Community discussions

MikroTik App
 
homerouter
Frequent Visitor
Frequent Visitor
Topic Author
Posts: 69
Joined: Sun Dec 26, 2021 12:52 pm
Location: DK

Anyone have VLAN and Chromecast working?

Tue Jul 12, 2022 9:10 am

Chromecast and VLAN (yes one more time)

Mobile-phone are at VLAN_x, and Chromecast at VLAN_y. The problem is, Mobile-phone can't stream...

I have Sonos working nice, and my Chromecast is connected like Sonos.

->Anyone have VLAN and Chromecast working with MT router?
 
User avatar
mkx
Forum Guru
Forum Guru
Posts: 12979
Joined: Thu Mar 03, 2016 10:23 pm

Re: Anyone have VLAN and Chromecast working?

Tue Jul 12, 2022 9:28 am

The problem is not about VLANs, it's about multicast/broadcast over multiple ethernet segments. Have a look at mDNS ... what it's all about. Currently, Mikrotik doesn't support mDNS repeater. In ROS v7, with support for docker containers, it's possible to run a container with mDNS repeater to make things work nicely.
 
User avatar
bpwl
Forum Guru
Forum Guru
Posts: 3123
Joined: Mon Apr 08, 2019 1:16 am

Re: Anyone have VLAN and Chromecast working?

Tue Jul 12, 2022 9:30 am

Seems like you are in the "mDNS reflector" discussion area, to have discovery when devices are in separate L2 networks.

(@mkx ... faster again)
 
holvoetn
Forum Guru
Forum Guru
Posts: 6753
Joined: Tue Apr 13, 2021 2:14 am
Location: Belgium

Re: Anyone have VLAN and Chromecast working?

Tue Jul 12, 2022 10:19 am

To give a positive message: within same VLAN, it works :lol:
So maybe rethink your VLAN setup ?
 
homerouter
Frequent Visitor
Frequent Visitor
Topic Author
Posts: 69
Joined: Sun Dec 26, 2021 12:52 pm
Location: DK

Re: Anyone have VLAN and Chromecast working?

Tue Jul 12, 2022 12:21 pm

I tested IGMP it work for Sonos, but not for Chromecast. So as many all ready have written, it's all about mDNS...

@holvoetn, for me too:-)

It was because of remove 6 mobile phone from the more secure VLAN i moved them, most important it work:-) for now they are moved back again.
 
pe1chl
Forum Guru
Forum Guru
Posts: 10529
Joined: Mon Jun 08, 2015 12:09 pm

Re: Anyone have VLAN and Chromecast working?

Tue Jul 12, 2022 12:28 pm

Move your chromecast to the "less secure" VLAN as well, that is where it belongs.
I have a separate VLAN for this kind of equipment, separate from LAN and Guest network.
When everything is on the same L2 network (VLAN) it works fine.
 
holvoetn
Forum Guru
Forum Guru
Posts: 6753
Joined: Tue Apr 13, 2021 2:14 am
Location: Belgium

Re: Anyone have VLAN and Chromecast working?

Tue Jul 12, 2022 12:30 pm

Move your chromecast to the "less secure" VLAN as well, that is where it belongs.
I have a separate VLAN for this kind of equipment, separate from LAN and Guest network.
When everything is on the same L2 network (VLAN) it works fine.
I was typing something similar but you beat me to it.
Wifi, chromecast and everything connecting to it, belongs together.
In an untrusted area.
 
Kaldek
Member Candidate
Member Candidate
Posts: 113
Joined: Sat Jul 11, 2015 2:40 pm

Re: Anyone have VLAN and Chromecast working?

Thu Jul 14, 2022 7:13 am

This is easy.

1. Put your Chromecasts in a different VLAN
2. Set the Firewall so that your computers can connect to the Chromecast VLAN, but not in reverse
3. Also set the Firewall so that the Chromecast VLAN can reach the Internet (set up DHCP, all that stuff)
3. Install Avahi daemon on a Raspberry Pi or similar and have it sit in both VLANs
4. Configure the mDNS reflector settings in Avahi

Job done. Note that if you don't perform step 2, there's zero benefit to having these devices in a different VLAN.

