HomeAboutContactPartners & Clientele Managed WiFi Security & CCTV Smart Home Automation NAS Solutions PBX Solutions Audio Visual Network Design Heat Mapping Custom PC Case Studies Wi-Fi 5 vs 6 vs 7 Managed WiFi vs ISP NAS vs Cloud Storage KNX vs WiFi Automation
Home  /  Case Studies  /  Commercial  /  SPARKY

SPARKY
Trading Premises Network

QUICK SURF NETWORK

Unleashing Digital Excellence

CASE STUDY · 2026
SITE: SPARKY · COMMERCIAL TRADING
STACK: RUIJIE / REYEE · CLOUD-MANAGED
UPTIME: 5+ YEARS · CONTINUOUS SINCE 2021
WAN: DUAL-WAN · LOAD-BALANCED
STATUS: • LIVE · HEALTH NOMINAL
SPARKY · Multi-Floor Trading Premises
Cloud-Managed Commercial
Network Topology

A fully managed Ruijie / Reyee deployment under continuous QSN operations since 2021 — a hierarchical 3-tier topology spanning ground floor and first floor, anchored by a tri-port edge gateway with dual-WAN load balancing, six managed switches in core-plus-access layout, Wi-Fi 6 wireless edge across three high-density access points, four VLANs enforcing tenant separation between corporate, IoT, voice, and management traffic, and a layered defense posture featuring loop prevention, ARP guard on every data VLAN, region-based access filtering, and twin VPN entry points. 54 sustained clients · mixed estate of laptops, smartphones, IP cameras, VoIP phones, printers, NAS, and IoT — engineered, deployed, and monitored end-to-end by QSN.

1
Edge Gateway
EG105G-V2 · CLOUD-MANAGED
6
Managed Switches
1 × SFP CORE + 5 × ACCESS
3
Access Points
RAP2260 · WI-FI 6 · DUAL-BAND
4 · 5
VLANs · SSIDs
SEGMENTED · ROLE-BASED
54
Clients · Sustained
85 PEAK · 30-DAY AVG
5+yr
Cloud Operations
CONTINUOUS SINCE 2021
Layer 0 — Dual-WAN Edge · Load Balancing · Cloud Management

Internet · Dual-WAN

WAN 0
Primary ISP · Fibre Broadband
•••.•••.•••.•••
WAN 1
Secondary ISP · Independent Carrier
•••.•••.•••.•••
LAN3 / WAN1
Reserved · Failover Capable
— · — · —
SPARKY · EDGE GATEWAY
REYEE EG · TRI-PORT · DUAL-WAN
Cloud-Managed Edge · Load-Balanced · GEO-Enforced

Cloud Operations

Ruijie Cloud Console
Connected · UTC+04:00
LIVE
Devices Online
1 GW · 6 SW · 3 AP
10 / 10
30-Day AP Activity
3 / 3 APs · 0 offline events
100 %
Layer 1 — Policy-Based Routing · QoS · Per-VLAN Steering
Corporate (VLAN 30)
EgressWAN 0 · Fibre
PBR RuleMACC_RM_1
Voice (VLAN 90)
EgressWAN 1 · Voice-OPT
PBR RuleMACC_RM_2
IoT (VLAN 40)
EgressDefault Route
Inter-VLANIsolated
Management (VLAN 1)
EgressDefault Route
ScopeInfra Only
Layer 2 — VLAN Architecture · Role-Based Segmentation

4 VLAN Segments

Subnet · DHCP · ARP-Guarded · Network Access Control
Management
VLAN 1 · DEFAULT
10.39.10.0/24 · Infra only
SPK · Corporate
VLAN 30 · PROD
10.39.30.0/24 · Staff data
SPK · IoT
VLAN 40 · SEGMENTED
10.39.40.0/24 · Isolated
SPK · Voice
VLAN 90 · VOIP
10.39.90.0/24 · SIP · PBX
Layer 3 — Wireless Architecture · 2 AP Groups · 5 SSID Broadcasts
SPK-CORP
2.4 + 5 GHz · WPA2-PSK
Indoor Group · VLAN 30
Primary production SSID
SPK-CORP-OD
2.4 + 5 GHz · WPA2-PSK
Outdoor Group · VLAN 30
Forecourt · Yard coverage
SPK-ADMIN
2.4 + 5 GHz · WPA2-PSK
Indoor Group · VLAN 40
Privileged staff · dual-band
SPK-IOT
2.4 GHz · WPA2-PSK
Indoor Group · VLAN 40
Smart plugs · Sensors
SPK-SHADOW
2.4 + 5 GHz · WPA2-PSK
Indoor Group · Hidden
Non-broadcast reserve
Layer 4 — Core Aggregation · Access Distribution · AP Estate

