On this page

Office IT Establishment

Office IT establishment creates the technology foundation for a new permanent office location, covering network infrastructure, endpoints, telephony, printing, and security systems. This task applies to establishing headquarters, regional hubs, and country offices where staff will work on an ongoing basis. Field offices and temporary locations follow different procedures due to their distinct infrastructure constraints and timelines.

A permanent office establishment typically requires 4-8 weeks from site handover to full operational status, depending on ISP lead times, equipment availability, and office size. The procedures in this task assume you have physical access to the office space and that basic facilities (power, climate control) are operational.

Structured cabling: Permanent network cable installation including horizontal runs from patch panels to wall outlets, vertical risers between floors, and backbone connections to equipment rooms.
Demarcation point: The boundary where ISP responsibility ends and organisational responsibility begins, typically a network termination unit or handoff device provided by the carrier.
Comms room: Dedicated space housing network equipment, servers, UPS, and telecommunications gear. Also called server room, network closet, or IT room depending on scale.
Punch down: The process of terminating network cables onto patch panels or keystone jacks using an impact tool that forces conductors into insulation displacement connectors.

Prerequisites

Before beginning office IT establishment, confirm the following requirements are satisfied:

Requirement	Detail	Verification
Office lease executed	Signed lease with permission for IT installations, cable routing, and equipment mounting	Copy of lease with relevant clauses
Electrical circuits available	Dedicated circuits for comms room (minimum 2x 20A), standard outlets at desk positions	Electrical certification or site survey
ISP service ordered	Business-grade internet with static IP allocation, confirmed installation date	ISP order confirmation with reference number
Comms room identified	Lockable space with adequate ventilation, away from water sources	Floor plan with room designation
Fire suppression confirmed	Comms room has appropriate fire detection and suppression	Building compliance certificate
Equipment procurement complete	All network hardware, endpoints, phones ordered with delivery dates confirmed	Purchase orders and tracking numbers
Floor plan finalised	Desk positions, meeting rooms, and shared spaces confirmed	Approved floor plan from facilities
IT staff access arranged	Building access credentials, keys, alarm codes for IT personnel	Access credentials received

You need administrative access to the organisation’s identity provider, network management systems, and asset management database. For organisations using Microsoft 365 or Google Workspace, you need Global Administrator or equivalent permissions to configure directory synchronisation and create user accounts.

Coordinate with facilities management, building security, and the landlord before beginning work. Many buildings require contractor registration, work permits, or after-hours access arrangements for cabling installation.

Site assessment

Conduct a detailed site assessment before ordering equipment or scheduling installations. This assessment identifies constraints that affect infrastructure design and surfaces issues that would delay the project if discovered later.

Survey the comms room location and measure dimensions. Record ceiling height, floor space, door width (equipment must fit through), and proximity to power distribution. Photograph the space from multiple angles for reference during equipment specification.
Minimum comms room requirements for a 20-person office:
- Floor space: 2m × 2m (4 square metres)
- Ceiling height: 2.4m to allow rack installation
- Door width: 750mm minimum for rack delivery
- Electrical: 2x dedicated 20A circuits
- Ventilation: Mechanical ventilation or air conditioning capable of dissipating 2kW heat load
Trace potential cable routes from the comms room to each work area. Identify whether routes use ceiling void, raised floor, surface trunking, or wall cavities. Note any obstacles: fire barriers requiring penetration seals, structural elements that cannot be drilled, or areas where landlord prohibits modifications.
Record distances from comms room to the furthest desk position. Horizontal cable runs must not exceed 90 metres to maintain Ethernet performance within specification. If any position exceeds this distance, you need an intermediate distribution frame (IDF) or fibre backbone.
Locate the building’s telecommunications entrance facility where ISP cables enter. Determine the path from this entrance to your comms room. Buildings with multiple tenants often have shared risers or basement facilities requiring coordination with building management.
Confirm with the ISP that they can deliver service to your demarcation point. Some buildings require the tenant to arrange internal cabling from the building entrance facility to the office.
Count desk positions, meeting rooms, and shared spaces requiring network connectivity. For each location, determine:
- Number of wired network drops needed (minimum 2 per desk position)
- WiFi coverage requirements
- Telephony requirements (desk phone, conference phone, or softphone only)
- Display connectivity for meeting rooms
Document existing infrastructure. Some offices, particularly in serviced buildings, may have pre-installed cabling, patch panels, or network equipment from previous tenants. Test any existing cabling before relying on it. Category 5 cabling installed before 2002 may not support gigabit Ethernet reliably.
Assess power quality if deploying on-premises servers or sensitive equipment. Measure voltage stability over 24 hours using a power quality meter. Voltage fluctuations exceeding ±10% indicate the need for power conditioning equipment.

