yes, well i blocked access from my iot vlan to my main vlan. in order to have everything work perfectly, i understand that i would need to sacrifice some security. anyway, someone PMed me with the secret to opening up expert mode which i did. .this unlocked the option to specify rules based on source port.

i was able to finish setting up rules as specified here:

like i said, i also have avahi set up as an mdns reflector on my network.

Now my networks are still for the most part separate, but I am able to stream audio for private listening from my roku to the app and the chromecast groups are showing up when i try to cast something.