I have an interesting use case that I just cant get my head around.
We have a customer that wants to have chromecast ability in each room, but also ensuring that each room can only cast to the room the client is connected to.
So the setup is at the ICT Room we have 3x MS410-16 stacked switches to multiple buildings and rooms.
There are 9 Villas and 2 Rooms per Villa. Each Room has Fiber Optic cable back to the ICT Room full Star Topology.
Each room has MS225-24 (due to many UTP requirements as well as SFP requirements), also an MR33.
So the requirement for Roaming is clear, they want seamless roaming without loss of connectivity across the premises, therefore I have a single guest VLAN which I bridge to a Guest SSID.
Now comes the challenge of how do I let a Guest be one one VLAN and only see their room Chromecast when they are in their room.
The first thing that was on the cards was Port Isolation on the MS410 switches, but this does wont work across stacked switches so that option is out. Then I thought of looking into the access control on the SSID and trying to isolate Layer 2 traffic or deny LAN traffic thinking that only AP Clients will be able to get to AP Clients. Tested and when I enable Layer 2 traffic isolation or deny Layer 3 lan traffic I lose comms to even my local clients on same AP. So would something like Bonjour forwarding work for this use case, the problem still is how to isolate the various rooms from each other. Another option might be to have an ACL deny traffic on the MS410 switches, but then I would have to split the network on the cloud since the ACL's is network wide not switch specific which also does not seem ideal.
A perfect example of what I need is something like Private VLAN's.
Not quite sure how to meet both requirements of Roaming as well as Chromecast room isolation.
Anyone has some advise?