I need help with setting up an internet enabled network for Sonos
I've just moved to university and there's WiFi here, but with Sonos anyone would be able to control it - I'd like to setup my own network (hidden) for my devices and equipment (access to higher speed too).
There is an ethernet port, and from what I can gather, there's no sign in required.
What would I need to buy in order to setup a network to do this? Can I even do it?
Thanks :)
Re: I need help with setting up an internet enabled network for Sonos
You have two options:
1) Use the existing LAN but firewall your private bits
2) An private LAN
3) Manually isolate through networking
4) Completely off-grid
For whatever you do, you'll need a switch or wireless access point to allow your devices to communicate with each other.
Option 1:
If you plug this switch into your Uni's ethernet port, then all your devices should* be allocated IP addresses and Internet access from the university's network.
* There is a potential they do odd things like restrict the number of devices that can use a single port
As you say, this will likely allow anybody to access your stuff - there is possibly a degree of access control available to your through your devices, e.g. requiring a password to use their services - but you'd have to check this with Sonos or whatever else you're using. It's also still a little open for my liking, but I'm paranoid.
To restrict what outside your connection can access internally, you'll need a firewall. This sits inline between your switch and the port on the wall. You can configure this to allow your devices to talk out to the Internet, but block anything in. There's a couple of ways of doing this, but the simplest is probably using a cable/broadband router and setting it to act as a firewall. This is often done by putting your router into "bridge" mode, but you'd have to check with the individual product on how it's done and still get your firewall rules working.
Broadband routers are a bit naff for customising as they are overly "user-friendly", which means, quite the opposite. You'd be better off running something like pfSense, which is a free firewall/router distribution that can be run on any old computer. Personally, I have a "server" (old computer) that runs VMWare ESXi (free) and has two virtual machines, one is my media server and the other is my pfSense firewall - you need two network cards for this to work effectively.
Option 2
If you've gone to the effort of setting up pfsense, there is no reason why you should allow the university know that you're running other devices. You can treat them like your ISP at home and have your own private network and use NAT to communicate with the university (and out to the Internet).
Pfsense, or any other broadband router, will provide you with the services required to run your own network, which is at a minimum a DHCP service to give your devices addresses automatically. All you have to do is set your "LAN" interface to use a private address/network that is different from the private address that your university uses.
Given it's a university, I would bet it's using a 10.0.0.0 address space as it's the biggest private one. So you could easily use 192.168.*.* internally. Your router will then take care of NATing requests to your 10.* address.
Option 3
If this firewall melarky sounds complicated and requires expenditure that you don't want, you can manually assign all your devices an address that isn't routed by your university's LAN. e.g. by manually dishing out addresses to all your devices in the configuration and ensuring the default gateway isn't set.
The catch with this is, you won't be able to get out to the Internet, and other people could still access your stuff by adding their devices to the same subnet. This works through obscurity and isn't really secure.
Option 4
You could of course, go off-grid. If you're just playing local music and not using any Internet services, you can manually give your devices IP addresses, connect them up to a switch and just not connect that switch to your university's network. This is called an "air-gap" and provides the most security, as you physically have to connect to your network to access the resources.
Best choice
Personally, if I was in your position, I'd go with Option 2. It provides you with Internet access to all your devices, you can plug in as much as you like and the uni doesn't have any awareness of how much you've got linked up (why should they?).
You can also create VPN links with other students if you want to share your resources with specific people.
IPv6
All this above is entirely IPv4 networking. IPv6 doesn't support the concept of NAT so essentially everything can talk to everything. If IPv6 is in use then you have to use a firewall if you want to segregate things.
Currently there is little that requires IPv6, but your university could be being trendy and only offering services on IPv6, which would be a little tricky - but still workable with tunneling and proxies - but lets not worry about that unless needed eh?
Disable IPv6 on your devices to stop them from talking round the back of your NAT (if that's what you use).
Re: I need help with setting up an internet enabled network for Sonos
I was looking at the cheapest way of doing it - preferably by buying a portable router or something. However if I did this, would this allow others to control the equipment?
