Page 1 of 1

Sonos across VLANs?

Posted: Sun Oct 11, 2015 3:00 pm
by RackKing
Any ideas for getting Sonos to work across VLANs where the speaker is on the main network, but the app is running on a device connected Wi-Fi and is on a different Guest VLAN?

Can this be done via firewall rules or something else. I am just not sure what sonos needs. Any help would be appreciated.

Thanks in advance.

Re: Sonos across VLANs?

Posted: Mon Oct 12, 2015 4:30 am
by dandrzejewski
Sonos uses multicast. You will need to install the multicast package and enable PIM.

Re: Sonos across VLANs?

Posted: Mon Oct 12, 2015 12:40 pm
by Sitron
I do not think this is possible, unless you are able to forward whatever Sonos needs between your VLAN's. Sonos assumes that all devices, including the controller is on the same IP-network. If I understand correctly, that is their security to not let anyone access your Sonos: You have to be connected the the same network that the Sonos-devices is.

Re: Sonos across VLANs?

Posted: Fri Jul 29, 2016 2:24 pm
by magchiel
Apologies for reviving this older thread, but actually (after research and experimenting) I just got this working (many thanks to this post on the Sonos forums).

Turns out it's actually quite easy using PIM in the multicast package and some minimal firewall rules. Below a slightly altered version of my configuration.
/routing pim interface
add interface=[PLAYER_VLAN]
add interface=[CONTROLLER_VLAN]

/ip firewall filter
add chain=forward comment="Forward Sonos multicast traffic" dst-address=239.255.255.250
add chain=forward comment="Forward Sonos remote control events to players" in-interface=[CONTROLLER_VLAN] out-interface=[PLAYER_VLAN] dst-port=1400,4444 protocol=tcp
add chain=forward comment="Forward Sonos remote control events from players" in-interface=[PLAYER_VLAN] out-interface=[CONTROLLER_VLAN] dst-port=3400,3401,3500 protocol=tcp
add chain=forward comment="Forward Sonos UPnP device discovery events from players" in-interface=[PLAYER_VLAN] out-interface=[CONTROLLER_VLAN] 10.28.40.0/24 dst-port=1900,1901 protocol=udp
Of course you can modify the matching criteria to your needs or default drop rules (e.g. IP based or tighter multicast control). See https://sonos.custhelp.com/app/answers/ ... /692#ports for more details on Sonos port usage.

Re: Sonos across VLANs?

Posted: Sat Apr 15, 2017 2:33 pm
by soap
Hi

I am trying to get this working, but it won´t work

My MT is confiured in switched mode, hence no brigde. ether1 is master port for the switch.
vlan2 for guest network is working just fine. ( vlans configured on ether1 interface)
192.168.9.0/24 is the network for ether1
192.168.22.0/24 is the network for vlan2

I Copied above information with the bolded addon ( otherwice the IPaddress was giving an error)
/routing pim interface
add interface=ether1
add interface=vlan2

/ip firewall filter
add chain=forward comment="Forward Sonos multicast traffic" dst-address=239.255.255.250
add chain=forward comment="Forward Sonos remote control events to players" in-interface=vlan2 out-interface=ether1 dst-port=1400,4444 protocol=tcp
add chain=forward comment="Forward Sonos remote control events from players" in-interface=ether1 out-interface=vlan2 dst-port=3400,3401,3500 protocol=tcp
add chain=forward comment="Forward Sonos UPnP device discovery events from players" in-interface=ether1 out-interface=vlan2 dst-address=192.168.9.0/ dst-port=1900,1901 protocol=udp

None of the rules are triggered when starting a controller on the guest wlan(vlan2)

What version of IGMP shoult the interface be in? V1,2,3?
Should I add alternative subnets in the interfaces? ( I have tried various settings)

Please help!

Re: Sonos across VLANs?

Posted: Sun Jul 09, 2017 9:34 pm
by ryanwilkinson
So - I needed to do this and was able to get it to work. I made a little script. You can edit the first 4 lines and copy/paste the whole thing and the rest is taken care of.

