]> Residential Network Mapping Model
hello@melisasavich.com
General Independent Submission Internet-Draft residential networks network mapping address planning device classification home networks home labs IoT surveillance Residential networks increasingly include managed routers, switches, wireless access points, home lab systems, smart home devices, surveillance devices, guest networks, and cloud-connected equipment. These devices are often added incrementally without a durable mapping model for addressing, classification, review, or troubleshooting. This document describes a lightweight residential network mapping model for IPv4 address planning and device classification. The model defines Network Categories, Addressing Priority, Trust Levels, Exposure Levels, device record fields, flat-network and segmented-network examples, and simple review and change-log practices. The motivation for this document is security awareness. A residential network map can help consumers understand what kinds of devices are on their network, which devices are trusted or restricted, which devices are reachable locally or remotely, and where personal or household data may flow. The model is intended for regular users and technically capable home administrators who need a practical way to organize residential, home lab, IoT, and surveillance networks without deploying enterprise network management systems.
Introduction Residential networks are no longer limited to a router, a few laptops, and a printer. Many homes now contain managed routers or firewalls, switches, wireless access points, smart home systems, surveillance systems, guest networks, home lab equipment, cloud-connected devices, and transient client devices. These environments often grow incrementally. A router is installed. A switch is added. A camera appears. A robotic cleaner joins the network. A guest network is enabled. A network-connected vehicle, EV charger, thermostat, streaming device, or appliance begins using an address. Over time, the administrator can lose track of which devices exist, which addresses are assigned, which devices should receive stable addresses, which devices are trusted, and which devices are reachable locally or remotely. This document describes a lightweight residential network mapping model that combines:
  • IPv4 address planning,
  • device classification,
  • addressing stability guidance,
  • trust posture,
  • exposure posture,
  • review practices, and
  • lightweight change tracking.
This document does not define a new protocol. It defines an operational mapping model that can be implemented as a worksheet, spreadsheet, Markdown document, database table, configuration record, or simple network mapping tool.
Terminology The following terms are used in this document.
Administrator:
The person or group responsible for maintaining the residential network and its mapping records.
Address Plan:
A documented allocation of IPv4 addresses or address ranges to Network Categories.
Addressing Priority:
A classification field that describes how stable a device's address assignment is expected to be.
Device Record:
A structured record describing a mapped network device.
Dynamic Address:
An IP address assigned by DHCP without a fixed reservation.
Exposure Level:
A classification field that describes how reachable a mapped device is expected to be.
Flat Network:
A network where multiple device classes share a common subnet, such as 192.0.2.0/24.
Network Category:
A logical network zone or administrative grouping. In segmented networks, a Network Category often maps to a VLAN, subnet, SSID, firewall zone, or equivalent control boundary. In flat networks, a Network Category can still be used as an administrative mapping label.
Residential Network Map:
A structured representation of devices, addresses, categories, and classification information for a residential network.
Segmented Network:
A network where devices are separated into multiple VLANs, subnets, SSIDs, firewall zones, or equivalent control boundaries.
Static Address:
An IP address manually configured on a device or otherwise fixed so that the device is expected to remain reachable at that address.
DHCP Reservation:
An IP address assigned by a Dynamic Host Configuration Protocol server to a specific device, typically based on a link-layer address.
Trust Level:
A classification field that describes the expected access posture of a mapped device.
Requirements Language The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", "SHOULD", "SHOULD NOT", "RECOMMENDED", "NOT RECOMMENDED", "MAY", and "OPTIONAL" in this document are to be interpreted as described in BCP 14 when, and only when, they appear in all capitals, as shown here.
Applicability This document applies to residential, home lab, and prosumer networks that include managed routing, switching, guest access, Internet of Things devices, and surveillance devices. The model is intended for networks where address planning and device classification are useful, but enterprise network management systems are unnecessary or impractical. This document is most applicable to:
  • residential networks with managed routing or switching,
  • home lab networks,
  • smart home networks,
  • residential IoT networks,
  • residential surveillance networks,
  • networks with guest access,
  • networks maintained by technically capable homeowners,
  • networks maintained by family members or informal administrators, and
  • networks maintained by residential technology consultants or integrators.
