How to connect to Sonos and GoogleTV on another VLAN?

This thread has been locked for further replies. You can start a new thread to share your ideas or ask questions.

How to connect to Sonos and GoogleTV on another VLAN?

This thread has been locked for further replies. You can start a new thread to share your ideas or ask questions.
How to connect to Sonos and GoogleTV on another VLAN?
How to connect to Sonos and GoogleTV on another VLAN?
2023-10-13 22:50:04 - last edited 2023-10-24 01:20:13
Model: ER605 (TL-R605)  
Hardware Version: V2
Firmware Version: 2.1.2

I'm trying to get VLAN1 to talk to VLAN2, but it's not happening beside from pinging each other.

 

More specific;

On VLAN1 I have my home devices (desktops, laptops, smart phones, etc.), and on VLAN2 I have IoT-devices (Sonos, cameras, vacum machine, etc.).

I would like to talk to VLAN2 from VLAN1, and at the same time prevent VLAN2 talking to VLAN1.

 

Since Sonos-devices and Spotify integration are made available through Bonjour Services, I tried to add them first:

* Profiles -> Bonjour Service -> Create New Bonjour Service

  Service Name: Sonos

  Sservice ID: _sonos._tcp.local

 

  Service Name: Spotify

  Service ID: _spotify-connect._tcp.local

 

  Service Name: Google

  Service ID: _googlecast._tcp.local

  -||-: _googlezone._tcp.local

 

Next, the services are broadcast across the network:

* Service -> mDNS - > Create New Rule

  Name: "IoT to Home"

  Device Type: Gateway (AP is not available)

  Bonjour Service: All

  Service Network: IoT (VLAN2)

  Client Network: Home (VLAN1)

 

Lastly, I setup ACL on the gateway:

* Network Security -> ACL -> Gateway ACL -> Create New Rule

  Name: Home to IoT

  Direction: LAN -> LAN

  Policy: Permit

  Protocols: All

  Source -> Network -> Home (VLAN1)

  Destination -> Network -> IoT (VLAN2)

 

* Network Security -> ACL -> Gateway ACL -> Create New Rule

  Name: Deny IoT to Home

  Direction: LAN -> LAN

  Policy: Deny

  Protocols: All

  Source -> Network -> IoT (VLAN2)

  Destination -> Network -> Home (VLAN1)

 

Currently I am able to ping my devices from VLAN1 to VLAN2, but I don't get messages through Wireshark of their 'mdns'-messages.

If I change to the VLAN2 network, Wireshark picks up a lot of them, but nothing while I'm on VLAN1.

 

Any suggestions on how to solve this issue?

  

  0      
  0      
#1
Options
1 Accepted Solution
Re:How to connect to Sonos and GoogleTV on another VLAN?-Solution
2023-10-21 22:36:33 - last edited 2023-10-24 01:20:13

  @Tedd404 I got it!

 

I had exactly two VLANs - VLAN1 and VLAN2, where VLAN1 was the default/admin/secure network, and my IoT-devices I tried to connect to was on VLAN2.

For some reason this is a no-no.

 

To get around it, I created VLAN3 (called it 'Home'), got my wireless network mapped to its VLAN, and it all worked.

I followed this guy's setup, and it works wonder for me.

Recommended Solution
  0  
  0  
#5
Options
4 Reply
Re:How to connect to Sonos and GoogleTV on another VLAN?
2023-10-16 05:54:16 - last edited 2023-10-16 05:57:49

  @Limroto 

 

Can you tell me why you need to prevent VLAN2 talking to VLAN1? mdns packets are not only in one direction, and your settings will inevitably affect the normal use of IOT devices. I'm curious about your experience after setting it up like this? And are you sure your method of capturing packets is OK?

 

Maybe this link will help you:

How to Configure mDNS on the Omada Controller | TP-Link

  0  
  0  
#2
Options
Re:How to connect to Sonos and GoogleTV on another VLAN?
2023-10-16 07:32:58

  @Md-Ripon3 great questions. 

 

IoT-devices are less secure than my phone and/or computer, so these are put on VLAN2. If a hacker manages to get inside my network, I would like them to only access the IoT-devices, as they are less critical than the data stored on my computers (VLAN1). 

I doubt Bonjour Service can be used to hack, although they might see IPs - this is fine, but I cannot have tcp-packages sent from the IoT-network to the computer-network. 

 

To capture the mDNS in Wireshark, I entered the VLAN2, and filtered with "mdns". This gave me entries with "sonos_.tcp_.local" and similar. If I enter my VLAN1, I could not see them. I could see my computer echoing "Spotify-connect_.tcp_.local", but the Sonos entries were nowhere to be found. 

  0  
  0  
#3
Options
Re:How to connect to Sonos and GoogleTV on another VLAN?
2023-10-17 03:22:15

  @Limroto 

can you refer to it and check if everything's done correct?

https://community.tp-link.com/en/business/forum/topic/620754

ScReW yOu gUyS. I aM GOinG hoMe. —————————————————————— For heaven's sake, can you write and describe your issue based on plain fact, common logic and a methodologic approach? Appreciate it.
  0  
  0  
#4
Options
Re:How to connect to Sonos and GoogleTV on another VLAN?-Solution
2023-10-21 22:36:33 - last edited 2023-10-24 01:20:13

  @Tedd404 I got it!

 

I had exactly two VLANs - VLAN1 and VLAN2, where VLAN1 was the default/admin/secure network, and my IoT-devices I tried to connect to was on VLAN2.

For some reason this is a no-no.

 

To get around it, I created VLAN3 (called it 'Home'), got my wireless network mapped to its VLAN, and it all worked.

I followed this guy's setup, and it works wonder for me.

Recommended Solution
  0  
  0  
#5
Options