NBS3100-8GT2SFP-P · L2+ Core Aggregation

8-port managed GbE switch with dual SFP uplinks
Cloud-managed core aggregating all downstream access switches over gigabit uplinks. Native VLAN trunking, DHCP relay, loop prevention, and STP enforced at this layer.
• HEALTHY
8× GbE + 2× SFP
TRUNK · ALL VLANs
Floor 1 · Parallel Distribution
ES209GC-P
9-PORT MANAGED · GbE PoE · DIRECT GATEWAY UPLINK
Parallel distribution branch wired directly off the edge gateway (LAN1) for failure-domain isolation from the main core. Serves the display switch and reception switch beneath it.
Uplink · Gateway LAN1 · Trunk
Floor 1 · Office Switch
ES206GC-P
6-PORT MANAGED · GbE PoE · CORE-ATTACHED
Office cabinet switch behind the management desk. Hosts the Floor 1 indoor AP and feeds desk endpoints. Direct gigabit uplink to the main core.
Uplink · Core Gi8 · Trunk
Floor 1 · Display Switch
ES206GC-P
6-PORT MANAGED · GbE PoE · DISTRIBUTION-ATTACHED
Display-area switch driving signage drops and adjacent endpoints. Sits downstream of the parallel distribution branch for isolated reach.
Uplink · Distribution Port 3 · Trunk
Ground Floor · Core Switch
ES210GS-P
10-PORT MANAGED · GbE PoE · CORE-ATTACHED
Main ground-floor distribution. Aggregates the reception switch and the outdoor-capable AP uplink; feeds the NVR + IP camera bank for the surveillance estate.
Uplink · Core Gi1 · Trunk
Ground Floor · Reception Switch
ES209GC-P
9-PORT MANAGED · GbE PoE · NESTED ACCESS
Reception-desk cabinet, downstream of the Ground Floor core. Hosts the Ground Floor indoor AP — the highest-traffic AP on the estate — VoIP handsets, the office printer, and the cashier desk uplink.
Uplink · GF-Core Port 2 · Trunk
Wireless Access Points
3 × RAP2260
WI-FI 6 · 2.4 + 5 GHz · POE+ POWERED
1× RAP2260(G) Floor 1 office · 1× RAP2260(E) Floor 1 indoor · 1× RAP2260(E) Ground floor indoor. Cell-planned for non-overlapping channels; the GF AP carries the majority of estate traffic.
5 SSIDs · Strong-Signal 30-day RSSI

Defense in Depth · Layered Hardening Posture

Loop · ARP · Region · VPN · DNS
Layer 2 · Switching Integrity
Loop Prevention · Network-Wide Auto-Disable
ENFORCED
Anti-Gateway ARP Spoofing · Per-Switch
ACTIVE
ARP Guard · Corporate / IoT / Voice VLANs
PROTECTED
Spanning Tree · Multi-Trunk Convergence
ACTIVE
Native-VLAN Tagging · Trunk Discipline
ENFORCED
PoE Watchdog · Auto-Recover Offline Devices
ACTIVE
Layer 3 · Routing & Inter-VLAN Policy
Network Access Control · IoT ↔ Corporate Isolation
BLOCKED
Network Access Control · Voice ↔ Corporate Isolation
BLOCKED
DHCP Pool Isolation · One Server Per VLAN
ENFORCED
Policy-Based Routing · Voice-Steered Egress
2 RULES ACTIVE
Dual-WAN Load Balancing · Active / Active
ACTIVE
Default-Drop · Inbound NAT Surface Minimized
ENFORCED
Layer 4 · Edge & Geo-Filtering
GEO Enforcer · Region-Based Access Filter
IRAN · BLOCKED
WAN ICMP / Ping · External Reachability
BLOCKED
Hardened DNS · External Resolver Pair
CF 1.1.1.1 · GOOG 8.8.8.8
Outbound DNS · Forwarder Discipline
CURATED
Remote Access · Layered VPN Entry
OpenVPN · Client-to-Site · TLS
ENABLED
L2TP / IPsec · Client-to-Site · PSK
ENABLED
VPN Account Isolation · Per-User
ENFORCED
Cloud-Audited Session Log · Per Connection
RETAINED
Wireless Hardening
WPA2-PSK · All Production SSIDs
ENFORCED
VLAN-Tagged SSID Broadcast · No Bridging
ENFORCED
Hidden Operational SSID · Non-Broadcast
RESERVED
Auto-Channel · 2.4 + 5 GHz Tuning
ACTIVE
AI Optimization Engine · Continuous Tuning
ENABLED
AI Diagnostics · Health-Score Telemetry
CONTINUOUS