The examples in this document use IPv4 documentation addresses. A real residential deployment would normally use IPv4 private address space, including the address ranges described in . IPv6 mapping guidance is out of scope for this version of the document. This document is not limited to any router, firewall, wireless, surveillance, smart home, or home lab vendor.
Design Goals The mapping model described in this document has the following goals:
  • provide predictable address planning,
  • classify devices consistently,
  • distinguish network zones from trust and exposure posture,
  • identify devices that need stable addressing,
  • improve consumer awareness of the types of devices on the network,
  • help administrators recognize devices that may collect, transmit, or expose household data,
  • encourage review of devices with remote access or unknown classifications,
  • reduce address conflicts,
  • support troubleshooting,
  • support flat networks and segmented networks,
  • remain usable by regular home-network administrators,
  • avoid credential collection, and
  • provide a simple path from an informal worksheet to a structured map.
Non-Goals This document does not define:
  • a new Internet protocol,
  • a full enterprise IP address management system,
  • a firewall policy model,
  • a network monitoring system,
  • a credential vault,
  • an automated device discovery protocol,
  • IPv6 address planning,
  • residential audio/video system classification,
  • a complete zero trust architecture,
  • a vendor-specific configuration method, or
  • a replacement for professional network design or security assessment.
This document does not define firewall policy between Network Categories. Administrators can use Network Categories as inputs to firewall or segmentation policy, but those policies are out of scope for this document.
Mapping Model Overview A residential network map describes devices using four classification axes:
  • Network Category,
  • Addressing Priority,
  • Trust Level, and
  • Exposure Level.
These axes answer four different questions: The four classification axes answer these questions:
  • Network Category: Where does this device belong logically?
  • Addressing Priority: How stable does this device's address assignment need to be?
  • Trust Level: How much access should this device receive?
  • Exposure Level: How reachable is this device expected to be?
The following diagram shows the four classification questions used by the residential network mapping model. These axes are intentionally separate. For example, a device can belong to the IoT Network Category, have a Restricted Trust Level, and have a Remote Access Exposure Level. Similarly, a device can belong to the Main Network Category while still having a Restricted Trust Level if the administrator does not fully trust it.
Network Categories A Network Category represents the logical network zone or administrative grouping to which a device belongs. This document defines the following Network Categories:
  • Management,
  • Main,
  • Guest,
  • IoT,
  • Surveillance, and
  • Unknown.
In a segmented network, a Network Category often maps one-to-one to a VLAN, subnet, SSID, firewall zone, or equivalent control boundary. In a flat network, a Network Category can still be used as an administrative label for planning and documentation.
Management The Management category is used for devices and interfaces involved in administering or operating the network. Examples include:
  • router or firewall management interfaces,
  • switches,
  • wireless access points,
  • network controllers,
  • local network management systems, and
  • administrative appliances.
Devices in this category commonly require stable addressing.
Main The Main category is used for trusted household or primary user devices. Examples include:
  • personal laptops,
  • desktop computers,
  • phones,
  • tablets,
  • trusted printers,
  • trusted storage devices, and
  • other regular household devices.
The Main category is commonly associated with the primary LAN or primary trusted Wi-Fi network.
Guest The Guest category is used for visitor, temporary, or contractor devices. Examples include:
  • visitor phones,
  • visitor laptops,
  • contractor devices, and
  • temporary devices that should not be treated as trusted household devices.
IoT The IoT category is used for smart home, appliance, embedded, cloud-connected, or lower-trust connected devices. Examples include:
  • smart thermostats,
  • robotic cleaners,
  • smart speakers,
  • appliances,
  • lighting bridges,
  • smart plugs,
  • EV chargers,
  • connected vehicles,
  • sensors, and
  • vendor-managed smart devices.
Surveillance The Surveillance category is used for physical monitoring and video security devices. Examples include:
  • IP cameras,
  • network video recorders,
  • video door stations,
  • camera bridges,
  • intercom cameras, and
  • other monitoring devices.
The Surveillance category is intentionally narrower than a general "Security" category. A general Security category can become ambiguous because it could include firewalls, alarm panels, door locks, cameras, identity systems, endpoint security tools, or access control systems.
Unknown The Unknown category is used for devices that have been discovered but not yet classified. The Unknown category is intended as a temporary holding category by default. Devices SHOULD NOT remain in the Unknown category indefinitely without review. If a device remains Unknown for an extended period, the Notes field SHOULD explain why the device has not been reclassified.
