JollyWalter wrote: Tue Sep 23, 2025 4:58 pm
...
I rechecked and turns out the tuners are found when the fire stick is on the main WiFi network, but doesn't work on the IoT WiFi network which is what I have the TVs on.
Is it possible to have my hardwired HDHomeRun device on the 'default' network and somehow make it visible to the IoT network as well as the main WiFi network using some clever network configuration?
That way I can use HDHomeRun on my TVs (on the IoT WiFi) and also on my other devices (on the main WiFI).
It's possible - but then you have to think why are you running VLANs anyway?
The problem is two fold - although depending on how you created your VLANs the second may not be an issue.
The first is the broadcast we mentioned. If you have a subnet of 10.1.1.0/24 then the broadcast for that will be 10.1.1.255 - you need to confirm for
your network.
You need the relay to take that broadcast packet from VLAN A and rebroadcast it on VLAN B - and vice versa the broadcast from VLAN B needs to be relayed to VLAN A.
BUT if you just do the broadcast address then all broadcasts from BOTH networks go across both Network.
Definitely consider if possible to limit to the HDhomerun discover port of 65001 or limit the broadcast source IPs to the tuner and player (again - both sides needed in this case)
Depending on network configurations you may also have to dig down into switch ACLs to not prevent a broadcast from an address not part of the subnet from being blocked downstream.
A google should find methods to do this - there are relays, bridges, proxies depending on network/need.
The second issue is when your player and tuner need to communicate.
They need to have a means to route traffic from one subnet to another. So now you need to permit VLANs to communicate at a min to the IP addresses of both ends - so in your router you will need to set some static IPs for them and then create ACL holes for their data to go over.
Although some routers (looking at you TPLink) by default just let all VLANs communicate with each other anyway which means no ACL is needed.
The downside here of course is that you could have your tuner and your player on the same switch.. but now packets MUST go all the way to the router and the router sends them all the way back again. Can be problematic if you have other bandwidth suckers, or sensitive gear along the network path.
Is not too complicated to setup - but requires patience and time.
I used to use VLANs - but something about creating unmonitored holes makes me cringe
Instead added MAC addresses of IOT devices to a pool and prevented them from doing external DNS and only get a handful of addresses allowed from my DNS server, as well as limiting bandwidth for the pool - i.e. I don't care if device X wants to contact device Ys cloud service. If a device is noisy I push an ACL to the switch to limit that specific device.
Of course I could be talking nonsense as I'm a complete layman when it comes to networking.
So if someone replies and says it's possible then I might need an expert to configure it for me.
If it cannot be done then I'll just keep the Fire Stick on the main WiFi network. That will bother me although I suppose it shouldn't.
If it won't bother you - then why have VLANs at all?
If it's to limit internet access from the device - you have tools in your arsenal to limit a specific devices' capabilities via the UniFi system (remove DNS/DNSSec ports, limit download and upload, etc.)
If it's to prevent the device from accessing sensitive devices - again, this can be achieved through other means - e.g. an L2 ACL on the switch your NAS is connected to in order to prevent packets with a source of the device mac. fwiw - I have this on mine.. the switch ONLY allows my players MAC address access to the NAS on port 59090 where I have the DVR service (also ports for any other service like Plex).
Takes a little more config - but more secure and less painful when the things go wrong (which always happens).
