Reply
New Member
carlsond
Posts: 16
Registered: ‎07-09-2012
Posts: 16
Kudos: 1
Registered: 07-09-2012

When is Unifi going to fix the Bonjour problem?

In guest mode, the Bonjour protocol, which is used by apple devices to communicate, is blocked. When will this be fixed?
Regular Member
Springs
Posts: 377
Registered: ‎09-15-2010
Posts: 377
Kudos: 25
Solutions: 4
Registered: 09-15-2010

Re: When is Unifi going to fix the Bonjour problem?

In guest mode, the Bonjour protocol, which is used by apple devices to communicate, is blocked. When will this be fixed?


You want them to fix the guest network isolation?

You need to make a VLAN and put your apple stuff on it and give people access to that vlan.
New Member
carlsond
Posts: 16
Registered: ‎07-09-2012
Posts: 16
Kudos: 1
Registered: 07-09-2012

Re: When is Unifi going to fix the Bonjour problem?

You want them to fix the guest network isolation?

You need to make a VLAN and put your apple stuff on it and give people access to that vlan.


No, I just want them to remove the hard block on Bonjour. Right now, the AP eats all the packets, even if you exclude the address ranges...Isn't that the point of the "Allowed Subnets"?

BTW...There are many, many practicle applications for allowing Bonjour in guest (Yes, isolated) network.
New Member
carlsond
Posts: 16
Registered: ‎07-09-2012
Posts: 16
Kudos: 1
Registered: 07-09-2012

Re: When is Unifi going to fix the Bonjour problem?



BTW...This is exactly what we did, but want limited access (i.e. time based vouchers).
SuperUser
mhoppes
Posts: 13,327
Registered: ‎06-23-2010
Posts: 13327
Kudos: 3888
Solutions: 53
Registered: 06-23-2010

Re: When is Unifi going to fix the Bonjour problem?

No, I just want them to remove the hard block on Bonjour. Right now, the AP eats all the packets, even if you exclude the address ranges...Isn't that the point of the "Allowed Subnets"?

BTW...There are many, many practicle applications for allowing Bonjour in guest (Yes, isolated) network.


I can't think of any. You're either isolated, or your bonjouring. You can't bonjour on an isolated network.
Ubiquiti airMax Training - Morgantown, PA
October 24th & 25th - CLICK HERE TO REGISTER
New Member
carlsond
Posts: 16
Registered: ‎07-09-2012
Posts: 16
Kudos: 1
Registered: 07-09-2012

Re: When is Unifi going to fix the Bonjour problem?

I can't think of any. You're either isolated, or your bonjouring. You can't bonjour on an isolated network.


Well, you must not work in the real world then. Again, what is the purpose of the "Allowed Subnets" on an isolated newtwork?
SuperUser
Josh_SPITwSPOTS
Posts: 17,948
Registered: ‎11-20-2011
Posts: 17948
Kudos: 5528
Solutions: 135
Registered: 11-20-2011

Re: When is Unifi going to fix the Bonjour problem?

He actually works for a decent sized wisp and cell carrier.
Josh Reynolds :: Chief Information Officer :: www.spitwspots.com
Ubiquiti Carrier Wireless Admin, Trainer
New Member
carlsond
Posts: 16
Registered: ‎07-09-2012
Posts: 16
Kudos: 1
Registered: 07-09-2012

Re: When is Unifi going to fix the Bonjour problem?

He actually works for a decent sized wisp and cell carrier.


I'm sure he does, and he's probably quite skilled in what he does, but his assessment of "I can't think of any" in regards to the practicality of using bonjour on a guest network is ignorant.
Established Member
MeWireless
Posts: 1,169
Registered: ‎06-29-2010
Posts: 1169
Kudos: 462
Registered: 06-29-2010

Re: When is Unifi going to fix the Bonjour problem?

In guest mode, the Bonjour protocol, which is used by apple devices to communicate, is blocked. When will this be fixed?


Most all routers including linksys block everything in guest mode including VPN, I learned that the hard way when a client couldn't connect to their server anymore.

Love that apple needs its own protocol to communicate.
Draw a picture of exactly what you're wanting to do. There is either a language barrier here or you don't understand this equipment. I suspect its a bit of both


Any opinions expressed are my own, and generally unpopular with others.