I have this working perfectly in my home network. I am happy to edit this post and add the Mikrotik config settings and the Avahi daemon config.

avahi-daemon.conf values you need in the file:
[reflector]
enable-reflector=yes
For raspbian, I configure the Raspberry Pi ethernet interface with an additional tagged VLAN (eth0.10 in my case), and on the Mikrotik gear I have that switch port set up to be part of VLAN 1 and VLAN 10.
 
mag1024
just joined
Posts: 8
Joined: Fri May 28, 2021 11:11 pm

Re: Anyone have VLAN and Chromecast working?

Wed Oct 19, 2022 5:56 am

With recent advancements in Mikrotik containers, it is now possible (with some elbow grease) to run a repeater on the router itself.
Check out TheMickeyMike/docker-mdns-repeater-mikrotik, or my waiting-to-be-merged fork with some updates and even a pre-built container at mag1024/mikrotik-docker-mdns-repeater.

Edit: now with multiarch pre-built images on Dockerhub for easier installation.
 
walden
just joined
Posts: 2
Joined: Tue Dec 06, 2022 4:23 am

Re: Anyone have VLAN and Chromecast working?

Tue Dec 06, 2022 4:37 am

I don't own a MikroTik yet, just been trying to figure everything out while waiting on my pre-order. So my example is using an Edgerouter, but should be the same no matter what.

I have my Chromecast devices on a VLAN separate from my phones/computers. That VLAN cannot see my phones/computers, but my phones/computers can see the Chromecasts. The Chromecast VLAN has access to the WAN.

Edgerouter has it's own mDNS repeater which is simple to enable, but I disabled it for this experiment to see if my current network design will work with a tik.

I have an always-on Proxmox server so I figured I would use that as my mDNS repeater.
apt install avahi-utils
service avahi-daemon status
On my Android phone, I opened an app to cast and didn't see my devices. Whenever that happens, usually opening the Google Home app refreshes everything. I did that and then everything showed up and I'm able to cast across VLANs.

No other config was needed with Avahi. It just worked.

Edit: Now I have a MikroTik router, and the same configuration is not working. Devices show up in the "cast" list, but the connection always fails so I can't actually cast anything. I've tried all sorts of firewall rules to allow connections between various things, but maybe I'm missing something.
 
slackspace
just joined
Posts: 2
Joined: Wed Jan 04, 2023 10:59 am

Re: Anyone have VLAN and Chromecast working?

Sat Jan 07, 2023 1:53 pm

Hi,

I got my first mikrotik last week and been preparing it for the house we'll get access to next week. I also installed proxmox last night on an old miniPC I had laying around specifically to solve this problem. So newbie mikrotik, newbie proxmox. That said..I have this mostly working.

I have avahi running on an LXC container(alpine base) ontop of proxmox.

How i'd triage this myself..(Assuming you don't have things locked down with filters)

Start avahi daemon manually what is the output? You should see the respective vlans/subnets during startup. If you do not, probably something wrong in proxmox/mikrotik or both. Share this output if unsure.
If using DHCP, does avahai have a lease in each vlan? (/ip/dhcp-server/lease/print)
What is output of 'ip addr', do you see an IP for each vlan you expect? Either from DHCP or static?
Can you reach the respective IP in each respective vlan?
Add logging to any 'drop' rules on your FW filter and test. Are you getting drops from the non IOT vlan towards it? or vice versa?


Bit detail on my setup..