Operational Excellence · 5-Year Cloud Track Record

54
Sustained Clients
85 PEAK · 30-DAY AVG
~30 GB
Daily Throughput
80 GB+ PEAK · CORP SSID 86%
10 / 10
Devices Online
1 GW · 6 SW · 3 AP
100 %
30-Day AP Activity
3 / 3 APs · 0 OFFLINE EVENTS

SPARKY has been under continuous QSN cloud management since 2021 — over four years of unbroken operations. The estate sustains 54 concurrent clients across a mixed mobile, wired, voice, IoT, NAS, surveillance, and printer footprint, with peak load above 85 clients at busy hours. All three access points have maintained 100% activity across the most recent 30-day audit window, with zero unplanned device offline events. The corporate SSID carries 86% of total traffic, with strong-signal RSSI dominating the 30-day distribution — a direct outcome of channel planning, cell-density tuning, and continuous AI optimization. SPARKY is one of several sister sites QSN operates under identical architectural blueprints across the UAE.

Network as Machine · SPARKY

AI · Generated Visualization
SPARKY IT Cabinet — AI-generated artistic interpretation of the trading premises Ruijie/Reyee network rack
Trading Premises Rack · Workshop Visualization

The SPARKY Rack, Reimagined as Machinery.

An AI-generated artistic interpretation of the SPARKY IT cabinet — the same Ruijie / Reyee cloud-managed stack documented in Layers 0–4 above, reimagined as automotive workshop machinery. Each element in the visualization maps to a real component of the live deployment: the labeled Ruijie / Reyee units at the top represent the actual NBS3100-8GT2SFP-P core and access switches, the multi-coloured patch panel beneath illustrates the structured GbE backbone trunking all four VLANs, the Grandstream PBX module renders the real voice deck on VLAN 90, and the engine-valve-cover assembly with pistons below it depicts the Voice + PBX subsystem as precision machinery.

This is not a literal rack diagram — it’s a brand-aligned reimagining that fuses the trading floor with the server room. The Wolf Lubricant can labeled “IT Gateway”, the gear-and-spark-plug emblem, and the workshop tooling are deliberate metaphors: a network treated like a well-machined engine, where every component is tuned, lubricated, and continuously serviced — the same operational philosophy QSN has applied to SPARKY for over four years.

“Wolf IT Gateway” Oil Can
→ EG105G-V2 Edge Gateway
Ruijie / Reyee Top Units
→ NBS3100 Core + Access Switches
Patch Panel + Coloured Cables
→ Structured GbE · VLAN Trunks
Engine Valve Cover & Pistons
→ Grandstream PBX · Voice VLAN 90
AI-Generated Artistic Interpretation · Not a Literal Diagram · The Real Topology is Documented in Layers 0–4 Above
Ruijie / Reyee Switch
RAP Access Point
NBS Core Aggregation
VLAN Boundary
IoT / Segmented Plane
Edge Defense Layer
Healthy / Active
Hardening Layer
Designed · Deployed · Monitored by QSN
quicksurfnetwork.com · +971 4 288 2335 · Port Saeed, Deira, Dubai · info@quicksurfnetwork.com