Document assessment findings in a site survey report. Include photographs, measurements, and a marked-up floor plan showing proposed cable routes, equipment locations, and any identified constraints.

Infrastructure design

Design the network infrastructure based on site assessment findings. The design determines equipment specifications, cable quantities, and installation requirements.

+--------------------------------------------------------------------+
|                            OFFICE NETWORK                          |
+--------------------------------------------------------------------+
|                                                                    |
|     COMMS ROOM                                                     |
|     +-----------------------------------------------------------+  |
|     |                                                           |  |
|     |  +-------------+    +-------------+    +-------------+    |  |
|     |  |   Router    |    |   Switch    |    |    UPS      |    |  |
|     |  |   Firewall  |--->|   (PoE)     |    |   (1500VA)  |    |  |
|     |  +------+------+    +------+------+    +-------------+    |  |
|     |         |                  |                              |  |
|     |         |           +------+------+                       |  |
|     |         |           | Patch Panel |                       |  |
|     |         |           +------+------+                       |  |
|     |    ISP  |                  |                              |  |
|     |   demarcation              | Structured cabling           |  |
|     +-----------------------------------------------------------+  |
|                                  |                                 |
|         +------------------------+------------------------+        |
|         |                        |                        |        |
|         v                        v                        v        |
|   +-----------+            +-----------+            +-----------+  |
|   | Open Plan |            | Meeting   |            | Executive |  |
|   | Area      |            | Room A    |            | Offices   |  |
|   |           |            |           |            |           |  |
|   | 16x desks |            | 1x conf   |            | 4x desks  |  |
|   | 2x WAPs   |            |   phone   |            | 1x WAP    |  |
|   |           |            | 1x display|            |           |  |
|   +-----------+            | 1x WAP    |            +-----------+  |
|                            +-----------+                           |
+--------------------------------------------------------------------+

Figure 1: Standard office network topology showing comms room components and distribution to work areas

Network design decisions for a typical 20-50 person office:

The core switch provides connectivity for all wired devices and powers wireless access points and IP phones via Power over Ethernet (PoE). Select a switch with sufficient PoE budget for your deployment. Each wireless access point draws 15-25W, each IP phone draws 5-15W. A 24-port PoE+ switch with 370W budget supports 8 access points and 16 phones simultaneously.

Wireless access point placement follows a density model rather than pure coverage. In open-plan offices with 1.5 metres between desks, plan for one access point per 15-20 users to maintain performance during simultaneous video calls. Meeting rooms seating more than 8 people warrant dedicated access points regardless of proximity to other coverage.

Cabling specification defaults to Category 6A for new installations. Category 6A supports 10 Gigabit Ethernet to 100 metres and provides headroom for future bandwidth requirements. The cost premium over Category 6 (approximately 15-20%) is justified by the 15-20 year expected lifespan of structured cabling.

