Service filtering

The mDNS profiles feature is responsible for applying filter profiles to mDNS resource records in mDNS response/query packets. The mDNS response/query can be filtered to give better control of the services. Service filtering allows network administrators to manipulate both the responses sent to and coming from clients in order to allow or deny mDNS services. This mechanism prevents clients from being aware of both specified services and announce specific services. These filters can be outbound from the switch to clients or inbound from clients to the switch. Profiles can be applied per-VLAN.

There is a global default which allows or denies traffic that does not match any rule. After a match is found other filter rules are ignored.

NOTE:

Service filtering cannot block the connection between devices. For example, if the client knows the remote device’s IP address, they can still establish a connection without utilizing the mDNS protocol. Service filtering functions to keep names and addresses out services out of mDNS responses.

Figure 71: mDNS query and response assessment
  • Switch 1 — Reflection enabled on VLAN 2 and VLAN 3

  • Global Filters — set to permit both inbound and outbound mDNS traffic on Switch 1, 2 and 3.

  • Specific Filter — Switch 1 – VLAN 3 – Deny –outbound – service type – wireless printer.

  • Specific Filter — Switch 1 – VLAN 2 – Permit – inbound – instance name – Host 2.