A VLAN is a way of slicing a single physical network switch into multiple, isolated "virtual" networks. Even though the CCTV cameras and the staff laptops share the same cabling, they cannot "see" or talk to each other unless we explicitly allow it.

1. Security: The "Air-Gap" Effect

In a standard unmanaged network, if a guest connects a laptop to a wall jack, they can potentially see every device on the network—including your Access Control controllers and CCTV recorders.

• The Risk: Most IoT devices (cameras/intercoms) have lightweight security. If one is compromised, a hacker could move "laterally" to your server or accounting PCs.
• Our Solution: By putting security hardware on its own VLAN, we create a digital wall. Even if a guest gets onto your Wi-Fi, your security backbone remains invisible to them.

2. Performance: Preventing "Traffic Jams"

High-resolution 4K cameras generate a constant, massive stream of data.

• The Problem: On a flat network, "broadcast traffic" from cameras can flood the entire system, causing lag on staff computers and buffering during Zoom calls.
• Our Solution: VLANs keep that heavy camera traffic contained. Your staff gets full bandwidth for work, and your cameras get a clear, dedicated lane to the NVR (Network Video Recorder).

3. Compliance: Meeting NDAA and Insurance Standards

Many modern insurance policies and the NDAA (National Defense Authorization Act) require that security infrastructure be logically separated from public-facing networks. VLAN isolation is the industry-standard way to meet these requirements without the massive cost of running two separate sets of physical cabling.

The Kent-ITS Standard: We typically deploy MikroTik or UniFi hardware to manage these VLANs. This allows us to prioritize security traffic (Quality of Service) so that even during peak internet usage, your door entry and alarm signals never drop.

1

Network Audit

Mapping the traffic

We identify all "Guest," "Staff," and "Security" devices to determine how many isolated lanes are required.

2

VLAN Tagging

Logical separation

We assign a unique ID (e.g., VLAN 10 for CCTV, VLAN 20 for Access Control) to the specific ports on your managed switches.

3

Firewall Rule Injection

The 'Gatekeeper'

We program the router to block all traffic between these IDs, only allowing the NVR to talk to the cameras and authorized admin PCs to talk to the software.

4

Bandwidth Reservation

QoS setup

We ensure the Security VLAN is guaranteed enough "pipe" so that video streams never stutter, regardless of how much Netflix is being streamed on the Guest Wi-Fi.