+-------------------------------------------------------------------+
|                        CABLING SCHEDULE                           |
+-------------------------------------------------------------------+
|                                                                   |
|  COMMS ROOM (CR-01)                                               |
|  +------------------------------------------------------------+   |
|  | Patch Panel 1 (PP-01): Ports 1-24                          |   |
|  |   Ports 1-16:  Open plan desks (2 drops each, 8 positions) |   |
|  |   Ports 17-20: Meeting Room A                              |   |
|  |   Ports 21-24: Reception                                   |   |
|  +------------------------------------------------------------+   |
|  | Patch Panel 2 (PP-02): Ports 1-24                          |   |
|  |   Ports 1-16:  Open plan desks (remaining 8 positions)     |   |
|  |   Ports 17-20: Meeting Room B                              |   |
|  |   Ports 21-22: Executive Office 1                          |   |
|  |   Ports 23-24: Executive Office 2                          |   |
|  +------------------------------------------------------------+   |
|  | Patch Panel 3 (PP-03): Ports 1-24                          |   |
|  |   Ports 1-8:   Wireless access points                      |   |
|  |   Ports 9-12:  Printers/MFDs                               |   |
|  |   Ports 13-16: CCTV cameras                                |   |
|  |   Ports 17-24: Spare capacity                              |   |
|  +------------------------------------------------------------+   |
|                                                                   |
+-------------------------------------------------------------------+

Figure 2: Patch panel allocation showing structured approach to port assignment

ISP installation

ISP installation establishes the office’s internet connectivity. Schedule this as early as possible in the project timeline because ISP lead times (2-6 weeks for business circuits) often determine the critical path.

Confirm the installation appointment with the ISP 48 hours in advance. Verify they have correct site address, access instructions, and contact details for the person meeting the engineer. ISP installations frequently fail due to access problems or incorrect site information.
Prepare the demarcation point location before the ISP engineer arrives. Clear a space near the comms room entrance for the network termination unit. Ensure power is available within 2 metres if the ISP equipment requires it.
Meet the ISP engineer on site and escort them to the demarcation point. The engineer installs the network termination unit, connects to the carrier network, and performs line tests. This typically takes 2-4 hours for a standard business circuit.
Verify circuit performance before the engineer leaves. Run speed tests from a laptop connected directly to the ISP equipment. Confirm download speed, upload speed, and latency match the contracted service level. For a 100 Mbps symmetric circuit, expect:
- Download: 95-100 Mbps
- Upload: 95-100 Mbps
- Latency to ISP gateway: under 5ms
If performance falls short, have the engineer investigate before signing the installation completion form.
Document the installation including circuit reference number, ISP support contact details, IP address allocation, and default gateway. Take photographs of the installed equipment and cabling for reference.
Connect your router or firewall to the ISP equipment. Configure the WAN interface with the allocated static IP address, subnet mask, and gateway. Verify internet connectivity by pinging external hosts (8.8.8.8, 1.1.1.1) and resolving DNS queries.

Backup connectivity

For offices supporting critical operations, order a secondary internet circuit from a different ISP using diverse infrastructure (different carrier, different building entry point). Configure automatic failover so the office remains operational if the primary circuit fails.

Network infrastructure installation

Network infrastructure installation creates the physical and logical foundation for all office IT services. Complete this phase before deploying endpoints or user-facing services.

Install the equipment rack or cabinet in the comms room. A 12U wall-mount rack suffices for offices under 30 people; larger offices require 22U or 42U floor-standing racks. Secure the rack to the wall or floor according to manufacturer instructions. An unsecured rack presents a safety hazard and may void equipment warranties.
Position the rack to allow 1 metre clearance at the front for equipment access and cable management. Rear access is necessary for racks housing equipment with rear-mounted ports.
Install the UPS and connect it to dedicated electrical circuits. Configure the UPS for the expected load:
- Router/firewall: 30-50W
- Core switch: 50-150W (plus PoE load)
- Wireless controller (if applicable): 30W
- Reserve 20% capacity for future expansion
A 1500VA UPS provides approximately 20-30 minutes runtime at 500W load. This allows graceful shutdown during extended power failures or time for generator start-up.
Mount and cable the router/firewall device. Connect the WAN port to the ISP demarcation point. Connect the LAN port to the core switch. Configure basic firewall rules:
- Deny all inbound traffic by default
- Allow established and related connections
- Permit specific inbound services (VPN, if applicable)
- Enable stateful packet inspection
Configure the LAN interface with your internal IP scheme. A /24 subnet (254 usable addresses) suffices for offices under 200 people. Example configuration:

