Industrial IoT Gateway (Field-to-Cloud) Using Dual-Port SP23
A dual-port IIoT gateway using SP2302's built-in Ethernet for cloud and WIZ850io W5500 via SPI for isolated Modbus field device communication.
WIZnet - WIZ850io
x 1
WIZnet - W5500
x 1
Dual-Ethernet IIoT Gateway for Field-to-Cloud — SP2302 + WIZ850io
A Field-to-Cloud IIoT gateway that uses SP2302's built-in Ethernet (eth0) for cloud connectivity and a WIZ850io (W5500) SPI port (eth1) for isolated Modbus TCP field device collection.
Background: Connecting Legacy Industrial Equipment to the Cloud
Factories, energy facilities, and infrastructure sites still rely heavily on PLCs, sensors, and legacy controllers that communicate over Modbus. These devices are designed for stable local network operation — they have no native support for IoT protocols, cloud APIs, or secure Internet access.
Connecting them directly to the Internet creates security risks. Handling protocol translation purely in software makes network isolation difficult. A gateway with two physically separate Ethernet interfaces solves this problem at the architectural level.
This project implements that structure using WIZnet's SP2302 and WIZ850io (W5500) module.
WIZnet's Role
Two WIZnet products serve distinct roles in this project:
| Product | Port | Role |
|---|---|---|
| SP2302 built-in Ethernet | eth0 | Cloud connectivity (Internet-facing) |
| WIZ850io (W5500) via SPI | eth1 | Field device collection (Modbus TCP) |
SP2302 — Linux-Based Dual-Ethernet SBC
The SP2302 is a Cortex-A5 Linux SBC with a built-in Ethernet port. eth0 connects to the Internet via DHCP or static IP and handles communication with cloud brokers such as Adafruit IO, AWS IoT, or private MQTT endpoints.
WIZ850io (W5500) — SPI Ethernet Expansion
WIZ850io is a compact Ethernet module based on the W5500 chip, connected to the SP2302 via SPI and registered as eth1. This port is assigned a static IP (e.g., 192.168.2.50) and isolated on a dedicated field device network. W5500's hardwired TCP/IP stack handles all protocol processing without burdening the host CPU.
How It Works: Field-to-Cloud Data Flow
[Modbus TCP Device / PLC]
│ 192.168.2.x (local field network)
[eth1 / WIZ850io W5500]
│ SPI
[SP2302]
│ pymodbus reads registers (every 5 seconds)
│ paho-mqtt publishes to cloud
[eth0 / SP2302 built-in Ethernet]
│ 192.168.1.x (Internet)
[Adafruit IO / AWS IoT / MQTT Broker]
Software stack:
| Layer | Component |
|---|---|
| OS | Linux (Netplan network configuration) |
| Field communication | pymodbus (Modbus TCP client) |
| Cloud communication | paho-mqtt (MQTT client) |
| Security | UFW firewall — separate rules for eth0/eth1 traffic |
| Data interval | Modbus register read → MQTT publish every 5 seconds |
The key design principle is network isolation. eth1 accepts inbound traffic only from the field subnet (192.168.2.0/24), while eth0 handles outbound cloud communication exclusively. UFW firewall rules prevent direct traffic between the two networks, ensuring that a security incident on the cloud side cannot reach field devices.
Why This Project Stands Out
- Dual WIZnet configuration: Running SP2302's built-in Ethernet and a W5500 SPI Ethernet simultaneously in a single system — each assigned a distinct role — is a clean reference for multi-interface WIZnet deployments.
- Ethernet separation as a security architecture: This is not just port expansion. It applies physical interface separation as a deliberate IIoT security design pattern.
- End-to-end Linux + WIZnet pipeline: A complete Field-to-Cloud implementation combining pymodbus, paho-mqtt, and UFW on a WIZnet Linux SBC.
Use Cases
- Protocol expansion: The same dual-port structure supports OPC-UA, BACnet, DNP3, and other industrial protocols by swapping out the field-side library.
- Cloud flexibility: Switching from Adafruit IO to AWS IoT Core, Azure IoT Hub, or a private MQTT broker requires only configuration changes.
- Multiple field devices: W5500's 8-socket architecture allows polling multiple Modbus devices simultaneously.
- ODM/OEM applications: Growing demand for legacy equipment connectivity in manufacturing, energy, and building automation makes this a repeatable reference design.
Related Existing Contents
| Related Content | Why It Is Similar | Difference and Extension Value |
|---|---|---|
| Dual Ethernet Port Expansion for SP2302 Using WIZ850io (W5500) | This is a same-author basic version that explains the same SP2302 + WIZ850io/W5500 dual-Ethernet hardware setup. | The existing article focuses on enabling and testing the second Ethernet port, while this project extends it into a field-to-cloud IIoT gateway with Modbus TCP, MQTT, Netplan, and firewall-based network isolation. |
| MQTT Communication to Adafruit IO Using Dual-Port SP2302 | Also uses the dual-port SP2302 platform for MQTT cloud communication. | This project adds an isolated field network through WIZ850io and collects data from Modbus TCP devices before publishing to the cloud. |
| Industrial Multi-Protocol Gateway (MTGateway) | Similar IIoT gateway concept using W5500 with Modbus and MQTT. | MTGateway is STM32-based, while this project uses Linux-based SP2302 with physical network separation and firewall control. |
Tech Stack Summary
| Item | Details |
|---|---|
| Main Board | WIZnet SP2302 (Cortex-A5, Linux) |
| eth0 | SP2302 built-in Ethernet — cloud connectivity |
| eth1 | WIZnet WIZ850io (W5500) — SPI, field device network |
| W5500 Interface | SPI (SP2302 ↔ WIZ850io) |
| Field Protocol | Modbus TCP (pymodbus) |
| Cloud Protocol | MQTT (paho-mqtt, Adafruit IO) |
| Network Config | Netplan (Linux) |
| Security | UFW firewall, eth0/eth1 traffic isolation |
| Data Interval | 5-second polling |
| License | Apache-2.0 |
| Source | Hackster.io — SecurePi (June 2025) |
FAQ
Q. Can't this be done with just eth0 (one port)? Technically yes, but it defeats the purpose. Using a single port places field devices and the cloud on the same network, making isolation impossible. The core value of this design is physical interface separation — WIZ850io is what makes that structure work.
Q. W5500 has a hardwired TCP/IP stack, but pymodbus is software — isn't that contradictory? They operate at different layers. W5500 handles Ethernet framing and TCP/IP socket management in hardware. pymodbus runs on top of that as an application-layer protocol (Modbus TCP). W5500 frees the SP2302's CPU from implementing a TCP/IP stack, so it can focus entirely on Modbus data handling and cloud forwarding.
Q. Can this connect to cloud platforms other than Adafruit IO? Yes. paho-mqtt is a standard MQTT client library. Changing the broker address and credentials is all that's needed to connect to AWS IoT Core, Azure IoT Hub, Google Cloud IoT, or any private Mosquitto broker.
Q. Is this architecture suitable for production deployment? The design foundation is solid — SP2302 is an industrial Linux SBC and W5500 is a proven Ethernet controller. For production, additional considerations include power redundancy, watchdog timers, network reconnection logic, and TLS-encrypted MQTT connections.
Project Links