SONOS Best current solution for cross VLANS setup ?
-
@CharlesT those would use multicast - so you should be able to just use
https://docs.netgate.com/pfsense/en/latest/services/igmp-proxy.html#igmp-proxy
While I didn't do a deep dive into these instructions a quick google found - they seem to be correct from quite breeze over
https://www.packetmischief.ca/2021/08/04/operating-sonos-speakers-in-a-multi-vlan-network/
-
I don't have any to test but I've seen more users see success using PIMD for Sonos between subnets.
Of course we only ever see reports from people who see issues.
-
@stephenw10 said in SONOS Best current solution for cross VLANS setup ?:
Of course we only ever see reports from people who see issues.
So freaking true -- people rarely stop in and say oh wow this was great, did xyz and worked like a dream..
But we do get a people that don't read blog posts or release notes complaining about kea ;) hehehe
What always annoys me is why do these companies not make it so you can just put in the IP of said device.. I mean ok I get it, use some discovery for grandma running the wifi router she got from the isp and just wants stuff to plug in and work.. But those sonos things are not freaking cheap - I have to believe some of their user base are more network savy and have segmented, etc.. How about if can't find speaker just let the user put in the IP of the speaker that sits on another vlan..
-
There's this thread by @Qinn .
Hopefully they can confirm the current state of how to get it t work.
Also this article.
-
@stephenw10 @johnpoz
Could you help clear something up for me?
When creating IGMP proxies, would the IOT network that has the speakers on it be Upstream or Downstream for type?I would intuitively selected downstream, but I see conflicting info about this too online.
Thanks!
-
I would expect the speakers to be downstream and the server to be upstream. But I don't have any to test.
-
@stephenw10 I would concur the controller or your client looking for something would be upstream and he would be looking for the speaker which would be downstream..
-
@johnpoz @stephenw10 that's what I thought, but pfSense has the following notice. If there can be only one upstream interface but you can have multiple downstream interfaces that would mean that you can only connect to the IOT network from a single interface which makes little sense.
What if I want to connect to the IOT network (to the speakers) from other networks? -
@CharlesT well then you would have a problem it would seem.. But why would this be the case..
Your upstream would be your main network.. where your personal devices are.. Why would you want/need to connect from yet another network?
If you have some other device that is not on your "main" network and want to do something with your speakers, just connect to the network the speakers on..
I am not a fan of breaking L2 anyway.. My printer is on my normal wifi trusted network where devices use eap-tls to auth - so my wifes phone and tablet can find it easy with stupid airprint..
My pc is on different network, but I can just point to the IP of the printer and print to it, no need for idiot airprint..
I can not see ever having anything that would need to print on say my guest wifi network.
If you want your devices to be discoverable from all your networks - simple solution, just use single flat network and don't segment.. Or use devices that don't limit you to discovery nonsense to use them.
If you have some device that you don't want to connect to your main network that wants to discover the sonos - connect it to your sonos network. I mean it takes like what .2 seconds to switch a phone or tablet to a different ssid.
-
@johnpoz said in SONOS Best current solution for cross VLANS setup ?:
My printer is on my normal wifi trusted network where devices use eap-tls to auth - so my wifes phone and tablet can find it easy with stupid airprint..
Are you not worried that these IOT devices could pose a security risk to your more important devices ? For example, I have a pet feeder on my network that I have no way to isolate unless it's on a different VLAN than my other devices since the firewall rules only apply once traffic hits the firewall (as I recently learned :| ).
I have no idea how secure or insecure these Sonos speakers are. My guess is that they are likely fine and I could have them on my main network. But then I read security experts saying even their iPhone should be considered a risky IOT device.
-
@CharlesT my printer is not on my iot devices network, its on my trusted wifi network with a wire.. The only other devices on that network are my personal wifi devices, my phone, my wife phone, our ipad, chromebook, android tablet, etc. All of these devices auth with eap-tls.. This is why its my trusted wifi network. I allow some traffic from this trusted wifi into my main network where nas is, etc. So I can save files to nas from my phone, etc. But that is locked down to my phones IP - my wifes phone can't do that, etc..
My other devices are on their own segments. I have psk network for stuff typical iot devices, thermostat, alexas, wifi light bulbs - I have a roku vlan where my dvr, and tvs and roku sticks are on, etc.
So no I am not worried..
My trusted network were printer and phones are, etc. is not my main network where my PC and NAS are, etc. Nor is any of the other iot stuff is.. My work laptop is on a guest vlan so also isolated from everything and it normally on work vpn connection anyway.
-
@johnpoz Ok thanks. I got it all to work.
Here's a detailed post with the steps for anyone with the same issue. -
@CharlesT so the speakers on the iot are the upstream.. But the speakers are not found via multicast they are found via mdns..
Well that works out for you then I would think you can talk to your speakers from multiple networks.