   LAN interface: 10.10.1.1/24
   DHCP range: 10.10.1.100 - 10.10.1.250
   Reserved range: 10.10.1.1 - 10.10.1.99 (infrastructure)

Mount the core switch and connect its uplink to the router/firewall. Configure VLANs if segregating traffic:

VLAN ID	Name	Subnet	Purpose
10	Corporate	10.10.10.0/24	Staff workstations
20	Voice	10.10.20.0/24	IP phones
30	Guest	10.10.30.0/24	Visitor WiFi
40	IoT	10.10.40.0/24	Printers, displays, sensors
99	Management	10.10.99.0/24	Network equipment

Configure PoE settings for ports connecting to access points and phones. Enable LLDP-MED for automatic voice VLAN assignment on phone ports.

Install structured cabling or verify existing installation. For new cabling:
- Route cables from patch panel locations to each outlet position
- Maintain minimum bend radius (4x cable diameter for Category 6A)
- Secure cables at regular intervals using appropriate supports
- Label both ends of every cable with a unique identifier
Terminate cables at patch panels and wall outlets. Test every cable run using a cable certifier (not just a continuity tester). A proper certification test verifies performance parameters including insertion loss, return loss, and crosstalk. Document test results for each cable.
Install wireless access points according to the design. Mount access points on ceilings where possible, positioned away from metal ductwork and other sources of interference. Connect each access point to a PoE switch port.
Configure the wireless network:
- Corporate SSID: WPA3-Enterprise with RADIUS authentication, VLAN 10
- Guest SSID: WPA3-Personal with captive portal, VLAN 30, bandwidth limited to 10 Mbps per client
Perform a wireless site survey after installation to verify coverage. Walk the entire office with a WiFi analyser, confirming signal strength exceeds -67 dBm in all work areas. Identify and address dead spots by adjusting access point positions or adding additional units.
Configure network monitoring and management. Set up SNMP monitoring for all network devices. Configure syslog forwarding to a central log server or cloud logging service. Establish alerting thresholds:
- Interface utilisation over 80%
- Device unreachable for 60 seconds
- Authentication failures exceeding 10 per minute
- UPS on battery power

+--------------------------------------------------------------------------------+
|                            IMPLEMENTATION TIMELINE                             |
+--------------------------------------------------------------------------------+
|                                                                                |
|     Week 1          Week 2          Week 3          Week 4          Week 5     |
|       |               |               |               |               |        |
|       v               v               v               v               v        |
|  +----------+    +----------+    +----------+    +----------+    +----------+  |
|  |   Site   |    |  Comms   |    | Network  |    | Endpoint |    |   User   |  |
|  | Assess-  |    |  Room    |    | Install  |    | Deploy   |    |   Go-    |  |
|  |   ment   |    |  Setup   |    | & Cable  |    | & Phone  |    |   Live   |  |
|  +----------+    +----------+    +----------+    +----------+    +----------+  |
|                                                                                |
|  Parallel activities:                                                          |
|                                                                                |
|  +------------------------------------------------------------------------+    |
|  | ISP lead time (order to install): 2-4 weeks                            |    |
|  +------------------------------------------------------------------------+    |
|                                                                                |
|  +------------------------------------------------------------------------+    |
|  | Equipment procurement: 1-3 weeks                                       |    |
|  +------------------------------------------------------------------------+    |
|                                                                                |
|  +------------------------------------------------------------------------+    |
|  | Cabling contractor (if outsourced): 1-2 weeks                          |    |
|  +------------------------------------------------------------------------+    |
|                                                                                |
+--------------------------------------------------------------------------------+

Figure 3: Implementation timeline showing parallel workstreams and dependencies

Telephony installation

Telephony installation provides voice communications for the office. Modern deployments use Voice over IP (VoIP) systems that run over the network infrastructure rather than dedicated telephone wiring.

