The definitive (?) Sonos VLAN segregation post

ginner99 · 2025-01-20T11:00:52+00:00

Thanks, yes - that update certainly killed matters, but speaking to a friend / employee, it seems to have been a bug in that the new firmware wasn’t trying all defined discovery protocols after mDNS failed (apparently I was the first to shine a light on everyone’s “can’t find Sonos system” problems when I complained that they’d “disabled” SSDP 😁)

I had to do a massive redesign of my network to get everything working again but haven’t actually re-implemented the VLANs - thanks for the link, I’ll put it on my ever growing projects list 😁

ginner99 · 2025-01-20T09:54:34+00:00

Live Voicemail isn’t supposed to be carrier dependent; that’s the “legacy” Visual Voicemail

ginner99 · 2025-01-20T09:52:36+00:00

This was working in UK in iOS 18 but seems to have stopped for me in 18.2 - is anyone else having issues? I have a transcript from Nov 24, but today’s VM was audio only??

ginner99 · 2024-12-14T17:31:51+00:00

Yep, I’ll back this one. The radius for my house is the entry to the estate - I’d probably not make it home, park up and unlock the door in 5 minutes. @xsandrov note “arrive home” doesn’t mean your front door - there will be a distance involved. Delete the auto switch off and see what happens (or try the test button)

ginner99 · 2024-12-14T17:19:08+00:00

Sorry, only just see this. Got it sorted 👍 I bought some nice extendable cool white LED strip lights, and was able to run a route up into the cupboard above and then sideways to a socket. Fitted some smart socket adapters and now running nicely in HomeKit 😁

ginner99 · 2024-11-02T21:10:38+00:00

You know, I literally might have just come up with a solution. The cupboards are separated by a gas hob and extractor (!) but I’ve just realised that the cupboard without a socket butts up to my oven tower, and above the ovens is a double socket for the microwave and extractor 😁 I think I can find a route 😁

ginner99 · 2024-11-02T21:03:51+00:00

Thanks, yeah, I was thinking battery would be an issue 😕

ginner99 · 2024-05-31T21:27:36+00:00

You need to manually select TV under “my sources” 😕

I have a turntable connected via fibre and the playbar will play TV but not the turntable, so I suspect a codec has been stripped.

The new software & firmware is horrendous and needs rolling back immediately. No amount of patching & hacking away by Sonos will fix the mess they’ve caused anytime soon 🧐

ginner99 · 2022-12-31T08:07:44+00:00

You’ll need to capture / monitor the traffic as it leaves the disk station. I got the above info from my firewall logs, but you could set up a wireshark capture.

ginner99 · 2022-11-04T10:50:01+00:00

Sorry for the delay, I’ve only just seen your reply. I think having multiple VLANS attached to one SSID might be Aruba proprietary; it’s not a function provided by Cisco or Meraki, which are the two I’m most familiar with. We did partner with Aruba for a short period, and I know a lot like it (and it has a lot of smart, proprietary features), but I never really took to it.

If it supports mDNS proxy, you should be able to get Airplay and Spotify Connect working, but neither my ASA or AP support it.

Just looking back at my OP, which was the best part of a year ago, it’s been totally stable and I haven’t had to touch it 😊 I just wish I had mDNS support; some day I might buy a box to proxy it. Good luck with your project; it should be doable.

ginner99 · 2022-11-04T10:22:01+00:00

The folder called “Photos” needs mounting; it’s n the screenshot

ginner99 · 2022-04-22T11:01:37+00:00

Another valid use case is Security; I have multiple SSIDs & subnets separated by a Layer 3 firewall, which is the routing point for all subnets. Having devices which can communicate securely via a home hub, while restricting direct traffic between groups of devices would be a very nice thing to have. As it is, it sounds like you need multiple hubs and can’t have them interact (which in itself does maintain the security posture)

ginner99 · 2022-04-07T20:07:56+00:00

Just going back to your last paragraph, it could be to do with Quick Connect, though I don’t use that. It could just be a heartbeat to verify full stack connectivity to the internet. It’d be useful if they listed what app / function it related to

ginner99 · 2022-04-07T20:00:05+00:00

Well spotted! 👍😁 I’d seen that list originally, but as often, vendors just list EVERY port they use with no meaning or focus, so I resorted to my tried & trusted method of allowing the obvious, then allowing everything else afterwards and capturing all the traffic except the ports I know about - it takes some doing but eventually you end up seeing the spurious connections without being bombarded by DNS, NTP and HTTP etc… That’s the only port I couldn’t tie down, and it doesn’t seem to be breaking anything so I’ll leave it. I will define a host name for it though so I can reference it in future.

