Mdns Policies in AireOS Release 8.x: Configuring Bonjour Service Instances

Cisco-AV-PAIR Values for Identifying Bonjour Users and Locations

Question

With the introduction of Mdns Policies in AireOS release 8.x, the administrator can configure to identify who uses the Bonjour service instances and in which location.

Based on user 802.1x authentication, a AAA server/ISE can be configured to return which two possible values in the form of a "CISCO-AV-PAIR"? (Choose two.)

Answers

Explanations

Click on the arrows to vote for the correct answer

A. B. C. D. E.

AE.

With introductionof the Bonjour policies in the release 8.0, the administrator can configure to identify who uses the Bonjour service instances and in what location (all this applies to the same WLAN)

With introduction of the Bonjour policies, the administrator does not need to create multiple WLANs to select which services are allowed or should be used on specific WLAN.

Based on user 802.1x authentication, the AAA server or ISE can be configured to return USER- ROLE or BONJOUR-PROFILE in the form of the "CISCO-AV-PAIR"

This value gets plumbed into the policy created on the wireless controller.

Based on the user authentication, a configured policy and profile are applied to a specific user on the same WLAN.

http://www.cisco.com/c/en/us/td/docs/wireless/controller/technotes/8-0/WLAN-Bonjour-DG.html

In AireOS release 8.x, the introduction of Multicast Domain Name System (mDNS) policies allows network administrators to control the use of Bonjour service instances by identifying the location and users who use the service. By using the 802.1x authentication protocol, a user's identity can be verified, and access can be granted or denied to network resources based on user roles or attributes.

The Cisco-AV-pair attribute is used in conjunction with the AAA server/ISE (Identity Services Engine) to provide additional information about the user and their role on the network. When a user authenticates to the network using 802.1x, the AAA server/ISE can return a value in the form of a Cisco-AV-pair attribute that provides additional information about the user.

The two possible values that can be returned in the Cisco-AV-pair attribute based on user 802.1x authentication and mDNS policies are:

  1. Bonjour-profile: This attribute value specifies the Bonjour profile that the user is assigned. Bonjour profiles are used to identify the types of Bonjour service instances that a user can access. By assigning Bonjour profiles to users based on their roles or attributes, network administrators can control the types of services that a user can access on the network.

  2. Client-location: This attribute value specifies the location of the client on the network. By identifying the client's location, network administrators can control the types of Bonjour service instances that a user can access. For example, a client located in a conference room may have access to different Bonjour service instances than a client located in a guest room.

In addition to these two values, the AAA server/ISE can also return other Cisco-AV-pair attribute values such as user-ID, client-role, and user-role, depending on the network requirements and policies.