Dutch 
English 
German 
Spanish It is 22:00 ship time. The vessel is anchored 18 km off the Dutch coast, waiting for its slot at the offshore wind farm. Six crew members are off shift, scrolling through their phones in the mess. Two are on video calls with family. One is streaming a football match. At the same moment, the engine room is uploading the evening’s diagnostic file to the shore-based maintenance system, and the bridge is pulling weather updates for the night transit. The data pipe is the same. The router is the same. The SIM is the same. And the operational upload is taking eight times longer than it should because crew streaming is saturating the connection.
This is the default state of cellular internet on most commercial vessels: one connection, everything on it, no separation. For fleet managers, it creates a quiet but persistent problem. Operational data uploads slow down or fail. Crew welfare gets blamed when the bandwidth is the actual bottleneck. And as the 2022 amendments to the Maritime Labour Convention now require shipowners to provide seafarers with reasonable internet access as a welfare standard, the question is no longer whether to give crew access. It is how to give them access without compromising the systems the vessel runs on.
This guide explains how vessel connectivity is structured to serve both operational systems and crew welfare on the same hardware, what the realistic options are for traffic separation, and where the cellular SIM architecture fits into the picture.
Why one connection cannot serve both unmanaged
A vessel’s cellular link is a finite resource. A standard 4G LTE connection at 5 to 8 km from coast typically delivers 20 to 50 Mbit/s of usable bandwidth, depending on tower congestion and signal conditions. At longer ranges with a maritime antenna, that can extend to 150 Mbit/s nearshore. Once that bandwidth is in use, every device on board competes for it.
Without segmentation, three predictable problems emerge.
Crew traffic dominates operational uploads
Streaming video, app updates, and cloud backups generate continuous, high-bandwidth load. A single crew member streaming HD video consumes 3 to 5 Mbit/s. Six crew members streaming simultaneously can saturate a 30 Mbit/s link. Operational uploads, which are often bursty and time-sensitive (engine telemetry, position reports, daily diagnostic syncs), get queued behind streaming traffic. The result: delayed shore reporting, missed batch windows, and incomplete data at port arrival.
Crew welfare suffers when operational systems take priority
The reverse is also true. If the vessel runs constant background uploads from CCTV, SCADA telemetry, or vessel optimisation analytics, crew bandwidth gets squeezed. Video calls drop, messaging apps lag, streaming buffers. The MLC 2022 amendment, in force since 23 December 2024, requires shipowners to provide seafarers with reasonable internet access as part of crew welfare obligations. Unreliable access does not meet that standard.
Security exposure on shared networks
When crew devices and operational systems share a flat network, a compromised crew device, an unpatched laptop, a phone with a malicious app, has a direct path to vessel systems. Maritime cybersecurity guidance from classification societies increasingly recommends network segmentation as a baseline. Flat networks are no longer acceptable for vessels with connected operational systems.
How vessel connectivity is actually structured
The misconception is that solving this requires a separate cellular connection for crew and another for operations. In practice, the cellular layer is shared. The separation happens above it, in the router and the network design on board. A modern maritime connectivity stack has three layers.
Layer 1: the cellular backbone
This is the SIM and the antenna that deliver internet to the vessel. A non-steered multi-network SIM connects to the strongest available carrier across 700+ networks in 195 countries, so the vessel maintains connectivity across territorial water crossings and along different coastlines without manual intervention. Weconnect’s maritime internet solutions use this non-steered architecture as default, paired with a long-range 4G antenna for ranges up to 70 km from shore.
One SIM architecture serves both operational and crew welfare requirements on the same vessel. The cellular link does not know or care which device is using it. That distinction is made in the layer above.
Layer 2: the marine router with VLAN support
This is where traffic separation happens. A marine-grade router that supports VLANs (Virtual Local Area Networks) divides the single internet feed into logically isolated networks. Each VLAN has its own broadcast domain, its own access rules, and its own bandwidth allocation. A typical vessel configuration includes three to four VLANs:
- Operational VLAN: bridge systems, engine telemetry, SCADA, CCTV, vessel optimisation analytics
- Crew welfare VLAN: a dedicated SSID (network name) for crew personal devices
- Guest VLAN: optional, for visitors, contractors, or short-term boarders
- Management VLAN: router administration, isolated from all other traffic
Each VLAN appears as a separate WiFi network to the user. A crew member connecting to the crew SSID has no visibility into and no access to bridge systems or engine room telemetry. A compromised crew device cannot reach operational systems. The router enforces the boundary.