All rights reserved - but some wrongs are still available.
Established Member
Wifimax
Posts: 1,558
Registered: ‎09-11-2009
Posts: 1558
Kudos: 213
Solutions: 3
Registered: 09-11-2009

Re: When is Unifi going to fix the Bonjour problem?

I'm sure he does, and he's probably quite skilled in what he does, but his assessment of "I can't think of any" in regards to the practicality of using bonjour on a guest network is ignorant.


Please enlighten us on why this desperately needs to be implemented then :manhappy: I'm a bit ignorant I guess and have never needed to use it.
SuperUser
Josh_SPITwSPOTS
Posts: 17,948
Registered: ‎11-20-2011
Posts: 17948
Kudos: 5528
Solutions: 135
Registered: 11-20-2011

Re: When is Unifi going to fix the Bonjour problem?

Most all routers including linksys block everything in guest mode including VPN, I learned that the hard way when a client couldn't connect to their server anymore.
Love that apple needs its own protocol to communicate.

Kind of like windows?
Josh Reynolds :: Chief Information Officer :: www.spitwspots.com
Ubiquiti Carrier Wireless Admin, Trainer
New Member
carlsond
Posts: 16
Registered: ‎07-09-2012
Posts: 16
Kudos: 1
Registered: 07-09-2012

Re: When is Unifi going to fix the Bonjour problem?

Please enlighten us on why this desperately needs to be implemented then :manhappy: I'm a bit ignorant I guess and have never needed to use it.


Okay, I'll give you two practical uses for this.

1.) In an office environment, where many guest visit and give presentations via AirPlay. We have two VLANs, three Wi-Fi Networks. One VLAN is on a private network utilizing RADIUS for authentication purposes. The other VLAN is for a guest network, where we have an Apple TV device plugged into a very large display in a conference room. Now, since we have two wireless networks on the same guest VLAN (One in guest mode with voucher based authentication, and the other just using WPA), we would like to give our guest temporary access to our guest VLAN (i.e. Voucher based).

2.) Same scenario, but you want to give guest temporary access to a network that has a network printer with AirPrint on it.

I have no problem with guest solation...Actually, I prefer it. It just adds a bit more of security. I also have no problem with it blocking everything by default, but if I add an addres range to the "Allowed Subnets" under "Guest Control", I would expect that traffic to be allowed. Isn't that what it's for?

In my opinion, both of those are practical applications.
SuperUser
mhoppes
Posts: 13,327
Registered: ‎06-23-2010
Posts: 13327
Kudos: 3888
Solutions: 53
Registered: 06-23-2010

Re: When is Unifi going to fix the Bonjour problem?

Okay, I'll give you two practical uses for this.

1.) In an office environment, where many guest visit and give presentations via AirPlay. We have two VLANs, three Wi-Fi Networks. One VLAN is on a private network utilizing RADIUS for authentication purposes. The other VLAN is for a guest network, where we have an Apple TV device plugged into a very large display in a conference room. Now, since we have two wireless networks on the same guest VLAN (One in guest mode with voucher based authentication, and the other just using WPA), we would like to give our guest temporary access to our guest VLAN (i.e. Voucher based).

2.) Same scenario, but you want to give guest temporary access to a network that has a network printer with AirPrint on it.

I have no problem with guest solation...Actually, I prefer it. It just adds a bit more of security. I also have no problem with it blocking everything by default, but if I add an addres range to the "Allowed Subnets" under "Guest Control", I would expect that traffic to be allowed. Isn't that what it's for?

In my opinion, both of those are practical applications.


Hard cable your airPlay server. Problem solved... and you'll get better results.

I guess I never noticed this because we hard wire all of our "infrastructure" in our office. The only thing wireless are our laptops.
Ubiquiti airMax Training - Morgantown, PA
October 24th & 25th - CLICK HERE TO REGISTER
SuperUser
Josh_SPITwSPOTS
Posts: 17,948
Registered: ‎11-20-2011
Posts: 17948
Kudos: 5528
Solutions: 135
Registered: 11-20-2011

Re: When is Unifi going to fix the Bonjour problem?

