VLAN in a computer club
VLAN in a computer club
Section titled “VLAN in a computer club”A VLAN (Virtual Local Area Network) logically partitions one physical cable infrastructure into isolated segments using 802.1Q tags on a managed switch. Each tag marks every Ethernet frame with a segment ID; the switch forwards frames only within the same VLAN ID and drops everything else. Traffic between VLANs can only cross through a router or Layer 3 switch that has an explicit routing rule allowing it — meaning you control exactly which zone can reach which at the network level, not the application level.
In practice, the switch assigns ports to VLANs: gaming PCs plug into ports tagged VLAN 10, the access point’s guest SSID maps to VLAN 30, POS terminals land in VLAN 40. The router then decides: gaming PCs can reach the internet freely; the guest network is internet-only with a bandwidth cap; payment terminals can only talk to the acquirer’s HTTPS gateway.
In a computer club, VLANs solve three practical problems: they isolate guest Wi-Fi from gaming PCs so customers’ phones do not compete with gaming traffic for bandwidth, protect POS terminals from the gaming zone, and keep the NAS with IZI Boot images away from the guest segment.
Why it matters for club owners
Section titled “Why it matters for club owners”Without segmentation, a single guest streaming video can raise ping across the hall — guest and gaming traffic share the same lane with no priority. VLANs combined with QoS fix this architecturally: gaming PCs get guaranteed priority, the guest network runs within a capped lane. The second concern is security: payment hardware and POS terminals must not share an L2 segment with gaming PCs — this is the baseline for any PCI DSS audit.
Typical VLAN layout
Section titled “Typical VLAN layout”| VLAN | Purpose | Connected devices | Internet access |
|---|---|---|---|
| VLAN 10 | Gaming zone | All gaming PCs | Full |
| VLAN 20 | Management | POS terminals, admin PC, NAS | Full |
| VLAN 30 | Guest Wi-Fi | Customers’ phones and laptops | Bandwidth-capped |
| VLAN 40 | Payment terminals | Card readers, acquirer hardware | HTTPS to payment gateways only |
For clubs with up to 15 PCs and no managed switch, enabling Client Isolation on the Wi-Fi access point gives basic guest isolation without full bandwidth control.
VLANs and IZI Boot
Section titled “VLANs and IZI Boot”IZI Boot restores a disk image over the LAN. Restore speed depends on where the NAS lives. Recommended layout: NAS in VLAN 20, gaming PCs in VLAN 10 with router-level SMB/NFS access between them. Guest VLAN 30 cannot reach the NAS. This gives both security and gigabit restore speed — typically 15–30 minutes instead of several hours.
VLANs and Wake-on-LAN
Section titled “VLANs and Wake-on-LAN”Wake-on-LAN in IZI works through the MeshCentral agent, not via a raw UDP broadcast. The wake command reaches the PC through the agent’s outbound connection to the MeshCentral server, so WoL works correctly even with strict VLAN isolation.
Related
Section titled “Related”- Club network setup — practical network requirements for IZI
- NAS — network storage for IZI Boot images
- QoS — traffic prioritization between segments
- IZI Boot — how NAS placement affects PC restore speed
- DHCP — static address reservations for gaming PCs
Frequently asked questions
What is a VLAN?
VLAN (Virtual Local Area Network) is a logical partition of one physical network into several isolated segments on a single managed switch. Devices in different VLANs cannot communicate without an explicit router rule, even if they share the same cables.
Why does a computer club need VLANs?
Three reasons: (1) isolate guest Wi-Fi so customers' phones do not compete with gaming PCs for bandwidth; (2) protect POS terminals and cash registers from the gaming network; (3) place the NAS holding IZI Boot images in a segment unreachable by guests.
Is VLAN required for IZI to work?
No. IZI runs without VLANs. But without segmentation, guest traffic competes with gaming traffic, guests on the same L2 segment can reach gaming PCs, and payment terminals are not isolated. VLANs fix all three issues architecturally.
Do I need a special switch for VLANs?
Yes — a managed switch with 802.1Q support. Unmanaged switches do not support VLANs. For small clubs (up to 15 PCs), enabling Client Isolation on the Wi-Fi access point gives basic guest isolation without a managed switch.