Layer 3: bandwidth allocation and quality of service
VLAN segmentation prevents access between networks. Quality of Service (QoS) rules on the router determine who gets bandwidth when the link is saturated. A typical operational profile prioritises operational uploads first (engine telemetry, position reports), then allocates a guaranteed minimum to crew welfare (10 to 20 Mbit/s reserved), with remaining bandwidth available to whichever VLAN is active. The router does this in real time, every packet.
The result: when the vessel is uploading its evening engine diagnostic, the crew streaming session does not block it. When the diagnostic is complete, the bandwidth becomes available to crew. Neither side starves the other.
Where Weconnect fits in the marine data solutions stack
Weconnect provides the cellular connectivity backbone, not necessarily the on-board router or the VLAN configuration. The vessel’s IT team or systems integrator handles the router and network design. The value Weconnect adds sits in three places, where routers can be an optional service.
Multi-network SIM for continuous coverage
The crew welfare experience depends as much on coverage continuity as on bandwidth. A crew member’s video call dropping every time the vessel crosses a territorial water boundary is the same operational problem as an engine telemetry upload failing at the same point. Both are solved by non-steered multi-network access. The SIM connects to the strongest available carrier from any operator in the region, without commercial steering. Across the North Sea, Baltic, or Mediterranean, this means the vessel maintains its connection across border crossings without manual reconfiguration.
Shared data pools across the fleet
For fleet operators with 10 or 50 vessels, individual per-vessel data plans create administrative overhead and unpredictable costs. Weconnect supports shared data pools, where all vessels in the fleet draw from a single data allocation. A vessel running a heavy operational week, frequent diagnostic uploads, weather routing data, real-time position reports, consumes more. A vessel at anchor for crew rotation consumes less. The shared pool balances across the fleet without per-vessel plan changes.
This matters for crew welfare specifically because it removes the incentive to throttle crew access on individual vessels. The fleet manager sees consumption at the pool level, not the per-vessel level, and can size the pool to accommodate realistic crew usage without overprovisioning every vessel.
Real-time monitoring and cost allocation
Weconnect’s platform voor connectiviteitsbeheer provides per-SIM usage visibility, real-time data consumption monitoring, and cost-centre allocation. For a fleet manager, this means seeing exactly how much data each vessel is using, identifying anomalies (a vessel suddenly consuming 5x its normal volume, often a sign of an unauthorised device or a misconfigured system), and allocating connectivity costs to specific cost centres or operational profiles. The platform also supports per-SIM data caps if a vessel’s consumption needs to be capped at a specific level.
The platform does not segment crew from operational data inside the vessel. That happens on the router. But it gives the fleet manager the visibility to verify that the segmentation is working as intended and that crew welfare consumption is staying within budget.
Practical configuration: what a working setup looks like
A standard configuration for a coastal commercial vessel (offshore supply, ferry, fishing, inland transport) uses one cellular link and one marine router, with VLAN segmentation handling traffic separation.
Hardware on board
A maritime 4G antenna mounted at the highest practical point on the vessel, connected by a single coaxial cable to a marine-grade router below deck. The router supports multiple VLANs, QoS rules, and ideally dual-SIM failover for redundancy. A WiFi access point or set of access points distributed across crew areas, mess, cabins, deck, broadcasts the crew SSID. Operational systems connect to the operational VLAN via wired ethernet where possible, WiFi only when necessary.
Connectivity layer
A non-steered multi-network IoT SIM in the router, providing access to 700+ carriers across 195 countries. For vessels operating predominantly nearshore, this is the primary connection. Vessels operating in mixed nearshore and open-water profiles add Starlink or VSAT as failover, with the marine router managing automatic switching between cellular and satellite based on signal availability.
Network configuration
Three VLANs at minimum: operational, crew welfare, and management. QoS prioritises operational uploads, with a reserved minimum bandwidth for crew (typically 10 to 20 Mbit/s on a 50 to 150 Mbit/s link). Crew SSID uses WPA2 or WPA3 authentication with a shared password or per-user credentials if the router supports it. Operational VLAN has no internet access for systems that do not need it (CCTV, internal monitoring), reducing attack surface.