Addressing Priority Addressing Priority describes the addressing stability expected for a mapped device. This document defines the following Addressing Priority values:
  • Static Required,
  • Reservation Recommended, and
  • Dynamic Acceptable.
Static Required Static Required means the device needs predictable addressing. A static address or a functionally equivalent fixed assignment is expected. This value is appropriate when loss of address predictability can disrupt administration, routing, switching, surveillance, automation, or core network operation. Examples include:
  • router or firewall management interfaces,
  • switches,
  • wireless access points,
  • network controllers,
  • network video recorders, and
  • other devices that must remain reachable for troubleshooting.
Reservation Recommended Reservation Recommended means the device should receive a stable DHCP reservation when practical, but the network can tolerate temporary dynamic assignment. This value is appropriate for devices that are easier to maintain when their address is stable, but that are not core network infrastructure. Examples include:
  • cameras,
  • printers,
  • smart home hubs,
  • robotic cleaners,
  • EV chargers, and
  • devices commonly accessed from applications or local dashboards.
Dynamic Acceptable Dynamic Acceptable means the device can use ordinary DHCP without a fixed reservation. This value is appropriate for devices that do not require a predictable address. Examples include:
  • ordinary phones,
  • laptops,
  • tablets,
  • guest devices, and
  • transient devices.
Trust Levels Trust Level describes the expected access posture of a mapped device. This document defines the following Trust Levels:
  • Management,
  • Trusted,
  • Restricted,
  • Guest, and
  • Unknown.
Management The Management Trust Level is used for devices or interfaces that administer, control, or operate network infrastructure. Examples include router management interfaces, switch management interfaces, wireless controller interfaces, and network administration systems.
Trusted The Trusted Trust Level is used for known household or primary user devices that are expected to have ordinary access to the Main network. Examples include trusted laptops, phones, tablets, and workstations.
Restricted The Restricted Trust Level is used for known devices that should receive limited access compared with Trusted devices. Examples include IoT devices, surveillance devices, appliances, smart home devices, and devices with unclear update or security posture.
Guest The Guest Trust Level is used for visitor or temporary devices.
Unknown The Unknown Trust Level is used when the trust posture of a device has not yet been determined. Devices SHOULD NOT remain Unknown indefinitely without review.
Exposure Levels Exposure Level describes how reachable a mapped device is expected to be. This document defines the following Exposure Levels:
  • Internal Only,
  • Local Shared,
  • Remote Access,
  • Internet Exposed, and
  • Unknown.
Internal Only Internal Only is used for devices that should only be reachable for device-specific operation or administration. Examples include switches, management interfaces, and cameras that should not be accessed directly by ordinary client devices.
Local Shared Local Shared is used for devices that provide services to other devices on the local network. Examples include printers, storage devices, shared controllers, local media services, or devices intentionally discoverable by trusted local clients.
Remote Access Remote Access is used for devices that are reachable from outside the local network through a controlled method, such as a vendor cloud service, VPN, managed remote access feature, or remote management application.
Internet Exposed Internet Exposed is used for devices that are directly reachable from the public Internet or through an explicit port forwarding rule. This document does not define port-forwarding record fields. The Internet Exposed value is intended only to help regular administrators identify that a device has public exposure.
Unknown Unknown is used when reachability has not yet been verified. Devices SHOULD NOT remain Unknown indefinitely without review.
Classification Consistency A mapped device can have classifications that appear unusual. For example, a device can belong to the IoT Network Category while having a Remote Access Exposure Level, or a device in the Main Network Category can have a Restricted Trust Level. When classification fields appear to conflict, administrators SHOULD review whether the device belongs in the correct Network Category and whether the Trust Level or Exposure Level accurately reflects how the device is used. Unusual classifications MAY be valid, but the Notes field SHOULD explain the reason.
Classification Examples The following examples illustrate how the four classification axes can be applied.
  • router-1
    • Network Category: Management
    • Addressing Priority: Static Required
    • Trust Level: Management
    • Exposure Level: Remote Access
    • Notes: Primary gateway with administrative access.
  • switch-1
    • Network Category: Management
    • Addressing Priority: Static Required
    • Trust Level: Management
    • Exposure Level: Internal Only
    • Notes: Main switch.
