An Internet protocol (IP) networking architecture includes a command and control sub-network (CCN) interconnecting a plurality of control interfaces wherein each control interface has a corresponding logical CCN address. A passenger services sub-network (PSN) interconnects a plurality of passenger interfaces wherein each passenger interface has a corresponding logical PSN address. The architecture further includes an air-to-ground sub-network (AGN) providing Internet access to the passenger interfaces via one or more isolation systems having corresponding logical CCN address and corresponding logical PSN address. By providing the isolation systems with multiple logical addresses, devices communicating on the AGN and PSN can be blocked from accessing the CCN addresses.