First: You need to download the additional packages for your version, then install the "multicast..." package and reboot. This will give you the /routing/pim option.
Second: edit the first 4 lines of the script (code below) to be correct for your situation.
  • :global ifControl "ether1-master-local" <- This is the name of the VLAN you will have the controller on (av or iDevice)
    :global ifSonos "ether23-slave-local" <- This is the name of the VLAN the Sonos players will sit on
    :global netControl "10.0.1.0/24" <- this is the network that your controlling device VLAN is on
    :global plcBefore "6" <- Where you want the scripts to start adding to in your firewall.
Third: Open a terminal and ssh into the router. Copy and paste the full set of code below and hit enter.
Fourth: You may need to restart the Sonos app or device to get it to fully register and be recognized by the player/router but it will work. Kick on some music and enjoy.

:global ifControl “ether1-master-local”
:global ifSonos “ether23-slave-local”
:global netControl “10.0.1.0/24”
:global plcBefore “6”

/routing pim interface
add interface=$ifSonos
add interface=$ifControl

/ip firewall filter
add chain=forward comment="Forward Sonos multicast traffic" dst-address=239.255.255.250 place-before=$plcBefore
add chain=forward comment="Forward Sonos remote control events to players" in-interface=$ifControl out-interface=$ifSonos dst-port=1400,4444 protocol=tcp place-before=$plcBefore
add chain=forward comment="Forward Sonos remote control events from players" in-interface=$ifSonos out-interface=$ifControl dst-port=3400,3401,3500 protocol=tcp place-before=$plcBefore
add chain=forward comment="Forward Sonos UPnP device discovery events from players" in-interface=$ifSonos out-interface=$ifControl dst-address=$netControl dst-port=1900,1901 protocol=udp place-before=$plcBefore

/system script environment
remove [find name="ifControl"]
remove [find name="ifSonos"]
remove [find name="netControl"]
remove [find name="plcBefore"]



Re: Sonos across VLANs?

Posted: Mon Jun 25, 2018 11:44 pm
by Spartacus
Hi,
i found this thread and I would like to implement this for my Sonos - System. I have controller on different vlans (vlan10, vlan20 and vlan99) and all the players are on vlan30. But I do not understand the "netControll" in the following configuration:
:global ifControl "ether1-master-local" <- This is the name of the VLAN you will have the controller on (av or iDevice)
this is the vlan for the controllers (for me vlan10,vlan20 and vlan99; i think I need three forward lines, each for every vlan)
:global ifSonos "ether23-slave-local" <- This is the name of the VLAN the Sonos players will sit on
this is the vlan of the players, for me vlan30
:global netControl "10.0.1.0/24" <- this is the network that your controlling device VLAN is on
and this is what I do not understand. Is this the list of subnets for vlan10, vlan20 and vlan99?

Thanks,
Christian

Re: Sonos across VLANs?

Posted: Tue Nov 13, 2018 11:43 pm
by florid
I recently implemented the same for Sonos by using igmp-proxy not PIM.
Just need to add the interfaces into igmp-proxy and set which one is upstream, then apply the firewall rules for allowing UPnP traffic. That's it.
According to Mikrotik Wiki igmp proxy is slightly lightweight than PIM, that's why I prefer this.

Re: Sonos across VLANs?

Posted: Wed Nov 14, 2018 12:03 am
by RackKing
Thank you for.posting this - could you expand a little bit? a sample config would help me get my head wrapped around it. Turning on igmp proxy on the interfaces but I have never use the other features.

Thanks for any help.

Re: Sonos across VLANs?

Posted: Wed Nov 14, 2018 2:50 pm
by anav
Not familiar with Sonos, but most of the smart devices I use thus far reach back to their cloud and do not talk to each other over the home network.
Is Sonos that different, and are there are any others like it?
Nice thread as I was thinking of smark speakers for Black Friday sales and was comparing the echo plus 2nd generation to the Sonos One (one or pair or play 5 unit)
With only device it seems it wouldnt matter but if populating with more later...........

Re: Sonos across VLANs?

Posted: Tue Dec 04, 2018 2:05 pm
by RackKing
Hi anav -

Sorry for the late reply.

