[tech] Announcing UCC-IoT, was Re: Extra devices network for IoT

James Arcus jimbo at ucc.asn.au
Sat Dec 7 15:46:52 AWST 2019 

Just a quick update on what needs doing:

  * Adding UCC-IoT to UniSFA AP `coromandel`

The changing of the UniSFA AP from `sharpchin` to `coromandel` was 
recorded in https://wiki.ucc.asn.au/ChangeLog but not on 
https://wiki.ucc.asn.au/Wifi, which is why I couldn't find it. VLAN 7 
needs to be trunked to the UniSFA port and the SSID added on the AP. The 
wifi docs also need to be updated further to reflect the new situation.

  * Firewalling the IoT subnet

Right now, traffic from the IoT subnet is not NATed and can't escape 
UCC, but it can freely communicate with other parts of the UCC network. 
Both of those need to be fixed, ideally, with outbound traffic from the 
IoT VLAN restricted.

If nothing more happens on that front, that'll be my project on Monday 
night. Anyone else who's interested in the IoT network is welcome to 
help out.

Cheers,

James [MPT]

On 3/12/19 1:37 am, James Arcus wrote:
> Hi all,
>
> I'd talked about doing it in person a few times, but tonight I finally
> got around to creating the start of our "IoT network".
>
> So far, this has involved trunking a new VLAN 7, provisioning a new
> subnet 192.168.22.0/24 with DHCP, and creating a pair of WPA2-PSK WLANs
> (UCC-IoT and UCC-IoT-5), broadcast from both the clubroom AP (smallwing)
> and the UWAnime AP (abe). At the moment, the VLAN is trunked to all the
> switches, the APs and Murasoi, nowhere else.
>
> At current, you can join the wifi network with the key and get both an
> IPv4 and a v6 address, but it doesn't route anywhere. The intention will
> be to keep access in and out fairly limited to what's needed. Wired
> ports can also be added to access VLAN 7 in their relevant switch configs.
>
> At the moment, DHCP is given freely out to anyone who joins. It's not
> final, merely what was easiest to set up and use for testing the new
> network. I'm imagining the next steps will be to finalise a DHCP and
> firewalling policy, and migrating the webcams across?
>
> As usual, the wifi passphrase in in uccpass, under UCC/other/IoT-wifi.
>
> Cheers,
>
> Jimbo [MPT]
>
> _______________________________________________
> List Archives: http://lists.ucc.asn.au/pipermail/tech
>
> Unsubscribe here: https://lists.ucc.gu.uwa.edu.au/mailman/options/tech/jimbo%40ucc.asn.au
-------------- next part --------------
An HTML attachment was scrubbed...
URL: https://lists.ucc.gu.uwa.edu.au/pipermail/tech/attachments/20191207/67e00fc0/attachment-0001.htm

More information about the tech mailing list