Skip to main content
davidwaldrop's profile

Wed, Aug 14, 2019 6:18 AM

Answered

Need to block Apple TV discovery across WAN links

I have a ICX 7450 and multiple ICX 7250s connected using OSPF on a layer 2 WAN.  Many of the sites have Apple TV devices.  Locations are able to see the Apple TV's from all locations.  Therefore, I need to block this discovery and keep it contained at each location.  What ports do I need to configure in an ACL to drop this type of traffic? 

Responses

232 Messages

 • 

4K Points

2 years ago

UDP port 5353 according to Apple. We 'contain' our displays via the Wi-Fi Fencing options. Hope this helps.

218 Messages

 • 

3.8K Points

2 years ago

Andrew is correct; however, the protocol they use is Bonjour, which is predominantly a Layer-2 protocol.  My understanding is that it does Multicast to 224.0.0.251

Is your WAN a stretched VLAN?  I would not expect this to be an issue across a routed network unless you are running something like PIM https://en.wikipedia.org/wiki/Protocol_Independent_Multicast

ip access-list extended blockAPLTV
sequence 10 deny udp any any eq 5353
sequence 20 permit ip any any

On your WAN port (i.e. your VE interface)

Interface ve 100
ip access-group blockAPLTV in

Brand User

Former Employee

 • 

2.6K Messages

 • 

44.8K Points

2 years ago

See also this article on optimizing WLAN for streaming media devices and Chromecast or AppleTV:
https://support.ruckuswireless.com/articles/000009674