Dedicated SSID(s) with that/those SSID configured as a guest network goes pretty far. I happen to use Ubiquiti gear, but most any router is likely capable of creating a dedicated guest SSID (or multiple). That covers wireless devices (which is all the IoT stuff that I have).

The one aggravation I had was trying to get the Chromecasts to work correctly (where I wanted to be able to cast from a machine on the main LAN to a Chromecast on the Google IoT SSID). I would periodically get it working and then it would periodically break. I'm not even sure that it's working right now to be honest, mostly because a lot of the need for that use case (video playback) has shifted to FireTV sticks.

> I would periodically get it working and then it would periodically break.

wait a second... it worked sometimes? without doing any routing trickery or something?

If you did some trickery maybe the devices sometimes chose to speak ipv6 but could not?

Oh no, I was trying different bits of routing trickery. I'm pretty sure if I sat down and gave it a solid 3 hours straight of methodical effort, that I'd have figured it out once and for all. Instead, I would have 5-10 minutes total per attempt, try something, see if it worked or didn't, then the next time I tried the Chromecast (possibly weeks later), it wouldn't always be repeatable. I also had the Casts being powered off the TV, so they got hard shutdown and cold-booted pretty often.

In short, I never really cared enough to get it working right as the FireTV was "winning" the convenience battle by enough to make it not matter most of the time and I always had an HDMI cable for the times when I really had to get a screen "sharing" to work.

Did you block Google's DNS IPs? That will break Chromecast in strange ways.

Maybe someday I'll write a rewrite rule to pass google DNS through my PiHole...maybe.

All of this hardcoded DNS server BS in iot devices is a pain.

A warning from someone who did exactly this:

https://news.ycombinator.com/item?id=27214320

TL;DR I tried to force Chromecast (and everything else) to use Pihole as DNS and misbehaving devices (like Chromecast) hammered my pihole into oblivion. I'm talking tens of thousands of requests in a very short amount of time which caused my RPI4 to stop responding to DNS requests (dashboard was still working though). See linked comment thread for details but suffice to say 4 virtual machines with pihole behind two load balancers still saw some downtime. OPNsense gateway is a much better (and safer!) fix IMO :)

You need an mDNS repeater. With that and the appropriate ports opened in the firewall I have cross VLAN casting working perfectly reliably.

OpnSense is the firewall.

that's what i thought too. or somehow having to to relay specific broadcasts or similar ways to make the discovery work. this is why i had the impression it could be related to some routing trickery that might had worked for ipv4 but not for ipv6 and the discovery process could make it appear as they are on the same network segment while link-local ipv6 is available when in fact its not...

Thanks! I’ll try that next time I get an hour or so to mess with it.

i have my chromecasts and computers on two different vlans and works just fine, but there are a few things you need to do, ensure MDNS works between then and open up a half dozen or so ports.

Do you happen to have a list of the ports you had to open?

no but i can sure get it :)

5556,5557,5558,8010 + MDNS is how i got VLC & videostream to cast across vlans with ubiquiti, of course now i've setup an emby server now so don't bother anymore but i doubt its changed in the last year.

You can place them in a separate VLAN for starters, and block traffic between anything other than the internet.