Thread Info
  • State Suggested Answer
  • Locked Locked
  • Replies 7 replies
  • Answers 1 answer
  • Subscribers 28 subscribers
  • Views 3188 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Wired devices on Guest Wifi?

RickyPetite

Interfaces:

Port 1 LAN (192.168.5.1)

Port 2 WAN

GuestAP (Wifi, 172.16.30.1)

Port 3 GuestLAN (172.16.40.1)

 

I want guests at my house to access wifi over the guest network...works fine.  However, there are wired media devices (Sonos) that refuse to get IP addresses in the Guest Wifi range. For this reason, they are unavailable to guests.  I set up a GuestLAN Interface to distribute IP's to wired devices and allow traffic between the guest Wifi and GuestLAN (172.16.30.0, 172.16.40.0), however, devices such as Sonos cannot connect across subnets.  These devices remain unavailable to those on Guest Wifi.

This whole problem would be solved if wired devices (Sonos etc) could get IP addresses in the Guest Wifi range.  How can I accomplish this?

Thx

Rick



This thread was automatically locked due to age.
Parents
  • 0

    Hi Ricky,

    have you created rules that allow traffic each way eg a rule for each direction?

    Ian

  • 0 in reply to rfcat_vk

    Yes.  Unfortunately, devices such as Apple airport's and apparently Sonos, don't work across subnets (even if traffic is allowed).

    I have created a workaround.  My guest network is now Port 1.  This allows for both wired and wireless access to this zone (Wifi is "Bridge to AP LAN").  My secure wireless is now on the "Guest AP" which is a separate zone.  Securely wired devices are on Port 3.  I have a firewall rule allowing traffic from secure wireless to secure wired (port 3) devices.

    I'm still not sure why other ports such as Port 3 cannot have a wifi network associated with them.  When I add a new Wifi network, it has to be linked to either "separate zone", "Bridge to AP LAN" or "Bridge to VLAN".  You would think that I could have a "Bridge to Port 3" etc.  Perhaps Bridge to VLAN accomplishes this but is beyond my level of knowledge.

    Any thoughts on adding additional networks with a mix of wired and wireless devices would be appreciated.  I'm sure that there is a better solution out there than mine.

    RB

Reply
  • 0 in reply to rfcat_vk

    Yes.  Unfortunately, devices such as Apple airport's and apparently Sonos, don't work across subnets (even if traffic is allowed).

    I have created a workaround.  My guest network is now Port 1.  This allows for both wired and wireless access to this zone (Wifi is "Bridge to AP LAN").  My secure wireless is now on the "Guest AP" which is a separate zone.  Securely wired devices are on Port 3.  I have a firewall rule allowing traffic from secure wireless to secure wired (port 3) devices.

    I'm still not sure why other ports such as Port 3 cannot have a wifi network associated with them.  When I add a new Wifi network, it has to be linked to either "separate zone", "Bridge to AP LAN" or "Bridge to VLAN".  You would think that I could have a "Bridge to Port 3" etc.  Perhaps Bridge to VLAN accomplishes this but is beyond my level of knowledge.

    Any thoughts on adding additional networks with a mix of wired and wireless devices would be appreciated.  I'm sure that there is a better solution out there than mine.

    RB

Children
  • 0 in reply to RickyPetite

    Hi Ricky,

    Apple airports uses Bonjour which is a non routable protocol.

    Wifi.

    You cannot setup a bridge to VLAN after you have setup a bridge to AP LAN.

    I had to redo my network to setup AP to VLANs. I was implementing a more secure setup for IoT devices so they are in their own space. I can access them from my user space, but they cannot access any other parts of the network. 

    All my IoT devices are on wifi. I have a user LAN which is mix of wifi and cabled devices. A phones/tablets which is all wifi (shares SSID with users and printer SSID with is wifi.

    Ian

     

    Additional stuff about SONOS. My personal opinion is that Sonos is a security risk for the amount of none secure ports it requires open incoming. Some of the ports will not network within different LANs at home.

    TCP/IP:

    • 80 (Internet Radio, updates and registration)
    • 443 (Rhapsody, Napster, and SiriusXM)
    • 445 (CIFS)
    • 3400 (incoming UPnP events - Sonos Controller App for Mac or PC)
    • 3401 (Sonos Controller App for iOS)
    • 3445 (OS X / Windows File Sharing)
    • 3500 (Sonos Controller App for Android)
    • 4070 (Spotify incoming events)
    • 4444 (Sonos update process)

    UDP:

    • 136-139 (NetBIOS)
    • 1900 (UPnP events and device detection)
    • 1901 (UPnP responses)
    • 2869, 10243, 10280-10284 (Windows Media Player NSS)
    • 5353 (Spotify Control)
    • 6969 (Initial configuration)
  • 0 in reply to rfcat_vk

    Ian,

    Sounds like all of your segmentation involves wifi-only devices except one zone "I have a user LAN which is mix of wifi and cabled devices".  Is that connected to Port 1 (LAN)?  If so, it is set up like mine...the only mixed area (wired/wireless) is on the main LAN port (port 1).  If any of your other regions of segmentation involved wifi/wired devices, I would love to know how you accomplished it.

    RB

  • 0 in reply to RickyPetite

    Just saw your comments on Sonos...digesting them now.  Thx

  • 0 in reply to RickyPetite

    Hi Ricky,

    a rough sketch of my network.

    3225.irm network.pdf

    Ian

  • 0 in reply to RickyPetite

    Hello,

    Those type of devices works on broadcast networks. You cannot achive this on this way.