Re: I need help with setting up an internet enabled network for Sonos
Yes, get yourself a generic router. Set the WAN interface to get its address via DHCP. Set your LAN interface to use a different private network and plug your devices into the LAN ports on the router.
Re: I need help with setting up an internet enabled network for Sonos
I suspect somewhere there may be T&C's attached to the use of the wired connection. Might be best to see what's what before implementing anything.
Re: I need help with setting up an internet enabled network for Sonos
Go and have an intelligent conversation with the IT people before doing anything. Failure to do this will most likely get your network port or devices blocked as they'll probably detect that something odd is going on the other side of the socket.
But if it is possible, then plugging a router with a WAN port into the network socket sounds like the best option.
Re: I need help with setting up an internet enabled network for Sonos
Quote:
Originally Posted by
Dashers
Best choice
Personally, if I was in your position, I'd go with Option 2. It provides you with Internet access to all your devices, you can plug in as much as you like and the uni doesn't have any awareness of how much you've got linked up (why should they?).
Because
A. they are providing the service and
B. they might be concerned if someone person is hogging the bandwidth
C. concerned if someone is doing something unlawful with their network
But from a technical PoV using a broadban router will be the simplest and cheapest option if the T&Cs allow it. If not, just use an off grid system, assuming that you arenmt using an onl-line streaming service.
But read the T&Cs first.
Re: I need help with setting up an internet enabled network for Sonos
I'll just have the Sonos stuff hooked up to the TV in the living room (it's the Playbar) so it'll be for xbox, netflix and stuff like that. I'll have a chat with the guys in IT and see what I can do. I brought a HH5 with me to potentially help me set it all up.
Appreciate the response guys :)
Re: I need help with setting up an internet enabled network for Sonos
Also, I think I may have resolved it - I can setup the HH5 purely for Sonos, as the TV remote controls volume on the soundbar, and then use the TV for spotify (there's an app). Then use the optical cable to plug it into the TV.
Re: I need help with setting up an internet enabled network for Sonos
So I spoke to the IT department and they said I'm completely okay with having my own router. How would I go about making sure that only I can control the devices - would this be automatic if using say the HH5 as an access point?
Re: I need help with setting up an internet enabled network for Sonos
Yes, provided the HH can act as a bridge.
Basically, the University is your ISP, and the HH will provide NAT/DHCP services to create your own LAN. I don't know if HH5 has a VDSL modem built in though, or whether it is usually installed with a separate VDSL modem. If it needs a separate one, you are fine because the input will just be from the Uni network.
If it does have the modem built in, then that needs to be disabled so the HH just acts as a router.
Re: I need help with setting up an internet enabled network for Sonos
What would I be in search of in stead of using a HH5?
Re: I need help with setting up an internet enabled network for Sonos
Any basic router, but it shouldn't be a VDSL or ADSL device unless that can be disabled so it is used as a basic router. From personal experience, I know that Draytek do suitable devices, but they tend to be at the more expensive end of the market. The Draytek 2760 at £130 ish would do it, and could be used on a broadband line if when you move out of university accommodations.
https://www.amazon.co.uk/DrayTek-Wir...s=draytek+2760
Re: I need help with setting up an internet enabled network for Sonos
No need to spend lots of money on a fancy Draytek, one of these will do the job just as well for your needs: https://www.amazon.co.uk/gp/product/B001FWYGJS/ < £20
As I said before, set the WAN interface to DHCP, give your LAN interface an address on a different private network, and it'll all just work magically.
Re: I need help with setting up an internet enabled network for Sonos
Quote:
Originally Posted by
Dashers
No need to spend lots of money on a fancy Draytek, one of these will do the job just as well for your needs:
https://www.amazon.co.uk/gp/product/B001FWYGJS/ < £20
As I said before, set the WAN interface to DHCP, give your LAN interface an address on a different private network, and it'll all just work magically.
Looks OK, but I mentioned the Draytek because it is the only one I have direct personal experience with :)
Re: I need help with setting up an internet enabled network for Sonos
Don't get me wrong, Draytek product some excellent kit, but the OP did say "the cheapest way" - and Draytek don't do cheap :)