Configure the telephony platform before deploying physical phones. For cloud-hosted systems (Microsoft Teams Phone, Zoom Phone, RingCentral), this involves:
- Provisioning user accounts with phone licenses
- Configuring direct inward dial (DID) numbers or porting existing numbers
- Setting up auto-attendants and call queues
- Configuring voicemail and call forwarding rules
For on-premises systems (Asterisk, FreePBX), install and configure the PBX server before proceeding.
Configure network quality of service (QoS) for voice traffic. VoIP requires consistent low latency (under 150ms one-way) and minimal packet loss (under 1%). Mark voice traffic with DSCP EF (Expedited Forwarding) and configure switches to prioritise marked traffic.
On the voice VLAN, configure DHCP option 150 or 66 to provide phones with the address of the call control server for automatic provisioning.
Deploy desk phones to designated positions. Connect phones to network outlets assigned to voice-enabled switch ports. Phones with pass-through ports allow a computer to share a single network drop.
Upon connection, phones should:
- Obtain IP address via DHCP
- Discover provisioning server via DHCP option
- Download configuration and firmware
- Register with call control platform
- Display user extension and name
Deploy conference phones in meeting rooms. Conference phones require careful placement to achieve optimal audio pickup. Position the phone at the centre of the meeting table, away from HVAC vents or other noise sources. Test audio quality by placing calls from various seating positions.
Test telephony functionality:
- Internal calls between extensions
- Outbound calls to external numbers
- Inbound calls to DID numbers
- Voicemail recording and retrieval
- Call transfer and hold
- Conference calling
- Emergency services (verify correct location information transmitted)

Emergency calling

Verify that emergency calls (999/112/911) transmit the correct location information to dispatchers. VoIP systems require explicit configuration of emergency response locations. Test this before declaring telephony operational by calling the non-emergency number for your local emergency services.

Endpoint deployment

Endpoint deployment provisions workstations, laptops, and shared devices for office users. Prepare devices before office go-live to minimise disruption during the first days of operation.

Stage devices in a preparation area with network connectivity. For Windows devices managed through Microsoft Intune or similar MDM, connect devices to the network and complete initial setup to trigger Autopilot enrollment. For macOS devices with Apple Business Manager, connect to network and allow automatic DEP enrollment.
Pre-enrollment preparation:

   Windows Autopilot:
   - Device registered in Autopilot service
   - Deployment profile assigned
   - User assigned (for user-driven deployment)

   macOS DEP:
   - Device serial in Apple Business Manager
   - MDM server assigned
   - Enrollment profile configured

Complete device setup including:
- Operating system updates (allow 1-2 hours per device)
- Application installation via MDM
- Security baseline application
- Encryption enablement verification (BitLocker/FileVault)
- Antivirus/EDR agent verification
Asset tag each device and record in the asset management system:
- Asset tag number
- Serial number
- MAC addresses (wired and wireless)
- Device model and specifications
- Assigned user (if known)
- Office location
Position devices at assigned desk locations. Connect wired devices to network outlets and verify connectivity. For laptops that will primarily use wireless, verify they connect to the corporate SSID and obtain appropriate IP addresses.
Deploy shared devices including:
- Meeting room displays (connect to network, enroll in management platform)
- Reception kiosk (configure kiosk mode, restrict to approved applications)
- Hot-desk workstations (configure shared device mode, automatic sign-out)

Printing and peripherals

Printing infrastructure serves the entire office and requires careful consideration of placement, security, and cost management.

