Everything used to be on INTERNAL_LAN (purposely all set with static IP’s) and I had a recently set up another VLAN named IOT. Then I took the follwing actions:
A. Moved most of the IOT devices onto the separate IOT vlan. I kept all IP’s static when moving them over.
B. Added a firewall completely blocking the IOT from the INTERNAL_LAN btoth directions for any and all types of traffic.
C. I placed the relevant devices into IP “groups” that my router uses for firewall purposes
D. I then allowed traffic between the appropriate groups only with a rule that supercedes the rule mentioned in “B”.
For Wifi I have three SSD’s:
LUDS (LUDS vlan)
IOT2.4 (2.4 Ghz only) (IOT VLAN)
LUDS-GUEST
Guests are unable to cast to my chromecasts, and for that reason I left them on LUDS because if the Chromecasts were on IOT then I am assuming those people on LUDS AND GUEST would not be able to cast to thenm. How do I allow that - I mean, what protocols/kind of traffic needs to be opened up for that to happen?
Also, I do have a google nest hub (IOT2.4 SSID, IOT VLAN) which I am only using for casting from HA which is on LUDS (it is included in the static IP’s that are allowed to talk to the other specific devices on LUDS). I have an automation that when the hub becomes available (it is powered off sometimes) then lovelace is casted to it. That automation is no longer triggered. From Chroms on a PC on LUDS I sometimes try to cast to the google nest hub but it is not available. When I cut the power to the Google nest Hub and plug it back in again, then I am able to see it to cast to it.
What am I doing wrong with firewall rules here? upnp, mDNS it turned on acxross all VLANS for discovery…
Thoughts (my networking expertise is all self-taught by years of trying things the hard way so I know enough to be dangerous but am not a networking expert my any means)?