )
Then I grouped them:
In Configuration> Security policy>
With this setting it does not work an iPhone connect to wifi does not see the room01 TV set for Airplay.
I surely did something wrong... but what ???
I am also very confused by James message stating that it's impossible do multicast across the interface.. (the USG Flex 200, is really a good appliance and if it the case this really a missing feature for something which appears to be natural to do.) May be there is an other way to do it, and this where I need help.
I do tank you for your help.
Thierry - IMD
Airplay uses Multicast DNS (mDNS), implemented in Apple Bonjour, and Bonjour for acrossing different VLANs is not supported by ZyWall current design.The workaround that provided by @Fred_77 might work but we're not recommending it, not sure if it will meet other problems.Thank you.James0
i have to apologize, i forgot to mention that an addon was required: an avahi proxy was needed to get around the limitation James was talking about.It was a virtual machine running on Synology nas with 2 nic (one for each vlan) and provided the multicast dns.
However, the security aspect of this scenario must be taken into consideration0
- 8.1K All Categories
- 1.6K Nebula
- 60 Nebula Ideas
- 54 Nebula Status and Incidents
- 4.4K Security
- 224 Security Ideas
- 965 Switch
- 45 Switch Ideas
- 868 WirelessLAN
- 20 WLAN Ideas
- 5.2K Consumer Product
- 139 Service & License
- 268 News and Release
- 95 Success Stories
- 53 Security Advisories
- 6 Education Center
- 573 FAQ
- 273 Nebula FAQ
- 132 Security FAQ
- 73 Switch FAQ
- 72 WirelessLAN FAQ
- 7 Consumer Product FAQ
- 34 Nebula Monthly Express
- 71 About Community
- 44 Security Highlight