0

I am new to network architecture so I apologize in advance for any nomenclature errors.

I have 50 IoT devices (running Ubuntu) that I want to stream significant data from. These devices are only connectable via WiFi.

The goal is to have all 50 devices connected to the main router/modem via ANOTHER device (such as a router). Let's call this middle device DEVICE X. My desired architecture is depicted in the attached imageDesired Architecture showing a subnet The advantage of a subnet here is that I will be able to take my subnet as a whole package and plug-and-play at other locations. For example, if I want to connect the 50 IOT devices at my school, I can bring the 50 devices + DEVICE X already configured with the subnet, and just plug in DEVICE X into the school's ethernet jack (assuming permissiveness) to get the 50 IOT devices online. I want to avoid having to re-configure the main router/modem (the school's in the case).

My questions are: 1.a. What device do I need to accomplish this? I was thinking an intermediary router but then I think that I need to setup IP Passthrough on the main router/modem. 1.b. If a router is the correct device to use here, will the ISP recognize traffic from 50 new devices or only 1 (the router)? 1.c. If a router is the correct device to use here, what kind of router do I need? I tried playing with Unifi (USG) but it was quite difficult and couldn't get it working. 2. Am I thinking about this incorrectly? 3. Should I just connect each IoT device individually DIRECTLY to the main router/modem instead, thus eliminating the need for DEVICE X?

Improve this question

1 Answer 1

Reset to default
0

You'll need a router or a layer-3 switch. Using VLANs would also be beneficial as it would enable you to provide ports connecting to either subnet anywhere. For a wireless network you need a wireless access point (WAP).

Your ISP does not take part in all that. For IPv4 you NAT your private addresses to the provided public address on your WAN router. Just make sure that router is configured with a static route to the IoT subnet through the additional router or L3 switch.

Also, you need to set up firewall rules to deny the IoT devices access to your LAN - which I assume is the whole point of the exercise - and to restrict their Internet access to exactly that which is required.

Additionally, 192.145.1.0/24 is not a private subnet that you can use freely. Do not use public addresses that you don't own. Use only addresses from RFC 1918 inside your private network: 192.168.0.0/16, 172.16.0.0/12 and 10.0.0.0/8.

Improve this answer
2
  • Thank you for that succinct answer! Great note on the private/public IP addresses as well. Suppose a 3-layer switch + WAP is used. Would this create difficulties with sshing into the individual IoT devices from outside of the sub network?
    – Michael Kaca
    Commented Jan 7 at 18:03
  • Not when those connections are permitted in the firewall rules/switch ACL.
    – Zac67
    Commented Jan 7 at 18:15

Not the answer you're looking for? Browse other questions tagged or ask your own question.