Cloud Managed Networks

 View Only
last person joined: 2 days ago 

Forum to discuss all things related to HPE Aruba Networking Central and UXI Network Management, including deployment of managed networks, configuration, best practices, APIs, Cloud Guest, AIOps, Presence Analytics, and other included Applications
Back to discussions
Expand all | Collapse all

AOS10 + SONOS

This thread has been viewed 57 times

  • 1.  AOS10 + SONOS

    Posted Nov 24, 2023 10:16 AM

    Hi

    A customer of ours are having problems with SONOS after switching to AOS10. 
    They do have a smaller setup of Instant AP's running AOS8 systems, and on this setup the SONOS has no problems.

    AOS10 systems consist of newer AP-6xx and Aruba CX (6100) switches, wireless system was running 10.4.x but has later been upgraded to 10.5.x.
    SONOS system is connected to cable on 6100 switches on an access port with some vlan.

    There is a SSID with the same vlan, broadcast filter is set to disabled. This is usually the one thing you need to adjust in a AOS8 IAP setup if you are unable to locate streaming devices of some sort.
    Client connected to the SSID is using SONOS APP to try to find the SONOS system to control playback etc.
    The phone/APP is not able to find the SONOS speakers.
    He has added most services he was able to find in documentation and on Airheads, without this solving the problem.

    I was wondering if anybody has had any success in adding SONOS to AOS10 systems and are able to control it by using a APP on the phone. 
    All feedback is welcome

    Roar 



  • 2.  RE: AOS10 + SONOS

    MVP EXPERT
    Posted Nov 24, 2023 02:45 PM

    Sonos and other products like Chromecasts, Philips HUE use multicastDNS (mDNS) for discovery. You say your Sonos is wired in the same VLAN as your SSID which should be fine in my eyes. Disable broadcast filtering and multicast optimalisation. Maybe connect your Sonos also wireless to the same SSID without Wired.

    What is the user-role/acl that a wireless client get?

    Maybe you can share your CLI configuration?



    ------------------------------
    Marcel Koedijk | MVP Expert 2023 | ACEP | ACMP | ACCP | ACDP | Ekahau ECSE | Not an HPE Employee | Opinions are my own
    ------------------------------

    Original Message


  • 3.  RE: AOS10 + SONOS

    Posted Nov 27, 2023 07:03 AM

    Hi

    Yes as i wrote, disabling broadcast filtering is the way to go, on AOS8. But this is AOS10 and there is no cluster in the same way as AOS8, all AP's are standalone and Central is the VC.
    MTO and DMO is adisabled as well.

    Customer wants the SONOS on cable, and i will not argue about this, as this should work without the need to use only wireless.
    What he actually tells me is that when he sets this up for the first time, the system is work, the APP is able to find the SONOS.
    After a time, not sure how long, but i suspect it's short, system just disappears and the phone are unable to locate SONOS.
    If he setup the system from the beginning again, without tampering with the wifi, it will work for a time again.

    He even has a phone to wired network cable and this is working without problems. It's when he is using the AOS10 wifi it will break.
    So if any has any experience with AOS10 and SONOS, please update

    The role which the client receives is all open, no restrictions on this. The discovery will happen on layer-2 anyway, so this should not be affected in that way.

    He has opened a TAC, but they take their time with it.



    ------------------------------
    ------------------------------
    | ACMP | ACSP | ACCP | ACEP | ACNT |
    -Just your regular airhead-
    ------------------------------
    ------------------------------

    Original Message


  • 4.  RE: AOS10 + SONOS

    EMPLOYEE
    Posted Nov 28, 2023 03:43 AM
      |   view attached

    Hi, 

    I do have several Sonos devices and controllers (both wired and wireless) and have used AOS 10.3, 10.4 and 10.5 without issues. I do have broadcast filter disabled and also AirGroup disabled. wired and wireless are in the same VLAN.



    ------------------------------
    John Schaap ACEX#12
    ------------------------------

    Original Message


  • 5.  RE: AOS10 + SONOS

    Posted Nov 28, 2023 07:33 AM

    Hi John

    Great to hear a confirmation that the principle of the setup is working on AOS10. There should be no reason for this NOT working.
    Might of course be some differences related to different SONOS devices, but this is outside the Aruba sphere.

    He as added to much to the Airgroup system inside his Central, meaning that Airgroup has failed (not able to turn on), i have urged them to get this sorted by TAC.
    But broadcast filtering set to DISABLED should do the trick.

