Telecommunications · Infrastructure

Multi-Branch VoIP Telephony System

Unified IP telephone infrastructure across multiple office locations — same extension range, zero disruption, budget-conscious execution.

Grandstream UCM PBX VoIP / SIP VPN Inter-branch Trunk ATA IP-to-Analog Cost-Optimized Rollout Multi-site Networking LAN / WAN
Scope
Multiple Branches
Dial plan
Unified Extensions
Legacy reuse
100% — No Rewire
Connectivity
VPN Tunnelled
System architecture
🏢
Branch A
Analog sets via ATA converter
📡
Grandstream UCM PBX
Central call controller & dial plan
🏢
Branch B
IP phones via LAN network
↕ VPN tunnel — encrypted inter-branch voice traffic ↕
Challenge
The client needed a single coherent phone system across multiple offices in the same city — staff should reach any colleague by dialling a simple internal extension, regardless of which branch they're in. Budget was strict: no full hardware refresh, no new cabling. Existing analog handsets and copper wiring had to stay in service.
Solution
Deployed Grandstream UCM PBX as the central call controller managing a single, planned extension number scheme across all branches. Grandstream ATA (IP-to-Analog) converter switches were installed at each site, allowing the existing analog handsets to register as SIP endpoints over the current copper wiring — no rewiring, no hardware replacement. New office blocks that needed additional capacity received Grandstream IP phones registered directly over the LAN. All branches are interconnected via VPN tunnels, through which internal voice traffic routes transparently. A carefully planned extension range per branch eliminated any numbering conflicts across the network.
Outcome
Every branch now operates on a single unified dial plan. Staff dial internal extensions identically whether they're calling the next desk or another location across the city. Legacy infrastructure — analog phones, existing wiring, networking backbone — was preserved entirely, with IP phone sets introduced only where new extensions were actually required. The rollout was completed within budget, with zero disruption to ongoing operations.
Skills demonstrated
IP PBX configuration SIP / VoIP protocols VPN network design ATA / analog bridging LAN infrastructure Dial plan architecture Budget-constrained deployment Multi-site coordination
Project 02
Networking · Infrastructure

Hospital-Wide Network Overhaul

Full network redesign across a multi-building complex — unified LAN for staff, isolated guest internet, fiber backbone, and VLAN-segmented wireless throughout.

pfSense Router / Firewall Managed Switches Fiber Inter-building Backbone VLAN Segmentation Grandstream APs Ruijie APs Guest Network Isolation LAN / Wireless
Scope
Multi-building Hospital
Backbone
Fiber Optic
Networks
2 VLANs — Office + Guest
Wireless
Hospital-wide APs
Network topology
🔥
pfSense Router
Core routing, firewall & VLAN gateway
🔀
Managed Switches
VLAN tagging & inter-block distribution
📶
Wireless APs
Grandstream & Ruijie — per building
↕ Fiber optic inter-building backbone — high-speed, low-latency ↕
VLAN 1 — Office LAN
Full internal network access for staff. Wired + wireless. Routed and firewalled via pfSense.
VLAN 2 — Guest Network
Internet-only access for visitors. Completely isolated from office LAN — no lateral movement possible.
Challenge
The organisation occupied multiple building blocks across a single Hospital with no unified network infrastructure. Each block operated in isolation, making shared resources, central management, and consistent connectivity impossible. A secondary requirement was equally critical: guest visitors needed internet access at various buildings without any risk of touching the internal office network.
Solution
Deployed pfSense as the central router and firewall, handling all routing decisions, VLAN enforcement, and internet gateway functions. Managed switches were installed across building blocks, interconnected via a fiber optic backbone — providing high-speed, reliable links between buildings without bandwidth bottlenecks. Within each building, both wired LAN and wireless coverage were provisioned using Grandstream and Ruijie access points. Two VLANs were configured and enforced throughout: VLAN for the office LAN — full internal access for staff — and a guest VLAN that provides internet-only connectivity, completely isolated from internal resources. Firewall rules on pfSense ensure guest traffic cannot reach the office network under any path.
Outcome
The Hospital now operates as a single, unified network infrastructure. Staff across all building blocks share the same LAN — file servers, printers, internal systems, and internal communication are accessible from anywhere on Hospital. Visitors connect to a secure, isolated guest network at any building without IT involvement. The fiber backbone delivers fast and stable inter-building throughput, and pfSense provides full visibility and control over all traffic flows.
Skills demonstrated
pfSense configuration Firewall rule design VLAN architecture Managed switch setup Fiber optic deployment Wireless AP configuration Guest network isolation Hospital-scale LAN design Ruijie & Grandstream APs