Management and visibility
All SIMs are managed through a single connectivity platform, with real-time usage data visible to the fleet manager. Per-vessel and fleet-level reporting separates operational consumption from total consumption, so crew usage is visible as a distinct line item. Data caps can be set per SIM if needed, though fleet operators with shared data pools typically manage at the pool level rather than per-vessel.
MLC 2022, crew retention, and the business case
The MLC 2022 amendment, which entered into force on 23 December 2024, formally added social connectivity to the welfare standards that ships under MLC-ratifying flag states must provide. Standard A3.1 and Guideline B3.1.11 require shipowners to provide internet access where reasonably practicable, with any charges kept reasonable. Non-compliance carries port state control implications and, in some jurisdictions, regulatory penalties.
Compliance is the floor. The business case sits above it. Seafarer retention has become a measurable cost line for commercial fleet operators. Industry research from multiple maritime welfare organisations consistently identifies connectivity quality as one of the top three factors influencing crew willingness to return for the next contract. Vessels with reliable, segmented crew connectivity report higher retention, fewer mid-contract departures, and better recruitment outcomes.
For a fleet manager evaluating the investment case, the calculation is straightforward. A marine router with VLAN support adds modest capex. A multi-network SIM with a shared data pool replaces multiple per-vessel contracts at lower total cost than per-vessel satellite. The connectivity management platform replaces manual per-SIM administration. The combined cost is typically lower than running a single VSAT contract per vessel, and the operational benefits (continuous coverage, segmented traffic, real-time visibility) and welfare benefits (reliable crew access) accrue on top.
Veelgestelde vragen
Can I run crew WiFi and operational systems on the same SIM?
Yes, and this is the standard configuration on modern commercial vessels. The separation between crew and operational traffic happens on the vessel’s router, not at the SIM level. A multi-network SIM provides the cellular link, and the marine router uses VLANs to create isolated networks for crew, operational systems, and management. Each VLAN gets its own SSID, its own access rules, and its own bandwidth allocation through QoS configuration.
Do I need a Private APN to separate crew and operational data on a vessel?
No. A Private APN is one method of network isolation, primarily used for IoT and M2M deployments where end-to-end private routing from device to corporate network is required. For maritime crew and operational separation, on-vessel VLAN segmentation handles the use case effectively at lower cost and complexity. The cellular SIM and APN are shared; the separation happens on the router below deck.
How does Weconnect support crew welfare connectivity?
Weconnect provides the cellular connectivity layer: a non-steered multi-network SIM connecting to 700+ carriers across 195 countries, shared data pools across the fleet, and real-time usage monitoring through its connectivity management platform. The on-vessel segmentation between crew and operational traffic is handled by the marine router. This division of responsibilities is the industry standard: telecom provider supplies the connection, vessel hardware handles internal network design. Secondly a crew member individual option is available as well with the business eSIM.
What does the MLC 2022 amendment require for vessel internet access?
The MLC 2022 amendment, in force since 23 December 2024, requires shipowners to provide seafarers with reasonable internet access on board as part of crew welfare obligations under Standard A3.1 and Guideline B3.1.11. The requirement is to provide access where reasonably practicable, with any charges kept reasonable. The amendment does not specify bandwidth or technology, but unreliable or punitively expensive access does not meet the standard.
How do shared data pools work for a fleet of vessels?
A shared data pool aggregates the data allowances of all SIMs in the fleet into a single pooled allocation. A vessel running heavy operational data usage in one month draws more from the pool, while a vessel at anchor draws less. The fleet manager monitors consumption at the pool level rather than per-vessel, which removes the administrative overhead of adjusting individual plans. Weconnect supports shared data pools across its maritime and IoT SIM portfolios, with real-time consumption visibility per SIM in the connectivity management platform.
Can I monitor how much data crew are using on each vessel?
Yes, through the connectivity management platform. Per-SIM usage is visible in real time, and if the on-vessel router separates crew and operational traffic via VLANs, the fleet manager can additionally monitor per-VLAN consumption through the router’s own management interface. The combination gives full visibility: total vessel consumption at the SIM level, and crew-versus-operational split at the router level.
Next steps
Whether your fleet is moving from a satellite-only configuration to a hybrid cellular plus satellite setup, or upgrading from flat-network connectivity to a segmented architecture that supports crew welfare alongside operational systems, Weconnect provides the maritime connectivity layer and the management platform to support it. Contact our maritime connectivity team for an assessment of your current setup and fleet routes.
Direct reactie binnen 4 werkuren.