    I will rely this info to the guy having issues with this

    Roar



    ------------------------------
    ------------------------------
    | ACMP | ACSP | ACCP | ACEP | ACNT |
    -Just your regular airhead-
    ------------------------------
    ------------------------------

    Original Message


  • 6.  RE: AOS10 + SONOS

    MVP EXPERT
    Posted Nov 28, 2023 07:33 AM

    I don't have issues with chromecast and philips hue that also use mDNS multicast. Can you share your configuration in cli?




    Original Message


  • 7.  RE: AOS10 + SONOS

    Posted Nov 28, 2023 07:38 AM

    Hi mkk

    I will ask them if thats ok. I guess you still talk about AOS10, because on AOS8 i know it works, and the customer also are able to make it work in AOS8.

    Roar



    ------------------------------
    ------------------------------
    | ACMP | ACSP | ACCP | ACEP | ACNT |
    -Just your regular airhead-
    ------------------------------
    ------------------------------

    Original Message


  • 8.  RE: AOS10 + SONOS

    MVP EXPERT
    Posted Nov 28, 2023 12:46 PM

    I my setup i run two AP-515(RW) in bridgemode Aruba Central / AOS10.5.0.1.

    If he is able to share his configuration in CLI we can take look on it.




    Original Message


  • 9.  RE: AOS10 + SONOS

    Posted Dec 07, 2023 04:48 AM

    Hi

    Yes, after a bit of help from TAC, customer was able to solve the Airgroup problem. Too many servers was added and the Airgroup feature was unable to turn on/off. This has now been resolved.

    SONOS does not work yet, according to the customer, will at the current CLI output.

    version 10.5.0.0-10.5.0
    virtual-controller-country NO
    name XXXXXXXXXXXXXXXXXXXXXXXX
    terminal-access
    ntp-server 10.1.1.1
    clock timezone Amsterdam 01 00
    clock summer-time CEST recurring last sunday march 00:00 last sunday october 03:00
    rf-band 5.0
     
    snmp-server community aasdec2ssssssssssdasdf26asd3d
     
    syslog-level warn ap-debug 
    syslog-level warn network 
    syslog-level warn security 
    syslog-level warn system 
    syslog-level warn user 
    syslog-level warn user-debug 
    syslog-level warn wireless 
     
    deny-inter-user-bridging
     
     
    hash-mgmt-password
    hash-mgmt-user admin password hash **************************************************************************
     
     
    wlan access-list route "default policy"
     index 0
     rule any any any any match any any any redirect cluster
     
    wlan access-rule default_wired_port_profile
     index 0
     rule any any match any any any permit
     airslice-application-list zoom slack skype webex gotomeeting office365 dropbox amazon-aws github ms-teams
     monitoring-application-list zoom slack skype webex gotomeeting office365 dropbox amazon-aws github ms-teams
     
    wlan access-rule wired-SetMeUp
     index 1
     rule masterip 0.0.0.0 match tcp 80 80 permit
     rule masterip 0.0.0.0 match tcp 4343 4343 permit
     rule any any match udp 67 68 permit
     rule any any match udp 53 53 permit
     airslice-application-list zoom slack skype webex gotomeeting office365 dropbox amazon-aws github ms-teams
     monitoring-application-list zoom slack skype webex gotomeeting office365 dropbox amazon-aws github ms-teams
     
    wlan access-rule NETWORK2 
     utf8
     index 2
     rule any any match any any any permit
     airslice-application-list zoom slack skype webex gotomeeting office365 dropbox amazon-aws github ms-teams
     monitoring-application-list zoom slack skype webex gotomeeting office365 dropbox amazon-aws github ms-teams
     
    wlan access-rule NETWORK1
     utf8
     index 3
     rule any any match any any any permit
     airslice-application-list zoom slack skype webex gotomeeting office365 dropbox amazon-aws github ms-teams
     monitoring-application-list zoom slack skype webex gotomeeting office365 dropbox amazon-aws github ms-teams
     
    wlan ssid-profile NETWORK2 
     enable
     index 0
     type employee
     essid NETWORK2 
     utf8
     wpa-passphrase 8306bc253fc94969bc36216e6f426500dcb4db9c2e2e9170
     opmode wpa2-psk-aes
     max-authentication-failures 0
     vlan 80
     auth-server InternalServer
     rf-band 5.0
     captive-portal disable
     dtim-period 1
     broadcast-filter none
     g-min-tx-rate 6
     denylist
     dmo-channel-utilization-threshold 90
     local-probe-req-thresh 0
     max-clients-threshold 64
     dot11r
     wmm-uapsd-disable
     
