Need to block Apple TV discovery across WAN links

  • 1
  • Question
  • Updated 1 year ago
  • Answered
I have a ICX 7450 and multiple ICX 7250s connected using OSPF on a layer 2 WAN.  Many of the sites have Apple TV devices.  Locations are able to see the Apple TV's from all locations.  Therefore, I need to block this discovery and keep it contained at each location.  What ports do I need to configure in an ACL to drop this type of traffic? 
Photo of david.waldrop


  • 1 Post
  • 0 Reply Likes

Posted 1 year ago

  • 1
Photo of Andrew Giancola

Andrew Giancola

  • 230 Posts
  • 70 Reply Likes
UDP port 5353 according to Apple. We 'contain' our displays via the Wi-Fi Fencing options. Hope this helps.
Photo of NETWizz


  • 214 Posts
  • 68 Reply Likes
Andrew is correct; however, the protocol they use is Bonjour, which is predominantly a Layer-2 protocol.  My understanding is that it does Multicast to

Is your WAN a stretched VLAN?  I would not expect this to be an issue across a routed network unless you are running something like PIM

ip access-list extended blockAPLTV
sequence 10 deny udp any any eq 5353
sequence 20 permit ip any any

On your WAN port (i.e. your VE interface)

Interface ve 100
ip access-group blockAPLTV in

Photo of Michael Brado

Michael Brado, Official Rep

  • 3298 Posts
  • 523 Reply Likes
See also this article on optimizing WLAN for streaming media devices and Chromecast or AppleTV: