what ip firewall policy allows Chromecast

  • 1
  • Question
  • Updated 2 years ago
  • Answered
The chromecast device works great with all of the cheep WiFi devices but not the Aerohive Access Points. Can anybody give an example of a Aerohive Network IP Firewall Policy that works with the Chromecast device.
Photo of Fred

Fred

  • 3 Posts
  • 0 Reply Likes
  • disappointed

Posted 4 years ago

  • 1
Photo of Adam Conway

Adam Conway

  • 101 Posts
  • 55 Reply Likes
Hi Fred,
Chromecast should work fine on Aerohive APs if the Client is on the same subnet as chromecast.  Chromecast is multicast so it cannot cross subnet boundaries without a helper.  To get a helper for chromecast I would suggest looking to your router vendor as they often support multicast features to bridge the two subnets.  

For full disclosure, we do support Bonjour across subnets, but that is a special feature that required special development
Photo of Luke Harris

Luke Harris

  • 265 Posts
  • 18 Reply Likes
Has anymore light been shed on this issue? I'm currently having similar problems whereby an SSID with no IP firewall policy allows the Chromecasts to work (both casting device and chromecast are located on the same subnet). However when an IP firewall policy is configured (even a very basic one) the Chromecast ceases to function i.e. clients cannot see it and cannot connect.
Photo of Luke Harris

Luke Harris

  • 265 Posts
  • 18 Reply Likes
AP's and clients are on a 172.16.0.0 address range.
Photo of J. Goodnough

J. Goodnough, Champ

  • 266 Posts
  • 32 Reply Likes
I don't know what Application: Chromecast is, but you should make sure you are allowing SSDP
Photo of Luke Harris

Luke Harris

  • 265 Posts
  • 18 Reply Likes
Chromecast was a custom application I created to include some ports I had seen based on some packet capture.

Although it seems obvious it is also worth mentioning that by changing the default action from 'Deny' to 'Permit' allows the Chromecast to work.
(Edited)
Photo of J. Goodnough

J. Goodnough, Champ

  • 266 Posts
  • 32 Reply Likes
You need to make sure you're allowing UDP 1900 to 239.255.255.250; that's how Chromecast does discovery.
Photo of Luke Harris

Luke Harris

  • 265 Posts
  • 18 Reply Likes
The network service DIAL within that IP firewall policy specifies any source to any destintation on port UDP 1900 should be permitted. I don't see as I should need to specify the specific address in this case (although I have tried just to see).
(Edited)
Photo of Fred

Fred

  • 3 Posts
  • 0 Reply Likes
We are using 10.0.0.0 address's inside and we have set the UDP to allow 10 dots in the firewall.


[-any-]10.0.0.0/255.0.0.0Application Service: UDPPermitPermitDenyDrop traffic between stationsNATRedirectOff
Photo of Luke Harris

Luke Harris

  • 265 Posts
  • 18 Reply Likes
Fred - can you post an actual screenshot of this rule. I'm having a little bit of trouble interpreting it.
Photo of Luke Harris

Luke Harris

  • 265 Posts
  • 18 Reply Likes
Did this issue ever get resolved? I was hoping someone would provide a definitive answer regarding the configuration requirements of the firewall policy to allow Chromecasts to function properly. 
Photo of Dennis Topo Jr

Dennis Topo Jr

  • 8 Posts
  • 0 Reply Likes
Luke..did you ever get this sorted out.?I have the same need except I'm wanting to connect to chromecasts on different subnets.

Setup a bonjour gateway on an AP that is trunked to the vlans I want to "bridge". Still not able to see the CC device. My juniper switches are set up for multicast sparse mode. Not seeing the chromecast register with the RP. Chomecast uses SSDP, which is a defined service in Aerohive, for it's discovery. UDP 1900. So in your case, within the same subnet, you may want to allow that ssdp explicitly in your firewall rule

Anyway...was wondering what additional is needed on the Aerohive side to make this work BETWEEN subnets. 

Thanks...Dennis...