    wlan ssid-profile NETWORK1
     enable
     index 1
     type employee
     essid NETWORK1
     utf8
     wpa-passphrase 1c6c5cf99a2039f252712e123d238a6901a9f6d06686896cd7849d096f0955724bb609dfc0c824b842eef5bfbe96af25
     opmode wpa2-psk-aes
     max-authentication-failures 0
     vlan 30
     auth-server InternalServer
     rf-band 5.0
     captive-portal disable
     dtim-period 1
     broadcast-filter all
     g-min-tx-rate 12
     a-min-tx-rate 12
     a-beacon-rate 12
     g-beacon-rate 12
     multicast-rate-optimization
     denylist
     dmo-channel-utilization-threshold 90
     local-probe-req-thresh 0
     max-clients-threshold 1024
     dot11r
     
    auth-survivability cache-time-out 24
     
    dpi
     
    url-visibility
     
    wlan external-captive-portal
     server localhost
     port 80
     url "/"
     auth-text ""
     auto-allowlist-disable
     https
     
    denylist-time 3600
    auth-failure-denylist-time 3600
     
     
    ids
     wireless-containment none
     infrastructure-detection-level high
     client-detection-level high
     infrastructure-protection-level high
     client-protection-level high
     
    wired-port-profile wired-SetMeUp
     switchport-mode access
     allowed-vlan all
     native-vlan guest
     no shutdown
     access-rule-name wired-SetMeUp
     speed auto
     duplex auto
     no poe
     type guest
     captive-portal disable
     no dot1x
     
    wired-port-profile default_wired_port_profile
     switchport-mode trunk
     allowed-vlan all
     native-vlan 1
     port-bonding
     no shutdown
     access-rule-name default_wired_port_profile
     speed auto
     duplex full
     no poe
     type employee
     captive-portal disable
     no dot1x
     
     
    enet0-port-profile default_wired_port_profile
     
    uplink
     preemption
     enforce none
     failover-internet-pkt-lost-cnt 10
     failover-internet-pkt-send-freq 30
     failover-vpn-timeout 180
     
    airgroup
     disable
     
    airgroupservice airplay
     disable
     id _airplay._tcp
     id _raop._tcp
     id _appletv-v2._tcp
     server-expiry 10
     
    airgroupservice airprint
     disable
     id _ipp._tcp
     id _pdl-datastream._tcp
     id _printer._tcp
     id _scanner._tcp
     id _http._tcp
     id _http-alt._tcp
     id _ipp-tls._tcp
     id _fax-ipp._tcp
     id _riousbprint._tcp
     id _ica-networking._tcp
     id _ptp._tcp
     id _canon-bjnp1._tcp
     id _ipps._tcp
     id _ica-networking2._tcp
     id _universal._sub._ipp._tcp
     id _universal._sub._ipps._tcp
     server-expiry 10
     
    airgroupservice AmazonTV
     disable
     id _amzn-wplay._tcp
     server-expiry 10
     
    airgroupservice DIAL
     disable
     id urn:dial-multiscreen-org:service:dial:1
     id urn:dial-multiscreen-org:device:dial:1
     server-expiry 10
     
    airgroupservice "DLNA Media"
     disable
     id urn:schemas-upnp-org:device:MediaServer:1
     id urn:schemas-upnp-org:device:MediaServer:2
     id urn:schemas-upnp-org:device:MediaServer:3
     id urn:schemas-upnp-org:device:MediaServer:4
     id urn:schemas-upnp-org:device:MediaRenderer:1
     id urn:schemas-upnp-org:device:MediaRenderer:2
     id urn:schemas-upnp-org:device:MediaRenderer:3
     id urn:schemas-upnp-org:device:MediaPlayer:1
     id urn:schemas-upnp-org:device:ZonePlayer:1
     id urn:schemas-upnp-org:service:AVTransport:1
     id urn:schemas-upnp-org:service:AlarmClock:1
     id urn:schemas-upnp-org:service:ConnectionManager:1
     id urn:schemas-upnp-org:service:ContentDirectory:1
     id urn:schemas-upnp-org:service:DeviceProperties:1
     id urn:schemas-upnp-org:service:GroupManagement:1
     id urn:schemas-upnp-org:service:GroupRenderingControl:1
     id urn:schemas-upnp-org:service:MusicServices:1
     id urn:schemas-upnp-org:service:RenderingControl:1
     id urn:schemas-upnp-org:service:SystemProperties:1
     id urn:schemas-upnp-org:service:ZoneGroupTopology:1
     server-expiry 10
     
