@ww wrote:
i think this has never worked. unless you proxy your mDNS packets to the other vlan. maybe @Uberseehandel knows. ?
I think it can be made to work, but it may take more time than justified.
However, what I did was split the network into two. So there are now dual stacks with separate APs on each network. The MX uplinks to a WAN port on another brand security gateway that also has its own switches and APs.
So all the IoT, speakers, smart house kit, playout centre, Chromecast players, multicast devices, smart monitors, Audio and Visual processors and Guest network are on the naughty step and the trusted devices are behind the MX attached to an MS.
Secure devices are only connected to insecure devices using HDMI, not Ethernet. Secure phones/tablets that need to initiate Chromecast streaming for an ephemeral link to the Chromecast VLAN and as soon as the Chromecast capable device starts playing, the link is broken. This all works quite transparently. But my electricity bill has gone up noticeably.
I am very cautious about Bluetooth, but that is another story.