Position multifunction devices (MFDs) in accessible locations, considering:
- Walking distance from user desks (under 30 metres preferred)
- Noise impact on nearby workstations
- Accessibility requirements
- Power and network connectivity
- Paper and consumables storage
Connect MFDs to the network on the IoT VLAN. Configure static IP addresses or DHCP reservations to ensure consistent addressing. Record device details in asset management including IP address, MAC address, and serial number.
Configure print security:
- Enable secure print release (users authenticate at device to collect jobs)
- Configure scan-to-email with authenticated SMTP
- Enable access controls restricting colour printing or large jobs if required
- Configure automatic deletion of uncollected print jobs after 24 hours
Deploy print drivers via MDM or group policy. For organisations using universal print solutions (Microsoft Universal Print, manufacturer cloud services), configure cloud print connectors and assign printer access to user groups.
Configure cost tracking if required by your finance model. Most enterprise MFDs support user authentication and job logging for departmental billing or cost awareness reporting.

Physical security systems

Physical security systems protect office assets and control access. Coordinate with facilities management and building security when installing these systems.

Install or configure access control for the office entrance and sensitive areas (comms room, executive offices). Options range from simple keypad locks to integrated card access systems:
Access level Areas Authentication
All staff Main entrance, common areas Building card
IT staff Comms room Building card + PIN
Finance Finance secure area Building card
Executives Executive suite Building card
Integrate access control with HR systems for automatic provisioning and deprovisioning where possible. At minimum, establish a process to revoke access when staff depart.
Install CCTV cameras at entrance points and sensitive areas. Connect cameras to the network on the IoT VLAN. Configure recording:
- Continuous recording at entrance points
- Motion-triggered recording in internal areas
- Minimum 30-day retention
- Encrypted storage
Post appropriate signage notifying staff and visitors of CCTV operation, as required by data protection regulations.
Configure alarm systems for out-of-hours intrusion detection. Integrate with building security or a monitoring service for 24/7 response. Establish procedures for alarm response including keyholders and escalation contacts.

Access level	Areas	Authentication
All staff	Main entrance, common areas	Building card
IT staff	Comms room	Building card + PIN
Finance	Finance secure area	Building card
Executives	Executive suite	Building card

User provisioning

User provisioning creates accounts and access rights for staff who will work in the new office. Begin this process before go-live to ensure staff can work immediately upon arrival.

Obtain the list of staff assigned to the new office from HR. For each user, confirm:
- Full name and preferred display name
- Job title and department
- Start date at new office
- Manager
- Required system access based on role
Create or update user accounts in the identity provider. For existing staff relocating to the new office, update location attributes. For new hires, follow the standard user onboarding procedure.
Assign appropriate licenses and group memberships:
- Microsoft 365 or Google Workspace license
- Telephony license
- Application access groups based on role
- Distribution lists for the new office
Provision devices for each user. Associate devices with user accounts in the MDM platform. Configure user-specific settings including email accounts, VPN profiles, and WiFi certificates.
Prepare welcome materials including:
- WiFi network name and guest access information
- Printer locations and print instructions
- Meeting room booking procedures
- IT support contact details
- First-day checklist

Documentation and handover

Documentation captures the configuration and design decisions for ongoing operations. Complete documentation before declaring the office operational.

Create the office network documentation package:
Network diagram: Logical topology showing VLANs, subnets, and key devices. Include IP addresses for infrastructure devices.
Physical layout: Floor plan showing outlet locations, access point positions, and equipment locations.
IP address register: Complete list of static IP assignments including devices, purpose, and MAC addresses.
Circuit information: ISP circuit details, support contacts, SLA terms, and escalation procedures.
Equipment inventory: All network devices with serial numbers, warranty information, and support contract details.
Document access credentials securely. Store local administrator passwords, network device credentials, and service account details in the organisation’s password management system. Never leave default passwords on any device.
Create runbooks for common tasks:
- Adding a new network drop
- Resetting a phone
- Troubleshooting WiFi connectivity
- Contacting ISP support
Conduct handover meeting with ongoing support staff (whether local IT, remote support, or managed service provider). Walk through documentation, demonstrate key systems, and confirm support arrangements.
Update central IT systems:
- Configuration management database with new assets
- Network monitoring to include new devices
- Backup systems for any local data
- Helpdesk with new office location and contacts

Verification

After completing installation, verify all systems function correctly before declaring the office operational.

