Hi,
For a co-housing project we are looking for a solution.
Each user/resident logs in on the network using PPSK but must be able to use the TV/Chromecast/Sonos speaker in the common area to enjoy their own music/videos.
Each resident has its own private VLAN and the devices in the common room are in an IoT-Vlan.
Is it possible to make this work with the Balance 20x?
Check out Bonjour Forwarding, if you want to forward Multicast traffic between VLANs.
But would that solve te problem for sonos and chromecast? I’ve looked in to it briefly, and wasn’t able to figure it out in a short timespan
It doesn’t differentiate between Multicast traffic, so it should just pass all along when you set it correctly.
i’ve tried to implement this setup (Building Multi-Site Bonjour Networks with Bonjour Forwarding) but not using the vpn so only the bottom part.
but the users can not stream outside their VLAN. Am i overlooking something basic? or is this a rather complex matter?
Inside the VLAN config, you need to enable Inter VLAN traffic on all VLANs you want the Multicast forwarding to work.
When you see it works you can then harden the Local Firewall rules to ‘Block all traffic’ instead of ‘Allow all traffic’ and add rules above to allow VLAN traffic just within the same VLAN.
We have it setup with allowing source/destination in the same VLAN per VLAN.
Normal unicast traffic is now not passing through the different VLANs, but Multicast traffic is.
so the first part i understand and got working, but would the firewall rules not just block everything again. I have set it up like this:
but then it broke again. Have i locked it down to hard?
You’re almost there. The three block rules need to be removed. You need to set the default rule to Block all instead of Allow All, and then you’re set.
just did some testing and when the default rule is set to deny, it stops working. So don’t fully understand it.
I just checked where we have this working well:
The top rules are extra and forgot to mention those, so we allow the one device on the Workplace VLAN that’s on 10.3.0.2 to be able to send traffic to all VLANs that need access to this device and the other way around. But for us this was needed as there is no separate VLAN for this printer as it’s just one device didn’t want to make a whole VLAN for it. With these rules only that specific IP will be able to communicate with the other VLANs. If you want to go that route it’s best to make DHCP Reservations for static addressing.
But in your case you should be able to add extra rules to allow traffic from ppsk1 and ppsk2 to iot VLAN. You need extra rules on top that allows both VLANs to interact with iot VLAN.
this makes sense since we need to have traffic moving between those VLANs, will try it out soon