WAN->CCR2004 -> Ether7(wired) -> MiniPC(proxmux) -> LXC Alpine+Avahi installed
On the CCR Ether7 is in a bridge with all other non-wan ports. Including two ports for Wireless APs where the google casts devices live.
General, Guest, and IOT Vlans available on Wifi. Services Vlan only on wired.
Under bridge, vlans in the CCR. Ether7 is part tagged for the respective vLans.
On proxmox I created by vmbr.XX for the respected vLans, with only gateway being set on the services vlan. No IP or GW on vmbr.
In proxmox these interfaces are 'Vlan Aware'.
On the container network, I added the additional interfaces and populated the vlan ID for the vlans which needed to see the devices.
Avahi itself I only enabled the reflector, the rest is stock. The container itself shows the interfaces+IPs on the respective vlans I need mDns present.

What works vs not
I see all the devices (Chromecast, google audio cast, google homes, etc.)
I do not see any of the 'rooms' I have configured. (Kitchen, Living room, etc). I am currently triaging this which led me to this thread. I saw you recently posted and thought i'd try to help you atleast achieve the 1st one :)

Issues I had..
My proxmox is a single node on a single ethernet port. I needed this port to be tagged traffic. Default proxmox configures IP on the bridge itself without any vlans.
Adding the port which proxmox is connected as tagged for respective vlans would give me access to a container/allow the container to get a DHCP lease but i'd lose admin/node access to proxmox. Leaving the port untagged on a given vlan meant the container would not have access but I could reach proxmox node itself.
Fix is to create the respective vLans on the node itself then add the port to the respective vlans it needs access on. Both the proxmox node itself, and the container/VM you are running.
This all 'makes sense' network/mikrotik wise -- just highlighting the main 'hiccup' from plug'n'play I had.
This video does a good job on the proxmox side if you are unsure - https://www.youtube.com/watch?v=ljq6wlzn4qo&t=1407s
On the mikrotik side, you add your respective ports to the vlans under /interface/bridge/vlans. Adding/Removing ether7 below is what would cause my chicken/egg scenario with 'default' proxmox install to configure the vmbr itself with an IP.
 1   bridge=local vlan-ids=30 tagged=local,ether10,ether12,ether7 untagged="" current-tagged=local,ether10,ether7 current-untagged=ether4 

 2   bridge=local vlan-ids=40 tagged=local,ether10,ether12,ether7 untagged="" current-tagged=local,ether10,ether7 current-untagged="" 

 3   bridge=local vlan-ids=199 tagged=local,ether10,ether12,ether7 untagged="" current-tagged=local,ether10,ether7 current-untagged=ether6 
vlan 40 is 'guest'. Ether10/12 are APs, Ether7 is Proxmox
vlan 199 is 'iot' (where devices live).
Ether4 is direct to my desktop (access port) and therefore wired/untagged.
Ether6 is a TV box(Chromecast built in) and also wired/untagged.
 
slackspace
just joined
Posts: 2
Joined: Wed Jan 04, 2023 10:59 am

Re: Anyone have VLAN and Chromecast working?

Mon Jan 09, 2023 11:26 am

Just to add to this(Maybe for future googles).

I was unable to use Avahi to make both google cast devices and google cast device groups appear across vlans. Avahi, reflector enabled, reliably had the individual devices appear across vlans. But I was unable to show chromecast groups.

I did wireshark captures on my wired device when on same vlan, different, etc. I am not an expert at mDNS nor wireshark. I also used some mDNS tools on android to scan and see the groups. To be honest I couldn't figure out what was different or the problem.

I also tried adding additional firewall rules, even allow 'all' bidirectional.

I also added logging of rules to try and identify if any TCP/UDP traffic was needed.

Unfortunately the results were inconsistent. I'd sometimes see the groups on my wired(desktop), but not the phone. Or vice versa. Or the moment I had it 'working', i'd revert the FW rule or whatever I had done and it would not 'quit working'. Nor would it come back. Quite frustrating.

After fighting with avahi, firewalls, tcpdumps, etc I pivoted and tried https://github.com/TheMickeyMike/docker ... r-mikrotik which uses an older mDNS Repeater binary. Most folks do this on the router itself -- but I personally don't feel comfortable running containers on my router/firewall and bit confused why everyone else is doing it :)

Since using proxmox configured an LXC container to use the mDNS repeater binary by reading the Dockerfile in the above and replicating similar steps on an LXC. The end result is an LXC that at boot starts mDNS repeater with my multiple vLans passed as arguments.

