CYB-210 · Computer Networking

Guest Network VLAN Segmentation

VLANs Network segmentation DHCP Cisco Packet Tracer Guest isolation IP cameras

This project implements VLAN-based network segmentation to isolate guest devices and IP cameras from the primary internal network. Guest users — connected via a repurposed router — receive internet access only. Cameras are placed on a dedicated segment. All devices obtain addresses via DHCP, and end-to-end connectivity is verified with ping tests.

Objective

Segregate guest traffic (a tablet and phone) and surveillance cameras onto their own VLANs, preventing lateral access to internal network resources while maintaining full internet reachability for guests. This reflects a common real-world requirement for small offices, retail environments, and hospitality networks.

Network design

VLAN	Purpose	Devices	Address source
Internal	Primary network	Core infrastructure	Static
Guest	Visitor internet access	Tablet, phone	DHCP
Cameras	Surveillance isolation	IP cameras ×2	DHCP

Portfolio diagram panel including enterprise network segmentation, SD-WAN architecture, healthcare breach timeline, and IT support escalation workflow — Diagram set used across the portfolio. The upper-left panel reflects the VLAN and segmentation concepts demonstrated in this project.

Security rationale Placing guest devices and cameras on isolated VLANs limits the blast radius of any compromise. A guest device cannot reach internal servers, and a compromised camera cannot pivot to business systems.

Implementation steps

Relocated the old router, tablet, and phone into the guest area. Connected the old router to the core switch as the guest segment uplink.
Configured VLANs on the switch — one for guest devices and one for the camera segment. Set trunk ports to carry tagged traffic between the switch and the router.
Programmed the old router with sub-interfaces for guest VLAN routing, and configured DHCP pools for both the guest and camera VLANs so devices receive addresses automatically.
Moved the IP cameras to the camera VLAN and assigned them to the correct switch ports. Verified camera addressing and segment isolation.
Confirmed the tablet and phone pulled DHCP leases correctly from the guest pool, with proper gateway and DNS assignment.
Ran ping tests from the tablet, phone, and both cameras to verify reachability within each segment and confirm cross-segment isolation.

Verification

Tablet received valid DHCP lease from guest pool
Phone received valid DHCP lease from guest pool
Camera 1 received valid DHCP lease from camera pool
Camera 2 received valid DHCP lease from camera pool
Ping successful from tablet to gateway
Ping successful from phone to gateway
Ping successful from both cameras to their gateway
Cross-VLAN ping blocked between guest and camera segments

Why this matters

VLAN segmentation is one of the most foundational controls in network security. This project demonstrates the ability to plan a segmented topology, configure a switch and router to enforce it, set up DHCP correctly per segment, and verify that isolation is actually working — not just assumed. These are practical skills that apply directly to enterprise support, network administration, and security roles.

Skills demonstrated

VLAN configuration

Router sub-interfaces

DHCP pool setup

Network segmentation

Connectivity verification

Guest network design