Avahi + Vlans + Cast devices



  • Hi All,

    Newbie here learning the ropes, if this is in the wrong section please move it as required.

    I finally managed to upgrade my standard switch to a gigabit managed and decided to switch the network over the vlans but i'm having a nightmare getting it all working!

    So to start, the basics of my setup

    • Esxi server hosting pfsense, plex and another couple of linux clients - hosted on a dell 3040 desktop
    • Cisco sg200 level 2 managed switch
    • unifi AC pro Access point serving the wireless.

    So i setup 5 vLans

    • LAN - Only pfsense remains here so i can always access it incase i get any issues (might move switch here as well but still deciding)

    • MGMT (10) - for switch, servers and any other infrastructure equipment - Access point, unifi cloud controller etc.

    • Main (20)- for all computers, mobiles and any known trusted devices

    • Guest (30)- for any guest clients - locked down with no lan access

    • IoT (40)- for all internet related devices - firestick, samsung tv, chromecasts etc.

    • CCTV (50)- Secluded vLan locked down to only allow smtp and a few other ports (while i narrow this down to known destinations only)

    • The Access point will serve 3 ssids - 20 for main devices, 30 for guests and 40 for IoT

    Ok with that all out of the way - i managed to get all the vLans setup and all working great, all getting ips as expected, switch configured fine and working.

    So...whats the problem you ask?

    I needed to get casting working, which is where it all went down hill. I've setup avahi and got that running with the config suggested on a couple of the posts in this forum. And in the process have probably read half of all the posts in this forum (and the internet!!!!!)

    The issue i'm hitting is with casting to devices and finding the printer (all devices are located in in vlan 40).

    • If i connect to the IoT vlan from my mobile, go to youtube and try to cast, i find my chromecast, chromecast audio, firestick, samsung tv and tivo box. I can scan printers and find it using the epson printer finder tool.
    • If i connect to my "Main" (vlan 20) - I see the chromecast audio and chromecast, I can cast to these just fine (so looks like avahi is doing that and its working!). I also "SEE" the samsung tv in the list but when i try and connect it just hangs on connecting and youtube on android mobile just crashes. I can't find any of the other devices. I can live with most of this and if i put the printers ip address in, it works so again i can live with that. I just really need to get the samsung tv casting to work!!!

    I put a blanket allow all from 20 to 40 and allow all from 40 to 20 in order to test and get this working. I also put a rule to all 224.0.0.0/3 and other broadcast ips i could find. Attaching screenshots.

    I know there are 2 parts to this - multicast/unicast/mDns etc. for the discovery across vlans, and the firewall rules to allow access. I have exhausted everything i can think of to get it working but nothing is being blocked in the firewall rules on pfsense so i can't actually see why this isn't working.

    I can only guess my switch (Cisco sg200 - is doing something to block some traffic somehow??) or esxi is blocking traffic, unifi access point is blocking something or hidden rules in pfsense are blocking something.

    Has anybody got a working setup with vlans, casting from one vlan to a samsung tv on another vlan?

    Failing that i may have to merge my IoT devices and main devices into one vlan and use firewall rules to segregate and lock them down (which i would rather not do :( )

    Attaching some screenshots to help show what i got setup.

    Floating rules:
    17bfe90c-281b-4ba1-8fbc-2a684c40ee12-image.png

    aad8cc2a-a858-444c-a947-7d9e62a96133-image.png



  • They can see each other because of avahi, but I didn't see in your firewall rules, a rule that allows communication with the chromecast device.
    Try to create a rule from LAN to the chromecast device, If I remember correctly is port TCP 8008 and 8009. Or create an allow all for testing purposes and check the firewall logs to see which ports chromecast is using these days.



  • I have an allow all rule at the moment and chromecast works.

    The issue I have is Samsung tv doesn't work, firestick doesn't cast and my printer doesn't get picked up.



  • I'm brand new here so this may not be of much use...

    I'm doing something similar to you, but with different software, except for the ubiquiti equipment and controller. In my setup, I had checked the checkbox in the unifi controller, wireless networks, advanced options; "Block Wireless LAN to WLAN Broadcast and Multicast Data" in the hopes that the avahi package on the pfsense router would handle all mDNS traffic. However I was not able to get anything on my wireless networks to resolve under mDNS until I cleared that checkbox and reprovisioned the unifi AP. I have a vm host set up on the NoT, which I installed the "avahi-tools" package and ran avahi-resolve -n somehost.local. That started working after I cleared the checkbox. I ran pftop and set up filter for port 5353 while I ran the avahi-resolve command and started seeing the requests come through. I have the dns forwarder set up to a local adguard host. When the pfsense box forwards the request, the ip shows that of the pfsense vlan adapter. When the devices make the request themselves, the ip origin in pftop is the device that makes the request.

    Our setups aren't exactly the same, but if you'd like me to try something out on my network, let me know.

    welbo97
    R710 x5650 72GB
    pfsense 2.4.4-p3 router in proxmox 6 vm
    OVS and Ubiquiti for tagging VLAN's (no hardware switch)
    isolated NoT, IoT, guest and general networks


Log in to reply