Can't get Sonos on VLAN to work for beans! Haaaaaalp! :)

Follow

Jeff Zacuto

• June 23, 2022 02:48
• Edited

I have tried EVERYTHING. Every combination of policies I can think of. Searched every forum I can think of. I can NOT make devices on my primary network work with my Sonos speakers on a VLAN. Here's the situation, maybe someone can help? 

I have a Firewalla Purple running in-line between my Google Fiber internet and my Unifi network. 

Networks set up on Firewalla

• Google Fiber (WAN) 
• Primary (192.168.1.1/24)
• Streaming Media VLAN 20 (192.168.20.1/24)
• Smarthome VLAN 30 (192.168.30.1/24) 

Networks set up on Unifi Network

• Primary (192.168.1.0/24) - Set as Corporate
• Streaming VLAN 20 (192.168.20.0/24) - Set as Corporate
• Smarthome VLAN 30 (192.168.30.0/24) - Set as VLAN Only

Wireless Networks:

• Primary (On Primary Network) 
• Streaming (On Streaming VLAN) 
• Smarthome (On Smarthome VLAN) 

What do I need to do to get devices on my Primary network (my computers, tablets, smartphones) to see the Sonos speakers/system on the Streaming VLAN? I've tried all kinds of combinations of policies recommended all over the Internet, all to no avail.

Hallllp! :) And thanks in advance! 

0

• 

  Jeff Zacuto

  • June 22, 2022 03:44

  I've gotten to the point where I can ping the VLAN 20 devices from my primary network. So I can see them! Now what? :) 

  0

  Comment actions Permalink
• 

  Firewalla

  • June 23, 2022 03:50

  Can you airplay to your sonos across VLAN's?

  1

  Comment actions Permalink
• 

  Jeff Zacuto

  • June 23, 2022 04:19
  • Edited

  I actually somehow got it to work! I documented what I did below. I'd love feedback on what I did right, wrong, or otherwise! It's a lot but... here goes! 

  Create a LAN on your Firewalla firewall.

  1. Tap the Settings gear, then tap Features and tap Network. 
  2. Tap Create Network. 
  3. Tap Local Network. 
  4. Complete the following steps: 

  • Tap Name and give your LAN a name. (e.g., myhome)
  • Tap Type, then tap LAN. 
  • Tap the LAN interface icon. 
  • Tap IP Address and enter 192.168.1.1.
  • Tap Subnet Mask and enter 255.255.255.0.
  • Enable DHCP server.

  5. Tap Save. 

  Create a VLAN for streaming media on your Firewalla firewall. 

  1. Tap the Settings gear, then tap Features and tap Network. 
  2. Tap Create Network. 
  3. Tap Local Network. 
  4. Complete the following steps: 

  • Tap Name and give your LAN a name. (e.g., myhome_streaming)
  • Tap Type, then tap VLAN. 
  • Tap VLAN ID and enter 20. 
  • Tap the LAN interface icon. 
  • Tap IP Address and enter 192.168.20.1.
  • Tap Subnet Mask and enter 255.255.255.0.
  • Enable DHCP server.
  • Disable IPv6.

  5. Tap Save.

  Create a device group for your Sonos speakers on your Firewalla firewall. 

  1. Tap Devices. 
  2. Tap Create Group.
  3. Enter Sonos as the Group Name. 
  4. Tap Add Device.
  5. Tap each of your Sonos speakers. 
  6. Tap Save. 

  Enable static IP addresses for Sonos speakers on your Firewalla firewall. 

  1. Tap Devices, Sonos, Devices, then perform the following steps for each Sonos speaker: 

  • Tap a Sonos device in the list of devices. 
  • Tap the IP address. 
  • Tap Reserved. 

  2. Tap the back arrow to return to the list of devices in the Sonos group. 

  Enable mDNS reflectors on your Firewalla firewall. 

  1. Tap the Settings gear. 
  2. Tap Advanced, Configurations, then tap mDNS Reflector. 
  3. Enable mDNS Reflector on your LAN and on your streaming media VLAN

  Create rules for your Sonos speakers group on your Firewalla firewall.

  1. Tap Devices, Sonos, Rules, then tap Add Rule. 
  2. Create rules for ports as follows: 

  Protocol	Remote Port	Action	Matching	On	Direction	Schedule
  TCP	80 443 445 3455 1400 1443 3400 3401 3500 4070 4444 7000	Allow	Remote Port	Group: Sonos	Bi-directional	Always
  UDP	136-139 1900-1901 2869 5353 6969 10243 10280 10284	Allow	Remote Port	Group: Sonos	Bi-directional	Always
  Both	319-320 30000- 60000	Allow	Remote Port	Group: Sonos	Bi-directional	Always

  Create a LAN in your Unifi Network Controller. 

