Skip to main content

Cross-VLAN Media Casting (TP-Link Omada SDN)

Target Hardware: TP-Link Omada Gateways (ER8411, ER707-M2, etc.)
Controller: Omada Software/Hardware Controller (OC300/OC200)

1. Defining Custom Bonjour Services

By default, the Omada SDN does not include pre-defined entries for several modern streaming protocols. You must manually add these before they can be used in an mDNS rule.

  1. Navigate to Settings > Services > Bonjour Service.
  2. Click + Create New Bonjour Service for each of the following:
Service Name Service Type Protocol
Spotify Connect _spotify-connect._tcp.local TCP
Google Cast _googlecast._tcp.local TCP
Apple Music / AirPlay _airplay._tcp.local TCP
Apple Music (RAOP) _raop._tcp.local TCP

2. Enabling the mDNS Forwarder

The mDNS (Multicast DNS) service allows discovery traffic to "jump" between isolated VLANs.

  1. Go to Settings > Services > mDNS.
  2. Click Create New Rule.
  3. Rule Name: Cross_VLAN_Discovery
  4. Device Type: Select Gateway.
  5. Bonjour Service: Select the custom services created in Step 1 (Spotify, Google Cast, AirPlay, RAOP).
  6. Services Network: Select the VLAN where the Speakers/TVs live (e.g., Media Network).
  7. Client Network: Select the VLAN where your Phones/Tablets live (e.g., Main Network).
  8. Click Apply.

3. Configuring the Gateway ACL (Stateful Connection)

The ER8411 is a stateful gateway, meaning it remembers which connections you started. You only need to permit traffic from the trusted network to the media network.

  1. Navigate to Settings > Network Security > ACL > Gateway ACL.
  2. Click Create New Rule:
    • Description: Permit_Main_to_Media_Casting
    • Direction: LAN -> LAN
    • Policy: Permit
    • Protocols: All
    • Source: Network -> Main Network
    • Destination: Network -> Media Network
  3. Important: Ensure this rule is positioned above any "Block IoT to Main" or "Deny All" rules in the list.

4. Troubleshooting

IGMP Snooping

If devices still do not appear, ensure IGMP Snooping is enabled on your switches for the involved VLANs:

Settings > Wired Networks > LAN > [Edit VLAN] > IGMP Snooping

Connection Stability

If the stream drops after a few seconds, verify that no "Block Media to Main" ACL is interfering with the return handshake. On stateful gateways like the ER8411, the rule in Step 3 is typically sufficient.

Config applied: Cross-VLAN mDNS & Gateway ACL
Status: Active
Environment: TP-Link Omada SDN

No comments to display

Back to top