Skip to content

VLAN in a computer club

Published: · Updated: (13 days ago)· IZI Team

A VLAN (Virtual Local Area Network) logically partitions one physical cable infrastructure into isolated segments using 802.1Q tags on a managed switch. Each tag marks every Ethernet frame with a segment ID; the switch forwards frames only within the same VLAN ID and drops everything else. Traffic between VLANs can only cross through a router or Layer 3 switch that has an explicit routing rule allowing it — meaning you control exactly which zone can reach which at the network level, not the application level.

In practice, the switch assigns ports to VLANs: gaming PCs plug into ports tagged VLAN 10, the access point’s guest SSID maps to VLAN 30, POS terminals land in VLAN 40. The router then decides: gaming PCs can reach the internet freely; the guest network is internet-only with a bandwidth cap; payment terminals can only talk to the acquirer’s HTTPS gateway.

In a computer club, VLANs solve three practical problems: they isolate guest Wi-Fi from gaming PCs so customers’ phones do not compete with gaming traffic for bandwidth, protect POS terminals from the gaming zone, and keep the NAS with IZI Boot images away from the guest segment.

Without segmentation, a single guest streaming video can raise ping across the hall — guest and gaming traffic share the same lane with no priority. VLANs combined with QoS fix this architecturally: gaming PCs get guaranteed priority, the guest network runs within a capped lane. The second concern is security: payment hardware and POS terminals must not share an L2 segment with gaming PCs — this is the baseline for any PCI DSS audit.

VLANPurposeConnected devicesInternet access
VLAN 10Gaming zoneAll gaming PCsFull
VLAN 20ManagementPOS terminals, admin PC, NASFull
VLAN 30Guest Wi-FiCustomers’ phones and laptopsBandwidth-capped
VLAN 40Payment terminalsCard readers, acquirer hardwareHTTPS to payment gateways only

For clubs with up to 15 PCs and no managed switch, enabling Client Isolation on the Wi-Fi access point gives basic guest isolation without full bandwidth control.

IZI Boot restores a disk image over the LAN. Restore speed depends on where the NAS lives. Recommended layout: NAS in VLAN 20, gaming PCs in VLAN 10 with router-level SMB/NFS access between them. Guest VLAN 30 cannot reach the NAS. This gives both security and gigabit restore speed — typically 15–30 minutes instead of several hours.

Wake-on-LAN in IZI works through the MeshCentral agent, not via a raw UDP broadcast. The wake command reaches the PC through the agent’s outbound connection to the MeshCentral server, so WoL works correctly even with strict VLAN isolation.

  • Club network setup — practical network requirements for IZI
  • NAS — network storage for IZI Boot images
  • QoS — traffic prioritization between segments
  • IZI Boot — how NAS placement affects PC restore speed
  • DHCP — static address reservations for gaming PCs

Frequently asked questions

What is a VLAN?

VLAN (Virtual Local Area Network) is a logical partition of one physical network into several isolated segments on a single managed switch. Devices in different VLANs cannot communicate without an explicit router rule, even if they share the same cables.

Why does a computer club need VLANs?

Three reasons: (1) isolate guest Wi-Fi so customers' phones do not compete with gaming PCs for bandwidth; (2) protect POS terminals and cash registers from the gaming network; (3) place the NAS holding IZI Boot images in a segment unreachable by guests.

Is VLAN required for IZI to work?

No. IZI runs without VLANs. But without segmentation, guest traffic competes with gaming traffic, guests on the same L2 segment can reach gaming PCs, and payment terminals are not isolated. VLANs fix all three issues architecturally.

Do I need a special switch for VLANs?

Yes — a managed switch with 802.1Q support. Unmanaged switches do not support VLANs. For small clubs (up to 15 PCs), enabling Client Isolation on the Wi-Fi access point gives basic guest isolation without a managed switch.