  1. Click the Settings gear. 
  2. Click Networks, then click Create New Network. 
  3. Complete the following steps: 

  • Name your network. (e.g., myhome)
  • Enter the IP address of the LAN you created on your Firewalla firewall in Host Address. 
  • Select 24 in Hostmask. 
  • Click Manual next to Advanced Configuration. 
  • Click Standard for Network Type. 
  • Click Enable IGMP Snooping.
  • Click Enable Multicast DNS. 
  • Select None for DHCP Mode. 

  4. Click Add Network. 

  Create a VLAN for streaming media in your Unifi Network Controller. 

  1. Click the Settings gear.
  2. Click Networks, then click Create New Network. 
  3. Complete the following steps: 

  • Name your network. (e.g., myhome_streaming)
  • Enter the IP address of the VLAN you created on your Firewalla firewall in Host Address. 
  • Select 24 in Hostmask. 
  • Click Manual next to Advanced Configuration. 
  • Enter the VLAN ID you created on your Firewalla firewall in the VLAN ID box. 
  • Click Standard for Network Type. 
  • Click Enable IGMP Snooping.
  • Click Enable Multicast DNS. 
  • Select None for DHCP Mode. 

  4. Click Add Network. 

  Set the Spanning Tree Protocol for your networks. 

  1. Click the Settings gear. 
  2. Click Networks. 
  3. Click STP for Spanning Tree under Global Switch Settings. 
  4. Click Apply Changes. 

  Create a WiFi network in your Unifi Network Controller.

  1. Click the Settings gear. 
  2. Click WiFi, then click Create New WiFi Network. 
  3. Complete the following steps: 

  • Name your WiFi network. (e.g., myhome)
  • Enter a password for your WiFi network. 
  • Select the network associated with your LAN. (e.g., myhome)
  • Select your broadcasting APs, as desired. 
  • Click Manual next to Advanced Configuration. 
  • Enable the 2.4 GHz and 5 GHz WiFi bands. 
  • Select Standard for WiFi Type.
  • Enable Band Steering.
  • Enable Proxy ARP. 
  • Click Auto for 802.11 DTIM Period. 
  • Select your desired security protocols. 
  • Disable PMF. 

  4. Click Add WiFi Network. 

  Create a WiFi network for streaming media in your Unifi Network Controller.

  1. Click the Settings gear. 
  2. Click WiFi, then click Create New WiFi Network. 
  3. Complete the following steps: 

  • Name your WiFi network. (e.g., myhome_streaming)
  • Enter a password for your WiFi network. 
  • Select the network associated with your VLAN. (e.g., myhome_streaming)
  • Select your broadcasting APs, as desired. 
  • Click Manual next to Advanced Configuration. 
  • Enable the 2.4 GHz band only.
  • Select Standard for WiFi Type.
  • Enable Band Steering.
  • Enable Proxy ARP. 
  • Click Auto for 802.11 DTIM Period. 
  • Select your desired security protocols. 
  • Disable PMF. 

  4. Click Add WiFi Network. 

  Create a TCP Port Group for your Sonos speakers in your Unifi Network Controller. 

  1. Click the Settings gear. 
  2. Click Profiles, then click Create New Group. 
  3. Name the profile Sonos TCP Ports.
  4. Click Port Group. 
  5. Enter 3400, then click Add. 
  6. Enter 3401, then click Add. 
  7. Enter 6500, then click Add. 
  8. Click Apply Changes. 

  Create a UDP Port Group for your Sonos speakers in your Unifi Network Controller. 

  1. Click the Settings gear. 
  2. Click Profiles, then click Create New Group. 
  3. Name the profile Sonos UDP Ports. 
  4. Click Port Group. 
  5. Enter 1900, then click Add. 
  6. Enter 1901, then click Add. 
  7. Enter 1902, then click add. 
  8. Click Apply Changes. 

  Create an IP group for your LAN in your Unifi Network Controller.

  1. Click the Settings gear. 
  2. Click Profiles, then click Create New Group. 
  3. Name the profile “LAN.”
  4. Click IPv4 Address/Subnet. 
  5. Enter 192.168.1.0/24 and click Add. 
  6. Click Apply Changes. 

  Create an IP group for your streaming media VLAN in your Unifi Network Controller.

  1. Click the Settings gear. 
  2. Click Profiles, then click Create New Group. 
  3. Name the profile “Streaming Media.”
  4. Click IPv4 Address/Subnet. 
  5. Enter 192.168.20.0/24 and click Add. 
  6. Click Apply Changes. 

  Create an IP group for your Sonos speakers in your Unifi Network Controller. 

  1. Click the Settings gear. 
  2. Click Profiles, then click Create New Group. 
  3. Name the profile “Sonos Speakers.” 
  4. Click IPv4 Address/Subnet. 
  5. Enter the static IP address of a Sonos speaker and click Add. Continue entering the static IP addresses of each of your Sonos speakers. 
  6. Click Apply Changes. 

