Need to block Apple TV discovery across WAN links

  • 1
  • Question
  • Updated 1 month ago
  • Answered
I have a ICX 7450 and multiple ICX 7250s connected using OSPF on a layer 2 WAN.  Many of the sites have Apple TV devices.  Locations are able to see the Apple TV's from all locations.  Therefore, I need to block this discovery and keep it contained at each location.  What ports do I need to configure in an ACL to drop this type of traffic? 
Photo of david.waldrop

david.waldrop

  • 1 Post
  • 0 Reply Likes

Posted 1 month ago

  • 1
Photo of Andrew Giancola

Andrew Giancola

  • 87 Posts
  • 24 Reply Likes
UDP port 5353 according to Apple. We 'contain' our displays via the Wi-Fi Fencing options. Hope this helps.
Photo of NETWizz

NETWizz

  • 164 Posts
  • 45 Reply Likes
Andrew is correct; however, the protocol they use is Bonjour, which is predominantly a Layer-2 protocol.  My understanding is that it does Multicast to 224.0.0.251

Is your WAN a stretched VLAN?  I would not expect this to be an issue across a routed network unless you are running something like PIM https://en.wikipedia.org/wiki/Protocol_Independent_Multicast

ip access-list extended blockAPLTV
sequence 10 deny udp any any eq 5353
sequence 20 permit ip any any

On your WAN port (i.e. your VE interface)

Interface ve 100
ip access-group blockAPLTV in

Photo of Michael Brado

Michael Brado, Official Rep

  • 2955 Posts
  • 414 Reply Likes
See also this article on optimizing WLAN for streaming media devices and Chromecast or AppleTV:
https://support.ruckuswireless.com/articles/000009674