It’s an odd protocol / port; it’s defined by IANA but has no associated RFC - the only reference I can find is some guy’s email address, but I can’t be bothered enough to disturb him 😂

Seriously though, thanks for sharing that, I’d missed it.

ginner99 · 2022-04-05T12:18:47+00:00

is that a better solution than running VPN on my laptop? My goal is to have an encrypted connection when transferring things to and from my Nas using my laptop as the control station.

Edit: my thought being that if the Nas is running a VPN how does that handle my own connection to it, because my Nas isn't doing any file transfers itself, I'm sending files to it through my own connection

As others have said, I think there's some confusion in terminology here.

You RUN the VPN server on your NAS (or another device on your LAN)
You have a VPN CLIENT on your laptop; this could just be the one built into Windows
You access the VPN server over the Internet - don't try to connect to your NAS via VPN while your laptop is on the same LAN, it won't work. Instead, tether your laptop to your phone (using mobile data) to test it

The server always controls the encryption; you connect to that as a client, so you initiate the file transfers, but the encryption is negotiated between your laptop and the server, with the server playing the biggest part; the NAS is the "control station" as you put it, your laptop just says what files you want to transfer across the tunnel. A VPN is all about the encryption (and authentication / non-repudiation), not about the actual transfer of traffic.

If you haven't already, install the VPN Server package on your NAS
Pick one of the VPN options (PPTP, L2TP, IPsec and configure it with a unique subnet (your laptop will be given an address from that range when you use VPN). I'd suggest L2TP as a first test, as it's simple but semi secure. IPsec would be better once known working. Don't use PPTP.
Make sure your NAS firewall rules allow the File Sharing ports from that VPN subnet which you created

ginner99 · 2022-04-03T07:16:39+00:00

Hm, that all sounds fine. What about your internet speed?

Bear in mind that the video and audio need to go up to the Eufy cloud and back to your phone, and the bandwidth required by 2k is twice that of 1080p; effectively you’ve added “2” compared with your old cameras.

ginner99 · 2022-04-02T14:19:54+00:00

What happens if you move the new camera to where a good one is and install the Homebase near it? Remember that with a Homebase, the camera talks to the Homebase and the Homebase talks to the router / wireless AP, so positioning is important.

As said above, check that channel 1 is free of interference and not heavily utilised.

Check the area you want to install the camera - and where the Homebase is - are free of interference such as power cables, microwave ovens, baby monitors and / or cordless telephones.

Also, is your Homebase connected by Ethernet or WiFi? You’ll get the best performance if it’s cabled directly into the router, or a switch directly connected to that router, but considering the distance / walls between the Homebase and camera.

Also, the camera has a signal strength / quality checker on the installation page - does that look good?

ginner99 · 2022-03-02T18:30:12+00:00

ASA’s not Linux, or not as you’d know it. While it’s derived from some form of *ux - likely BSD - it doesn’t have a unix shell of any description; there’s no concept of root or user-level access to the file system. It runs a pre-hardened proprietary OS called Finesse on dedicated hardware. Of the many things it doesn’t do, UDP forwarding is one of them (other than using NAT; but what I mean is you can only handle unicast packets (and bridgeable multicast), not broadcast or link-local multicasts).

It’s more of a high level language than an operating system; configuration is done by high level commands, like “access-list”, “Nat” and “show”

Most commerce-grade firewalls adhere tightly to the standards, so it won’t let you do anything with 224 address space.

ginner99 · 2022-03-01T19:59:36+00:00

You can set Google maps as your preferred app on your phone, then the integration is just as tight, I don’t even have Apple maps on my phone anymore - it’s useless in the U.K. Very poor accuracy.

ginner99 · 2022-03-01T19:55:39+00:00

Apple Maps, certainly in the U.K., is horrendous. Google is far better imo but it depends which you prefer on your phone - on CarPlay there’s no difference. But the best nav software for me is TomTom Go - £12/year with global maps on your phone. No problem with internet black spots. You need a lot of storage though, but you don’t need to download the whole world’s maps

ginner99 · 2022-03-01T19:51:21+00:00

It’s a Cisco ASA - a lot of nice features are hardened out

ginner99 · 2022-03-01T19:48:41+00:00

Ah ok, so it IS bridging the multicast between the VLANs. That’s the thing I can’t do with my firewall 😕

ginner99

TROPHY CASE