  Create an IP group for Private IPs in your Unifi Network Controller.

  1. Click the Settings gear. 
  2. Click Profiles, then click Create New Group. 
  3. Name the profile “RFC1918_Private_IPs”
  4. Click IPv4 Address/Subnet. 
  5. Enter 10.0.0.0/8 and click Add. 
  6. Enter 172.16.0.0/12 and click Add. 
  7. Enter 192.168.0.0/16 and click Add. 
  8. Click Apply Changes. 

  Create Firewall Rules in your Unifi Network Controller. 

  1. Click the Settings gear. 
  2. Click Firewall & Security 
  3. Click Create New Rule and create rules for each of the following in the order below: 

  Allow all Established/Related traffic

  Type	LAN in
  Description	Allow All Established/Related Traffic
  Rule Applied	Before Predefined Rules
  Action	Accept
  IPv4 Protocol	All
  Source Type	Port/IP Group
  Source IPv4 Address Group	Any
  Source Port Group	Any
  Source MAC Address
  Destination Type	Port/IP Group
  Destination IPv4 Address Group	Any
  Destination Port Group	Any
  States	Match State Established Match State Related
  IPsec	Don’t match on IPsec packets
  Logging

  Allow LAN to access all VLANs

  Type	LAN in
  Description	Allow LAN to Access all VLANs
  Rule Applied	Before Predefined Rules
  Action	Accept
  IPv4 Protocol	All
  Source Type	Network
  Source IPv4 Address Group	LAN
  Source Port Group	IPv4 Subnet
  Source MAC Address
  Destination Type	Port/IP Group
  Destination IPv4 Address Group	RFC1918_Private_IPs
  Destination Port Group	Any
  States
  IPsec	Don’t match on IPsec packets
  Logging

  Allow Sonos speakers to LAN (TCP) 

  Type	LAN in
  Description	Allow Sonos speakers to LAN (TCP)
  Rule Applied	Before Predefined Rules
  Action	Accept
  IPv4 Protocol	TCP
  Source Type	Port/IP Group
  Source IPv4 Address Group	Sonos Speakers
  Source Port Group	Any
  Source MAC Address
  Destination Type	Port/IP Group
  Destination IPv4 Address Group	LAN
  Destination Port Group	Sonos TCP Ports
  States
  IPsec	Don’t match on IPsec packets
  Logging

  Allow Sonos speakers to LAN (UDP) 

  Type	LAN in
  Description	Allow Sonos speakers to LAN (UDP)
  Rule Applied	Before Predefined Rules
  Action	Accept
  IPv4 Protocol	UDP
  Source Type	Port/IP Group
  Source IPv4 Address Group	Sonos Speakers
  Source Port Group	Any
  Source MAC Address
  Destination Type	Port/IP Group
  Destination IPv4 Address Group	LAN
  Destination Port Group	Sonos UDP Ports
  States
  IPsec	Don’t match on IPsec packets
  Logging

  Block all inter-VLAN communication

  Type	LAN in
  Description	Block all inter-VLAN communication
  Rule Applied	Before Predefined Rules
  Action	Drop
  IPv4 Protocol	All
  Source Type	Port/IP Group
  Source IPv4 Address Group	RFC1918_Private_IPs
  Source Port Group	Any
  Source MAC Address
  Destination Type	Port/IP Group
  Destination IPv4 Address Group	RFC1918_Private_IPs
  Destination Port Group	Any
  States
  IPsec	Don’t match on IPsec packets
  Logging	Enabled (optional)

   

  0

  Comment actions Permalink
• 

  Jeff Zacuto

  • June 23, 2022 17:39

  Aaaaaaaand... Now it's not working again. :)

  0

  Comment actions Permalink
• 

  Jeff Zacuto

  • June 23, 2022 22:13

  It's so weird. It was working perfectly - somehow - last night. Today I rebooted the Firewalla (for an unrelated ISP issue) and it stopped working. Thoughts? 

  0

  Comment actions Permalink
• 

  Jeff Zacuto

  • June 25, 2022 20:20

  Bueller? Bueller? Bueller? :) 

  0

  Comment actions Permalink
• 

  Jeff Zacuto

  • June 28, 2022 03:54

  This is bizarre. All of a sudden, with no changes, it's working again. I'm not even sure what to say at this point. Gremlins?

  0

  Comment actions Permalink
• 

  Jeff Zacuto

  • July 04, 2022 00:54

  Hello? ello? llo? lo? o? ? 

  0

  Comment actions Permalink
• 

  Brian

  • July 08, 2022 01:23

  I ended up just moving my Sonos devices to the same VLAN as the rest of my devices.  Was the only way I could get it working reliably.  The same issue would happen with me: it would work, then stop working, then work again.

  My research led it to be something to do with supporting multicast across a VLAN and Sonos not enjoying that experience.

  0

  Comment actions Permalink

Please sign in to leave a comment.