Freedom starts at Layer 1

Managed Internet — ISP-agnostic, privacy-first network operations.

Design, deploy, and manage your LAN/WAN: VLANs, firewalls, DNS, 802.1X, guest portals, logging, and documented runbooks. You own the ISP circuit — we manage the stack.

Request a Quote See Service Bundles No cookies • No trackers
What’s included
  • Network design (LAN/WAN, VLANs, DMZ, Mgmt, Guest)
  • Firewall policy & NAT, geo/IP allowlists as needed
  • 802.1X on ports, RADIUS, captive portal with AUP
  • DNS (Pi-hole/Unbound) & DHCP strategy
  • Failover design: multi-WAN / cellular backup
  • Monitoring, logs, and quarterly review
  • Runbook + credential escrow to the client
Segmentation

VLAN & Policy

Separate operations, guests, phones, credit-card terminals, and IoT. Principle of least privilege from day one.

Identity

802.1X Everywhere

Port-level auth with RADIUS so unauthorized gear can’t just plug in and ride.

Resilience

Dual-WAN & LTE

Policy-based routing and cellular failover. Guest Wi‑Fi throttled/disabled during failover to prioritize operations.

Privacy

DNS & Logging

Local DNS resolver (no data brokerage), Pi‑hole‑style filtering, and logs retained under your control.

Compliance

Documented

Diagrams, credential escrow, and change logs. Designed with HIPAA/PCI sensibilities in mind.

Support

Monitoring

Health checks, alerts, and quarterly reviews focused on uptime, noise, and drift.

Preferred Stack
  • Gateways: UniFi UDM Pro / OPNsense firewalls
  • Switching: UniFi USW‑Pro series with PoE
  • Wi‑Fi: UniFi 6/7 APs with guest portal + AUP
  • Identity: FreeRADIUS for 802.1X (wired + Wi‑Fi)
  • DNS/DHCP: Pi‑hole + Unbound or ISC/Kea
  • Out‑of‑band: LTE/5G modem for backup & remote access
  • Docs: Topology, VLAN matrix, IP plan, runbook

We are vendor‑neutral; this reflects field‑tested, supportable defaults. Hardware is quoted separately. ISP circuits remain client‑owned.

Service Levels
  • Response: Same business day for P1 (down), next business day for P2. Scheduled for P3/P4.
  • On‑site: Next business day for P1 within primary service radius; remote first.
  • Maintenance: Monthly updates, quarterly reviews, annual audit.
  • Change control: Ticketed changes, rollback plans, and documented outcomes.

We operate with a privacy‑first policy: no third‑party analytics or data resale. Telemetry stays in your control.

FAQ

Who buys the internet service?

You do. You own the ISP circuit and account. We design, implement, and manage the network on top of it.

Can you support my existing gear?

Usually. We’ll evaluate firmware lifecycle, features, and supportability. If it’s end‑of‑life or insecure, we’ll propose replacements.

Do you require a contract?

Yes, for ongoing management. Installs and hardware are one‑time quotes. We keep terms simple and plain‑English.

Add‑Ons
  • Cellular failover packages (SIM + modem)
  • Guest Wi‑Fi captive portal with AUP and rate limits
  • RADIUS/LDAP integration for staff devices
  • Site‑to‑site or DN42 peering (where applicable)
  • RF scans & ongoing spectrum monitoring
  • Sound masking & Access control integration
Contact

Let’s plan your network.

Tell us about your site and goals — we’ll respond within one business day.

(570) 672-7857 hello@beargaptelecom.com

PO Box 3 • Elysburg, PA 17824

Quick Request

Your details are emailed directly to us via Formspree. No trackers or third‑party widgets.