# Cross-VLAN Media Casting (TP-Link Omada SDN)

**Target Hardware:** TP-Link Omada Gateways (ER8411, ER707-M2, etc.)  
**Controller:** Omada Software/Hardware Controller (OC300/OC200)

---

## 1. Defining Custom Bonjour Services

By default, the Omada SDN does not include pre-defined entries for several modern streaming protocols. You must manually add these before they can be used in an mDNS rule.

1. Navigate to **Settings > Services > Bonjour Service**.
2. Click **+ Create New Bonjour Service** for each of the following:

<table id="bkmrk-service-name-service" style="width: 100%; border-collapse: collapse; border: 1px solid #ccc;"><thead><tr style="background-color: #f2f2f2;"><th style="padding: 10px; border: 1px solid #ccc; text-align: left;">Service Name</th><th style="padding: 10px; border: 1px solid #ccc; text-align: left;">Service Type</th><th style="padding: 10px; border: 1px solid #ccc; text-align: left;">Protocol</th></tr></thead><tbody><tr><td style="padding: 10px; border: 1px solid #ccc;">**Spotify Connect**</td><td style="padding: 10px; border: 1px solid #ccc;">`_spotify-connect._tcp.local`</td><td style="padding: 10px; border: 1px solid #ccc;">TCP</td></tr><tr><td style="padding: 10px; border: 1px solid #ccc;">**Google Cast**</td><td style="padding: 10px; border: 1px solid #ccc;">`_googlecast._tcp.local`</td><td style="padding: 10px; border: 1px solid #ccc;">TCP</td></tr><tr><td style="padding: 10px; border: 1px solid #ccc;">**Apple Music / AirPlay**</td><td style="padding: 10px; border: 1px solid #ccc;">`_airplay._tcp.local`</td><td style="padding: 10px; border: 1px solid #ccc;">TCP</td></tr><tr><td style="padding: 10px; border: 1px solid #ccc;">**Apple Music (RAOP)**</td><td style="padding: 10px; border: 1px solid #ccc;">`_raop._tcp.local`</td><td style="padding: 10px; border: 1px solid #ccc;">TCP</td></tr></tbody></table>

---

## 2. Enabling the mDNS Forwarder

The mDNS (Multicast DNS) service allows discovery traffic to "jump" between isolated VLANs.

1. Go to **Settings &gt; Services &gt; mDNS**.
2. Click **Create New Rule**.
3. **Rule Name:** `Cross_VLAN_Discovery`
4. **Device Type:** Select **Gateway**.
5. **Bonjour Service:** Select the custom services created in Step 1 (Spotify, Google Cast, AirPlay, RAOP).
6. **Services Network:** Select the VLAN where the **Speakers/TVs** live (e.g., Media Network).
7. **Client Network:** Select the VLAN where your **Phones/Tablets** live (e.g., Main Network).
8. Click **Apply**.

---

## 3. Configuring the Gateway ACL (Stateful Connection)

The **ER8411** is a stateful gateway, meaning it remembers which connections you started. You only need to permit traffic from the trusted network to the media network.

1. Navigate to **Settings &gt; Network Security &gt; ACL &gt; Gateway ACL**.
2. Click **Create New Rule**: 
    - **Description:** `Permit_Main_to_Media_Casting`
    - **Direction:** LAN -&gt; LAN
    - **Policy:** Permit
    - **Protocols:** All
    - **Source:** Network -&gt; **Main Network**
    - **Destination:** Network -&gt; **Media Network**
3. **Important:** Ensure this rule is positioned **above** any "Block IoT to Main" or "Deny All" rules in the list.

---

## 4. Troubleshooting

### IGMP Snooping

If devices still do not appear, ensure **IGMP Snooping** is enabled on your switches for the involved VLANs:

`Settings > Wired Networks > LAN > [Edit VLAN] > IGMP Snooping`

### Connection Stability

If the stream drops after a few seconds, verify that no "Block Media to Main" ACL is interfering with the return handshake. On stateful gateways like the ER8411, the rule in Step 3 is typically sufficient.

---

```
Config applied: Cross-VLAN mDNS & Gateway ACL
Status: Active
Environment: TP-Link Omada SDN
```