    airgroupservice "DLNA Print"
     disable
     id urn:schemas-upnp-org:device:printer:1
     id urn:schemas-upnp-org:service:PrintBasic:1
     id urn:schemas-upnp-org:service:PrintEnhanced:1
     server-expiry 10
     
    airgroupservice googlecast
     disable
     id _googlecast._tcp
     id _96084372._sub._googlecast._tcp
     id _0f5096e8._sub._googlecast._tcp
     id _17608bc8._sub._googlecast._tcp
     id _233637de._sub._googlecast._tcp
     id _42b56469._sub._googlecast._tcp
     id _668e5548._sub._googlecast._tcp
     id _674a0243._sub._googlecast._tcp
     id _85cdb22f._sub._googlecast._tcp
     id _8da7527d._sub._googlecast._tcp
     id _8e6c866d._sub._googlecast._tcp
     id _ca5e8412._sub._googlecast._tcp
     id _cc1ad845._sub._googlecast._tcp
     server-expiry 10
     
    ipm
     enable
     
    clarity
     inline-sta-stats
     inline-auth-stats
     inline-dhcp-stats
     inline-dns-stats
     
    cluster-security
     allow-low-assurance-devices

    15:44

    Important: it is NETWORK2 that needs to connect Sonos speakers (not NETWORK1)
    (anonymized config a bit)



    ------------------------------
    ------------------------------
    | ACMP | ACSP | ACCP | ACEP | ACNT |
    -Just your regular airhead-
    ------------------------------
    ------------------------------

    Original Message


  • 10.  RE: AOS10 + SONOS

    Posted Jan 23, 2024 07:15 AM

    Hello

    I'm working on the same case now. With both Sonos and Client on different AP - it works fine, but not on the same AP.

    A setting that I believe is the culprit is this "deny-inter-user-bridging" which I can see in the show run, but for AOS10 there is no way to turn this off in Central like it is in AOS8. Not sure if this is by design or a bug, but hard to proceed when this is globally enabled.



    ------------------------------
    John-Egil Solberg |
    ACMX#316 | ACCX#902
    ------------------------------

    Original Message


  • 11.  RE: AOS10 + SONOS

    Posted Jan 23, 2024 09:32 AM

    Ok, problem solved.

    Issue is that "deny-inter-user-bridging" was a feature in earlier AOS10. When the devs removed that feature, they "forgot" to clean up this from the config in AP Groups that was created when this was a feature.. Factory-reset of an AP didn't solve this, so the config was still hidden in the Group config.

    So - on tip from our local SE Mr. Leirvik I created a new AP Group from scratch and moved the APs to this new Group. Voila - "deny-inter-user-bridging" was gone from the "show run"! Sonos and several other issues the customer had was instantly resolved. phew



    ------------------------------
    John-Egil Solberg |
    ACMX#316 | ACCX#902
    ------------------------------

    Original Message


  • 12.  RE: AOS10 + SONOS

    Posted Jan 24, 2024 05:23 PM

    Glad you found your solution but on a related thought...  Did your SE mention how if you're running a hotspot in a public use environment how you block guest from connection to or hacking each other in AOS10 without deny-inter-user-bridging?  If that is no longer a supported feature I will have to start pivoting a lot of edu clients to a different wireless solution before AOS9.x is depreciated. 

     

    Thanks for the update!

     




    Original Message


  • 13.  RE: AOS10 + SONOS

    Posted Jan 25, 2024 02:31 AM

    This setting I was talking about is a Global setting affecting all SSIDs. We do have this setting on a per-SSID basis called "Deny Intra VLAN Traffic". 

    "Disables intra VLAN traffic to enable the client isolation and disable all peer-to-peer communication" - read more about it here Configuring Client Isolation (arubanetworks.com)

    In addition to this we have ACLs on Roles, which I'm thinking you already use. Common is to deny rfc-1918 traffic and client to act as dhcp-server.



    ------------------------------
    John-Egil Solberg |
    ACMX#316 | ACCX#902
    ------------------------------

    Original Message


  • 14.  RE: AOS10 + SONOS

    Posted Jan 25, 2024 01:38 PM

    Gotcha,

    Thanks for the clearification!

     




    Original Message