I know, and the original plan was to get it released during summer breaks so schools could use it for the school year.
[via XKCD]
[via XKCD]
Let's see if this formats decently:
Enabling Bonjour Gateway
BonjourTM is Apple’s implementation of a zero-configuration networking protocol for Apple
devices over IP. It allows OS X and iOS devices to locate other devices such as printers, file
servers and other clients on the same broadcast domain and use the services offered without
any network configuration required.
Multicast applications such as Bonjour require special consideration when being deployed over
wireless networks. Bonjour only works within a single broadcast domain, which is usually a small
area.This is by design to prevent flooding a large network with multicast traffic. However, in
some situations, a user may want to offer Bonjour services from one VLAN to another.
ZoneDirector’s Bonjour Gateway feature addresses this requirement by providing an mDNS
proxy service configurable from the Web interface to allow administrators to specify which
types of Bonjour services can be accessed from/to which VLANs.
In order for the Bonjour Gateway to function, the following network configuration requirements
must be met:
• The target networks must be segmented into VLANs.
• VLANs must be mapped to different SSIDs.
• The controller must be connected to a VLAN trunk port.84
Configuring System Settings
Enabling Bonjour Gateway
Additionally, if the VLANs to be bridged by the gateway are on separate subnets the network
has to be configured to route traffic between them.
Creating a Bonjour Gateway Rule
The Bonjour Gateway is essentially a list of rules for mapping services from one VLAN to
another.
To configure rules for bridging Bonjour services across VLANs
1. Go to Configure > Bonjour Gateway.
2. Click Create New in the Bridge Service table to create a new Bonjour service rule.
3. In the Create New form, configure the following options:
• Bridge Service: Select the Bonjour service from the list.
• From VLAN: Select the VLAN from which the Bonjour service will be advertised.
• To VLAN: Select the VLAN to which the service should be made available.
• Notes: Add optional notes for this rule.
4. Click OK to save your changes.
5. Repeat for any additional rules.
6. Select the check box next to Enable Bonjour gateway and click the Apply button.
Figure 49. Create a new Bonjour Gateway rule85
Configuring System Settings
Enabling Bonjour Gateway
Example Network Setup
The following example illustrates how ZoneDirector’s Bonjour Gateway can be used to allow
users to access Bonjour resources on different VLANs in a school setting, where access to
certain resources must generally be separated between teachers and students, but where
sharing may sometimes be necessary.
Assume a network with three VLANs mapped to separate SSIDs, all on separate subnets or
multicast domains. The three segments host different devices for different users:
• Classroom SSID (VLAN 100): WEP authentication, includes an iMac desktop for file sharing
and iOS Sync for backup, and an Apple TV attached to a projector.
• Teachers SSID (VLAN 200): 802.1X authentication for a MacBook and iPad, needs to have
access to all classroom resources.
• Students SSID (VLAN 300): Students have a separate SSID with no authentication, they must
be able to backup their iPads to the classroom iMac but should not have access to the
Apple TV or File Sharing services.
Figure 50. Sample Bonjour Gateway configuration for a classroom scenario
In this example, the teacher gains access to AirPlay, AirPrint, iCloud Sync and File Sharing, while
students are given access to iCloud Sync and AirPrint only.
Enabling Bonjour Gateway
BonjourTM is Apple’s implementation of a zero-configuration networking protocol for Apple
devices over IP. It allows OS X and iOS devices to locate other devices such as printers, file
servers and other clients on the same broadcast domain and use the services offered without
any network configuration required.
Multicast applications such as Bonjour require special consideration when being deployed over
wireless networks. Bonjour only works within a single broadcast domain, which is usually a small
area.This is by design to prevent flooding a large network with multicast traffic. However, in
some situations, a user may want to offer Bonjour services from one VLAN to another.
ZoneDirector’s Bonjour Gateway feature addresses this requirement by providing an mDNS
proxy service configurable from the Web interface to allow administrators to specify which
types of Bonjour services can be accessed from/to which VLANs.
In order for the Bonjour Gateway to function, the following network configuration requirements
must be met:
• The target networks must be segmented into VLANs.
• VLANs must be mapped to different SSIDs.
• The controller must be connected to a VLAN trunk port.84
Configuring System Settings
Enabling Bonjour Gateway
Additionally, if the VLANs to be bridged by the gateway are on separate subnets the network
has to be configured to route traffic between them.
Creating a Bonjour Gateway Rule
The Bonjour Gateway is essentially a list of rules for mapping services from one VLAN to
another.
To configure rules for bridging Bonjour services across VLANs
1. Go to Configure > Bonjour Gateway.
2. Click Create New in the Bridge Service table to create a new Bonjour service rule.
3. In the Create New form, configure the following options:
• Bridge Service: Select the Bonjour service from the list.
• From VLAN: Select the VLAN from which the Bonjour service will be advertised.
• To VLAN: Select the VLAN to which the service should be made available.
• Notes: Add optional notes for this rule.
4. Click OK to save your changes.
5. Repeat for any additional rules.
6. Select the check box next to Enable Bonjour gateway and click the Apply button.
Figure 49. Create a new Bonjour Gateway rule85
Configuring System Settings
Enabling Bonjour Gateway
Example Network Setup
The following example illustrates how ZoneDirector’s Bonjour Gateway can be used to allow
users to access Bonjour resources on different VLANs in a school setting, where access to
certain resources must generally be separated between teachers and students, but where
sharing may sometimes be necessary.
Assume a network with three VLANs mapped to separate SSIDs, all on separate subnets or
multicast domains. The three segments host different devices for different users:
• Classroom SSID (VLAN 100): WEP authentication, includes an iMac desktop for file sharing
and iOS Sync for backup, and an Apple TV attached to a projector.
• Teachers SSID (VLAN 200): 802.1X authentication for a MacBook and iPad, needs to have
access to all classroom resources.
• Students SSID (VLAN 300): Students have a separate SSID with no authentication, they must
be able to backup their iPads to the classroom iMac but should not have access to the
Apple TV or File Sharing services.
Figure 50. Sample Bonjour Gateway configuration for a classroom scenario
In this example, the teacher gains access to AirPlay, AirPrint, iCloud Sync and File Sharing, while
students are given access to iCloud Sync and AirPrint only.
