Meraki Go with Sonos

NuP
Just browsing

Meraki Go with Sonos

Hello,

 

I have purchased a few Merki Go access points (Wifi 6).

Everything works fine however I need help with sonos configuration.

 

My case is this:

 

- I have 3 network configured in Meraki Go. One called "Admin", one called "Customers" and one called "IoT".

- I have several sonos speakers and I want my Customers to see/connect to only a few of them. Customers connect to the Wifi called Customers.

- I want my staff to see all the speakers when connected to the Admin wifi.

 

I have followed this:

https://documentation.meraki.com/Go/How_To_Guides/Configure_Meraki_Go_with_Sonos

 

Customers can see all the speakers though, not just the ones I want them to see.

 

Even if I connect some sonos speakers to IoT network and/or Admin, my Customers can see them all.

 

How do I configure everything so that it works the way I need it to?

 

many thanks,

Nunzio

11 REPLIES 11
Xydocq
A model citizen

Hello @NuP 

 

I am not sure if you can have that on Meraki Go.

 

Meraki Go offers a security feature when setting up a VLAN.

network - configure vlan - secure this network.png

This will block all traffic in and out from secured VLAN to all other VLANs.

 

@hidden0 said on another post: "In regards to your question about firewall rules in one direction between two VLANS: currently this is a feature request. However, I'm happy to say it is on our roadmap to be able to set custom L3 firewall rules. You can't do it today, but hopefully you can sooner rather than later. Right now we have the "Secure" toggle on the VLAN which automatically writes L3 firewall rules on the firewall to block any traffic to/from that VLAN on the LAN."

 

So in the future we might have the option to set own rules. But for now it's all or nothing.

 

So you could secure your Customers VLAN and they would only see the speakers on that VLAN, but Admin and IoT will not be able to explore those speakers. And I am not sure if this is available on GR-devices.

 

Configuring Wireless Address Translation will erase the ability to connect speakers to the guest-network. Meraki Go - Wireless Address Translation - Cisco Meraki 

 

Cheers

 

 

Hoamboy
Getting noticed

@Xydocq 

 

L3 firewall rules should be possible as of yesterday, no?

As usual, I just can't figure out where/how.

 

Hoamboy_0-1684229132158.png

 

Xydocq
A model citizen

@Hoamboy thank you for the information.

 

Where did you find the Version History?

 

My GX runs on Firmware 18.1.07, the number 2.87.0 points to the App-Version.

Hoamboy
Getting noticed

@Xydocq 

 

Go here: https://apps.apple.com/us/app/meraki-go/id1305210299 and click on 'Version History'.

 

This is also where I found 'Firmware update controls' and asked here where to find this:

https://community.meraki.com/t5/Questions-and-Answers/v2-84-Firmware-Update-Controls/m-p/192791

Xydocq
A model citizen

Thank you @Hoamboy 

 

I am using the app on android and its current Version is 2.86.0.

 

Guess we will have to wait and see what the next Firmware-Update to the GX will provide.

Hoamboy
Getting noticed

@Xydocq  Looks like 😉

 

I am just wondering - announcing changes in a changelog but not really being available.

Would be a good idea to set some "(available with next HW firmware update)" in that changelog as well...

Hoamboy
Getting noticed

Hallelujah - L3 firewall rules finally available with iOS app version 2.91.0 as of today 😊

 

Hoamboy_0-1686678022167.png

 

NuP
Just browsing

Thanks for your reply.

 

If I purchase the Meraki Go Router, will I be able to do this through the creation of VLAN or is this not going to work at all on the Meraki Go system?

 

Sorry I was not too clear on your reply.

 

Many thanks in advance

Xydocq
A model citizen

I am not sure if a Router will currently solve your problem to your full satisfaction. as mentioned in the earlier post when it comes to securing the VLAN.

 

You should be able to create different VLANs with the router and add WiFi-Networks to it. Meraki Go - Wired Networks (VLAN) - Cisco Meraki

 

Also helpful: Meraki Go GR10 access point and VLANs - The Meraki Community

 

 

 

 

hidden0
Meraki Alumni (Retired)
Meraki Alumni (Retired)

Hey @NuP and @Hoamboy!

 

The sonos speakers work at layer 2 for discovery. The guide you have linked is a tool to help users setup their wifi networks in a bridge mode, meaning they pass wifi traffic at layer 2 onto the switch, making the sonos devices discoverable. A guest mode or NAT mode wifi network would strictly prevent this.

 

That all being said, because the sonos speakers work at layer 2 - they are discovered by any devices on the same network. Let us assume the sonos speakers are on VLAN 100 - any device on VLAN 100 should be able to discover them. If you have a wifi network configured for VLAN 100, any wifi device connected to that wifi network would discover the sonos speakers. If you connect to a different VLAN on a different wifi connection, the devices would not be able to discover the speakers.

 

Unless Sonos has a way of multi-homing the network access and let certain speakers participate on certain networks, I don't think you can achieve precisely what you want.

 

You could connect a set of sonos speakers to the "customer" network, and make sure the wifi for customers only reaches these sonos speakers (and not others on another network). However, you couldn't get your 3rd bullet point of having staff see all speakers on one network connection without giving everyone the same level of access.

NuP
Just browsing

We have been using Google nest WiFi for a while and could easily assign the devices we want our customers to see when connected to the customer wifi.

It looks like the image below. We simply select what device(s) to show up on the Customer WiFi (all those devices are connected to the Admin wifi).

 

I can't believe with meraki Go there's no similar function?

 

Screenshot_20230516_165405_Home.jpg

 

We purchased Meraki Go as we were having some connectivity issues with the Google Mesh system but now it looks like Meraki Go is a step back for our needs?

 

Any way to implement this with a firmware update at least I really do not want to send back everything we purchased...

 

Many thanks!