  • phone-1
    • Network Category: Main
    • Addressing Priority: Dynamic Acceptable
    • Trust Level: Trusted
    • Exposure Level: Local Shared
    • Notes: Trusted household device.
  • camera-1
    • Network Category: Surveillance
    • Addressing Priority: Reservation Recommended
    • Trust Level: Restricted
    • Exposure Level: Internal Only
    • Notes: IP camera.
  • nvr-1
    • Network Category: Surveillance
    • Addressing Priority: Static Required
    • Trust Level: Restricted
    • Exposure Level: Remote Access
    • Notes: Network video recorder.
  • robotic-cleaner-1
    • Network Category: IoT
    • Addressing Priority: Dynamic Acceptable
    • Trust Level: Restricted
    • Exposure Level: Remote Access
    • Notes: Vendor app access.
  • guest-phone-1
    • Network Category: Guest
    • Addressing Priority: Dynamic Acceptable
    • Trust Level: Guest
    • Exposure Level: Local Shared
    • Notes: Visitor device.
  • unknown-1
    • Network Category: Unknown
    • Addressing Priority: Dynamic Acceptable
    • Trust Level: Unknown
    • Exposure Level: Unknown
    • Notes: Needs review.
Device Records A mapped device SHOULD have a device record. A device record SHOULD contain the following fields: The device record fields are listed below in their canonical order.
Hostname:
Required. A human-readable hostname, device hostname, or administrator-assigned label.
IP Address:
Required. The assigned IPv4 address.
MAC Address:
Recommended. The link-layer address used for identification or DHCP reservation.
Manufacturer:
Recommended. The device manufacturer or vendor.
Network Category:
Required. One of Management, Main, Guest, IoT, Surveillance, or Unknown.
Addressing Priority:
Required. One of Static Required, Reservation Recommended, or Dynamic Acceptable.
Trust Level:
Required. One of Management, Trusted, Restricted, Guest, or Unknown.
Exposure Level:
Required. One of Internal Only, Local Shared, Remote Access, Internet Exposed, or Unknown.
Notes:
Optional. Location, purpose, firmware, switch port, owner, review note, or other context.
This document does not define a separate device-type taxonomy. Device type can be recorded in freeform Notes or implementation-specific metadata when useful. This document also does not define credential fields. Administrators SHOULD NOT store credentials in the residential network map.
Credential Guidance The network map defined by this document does not include credential fields. Administrators SHOULD store credentials in a password manager or other credential management system rather than in the network map. Administrators MUST NOT store plaintext passwords in a published or shared residential network map. If a separate credential system is used, the network map MAY note that a credential exists elsewhere, but it SHOULD NOT include the credential itself, password hints, recovery answers, multi-factor recovery codes, or shared secrets.
Flat Networks and Segmented Networks The Network Categories defined by this document can be used in both flat and segmented residential networks. In a flat network, all devices may share a single subnet, such as 192.0.2.0/24. In this case, Network Categories are administrative labels that help the administrator plan addresses and classify devices. In a segmented network, Network Categories can map to VLANs, subnets, SSIDs, firewall zones, or equivalent control boundaries. For example, Management, Main, Guest, IoT, Surveillance, and Unknown can each map to a separate VLAN and subnet. This document does not require segmentation. A residential network map can begin as a flat-network planning tool and later evolve into a segmented design.
Flat-Network Address Planning In a flat network, Network Categories can be mapped to ranges within a single subnet. The following example uses 192.0.2.0/24, which is reserved for documentation examples. Example flat-network ranges:
  • Management: 192.0.2.1-192.0.2.19
    • Router, firewall, switches, access points, and management interfaces.
  • Main: 192.0.2.20-192.0.2.99
    • Trusted household devices.
  • IoT: 192.0.2.100-192.0.2.159
    • Smart home devices, hubs, sensors, appliances, and cloud-connected devices.
  • Surveillance: 192.0.2.160-192.0.2.199
    • Cameras, network video recorders, and door stations.
  • Guest: 192.0.2.200-192.0.2.239
    • Guest DHCP pool.
  • Unknown: 192.0.2.240-192.0.2.254
    • Temporary holding range for unclassified devices.