Yes the sonos is very different and relies the controller PC or app to see broadcast/multicast traffic in order to work. Control is all local and the services come through the cloud. They can create there own hidden "sonosnet" wi-fi mesh on 2.4 which can be disastrous in certain environments - constant loud talking. From a security and traffic standpoint I think it makes sense to put it on its own subnet, you just have to jump through some hoops to make it work. I am not a fan of allowing UPnP traffic so I think the PIM package is my solution. If possible I like to hardwire these and shut the wifi off.... rarely does the system allow.

Sonos if very polished, works great and the speakers are pretty good. Great selection of online music services to choose from. Integrates nicely with smart devices like Alexa. In a past life I was an A/V integrator so if you have questions I will try to help.

Cheers

Re: Sonos across VLANs?

Posted: Tue Dec 04, 2018 2:29 pm
by anav
Thanks RackKing, but I do not imagine I will need anything special.
We will have only one sonos (play 5) in the kitchen area. One of the reasons I chose this device is that it is NOT microphone enabled.
In fact, not sure I want to have any live mikes in the house LOL. At least the SONOS could be controlled in that manner in the future with an echo hockey puck.
My expectation is that most times it will be controlled by smart phone.
Are you saying that the smart phone and the SONOS will have to be on the same VLAN in the house??

Re: Sonos across VLANs?

Posted: Tue Dec 04, 2018 2:57 pm
by RackKing
Are you saying that the smart phone and the SONOS will have to be on the same VLAN in the house??
Yes. Unless you implement either of the two solutions above (properly configured igmp-proxy or PIM) thus allowing you to connect controllers PCs, iPhone app, etc... with Sonos equipment Connects, Amps, Play One, etc... across VLANs.

A potential home use case is you may have a kids wlan setup on a different VLAN for say DNS, scheduling, etc... and you have Sonos gear on the "main" network. The kid vlan cannot control the Sonos gear in the man vlan which makes them upset if they have a Play One in their room and only mom and dad can pick there music :-).

Controlling Sonos from an alexa/echo is pretty neat. Sonos provides much better sound quality (imho) than any alexa/echo device today. Sonos with built in Alexa seems like a good combination. Add some lights into the mix and voice controlled "smart" home control becomes pretty compelling for some.

For security and traffic reasons, I see them segregated from production networks in larger environments.

Re: Sonos across VLANs?

Posted: Tue Dec 04, 2018 8:15 pm
by anav
Well it also has air play so one can play directly from the iphone over wifi (ones apple music) or I suppose use the sonos app to play radio stations or playslists from the iphone as well.

My question is if I know the IP address of the sonos then to for the spouse to control the sonos wouldnt it just be a firewall forward rule.

add chain=forward action=accept sourceip(iphone), destinationip(SONOSplay5),

Re: Sonos across VLANs?

Posted: Sun Aug 25, 2019 4:37 pm
by ilovepancakes
I recently implemented the same for Sonos by using igmp-proxy not PIM.
Just need to add the interfaces into igmp-proxy and set which one is upstream, then apply the firewall rules for allowing UPnP traffic. That's it.
According to Mikrotik Wiki igmp proxy is slightly lightweight than PIM, that's why I prefer this.
@florid Could you elaborate on this setup a little bit more and how you got it working and the firewall rules you used?

Anybody else use this method and have it working or is PIM method the better way?

Re: Sonos across VLANs?

Posted: Sat Sep 07, 2019 6:21 pm
by ilovepancakes
So - I needed to do this and was able to get it to work. I made a little script. You can edit the first 4 lines and copy/paste the whole thing and the rest is taken care of.

First: You need to download the additional packages for your version, then install the "multicast..." package and reboot. This will give you the /routing/pim option.
Second: edit the first 4 lines of the script (code below) to be correct for your situation.
  • :global ifControl "ether1-master-local" <- This is the name of the VLAN you will have the controller on (av or iDevice)
    :global ifSonos "ether23-slave-local" <- This is the name of the VLAN the Sonos players will sit on
    :global netControl "10.0.1.0/24" <- this is the network that your controlling device VLAN is on
    :global plcBefore "6" <- Where you want the scripts to start adding to in your firewall.
Third: Open a terminal and ssh into the router. Copy and paste the full set of code below and hit enter.
Fourth: You may need to restart the Sonos app or device to get it to fully register and be recognized by the player/router but it will work. Kick on some music and enjoy.