This immediately showed both groups and devices across all vlans both wired and wireless ! ! ! Stopping the container immediately removes them. Starting it returns. It has been reliable and consistent.

I don't know enough about the difference between an mDNS reflector vs repeater -- googling you find folks intermixing the terms. So not sure if there is an actual difference that the binary above does vs avahi as a 'reflector'. Or if something else.

Honestly after getting it to work my interest in the 'why' has diminished :)
 
UpRunTech
Member Candidate
Member Candidate
Posts: 238
Joined: Fri Jul 27, 2012 12:11 pm

Re: Anyone have VLAN and Chromecast working?

Tue Feb 21, 2023 2:04 am

Have a look at my post on getting mDNS frames across VLANs and EoIP.

viewtopic.php?p=985190&hilit=mdns#p985190
 
User avatar
anav
Forum Guru
Forum Guru
Posts: 21893
Joined: Sun Feb 18, 2018 11:28 pm
Location: Nova Scotia, Canada
Contact:

Re: Anyone have VLAN and Chromecast working?

Tue Feb 21, 2023 6:02 pm

Off the top of my head these seem plausible and perhaps easier but feel free to shoot them down!!

Solution 1:
VLAN20 - streaming devices
VLAN30 - secure devices

WLAN1 - secure WIFI vlan30 ssid = secure
WLAN2 - streaming devices vlan20 = ssid = at_your_own_risk

++++++++++++++++++++++++++++++++++

OP on iphone/ipad/laptop wants to access streaming, select appropriate WIFI SSID
OP on wired connection, change ethernet cable from device to alternate port on desktop managed switch.

Solution 2: ADD all streaming devices full-time connected to a zerotier network ( large level 2 switch environment playground for multicast )

OP wants to look at streaming device, activates their individual device zerotier connection and connects to the LAYER 2 network. DONE!!
 
User avatar
rextended
Forum Guru
Forum Guru
Posts: 12554
Joined: Tue Feb 25, 2014 12:49 pm
Location: Italy
Contact:

Re: Anyone have VLAN and Chromecast working?

Tue Feb 21, 2023 6:08 pm

If you trust your phone OS, why do you not trust the OS on the Chromecast or Sonos?
The phone is more exposed, than the other two device, to security risk.

Entrusting such important things to a peripheral that is easily hacked (and losted, stoled, broked, etc.) makes no sense.

All devices can be hacked by producer or knowing bugs...
 
millenium7
Long time Member
Long time Member
Posts: 579
Joined: Wed Mar 16, 2016 6:12 am

Re: Anyone have VLAN and Chromecast working?

Fri Sep 15, 2023 1:43 am

Anyone have an update to this? Is it finally viable to be able to stream to chromecasts across separate networks/VLAN's natively in RouterOS 'without' the need to install docker containers? Main constraint there being this only works on ARM/CHR architecture and thus not devices like the HEX (mmips)

I deal with multicast so little that i've forgotten the concepts of multicast routing
I've been playing with IGMP proxy and having no success, am I missing something or does it simply not work as expected? (forward ALL multicast traffic to an upstream interface)
Can this be done with PIM?
Has mDNS been implemented recently?
 
UpRunTech
Member Candidate
Member Candidate
Posts: 238
Joined: Fri Jul 27, 2012 12:11 pm

Re: Anyone have VLAN and Chromecast working?

Tue Feb 13, 2024 11:06 pm

I think I solved the problem once and for all with MACVLANs. Read this thread, especially this post.

viewtopic.php?p=1056182#p1056182

Chromecasts use DIAL (as well as mDNS) so PIM-SM does seem to work for advertising their presence on other segments and networks. Airplay does not use DIAL - Apple just love Bonjour/mDNS for everything.

Who is online

Users browsing this forum: tornadoro and 19 guests