In a /24 network, the .0 address is the network address and the .255 address is the broadcast address. These addresses MUST NOT be assigned to hosts. The ranges in this section are examples only. Administrators can choose different ranges based on network size, router capabilities, existing address assignments, or operational preference.
Segmented-Network Address Planning In a segmented network, Network Categories can map to VLANs, subnets, SSIDs, firewall zones, or equivalent control boundaries. The following example uses one documentation subnet slice per Network Category. A real deployment would normally use private IPv4 subnets. Example segmented-network layout:
  • Management
    • VLAN: 10
    • Subnet: 192.0.2.0/28
    • Notes: Router, firewall, switches, access points, and management interfaces.
  • Main
    • VLAN: 20
    • Subnet: 192.0.2.16/28
    • Notes: Trusted household devices.
  • IoT
    • VLAN: 30
    • Subnet: 192.0.2.32/28
    • Notes: Smart home devices, hubs, sensors, appliances, and cloud-connected devices.
  • Surveillance
    • VLAN: 40
    • Subnet: 192.0.2.48/28
    • Notes: Cameras, network video recorders, and door stations.
  • Guest
    • VLAN: 50
    • Subnet: 192.0.2.64/28
    • Notes: Guest devices.
  • Unknown
    • VLAN: 99
    • Subnet: 192.0.2.80/28
    • Notes: Unclassified devices pending review.
This document does not define firewall policy between these categories.
Review Guidance A residential network map SHOULD be reviewed when meaningful network changes occur. Examples of meaningful changes include:
  • adding or removing a device,
  • changing a device address,
  • creating or removing a DHCP reservation,
  • moving a device to a different Network Category,
  • changing a device Trust Level,
  • changing a device Exposure Level,
  • adding a guest network,
  • adding an IoT device,
  • adding a surveillance device,
  • replacing the router or firewall,
  • replacing a switch, and
  • replacing an access point.
Administrators SHOULD also review the map periodically to identify unknown devices, outdated records, and devices that no longer match their intended classification. This document does not define a fixed review interval. A review interval can be selected based on the size, complexity, and risk of the network.
Change Log A residential network map SHOULD include a lightweight change log. The change log helps administrators understand when meaningful network changes occurred and why they were made. A change log entry SHOULD include: A change log entry SHOULD include:
  • Date: The date of the change.
  • Change: What changed.
  • Reason: Why the change was made.
Example:
  • 2026-06-04
    • Change: Added IoT Network Category.
    • Reason: Smart home devices needed separate classification.
  • 2026-06-08
    • Change: Reserved address for main switch.
    • Reason: Switch should remain reachable for troubleshooting.
  • 2026-06-12
    • Change: Moved unknown device to Guest.
    • Reason: Device was identified as a visitor phone.
Troubleshooting Uses The mapping model is intended to support ordinary troubleshooting.
Address Conflicts When an address conflict is suspected, an administrator can:
  1. check the residential network map for the assigned device,
  2. check router or firewall client lists,
  3. check DHCP lease records,
  4. compare the observed MAC address with the mapped MAC address,
  5. identify duplicate static assignments or reservation conflicts,
  6. correct the assignment, and
  7. update the map.
Unknown Devices When an unknown device is discovered, an administrator can:
  1. record the IP address,
  2. record the host name if available,
  3. record the MAC address if available,
  4. record the manufacturer if available,
  5. classify the device as Unknown,
  6. investigate the device,
  7. reclassify the device when identified, and
  8. add a note if the device remains Unknown.
Unreachable Devices When a mapped device is unreachable, an administrator can check:
  1. whether the device is powered on,
  2. whether the device is connected to the expected network,
  3. whether the device address changed,
  4. whether the device appears in the router or firewall client list,
  5. whether the mapped MAC address matches the observed MAC address,
  6. whether the device moved to a different Network Category, and
  7. whether recent changes explain the issue.
Privacy Considerations A completed residential network map can reveal sensitive operational details. Examples include:
  • internal addressing,
  • host names,
  • MAC addresses,
  • device manufacturers,
  • network categories,
  • trust posture,
  • exposure posture,
  • camera or surveillance device presence,
  • smart home device presence,
  • guest network structure,
  • management infrastructure, and
  • maintenance patterns.
