SONOS and Google home mini in different VLAN ( PfSense + Unifi AC-PRO )

luckyzor

Hello,

I want to have access to my Sonos and Google home mini from my LAN wifi and they are in IoT_Vlan.
I've already installed Avahi but it doesn't work.

Avahi settings: (you can't see but LAN is selected too)

Rules for IOTLAN

Can you please help me?

stephenw10

I assume you have pass rules on LAN to those devices? You can ping them by IP directly?

You should read this thread about Sonos across subnets:
https://forum.netgate.com/topic/139218/sonos-speakers-and-applications-on-different-subnets-vlan-s

Anything that relies entirely on auto-discovery is going to have problems across subnets. Quite why developers feel to need to do that without allowing direct access by IP eludes me...

Steve

luckyzor

Yes I can ping the IoT device, but can't use the SONOS app or even make the Home Assistant "find" the SONOS.

If I put the google home mini and the SONOS in my main network, there are anything I can do to protect my other servers (NAS, other VM's) from this IoT devices?

I've already checked that thread but its so confusing :O

thank you for your help

stephenw10

Not easily if they're in the same subnet.

The safest thing to do is probably to have a different SSID this is in the IoT subnet and just connect to that when you want to control them.

A different approach here might be to bridge the LAN and IoT network segments, so they are in the same subnet, but filter traffic across the bridge to prevent IoT devices reaching the LAN clients directly.

It should be possible using Avahi and/or IGMP proxy to allow the devices to be discovered but they are not really intended to be operated like that and results can be.... variable!

Steve

luckyzor

The other solution is to put everything related to IoT and Smartphones in the same VLAN.

For this I need to put my VM-Home_Assistant in that VLAN and there is where I'm stuck.

Can you help me with that?

This is what I have:

This is what I want, if possible:

I don't know how to give the VLAN 5 (5.0/24) to the VM-Home Assistant.

I have a Virtual switch in the host virt-manager with 6 NICS. One is the WAN, other is the LAN. How can I configure a network port to work with the same subnet of the VLAN5?

I tried to add a new interface in PfSense with the same VLAN5 subnet, but got an error.

Is this possible?

Thank you for your help

johnpoz

@luckyzor said in SONOS and Google home mini in different VLAN ( PfSense + Unifi AC-PRO ):

host virt-manager with 6 NICS.

What are you using for your VM hypervisor? esxi? hyper-v, proxmox? virtualbox? vm on synology? what?

And what switch do you have all this stuff plugged into?

stephenw10

Yes, I would expect you to be able to do this using the switches and virtual switches at your disposal.

You can't add a subnet to more that one interface as your found. You would have to bridge the two VLAN interfaces but you don't want to do that if you can possibly avoid it!

Steve

luckyzor

@johnpoz said in SONOS and Google home mini in different VLAN ( PfSense + Unifi AC-PRO ):

@luckyzor said in SONOS and Google home mini in different VLAN ( PfSense + Unifi AC-PRO ):

host virt-manager with 6 NICS.

What are you using for your VM hypervisor? esxi? hyper-v, proxmox? virtualbox? vm on synology? what?

And what switch do you have all this stuff plugged into?

I'm using CentOS 7 + QEMU/KVM - virt-manager
They call Virtual Switch but is simply bridge connections from the host to virt-manager and they are added to the VM-PfSense:

I only have a non-manageable switch connected to the LAN network of my Server, Only have the Ubquiti AP who manages VLAN for wifi.

Maybe the solution is, VM-PfSense/LAN NIC - Manageable Switch - VLAN5 to port 2 for example - IOT NIC/VM-HomeAssistant

or there are any solution without a physical manageable switch?

johnpoz

@luckyzor said in SONOS and Google home mini in different VLAN ( PfSense + Unifi AC-PRO ):

there are any solution without a physical manageable switch?

Not any good ones - you could bridge interfaces as mentioned already... But you really should avoid that at all costs.. A smart switch that can do vlans is only around $40 USD.. Would be 8 port gig.. This would give you almost infinite flexibility in putting different devices or vswitches on different vlans.

You for sure could find higher end switches with higher port density say off ebay or something.. But 8 port should give you what you need for sure.