:global ifControl “ether1-master-local”
:global ifSonos “ether23-slave-local”
:global netControl “10.0.1.0/24”
:global plcBefore “6”

/routing pim interface
add interface=$ifSonos
add interface=$ifControl

/ip firewall filter
add chain=forward comment="Forward Sonos multicast traffic" dst-address=239.255.255.250 place-before=$plcBefore
add chain=forward comment="Forward Sonos remote control events to players" in-interface=$ifControl out-interface=$ifSonos dst-port=1400,4444 protocol=tcp place-before=$plcBefore
add chain=forward comment="Forward Sonos remote control events from players" in-interface=$ifSonos out-interface=$ifControl dst-port=3400,3401,3500 protocol=tcp place-before=$plcBefore
add chain=forward comment="Forward Sonos UPnP device discovery events from players" in-interface=$ifSonos out-interface=$ifControl dst-address=$netControl dst-port=1900,1901 protocol=udp place-before=$plcBefore

/system script environment
remove [find name="ifControl"]
remove [find name="ifSonos"]
remove [find name="netControl"]
remove [find name="plcBefore"]



Confirming that this method works easily as described!

Re: Sonos across VLANs?

Posted: Wed Oct 30, 2019 10:18 pm
by Spartacus
Hi,
I have Sonos players in VLAN99, PIM is active and FW rules are also implemented. It works, but not very well. A new controller can only be added to the system, if i put it temporarily in VLN99 . Same with SW-Updates. I cannot start SW-Updates from the "Controller-VLAN10, only if the controller is in the player VLAN.

I have configured manually, not via script. Maybe I missed something, Can someone please confirm, that SW Updates work fine from Controller VLAN?

Thanks,
Spartacus

Re: Sonos across VLANs?

Posted: Wed Oct 30, 2019 10:30 pm
by ilovepancakes
Hi,
I have Sonos players in VLAN99, PIM is active and FW rules are also implemented. It works, but not very well. A new controller can only be added to the system, if i put it temporarily in VLN99 . Same with SW-Updates. I cannot start SW-Updates from the "Controller-VLAN10, only if the controller is in the player VLAN.

I have configured manually, not via script. Maybe I missed something, Can someone please confirm, that SW Updates work fine from Controller VLAN?

Thanks,
Spartacus
You added both vlan interfaces to PIM module? I would double check the firewall rules and make sure they are exactly like if the script did it. I did it manually without script too and I am pretty sure a software update worked in the past however I have not tried an update recently.

Re: Sonos across VLANs?

Posted: Wed Oct 30, 2019 10:59 pm
by Spartacus
Hi,
thanks for quick reply! Yes, VLAN30, VLAN10 and the other Controller VLAN is configured in PIM
PIM.png
I will check Rules tomorrow again, and will let you know! Maybe I do not see my issues! :-)

But please check in parallel, if you can add a new controller in the Controller VLAN, or if you can update the Sonos. 10.5 is online!

Spartacus.

Re: Sonos across VLANs?

Posted: Wed Oct 30, 2019 11:52 pm
by xvo
Follow the link to sonos forum from this early post: viewtopic.php?f=2&t=101244#p549825
There is a comment, that tcp/4444 also need to be opened for software updates to work.

Re: Sonos across VLANs?

Posted: Thu Oct 31, 2019 12:24 pm
by Spartacus
Hi all,
thanks for support. I checked my rules and everything is like described in this thread...Maybe my issue is in annother details, which I did not mention!

The RB3011 is the Router but all Sonos Devices are attached to an Cisco SG350x-Switch. I followed this thread:
https://support.sonos.com/s/article/2118?language=en_US.
Maybe something wrong with Multicast-Settings on the Switch.
Ideas?

Christian

Re: Sonos across VLANs?

Posted: Thu Oct 31, 2019 2:44 pm
by xvo
Maybe something wrong with Multicast-Settings on the Switch.
Could be.
Try testing without a switch to understand whether Mikrotik or Cisco is causing the problem.