AP isolation - what have i done, how to fix it....?

Modesty

Hi

My chromcast is not visible on my streaming App.
In Home app i can set it up, but i get message:

I did try my chromecast on a VLAN and on that net it kicked in.

I dont know if I have done anything om my router except installing ntop.

If anybody can help connect it to my own VLAN please do it. It's Friday today and my fam is preparing for the Norwegian Golden Analog Serial evening (Gullrekka) ;-)

bingo600

@Modesty

I don't use Chromecast (CC)
But it seems like your CC and your Client APP (phone ?) are not on the same Vlan
Do you conect the CC & the phone on the same WiFi SSID ?

If yes ...
Could your WiFi have enabled some kind of "Do not allow Client intercommunication"

/Bingo

JKnott

@Modesty

Your description is a bit vague, but it sounds like your Chromecast is on a different subnet from your streaming app. If it uses multicast, as many multimedia apps do, it won't work through a router such as pfsense.

Gertjan

@Modesty said in AP isolation - what have i done, how to fix it....?:

AP isolation - what have i done, how to fix it....?

AP Isolation is an AP setting, and normalcy not 'On' by default.
If your AP has this option, it couldn't be on 'On' because you would only put it to 'On' because you need it - which implies you knew what it is.

The message is shown on your phone because it's a plausible solution to the issue : the app doesn't detect any cast devices. basically: you are connected to a network with no cast devices 'visible'.

A pfsense package like Avahi might be able to help you here.

The same thing goes for multiple LAN and or VLAN usage : No one would use it, except if you have to separate devices in logical groups of devices that shouldn't communicate with each.
Remember : every device on the same network segment, LAN, can communicate with other devices on that same network segment (LAN or network). The router, pfSense in this case, is not needed to make that happen. The router is useful to attribute an initial IP/mask/gateway/DNS to every device when it's put on. Afterwards, every device can live it's live on it's LAN.

Keep in mind that the entire Internet is a huge interconnection of billions of devices, and you can still access them. Now, try to understand why this is possible - and why you can't 'see' a device on another LAN segment.
It has to do, amongst other, with 'DNS'. And firewall rules on your router. Protocols used.

Btw : when you unbox a new PC, with some OS like Windows on it, and connected it to your local home network, you saw this question : "Private network or Public network ?". If you select "Public" you will notice that your Internet connection, through your router, works. But you can not interact with any other LAN device. It's a form of LAN isolation. When you start to browse your local networks, you will even see a message : local browsing is de activated. Windows refuses to talk to local stuff.

AP's have the same functionality : every device connected to it using Wifi can not interact with other devices connected to that AP. The only interaction possible would be the one with the router. This mode exist for public wifi network like public hotspots, captive portals etc.

@bingo600 said in AP isolation - what have i done, how to fix it....?:

Could your WiFi have enabled some kind of "Do not allow Client intercommunication"

As said above : such an option would never be activated by default. If it was the case, the help desk of that AP would simply explode ....

stephenw10

Yeah, it looks like you're trying to cast between subnets so you will need avahi or maybe pimd configured so allow that.
Chromecast is not designed to work between subnets. Putting your client in the same subnet is the easiest solution there.

Steve

Modesty

Thanks for feedback.

To be clear.

They are both on same WLAN
Chromcast is on ip 192.168.0.105
Phone with google home + stream app is on 192.168.0.101

What I tried was to connect phone + cromecast to vlan 192.168.5.x then it worked.

That means that devices are OK, but my LAN on 192.168.1.x has some hick up.

I have done no changes im aware of regarding router settings. Cromecast worked monday, wednesday i did not work.

I facory reset the cromecast but it did not work on my LAN.

So now im not shure what to do....

ANy more info you can give me

bingo600

@Modesty said in AP isolation - what have i done, how to fix it....?:

Thanks for feedback.

To be clear.

They are both on same WLAN
Chromcast is on ip 192.168.0.105
Phone with google home + stream app is on 192.168.0.101

OK

What I tried was to connect phone + cromecast to vlan 192.168.5.x then it worked.

