We just got a Chromecast so my wife can watch Netflix kind of decently (we'd watch it through Kodi and libinputstream, but the UI is still quite different to the Netflix one which is more intuitive). The Chromecast being Google stuff, I'd like to shield it from the rest of the network. It really only needs a way to the internet (it's an Ultra, which has a network jack in the power adapter, so it's wired into the network), and a way to talk to the smartphone(s) for casting. It has no other business on the network.
What's the most elegant way to shield the LAN from the Chromecast? I was thinking a separate VLAN, but the smartphones are still in the LAN network, so then I guess I'd need to filter on IP. What's the best way to go about this?
Do the Smartphones have to be in your LAN? Could you not just put them together with the chromecast in a separate VLAN?
I need my smartphone to talk to the stuff on my LAN, so no, that would not be a solution. Will check the smcroute thing @trendy linked to.
Simply said, you can't.
Chromecast relies on mDNS to establish communication between the sender (smartphone) and receiver (Chromecast dongle). mDNS repeater, while it can work on OpenWrt, in my experience is not too reliable, and segregating the cast dongle to its own VLAN will render it unusable. In layman's terms, your devices won't see it as an available receiver.
What you could do is create a VLAN + WiFi AP, and use that exclusively for Cast purposes. But then you run into the issue of people having to connect to a different WiFi every time they want to cast.
Unfortunately it's kind of unavoidable to have Google not listen to your stuff when you're using their products. It's annoying that they're capitalising the cast ecosystem so much (you can't have third party receivers easily, and most of the Cast dongles are almost completely closed source), but it's their prerogative as it is their own software.