Unifi Sonos and VLANs

enter image description here

For the security consious out there you may have split your home network up into VLANs. If you've found this page by searching then you probably already know what a VLAN is and its purpose.

At home I have split my network into 4 VLANs.

VLAN1 - Main data VLAN for all my devices VLAN40 - VLAN for guests to use VLAN60 - Security VLAN, CCTV, alarms etc VLAN80 - IOT devices, internet of things, zwave, zigbee, sonos and home automation etc.

The idea of keeping IOT devices on a seperate VLAN to other devices is mainly for security. Most IOT devices are easily hackable and if this does happen they will only be able to access devices on VLAN80 and not my other devices.

Anyway this post will explain how to get the Sonos devices on VLAN80 to communicate with the controllers (iPhone, iPad, PC) on VLAN1.

With Unifi we need to enable igmp-proxy. To set it we need to SSH onto the USG.

and enter the following commands

configure
edit protocols igmp-proxy
set interface eth1.80 role downstream
set interface eth1.80 threshold 1
set interface eth1.80 alt-subnet 0.0.0.0/0
set interface eth1 role upstream
set interface eth1 threshold 1
set interface eth1 alt-subnet 0.0.0.0/0
exit
commit
save

eth1.80 = the VLAN of the sonos devices (IOT) eth1 = VLAN1 the main data VLAN with the Sonos controllers on.

I recommend restarting the igmp-proxy service on the USG. To do so enter the command

restart igmp-proxy

Now it is set, you will have to re-configure the Sonos Device with the controller.

With Unifi, the CLI commands arent persistent with a re-provision. To make the changes stick we need to use a config.gateway.json file

Its location is

C:\users\%username%\Ubiquiti Unifi\data\sites\default\

Edit the config.gateway.json file and enter the below

     {
"protocols": {
        "igmp-proxy": {
            "interface": {
                "eth1": {
                    "role": "upstream",
                    "threshold": "1",
                    "alt-subnet": "0.0.0.0/0"
                },
                "eth1.80": {
                    "role": "downstream",
                    "threshold": "1",
                    "alt-subnet": "0.0.0.0/0"
                }
            }
        }
    }
}

Obviously changing the VLAN numbers to what ever yours are.

Troubleshooting Ok well this didnt really work straight away for me.

To check that igmp is working you can issue the following commands

show ip multicast mfc

and

show ip multicast interfaces 

This should show any multicast data its source and where it is going. For example

enter image description here

On the top half you can see see the source and that some data is going from eth1 to eth1.80. However with the command Show IP multicast interfaces you can see that no multicast data is coming into eth1.80 interface, it seems to be going out on eth1 and into eth1.60. To resolve this I had to issue the restart igmp-proxy command to restart the service. A USG re-provision didnt work.

For creating Firewalls, see this post - Sonos, Unifi, Firewalls & VLANS


Author: Swynol

Main Admin