Network connectivity: From a laptop at each desk position, verify:

Wired connection obtains IP address in expected VLAN
Internet access functions (test browsing, ping external hosts)
Internal resources accessible (file servers, intranet, business applications)
Speed test shows expected bandwidth (at least 100 Mbps to internet)

Wireless coverage: Walk the entire office with a WiFi analyser:

Signal strength exceeds -67 dBm at all work positions
No dead spots in common areas or meeting rooms
Guest network isolates traffic correctly (cannot access internal resources)

Telephony: Test from each phone:

Dial tone present
Internal extension calling works
External calls complete successfully
Inbound calls route correctly
Voicemail functions
Conference phone audio quality acceptable from all meeting room seats

Endpoints: Verify each deployed device:

Connects to network (wired or wireless as appropriate)
Authenticates users via SSO
Receives MDM policies and shows compliant status
Applications launch and function correctly

Printing: From representative workstations:

Print jobs reach designated printers
Secure print release functions
Scan to email delivers to user inbox

Physical security: Test each controlled access point:

Authorised cards/credentials grant access
Unauthorised attempts are denied and logged
CCTV cameras record and retain footage
After-hours alarm triggers on intrusion

Troubleshooting

Symptom	Probable cause	Resolution
No DHCP address obtained	Port in wrong VLAN, switch port disabled, cable fault	Verify switch port configuration, test cable with certifier, check link lights
Internet access fails, internal works	Firewall rules blocking outbound, DNS misconfiguration, ISP circuit down	Check firewall logs, verify DNS settings, test ISP circuit directly
Slow network performance	Duplex mismatch, damaged cable, congested uplink	Force auto-negotiation on both ends, re-certify cable, check uplink utilisation
WiFi connects but no internet	VLAN misconfiguration, captive portal issue, RADIUS timeout	Verify AP VLAN assignment, check RADIUS server connectivity, review controller logs
Phone not registering	Wrong VLAN, provisioning server unreachable, license issue	Verify voice VLAN assignment, test provisioning URL, confirm license assigned
Poor voice quality	Network congestion, QoS not applied, WiFi interference	Verify DSCP marking, check switch QoS config, move to wired connection
Print jobs not arriving	Wrong driver, network isolation, device offline	Verify printer IP reachable, reinstall driver, check printer status
Access control not working	Credential not provisioned, reader offline, door strike fault	Verify credential in system, check reader power/network, test strike manually
Device not receiving MDM policies	Network isolation, enrollment failed, certificate issue	Verify internet access, re-enroll device, check MDM certificate validity
ISP circuit down	Provider outage, demarcation fault, router WAN config	Check ISP status page, verify demarcation link lights, review WAN interface errors

When troubleshooting network issues, use the following diagnostic commands:

# Verify IP configuration (Windows)
ipconfig /all

# Verify IP configuration (macOS/Linux)
ip addr show
cat /etc/resolv.conf

# Test connectivity to gateway
ping 10.10.1.1

# Test DNS resolution
nslookup www.google.com

# Test internet connectivity
ping 8.8.8.8

# Trace route to destination
traceroute 8.8.8.8

# Check switch port status (Cisco)
show interface status
show interface gigabitethernet 1/0/1

# Check VLAN assignment (Cisco)
show vlan brief
show interface gigabitethernet 1/0/1 switchport

# Check wireless client status (controller)
show client summary
show client detail [mac-address]