Building Networking: IP, Switches, PoE and VLANs
The IP network is the shared backbone that nearly every modern low-current system rides on. This guide explains IP addressing, switches, Power over Ethernet and VLANs, and how they let one cabling system serve CCTV, access control, BMS, Wi-Fi and data safely.
Almost every building system that used to run on its own dedicated wiring now runs over a single IP (Internet Protocol) network: data, voice, CCTV, access control, building management, Wi-Fi and increasingly lighting and metering. Understanding how that network is built — addresses, switches, power and virtual segments — is now core knowledge for any low-current (ELV) designer or facilities team.
This article explains the building blocks of a converged IP network in plain terms: how devices are addressed and find each other, how switches move traffic, how Power over Ethernet feeds devices through the same cable that carries their data, and how VLANs keep different systems logically separate even when they share the same physical hardware. The goal is a network that is reliable, secure and easy to expand.
How it works
Every device on the network needs an IP address — a numeric identity used to send and receive data. Addresses are grouped into subnets, and a device called a router or Layer 3 switch forwards traffic between subnets and out to the internet. Addresses can be assigned automatically by a DHCP server or set as fixed (static) addresses for equipment such as cameras, controllers and servers that must always be reachable at a known location.
Ethernet switches are the workhorses that connect everything. A switch has many ports; devices plug into access (edge) switches, which connect up to larger distribution or core switches, forming a tiered "star" that mirrors the structured cabling design. A switch learns which device is on each port and forwards each data frame only where it needs to go, rather than flooding every port, which keeps the network fast and orderly.
Power over Ethernet (PoE) lets the same twisted-pair cable carry both data and DC power, so IP cameras, wireless access points, IP phones, door readers and some sensors run without a separate electrical supply. The switch (or a midspan injector) delivers power only to devices that request it, and different PoE standards supply progressively more wattage for higher-power devices such as PTZ cameras or heated outdoor units. The designer must add up the power budget so the switch can feed every connected device.
A VLAN (Virtual LAN) splits one physical switch network into several isolated logical networks. Cameras can sit on one VLAN, BMS controllers on another, guest Wi-Fi on a third — each with its own subnet and security rules — even though they share the same switches and cabling. Traffic only crosses between VLANs through the router, where firewall rules decide what is allowed. This isolation improves security, contains faults and stops one busy system from disturbing another.
Tying it together: endpoints get IP addresses, plug into PoE switches that may also power them, and are placed on the right VLAN for their system. Trunk links between switches carry many VLANs at once using tags, while the core router routes between them and enforces security. Good practice also covers redundancy, switch capacity for the total bandwidth, network management and cybersecurity hardening — changed default passwords, firmware updates and restricted access — so the converged network stays dependable.
Main types
In the UAE
- Converged IP networks underpin UAE smart and green buildings, carrying CCTV, access control, BMS and Wi-Fi together — so the data network must be coordinated with the wider ELV/low-current package and structured cabling from the design stage.
- Security-related traffic such as CCTV is commonly placed on its own isolated VLAN and kept separate from corporate IT, in line with good practice and the expectations of authorities such as the Abu Dhabi Monitoring and Control Centre (MCC) for surveillance systems.
- Networks should be designed to recognised standards with cybersecurity hardening, certified cabling and adequate PoE and switch capacity, since UAE projects increasingly depend on IP devices for safety and operations.
How GPR applies this
GPR designs and installs converged IP networks as part of its low-current and ELV scope for projects across Abu Dhabi and the wider UAE. Our teams plan IP addressing and VLAN segmentation, size PoE and switch capacity, and integrate the network with CCTV, access control, BMS and Wi-Fi — coordinating closely with structured cabling so the infrastructure is secure, standards-based and ready to scale from design through commissioning and handover.
Frequently asked questions
What is a VLAN and why use one?
A VLAN is a virtual network that isolates one system's traffic from another while sharing the same physical switches. It improves security, contains faults and keeps systems such as CCTV separate from office data.
What does Power over Ethernet (PoE) do?
PoE sends DC power and data over the same network cable, so IP cameras, wireless access points, phones and door readers operate without separate electrical wiring. The switch must have enough power budget for all connected devices.
Should devices use DHCP or static IP addresses?
User devices typically use DHCP for convenience, while cameras, controllers and servers usually get fixed (static or reserved) addresses so they are always reachable at a known location.
What is the difference between a switch and a router?
A switch connects devices within the same network and forwards traffic between them; a router (or Layer 3 switch) moves traffic between different subnets or VLANs and to the internet, and applies security rules.
Can CCTV, BMS and data share one network?
Yes. A converged IP network can carry all of them, but each system is normally placed on its own VLAN with appropriate security so they stay logically separate and do not interfere with each other.