This airplay **** is above my head.






(bonjour requires multicast)
Josh Reynolds :: Chief Information Officer :: www.spitwspots.com
Ubiquiti Carrier Wireless Admin, Trainer
SuperUser
mhoppes
Posts: 13,327
Registered: ‎06-23-2010
Posts: 13327
Kudos: 3888
Solutions: 53
Registered: 06-23-2010

Re: When is Unifi going to fix the Bonjour problem?

This airplay **** is above my head.












(bonjour requires multicast)


Oh GAG. I've had major problems with multicast.

That blows the theory I was just going to suggest.... you could put the airPlay on a different subnet from what you hand out via DHCP on your guest network so that basically the traffic would get routed to your router and then back to the device (this basically by-passes client isolation).

The OTHER solution, might be to put the airPlay device on your regular network, and then setup firewall rules to allow communication between the two.

Basically, you have two devices on a guest network that you want to be able to talk to each other. It's not going to happen. It's a guest network with isolation.
Ubiquiti airMax Training - Morgantown, PA
October 24th & 25th - CLICK HERE TO REGISTER
Established Member
MeWireless
Posts: 1,169
Registered: ‎06-29-2010
Posts: 1169
Kudos: 462
Registered: 06-29-2010

Re: When is Unifi going to fix the Bonjour problem?

Kind of like windows?


Oh dear if we get into a apple vs windows vs nix which is better I am going to need another few drinks.. LOL but I was reading it as the apple wont work at all with out this protocol, I think my PC will connect just fine with out it :icon_mrgreen:
Draw a picture of exactly what you're wanting to do. There is either a language barrier here or you don't understand this equipment. I suspect its a bit of both


Any opinions expressed are my own, and generally unpopular with others.

All rights reserved - but some wrongs are still available.
New Member
carlsond
Posts: 16
Registered: ‎07-09-2012
Posts: 16
Kudos: 1
Registered: 07-09-2012

Re: When is Unifi going to fix the Bonjour problem?

Hard cable your airPlay server. Problem solved... and you'll get better results.

I guess I never noticed this because we hard wire all of our "infrastructure" in our office. The only thing wireless are our laptops.


I should have been more specific. This is exactly how we have it setup. The AppleTV and the Network printer are both hard wired into the guest vlan, so that would not solve the problem. The only wireless devices in these scenarios would be the guest/visitors (iPads and Laptops).
SuperUser
mhoppes
Posts: 13,327
Registered: ‎06-23-2010
Posts: 13327
Kudos: 3888
Solutions: 53
Registered: 06-23-2010

Re: When is Unifi going to fix the Bonjour problem?

Why can't we all just live together in perfect harmony?

Ubiquiti airMax Training - Morgantown, PA
October 24th & 25th - CLICK HERE TO REGISTER
SuperUser
mhoppes
Posts: 13,327
Registered: ‎06-23-2010
Posts: 13327
Kudos: 3888
Solutions: 53
Registered: 06-23-2010

Re: When is Unifi going to fix the Bonjour problem?

I should have been more specific. This is exactly how we have it setup. The AppleTV and the Network printer are both hard wired into the guest vlan, so that would not solve the problem. The only wireless devices in these scenarios would be the guest/visitors (iPads and Laptops).


Well then it's not an isolation issue. Are you 100% sure that Bonjour gets dropped in guest mode, but not in "regular" mode?
Ubiquiti airMax Training - Morgantown, PA
October 24th & 25th - CLICK HERE TO REGISTER
New Member
carlsond
Posts: 16
Registered: ‎07-09-2012
Posts: 16
Kudos: 1
Registered: 07-09-2012

Re: When is Unifi going to fix the Bonjour problem?

Well then it's not an isolation issue. Are you 100% sure that Bonjour gets dropped in guest mode, but not in "regular" mode?


Yes, positive. If I use the other wireless network that is on the same guest vlan, it works just fine. For what it's worth, this appears to have been working in an undesirable way previously. See a previous post:

forum.ubnt.com/showthread.php?p=330214

This leads me to beleive that they put some hard code on the APs to discard Bonjour packets on a guest network entirely instead of just blocking bonjour guest-to-guest (what you were referring to with guest isolation).
Reply