mDNS Across VLANs
I am having some of the same issues as the above topic. I have multiple VLANs with rules that segregate traffic between them such as CORP_LAN, CORP_WiFi, GUEST_WiFi, SIGN_LAN. Due to HIPPA compliances I segregate the servers from all wireless connections, and have two wifi networks. One that is for employees, one that is for guests.
The doctors and nurses at the facility print things from their iPads/phones directly to the printers. The printers are Xerox Versalinks C405 and B405. My issue is that this setup used to work beautifully with no issues back in December. I had to adjust a few rules in regards to the Guest Wireless and adjust a few VPN settings for a third-party vendor. After those changes, the AirPrint between the CORP_LAN and CORP_WiFi just stopped working. I use Unifi Networking with our hosted SDN Controller and the mDNS boxes are checked to allow traffic on the equipment.
Now, if I adjust firewall rules and mess with it until the cows come home it eventually works for a short time and not for every device. After 'X' amount of time (no idea) it stops working completely. I have removed and re-installed AVAHI, completely deleted the SSID Configs and re-configured them...I was watching traffic logs for a while but there aren't any 'Blocks' in the FW logs and the packet sniffer just shows the printers broadcasting on the multi-cast network, but no reply traffic.
Please help, this issue is getting the best of me and I can't afford to have this issue anymore.
Also note that this is a Netgate SG-3100
JKnott last edited by
I trust you are aware mDNS uses multicast and therefore does not normally pass through routers. This means devices on one VLAN will not see mDNS from another VLAN.
@jknott Right, but Avahi is supposed to bridge that gap by acting as a proxy of sorts. Hence the option 'Enable reflection'
Unless I'm mistaking many documented configurations on how Avahi is supposed to work?
JKnott last edited by
I have no experience with Avahi, so I can't help you with it.
No worries, I appreciate your response anyway.
dennypage last edited by
@shley008 You understand correctly. Avahi provides for mDNS discovery. One thing to note however is that you are still dependent upon multicast in the individual subnets, whether they be a wireless network or a VPN network.
You said that you only changed the VPN settings so I would start there... however just in case something possibly changed with your wireless around the same time... many wifi setups, including Unifi by default, now block multicast. You might want to re-confirm that basic multicast is still working in your wireless network.
I need to close this thread as I have found the solution.
I don't know who else might need to know this but here was my problem.
This is one of many clients that I have that utilize our hosted networking service. This is really just UniFi Switches, waps ETC that connect back to our cloud hosted controller.
The problem is actually two in one, unfortunatly
Problem 1: UniFi APs don't replicate mDNS when meshing is enabled
UniFi APs that are at least the PRO and LITE models (not sure how many others are affected), DO NOT replicate mDNS traffic over 5GHz SSIDs when uplink meshing is enabled. They will replicate the traffic over 2.4GHz on the same SSID.
The "FIX" is to disable meshing on the devices from the app.
Problem 2: You cannot change Meshing settings from the WebUI without disabling the meshing from the mobile app
To disable the meshing you HAVE to do it from the mobile app. The options for meshing completely disappear from the controller's WebUI if it is enabled. So the fix here is to just disable it from the UniFi Networking App.
I'm hoping that this issue isn't present on the new '6' series WAPs, but time will tell.
If anyone needs clarity on the issues outlined above, just email me or PM me or whatever Netgate has for direct messaging.
Thank you to those who replied!
To be clear, mDNS traffic WILL still move across the network and is still accessible if you are connected to the 2.4GHz side of your SSID. The problem was actually pretty hard to trace out due to the sporadic nature and the fact that the traffic was present on the network. It's just that the WAPs drop it over the 5GHz side if the meshing is enabled.