So you have a Multi Vlan (SSID) capable WIFI ?
What model is it ?

That means that devices are OK, but my LAN on 192.168.1.x has some hick up.

Did you mean : my LAN on 192.168.0.x

/Bingo

stephenw10

If they are both in the same subnet, I assume 192.168.0.0/24, then they will be talking directly to each other. Or at least attempting to. pfSense does not even see that traffic so cannot do anything to it.
Check the subnet masks are correct or both devices.

Otherwise it can only be blocked in the AP or maybe in a switch if you have multiple APs for that SSID.

Steve

Modesty

@bingo600 and @stephenw10 thanks for answer

My lan 192.168.0.x is not working with my chromcast.

all subnets in /24
"pfSense does not even see that traffic so cannot do anything to it."
---> This is my question, Is this true? can do nothing?

I have cable modem (bridge mode) + pfsens router + managed switch + 4 AP unifi.
these 7 items I have not done any changes on last week.

I have 3 wlans, my family, my rental apartment and IoT, all traffic blocked between them. This lans is set up by my unifi controller + pfsens has 3 individual DHCP servers, 1 fore each wlan.

So i have no clue what happens...

On strange issue is that monday i tried to cast from win 10 by using Videostream to the cromcast thats not working now. That was maybe the root to my problems because all my net did get a big hick up, I had to reboot rooter and my cable modem (wich is set up in bridge mode). After that reboot my cromcast stoped working.

You say I cant do configuration regarding

bingo600

@Modesty

Long shot ....
Are you sure the UniFi controller hasn't uploaded new firmware to the AP's ?

I think my DEB10 based Unifi controller (at work) updated today , when i ran an apt update / upgrade.

I have set the "Do not upgrade AP firmware automatically" flag on my controller.

But it would be "Bad karma" from Ubiq to change (set) disallow Client to Client comms wo. SHOUTING IT OUT - In the release notes.

You say if you move your CC + Client to "SSID" 192.168.5.x then it works ?

But it doesn't work on "SSID" 192.168.0.x

As @stephenw10 mentions:
When two clients comunicating on the same subnet/vlan (with the correct subnet mask set) , the traffic would not even pass or be seen by the firewall.

That is why we keep bugging you about the AP's , and their settings/firmware.

/Bingo

stephenw10

The discovery traffic should go dircetly between the client and Chromecast of they are on the same subnet on the same SSID. Even if pfSense was set to block everything that should still work. Of course the Chromecast would not be able to connect out to, for example, Netflix if you did that.
Does the Chromecast actual show as connected to the expected SSID after the setup? In the DHCP leases list in pfSense?

Steve

Modesty

Thanks a lot for your effort, it suddenly worked....

I switched of ntop, thats all. And that should actually don't do anything, as ntop is only a "probe" between lans/wan.

By the way, ntop was running on monday when all systems was running and working...

Proof:

Now its time for pizza and coke.

bingo600

@Modesty said in AP isolation - what have i done, how to fix it....?:

Thanks a lot for your effort, it suddenly worked....

I switched of ntop, thats all. And that should actually don't do anything, as ntop is only a "probe" between lans/wan.

Nice Projector

ntop or ntop-ng

/Bingo

Modesty

@bingo600 said in AP isolation - what have i done, how to fix it....?:

@Modesty said in AP isolation - what have i done, how to fix it....?:

Thanks a lot for your effort, it suddenly worked....

I switched of ntop, thats all. And that should actually don't do anything, as ntop is only a "probe" between lans/wan.

Nice Projector

ntop or ntop-ng

/Bingo

Thumbs up click dont work. I give you all 10 points.

I dont like big black tvs in my home, so i have screen coming down.

bingo600

@Modesty

Did you remove ntop or ntop-ng , to get it to work ?

Modesty

@bingo600 i did not remove, I stoped service ntopng.

On Monday I will try to enable ntopng again, weekend we watch a bit tv, and i will not run around and fix things.