Dedicated Music VLAN

CrystalGipsy · February 21, 2021, 4:54pm

I was bored this morning so set myself a new project. Having managed network gear from Unifi I can very easily setup different dedicated networks or VLANs. I already have 3 separate ones, one for the main network and then one for Chromecasts and video stuff and the other for the rest of the IoT gear such as Alexa and Philips hue and harmony hubs. The latter VLAN is completely isolated from main network for security. Main Lan can talk to the IoT VLAN but not the other way.

Some believe that separating off audio gear from a busy network is beneficial for sq, I don’t adhere to that myself but as I was bored thought I would do it anyway as it’s so easy to do with Unifi kit due to it managment UI.

So I created a new VLAN network called Roon as its what I use to playback to everything, set up a new wireless network using same VLAN called Roon for the wireless music zones. On the Unifi switches that are used to connect to my Atom, Roon core and a pi based streamer set their respective ports to be the new VLAN and then rebooted them all. Next connect all the wireless zones to the new Roon SSID. Job done

All my control apps for Roon and the Naim app are on the normal network but can see and control all the devices on the audio VLAN thanks to the way Unifi manage their VLANs could isolate completely but then you cant control it without being on the same network which is not family friendly also I use the remote devices for other stuff on the normal network so it’s just not practical to keep switching networks so let Unifi manage this it’s effective and requires no input from me.

So now it’s done did I hear a miraculous change in SQ, of course not, but it might perform better in other ways and I won’t have the rest of the network including vpn for working from home getting in the way.

Anybody else done this? Did you find any benefit doing it?

Jack · February 21, 2021, 4:55pm

No but would like to…don’t currently have the right kit to support it. Need to replace my crappy PlusNet router to start with. I’ve used Juniper firewalls/routers and Draytek in the past but really need to look at something new with good VLAN support too.

CrystalGipsy · February 21, 2021, 5:07pm

Does the Plusnet not have a modem only mode?

Jack · February 21, 2021, 5:48pm

Not specifically although I could disable most features but would still need another router/firewall sitting behind with the more advanced features so thinking may as well change the unit out with for something with better functionality.

Are you using Unifi as you main router/firewall?

CrystalGipsy · February 21, 2021, 6:29pm

Yep full loom as it where . Virgin Hub 3 in modem mode to usg3, us860w as main switch off the router this feeds and powers two access points an AC Pro and AC Lite all via PoE. The n two ports run feeds via PoE again to standard us8 switches in each downstairs room one of which powers a subsequent AC lite access point via PoE. Have Nas and a few other devices off the main switch. Works brilliantly and all easily managed from their app or you can invest in a separate controller. Mine runs on my Nas , looking to get a separate controller so I can also run their home security stuff as well.

JonathanH · February 21, 2021, 10:32pm

I have all Ubiquiti too. It works really well. I recently swapped a USG 4 for the USG Dream Machine Pro. It was fairly expensive but it’s an excellent bit of kit. It does all the router stuff, runs the controller and has an 8TB hard drive that records from our 4 security cameras. All controllable/viewable by app. Great! I must explore a music only vlan as you’ve done.

n-lot · February 22, 2021, 8:22am

Another Unifi user here. I also have three, a main one, one for guests and IoT where all Chromecasts, smart devices (inc. Naim) etc. live.

Why did you choose to have Chromecast/video separate from the rest of the IoT?

CrystalGipsy · February 22, 2021, 11:02am

As it won’t work with Roon if fully isolated, nor can I use Plex properly. I have a number of Chromecast enabled devices for audio and video but I only use Chromecast for audio I use Plex as on my TV and Shield which are Android based and have Chromecast built in. So I left those as a video only Lan and it works fine. I am less concerned about those than the other stuff and cheap IoT gear. I dont activate Chromecast on the Atom at all.

It requires a lot more know how to get the isolated lan to work both ways and maintain the level of security than I have patience for. I tried for days to get it to work and couldn’t so decided on that plan.

PhilippVH · February 23, 2021, 8:23am

So you do any special QoS settings for the different VLANs? Eg prioritize the audio one?
Or just separate traffic broadcast wise?
(Except in cases of isolation.)

CrystalGipsy · February 23, 2021, 8:57am

No there is no need to prioritise one over the other. I have more than enough network and internet bandwidth.

I tried again to isolate the chromecasts last night but Roon could not play to them even though it sees them.

JonoB · February 23, 2021, 9:36am

I haven’t done so for my audio stuff - I’ll need to check that the Naim app works cross-VLANs. I have set up a separate VLAN for my IoT devices, and firewalled it from the rest of the network (i.e. it can see the internet, but not my internal networks), because I’m not overly impressed with security of IoT devices, and I didn’t like the idea of a heatpump controller being a conduit for my computers and NAS being trashed.

JonoB · February 23, 2021, 9:38am

Just VLAN’ing should be sufficient in the first instance, as it’ll reduce the broadcast domain. And if the only devices within the audio VLAN are audio devices (plus your firewall), you’ll at least know that the devices are supposed to be talking to eachother.

n-lot · February 23, 2021, 12:37pm

From memory it works better using mDNS repeater instead of a reflector, for which you’ll need to use the JSON config as the UI will enable the reflector. But it’s a while ago, so I might have had other reasons to configure it this way.

 "mdns" : {
     "repeater" : {
        "interface" : [
           "eth1",
           "eth1.50",
           "eth1.100"
        ]
     }
  }

n-lot · February 23, 2021, 12:43pm

It does, as my Naim stuff is on my IoT network. I’ve never seen a security fix from Naim appear, and between releases there’s 6 months… Possibly more often than for your heatpump, but still.

But I think it does rely on multicast which is always a pain to get to work right. (Why o why didn’t I just document things at the time I was setting it up.) So expect intermittent results and and an angry partner for a while while you’re figuring things out.

CrystalGipsy · February 23, 2021, 1:52pm

Never edited the json config. Where is this found?

n-lot · February 23, 2021, 3:34pm

The above would be nested under a ‘service’ section. So in it’s simplest form (untested):

{
"service": { 
  "mdns" : {
    "repeater" : {
      "interface" : [
        "eth1",
        "eth1.50",
        "eth1.100"
      ]
    }
  }
}

Obviously replace the interfaces with yours. The number after the dot is the VLAN.

n-lot · February 23, 2021, 3:37pm

So my LAN (default VLAN), Guest network (VLAN 50) and IoT network (VLAN 100). Yes, the guest network also gets some access to IoT devices in case you’re wondering.

CrystalGipsy · February 23, 2021, 9:36pm

I got it working without doing anything to the config file. Disabled IGMP Snooping and it worked. I found a video that goes through all the steps and he gave advise to turn it off as it can help with Chromecast issues and it has. Happy camper now.

n-lot · February 23, 2021, 10:50pm

Interesting, I have it enabled. Can you share the video or how to find it?

Things I’d still like to do is limit the multicast so only some devices can be used from the guest network.

CrystalGipsy · February 23, 2021, 11:09pm

This one is what I followed. https://youtu.be/vz3u6E3Fxi8