IoT devices static IP address strategy

molnart · May 14, 2021, 9:48pm

Finally i have set up a VLAN for my IoT devices, but got stuck when wanting to move them from the current LAN network. At the moment the IP addresses are just a mess and i think they need a clear structure, but i’m struggling to find the best one. I am considering the following options:

group IP addresses by rooms. So living room devices would be on 192.168.120.1x, office devices on 192.168.120.2x, etc.
group devices by type. So 192.168.120.1x for lights, 192.168.120.2x for thermostats, etc.

Also with either of the approaches what sequence should i use? I was considering using based on the physical location of the device, going from the top view of my house from south to north and west to east, bottom to up (e.g. a switch on the wall would have a lower ip address than a light on ceiling). However I may add new devices in the future, and in that case i need to renumber everything, keep space for future additions by utilizing just every 5th IP address (but in that case I need to reserve more 10-blocks for a single room).

I was also considering placing printed labels on each device with its IP and MAC address, but it would look stupid, especially on switches.

What is your best practice?

HeyImAlex · May 14, 2021, 10:50pm

I think you’re overthinking this. What happens if you add a device to one of your rooms and you end up with more devices than the allocated IP pool for that room allows ? Create a second range for it ? Welcome to the IP allocation hell the internet currently is

I just have a sequential list. Started with 10, which is the gateway. Every new device gets the next free IP on the list, regardless of where it is and what it does. I also add a row to an Excel spreadsheet with some more info about it (name, description, location, mac, login, notes, whatever). I don’t expect to get over 255 anytime soon, as most of my IoT stuff is not IP based. But if I overflow it, I’ll change the subnet from /24 to something else.

Tromperie · May 14, 2021, 11:05pm

You could just use subnet 18 and then have blocks as 192.168.0.xxx, 192.168.1.xxx, 192.168.2.xxx, etc.
This does, of course, depend on having a router that can handle a large number of connections and the address range. I use OPNsense on an x86 box.

Is the VLAN for any particular reason? If for security, blocking internet access, then OPNsense can do that easily.