Question

Allowing Sonos app to connect to hardwired Sonos Connect via different WiFi networks


Greetings! Here's my Sonos Connect setup:

- Sonos Connect hardwired into a 24port switch
- Linux server for DHCP and DNS
- DHCP server setup to always issue Sonos connect an IP of 192.168.0.100
- UniFi Access Point with two different wireless networks
- Wireless Network 1: "Mike's Secure WiFi" requires a password and allows access to entire LAN
- Wireless Network 2: "Mike's Guest WiFi" is open, but blocks access to 192.168.0.0/26 (for those of you who don't want to do subnet math, that's 192.168.0.1 through 192.168.0.62)

Here's my goal:

I should be able to connect to my secure WiFi, load up the Sonos app, and start playing music. This works great! Done.

I'd like my guests who come over to be able to control my Sonos by signing on to the Guest WiFi network and finding the existing Sonos. However, when I try to connect to my Sonos using my Guest Network, I get an error saying:



Is the setup I want possible, or will Sonos Connect only allow someone to access it from the original network it was set up on? Keep in mind the Sonos Connect is hardwired into the network and isn't connecting to my wireless access point at all. Thanks!

This topic has been closed for further comments. You can use the search bar to find a similar topic, or create a new one by clicking Create Topic at the top of the page.

10 replies

One more piece of information. I created a third network called "Mike's Test WiFi" which is also open, however does not enforce the guest policy (meaning there's no restrictions on what IP addresses you can connect to). When I connect to "Mike's Test WiFi", I can connect to my Sonos. So, the Sonos does support multiple networks. It's something to do with access controls on the WiFi AP.

I block all IPs from 192.168.0.1 to 192.168.0.62. My Sonos is on 192.168.0.100. I can verify this in the app under About my Sonos. I can also logon to the Guest WiFi and ping 192.168.0.100, so packets are getting through and I can ping it.

Something about the guest policy on the WiFi access point is preventing the Sonos app from "finding" the Sonos, and the app just assumes it must be on some other network which it's not.
One more thing: If I enable "Guest Policy" on "Mike's Test WiFi", but leave the Pre-Authorization Access and Post-Authorization Restrictions settings empty (meaning guests can get anywhere), I still cannot connect to Sonos on that network. In other words, it's the "Apply guest policies" checkbox that prevents Sonos from working and nothing to do with specific IP addresses I allow or disallow. This might be something I'll have to post on the UniFi support forums.
Terminology first: Sonos operates on a single IP subnet, i.e. a single 'network'. Talking about 'different WiFi networks' is misleading: they're different WiFi segments.

Okay, where you're probably hitting a problem is that the UniFi box isn't forwarding discovery traffic from the controller when the 'guest policies' are in operation. SSDP sends UDP to multicast address 239.255.255.250, but Sonos also seems to double up by sending to the subnet broadcast address 255.255.255.255. Not unreasonably, the 'guest policies' must be blocking such exploratory traffic.
Yea, I had also figured it was probably something to do with broadcast addresses. I found some threads on the UniFi support forum that seem to indicate that this traffic is blocked when guest policies are enabled, and there's not really a good way to fix it. The only known solution appears to be setting up multiple VLANs, one for your private network and one for guests, and then using some magic at the router level to forward things between subnets. Looks incredibly complicated unless you have a CCNA and enjoy that sort of thing.
It seems entirely reasonable that multicasts/broadcasts are blocked, otherwise it could allow an interloper to probe for interesting services, such as Sonos for example.

By the way, the idea of being able to control Sonos through an open WiFi would scare most reasonable people. The system would be exposed to mischievous misuse and potential extraction of information from the diagnostic web pages.

I suggest you get a few cheap tablets, such as perhaps the basic Amazon Fire, and lend them to visitors to control your Sonos system.
Yea, what you're saying is 100% reasonable. While I do like the idea of guests being able to play music out in the yard at parties without having to bug me for the WiFi password, there's also a lot of security concerns with this setup as well. If I wanted to keep my main WiFi password secret, I could just as easily setup another "WiFi network" (err, segment) with a password I could regularly recycle. I also like your idea of getting a cheap tablet or two for parties, since it's all set up and ready to go, though this wouldn't address the scenario where someone wanted to play music stored on their own device.
It's a bit of a kludge but a long-range Bluetooth receiver, plugged into a Sonos Line-In, could let visitors play music from their own devices.
Yea, actually I looked into Bluetooth before going with Sonos to begin with. I have a little $100 dollar CostCo Bluetooth speaker that I use with my Amazon Echo, but the range just isn't very good. Works great on one side of the deck, and starts cutting out when you move it to the other side. Dunno if different receivers would work differently, but I had kinda dismissed it as "too much hassle" since WiFi just works. Anyway, good to know my options.
Try https://www.amazon.com/dp/B01H6I3YGK.
Nice! Seems cheap enough to try out and return if it doesn't work well. Thanks!