Completed maps SHOULD be protected from unauthorized access. Administrators SHOULD consider:
  • encrypted storage,
  • restricted sharing,
  • secure backups,
  • redaction before vendor sharing,
  • removal of sensitive fields before publication, and
  • avoiding publication of real host names, MAC addresses, or locations.
Public examples SHOULD use fictitious MAC addresses, fictitious host names, and non-sensitive device descriptions.
Security Considerations The practices described in this document can improve residential network manageability and consumer security awareness, but they can also concentrate sensitive information into one artifact. A residential network map can help an administrator identify devices that may affect privacy or security, including devices that collect video, audio, location, usage, occupancy, or behavioral data. It can also help identify devices that rely on remote access, vendor cloud services, or unclear connectivity patterns. This document does not attempt to define where each device sends data or whether a device's data handling is acceptable. Instead, it provides a simple structure that can help consumers notice which classes of devices exist on the network and which devices deserve further review. If an attacker obtains a completed residential network map, the attacker may gain insight into device roles, management interfaces, internal addressing, device manufacturers, device trust posture, device exposure posture, and possible privacy-sensitive device categories. Administrators MUST NOT store plaintext passwords in the map. Administrators SHOULD restrict access to completed maps. Administrators SHOULD avoid sharing maps that contain real MAC addresses, host names, device locations, or other sensitive operational details unless sharing is necessary and appropriately controlled. Administrators SHOULD review Unknown devices, devices marked Internet Exposed, and devices marked Remote Access. Administrators SHOULD pay particular attention to IoT and Surveillance devices because these devices may collect or transmit household data that users do not routinely inspect. Administrators SHOULD update the map after meaningful network changes. Security considerations for protocol design are discussed more generally in . Although this document does not define a protocol, the same general discipline applies: operational guidance should identify risks and mitigations clearly.
IANA Considerations This document has no IANA actions.
References Normative References Address Allocation for Private Internets This document describes address allocation for private internets. This document specifies an Internet Best Current Practices for the Internet Community, and requests discussion and suggestions for improvements. Key words for use in RFCs to Indicate Requirement Levels In many standards track documents several words are used to signify the requirements in the specification. These words are often capitalized. This document defines these words as they should be interpreted in IETF documents. This document specifies an Internet Best Current Practices for the Internet Community, and requests discussion and suggestions for improvements. Ambiguity of Uppercase vs Lowercase in RFC 2119 Key Words RFC 2119 specifies common key words that may be used in protocol specifications. This document aims to reduce the ambiguity by clarifying that only UPPERCASE usage of the key words have the defined special meanings. Informative References Guidelines for Writing RFC Text on Security Considerations All RFCs are required to have a Security Considerations section. Historically, such sections have been relatively weak. This document provides guidelines to RFC authors on how to write a good Security Considerations section. This document specifies an Internet Best Current Practices for the Internet Community, and requests discussion and suggestions for improvements.
Example Network Map The following example illustrates how the Network Categories defined in this document can be represented as a residential network map. The diagram is illustrative only. It does not define required topology, firewall policy, routing behavior, or permitted communication between categories. In a flat-network implementation, the same categories can be represented as ranges inside a single subnet instead of separate VLANs or subnets.
Example Device Records The following tables provide realistic but sanitized example device records for a residential, home lab, IoT, and surveillance network. The IP addresses are documentation addresses and are not intended for deployment. The fields are listed in the canonical order defined by this document.
Router
Field Value
hostname router-1
ip_address 192.0.2.1
mac_address 00:00:5E:00:53:01
manufacturer Example Router Vendor
network_category Management
addressing_priority Static Required
trust_level Management
exposure_level Remote Access
notes Primary gateway
Switch
Field Value
hostname switch-1
ip_address 192.0.2.10
mac_address 00:00:5E:00:53:10
manufacturer Example Switch Vendor
network_category Management
addressing_priority Static Required
trust_level Management
exposure_level Internal Only
notes Main switch
Wireless Access Point
Field Value
hostname ap-1
ip_address 192.0.2.11
mac_address 00:00:5E:00:53:11
manufacturer Example Wireless Vendor
network_category Management
addressing_priority Static Required
trust_level Management
exposure_level Internal Only
notes Wireless access point
Smart Display
Field Value
hostname smart-tv-1
ip_address 192.0.2.50
mac_address 00:00:5E:00:53:50
manufacturer Samsung Electronics
network_category IoT
addressing_priority Reservation Recommended
trust_level Restricted
exposure_level Local Shared
notes Smart display or television
Camera
Field Value
hostname camera-1
ip_address 192.0.2.64
mac_address 00:00:5E:00:53:64
manufacturer Hikvision
network_category Surveillance
addressing_priority Reservation Recommended
trust_level Restricted
exposure_level Internal Only
notes IP camera
Robotic Cleaner
Field Value
hostname robotic-cleaner-1
ip_address 192.0.2.100
mac_address 00:00:5E:00:53:70
manufacturer Espressif
network_category IoT
addressing_priority Dynamic Acceptable
trust_level Restricted
exposure_level Remote Access
notes Robotic cleaner or embedded smart device
Phone
Field Value
hostname phone-1
ip_address 192.0.2.106
mac_address 00:00:5E:00:53:71
manufacturer Unknown
network_category Main
addressing_priority Dynamic Acceptable
trust_level Trusted
exposure_level Local Shared
notes Trusted personal mobile device
EV Charger
Field Value
hostname ev-charger-1
ip_address 192.0.2.138
mac_address 00:00:5E:00:53:72
manufacturer Tesla
network_category IoT
addressing_priority Reservation Recommended
trust_level Restricted
exposure_level Remote Access
notes EV charging equipment
Connected Vehicle
Field Value
hostname vehicle-1
ip_address 192.0.2.143
mac_address 00:00:5E:00:53:73
manufacturer Tesla
network_category IoT
addressing_priority Dynamic Acceptable
trust_level Restricted
exposure_level Remote Access
notes Connected vehicle
Streaming Device
Field Value
hostname streaming-device-1
ip_address 192.0.2.145
mac_address 00:00:5E:00:53:74
manufacturer Apple
network_category IoT
addressing_priority Dynamic Acceptable
trust_level Restricted
exposure_level Local Shared
notes Streaming device
Robotic Vacuum
Field Value
hostname robotic-cleaner-2
ip_address 192.0.2.150
mac_address 00:00:5E:00:53:75
manufacturer Roborock
network_category IoT
addressing_priority Dynamic Acceptable
trust_level Restricted
exposure_level Remote Access
notes Robotic vacuum
Guest Phone
Field Value
hostname guest-phone-1
ip_address 192.0.2.230
mac_address 00:00:5E:00:53:76
manufacturer Unknown
network_category Guest
addressing_priority Dynamic Acceptable
trust_level Guest
exposure_level Local Shared
notes Visitor device
Unknown Device
Field Value
hostname unknown-1
ip_address 192.0.2.245
mac_address 00:00:5E:00:53:77
manufacturer Unknown
network_category Unknown
addressing_priority Dynamic Acceptable
trust_level Unknown
exposure_level Unknown
notes Needs review
CSV Representation A comma-separated values representation MAY use the following header. It is shown across multiple lines for readability. Example records are shown below with one field per line. A CSV implementation would place each record on a single row.
JSON Representation A JSON representation MAY use one object per mapped device. The following field names are defined: The following fields are defined, in canonical order.
hostname:
String. Human-readable hostname, device hostname, or administrator-assigned label.
ip_address:
String. Assigned IPv4 address.
mac_address:
String. Link-layer address used for identification or DHCP reservation.
manufacturer:
String. Device manufacturer or vendor.
network_category:
String. Logical network category or zone.
addressing_priority:
String. Addressing stability expectation.
trust_level:
String. Expected trust posture.
exposure_level:
String. Expected reachability posture.
notes:
String. Freeform operational notes.
The network_category field SHOULD use one of the following values:
  • Management,
  • Main,
  • Guest,
  • IoT,
  • Surveillance, or
  • Unknown.
The addressing_priority field SHOULD use one of the following values:
  • Static Required,
  • Reservation Recommended, or
  • Dynamic Acceptable.
The trust_level field SHOULD use one of the following values:
  • Management,
  • Trusted,
  • Restricted,
  • Guest, or
  • Unknown.
The exposure_level field SHOULD use one of the following values:
  • Internal Only,
  • Local Shared,
  • Remote Access,
  • Internet Exposed, or
  • Unknown.
Example: