PoE is awesome. My custom home security system is all CCTV PoE with a gstreamer backend running on four-core fanless linux box. Way to go. Complete control. No batteries, no wares spying on me, no personal data getting scraped by big guys. (Cloud connectivity sucks because I have segmented mp4s and jogging through them hurts but I only care for events after they happen, not while they happen.)
I did. Implemented a "simple" solution (simple for anyone who is going to be setting up their own IP camera system and NVR):
Cameras are on their own VLAN. Port isolation is enabled so they can't connect to each other. Only connectivity allowed to/from that VLAN is from the cameras to the router for NTP, and from the NVR to the cameras.
So if you plug in you can... check the current time on my router. Maybe see how many other cameras are on that segment? Likely not going to get very far given you're already caught on camera, an alert's been fired, and pretty soon I'm going to be making a call to the police.
Absolutely. Ideally one with Private VLAN[0] functionality and an upstream router configured to allow the CCTV server to pull video streams from the camera while disallowing any outbound communications from the cameras themselves.
No it isn't. Most MACsec-capable platforms have a "must-secure" or "should-secure" transmission mode.
If the security association isn't completed on a "must-secure" configured port then no traffic is transmitted. One would need access to the pre-shared keys to successfully use the link.
Now, could one perform a side-channel attack of the memory on the camera and get access to them? Maybe.
This is veering into pedantry, but from what I can understand of that setting (I'm not a sysadmin guy but have used MACsec on embedded stuff), that's just as much of an 802.1X feature as a MACsec feature.
Sure the switch will only accept encrypted L2 traffic...but that encrypted link is set up via MKA, which is a part of the 802.1X standard. If you don't have 802.1X authenticating the endpoint, you don't have MKA setting up the encrypted link between that endpoint and the switch and you don't have MACsec.
So if you're trying to prevent a bad guy from getting on your LAN, you need 802.1X, whereas MACsec is an optional extra (a very useful extra if you're worried about MITM attacks). But 802.1X is still doing the heavy lifting w.r.t access control.
This is a pretty significant lift for most home networks, both in terms of cost and complexity, but I agree it’s the right way to go. If you’re upgrading to a PoE switch, you might as well go all the way and make it a managed switch.
When you get to the point of building out your own ip security camera system and then worrying that some hacker is going to roll up and plug in to one of your cameras. you probably already have vlans going.
Got any recommendations on what cameras to get? The market is absolutely flooded with cheap shitty cloud-connected all-in-one cameras making it hard to find good, simple products.
I got a lot of 6 Axis cameras from eBay, it was around $200. I think they took them off a school or something but they were in great shape. They look great and have no spyware etc because it’s an industrial company. I recommend getting some industrial surplus because they tend not to have all the bloatware and have significantly better weatherproofing, casing, etc, even if the optics are the same as the consumer units.
This! I manage about 70 CCTV cameras, over the past 15 years. Partially as a hobby. and axis cameras are the best bar none. They are expensive, but if you don’t have a need for the latest gen axis, then eBay is your friend, along with one or two generation prior of axis current gen cams. They are just very well thought out in terms of installation, and ui/operation. Axis is among the most responsive to security issues (which mostly can be negated by controlling your cameras at the network level through vlans and firewall rules). They have a very intuitive web based UI, for example one well thought out ability is through events/rules- you can add a physical SD card into the camera and set up a rule that if the video feed is not being accessed ( set a inverse trigger for “live stream accessed”) then start recording to the on-cam SD card (i.e. your NVR has gone off-line or a network issue is stopping the feed, then you have onboard storage saving that video). That’s just one example.
I was under the impression that most commercial/industrial cameras all required some kind of proprietary ecosystem of peripherals and controllers. Do those work with open source DVR solutions like frigate? (If so, did you know that before you bought them?)
Onvif is the keyword, if it’s supported it works with frigate. I think most of the industrial cams are not as locked down as you might think. They are infrastructure so vendors aren’t going to force customers to tear down their existing setup.
Another method that most cameras support (if you want the bare basics of record video/audio) is accessing an RTSP stream from the camera. In fact RTSP streams are the primary way you get video into frigate specifically. Some of the more fancy cam manufacturers (axis), are just now starting to support encrypted RTSP , but most of it is unencrypted. you can enable authentication, however in general if you’re doing this over the Internet you do it over a VPN via un encrypted rtsp
The cheapest (~15 USD bullet, 20 USD dome) PoE cameras on AliExpress (focal length is pretty much the most important parameter to look at, depending on the fov you want) hooked up to a Unifi NVR. Skip all the vendor manuals, setup steps, and apps - adopt them directly to Unifi Protect.
I put them on separate vlan where they get no outbound network connectivity.
For cases where you want things like facial detection or license plate detection (automatic doors/gates) get a Unifi AI though and those things cost, but for normal perimeter/room monitoring the cheap ones are very good
I would argue sensor size is what's most impotant to look for in a camera.
Have a look at this thread [1] I have bookmarked. I found it quite informative. I already got some cheap cameras and set them up, but I wish I would have found it earlier. The ones I got are 4MP with 1/3" sensor and perform absolutely terribly in night setting.
I'd recommend checking out "Project Farm" reviews. They do actual tests and comparisons of products rather than the current trend of reading off marketing copy and shilling sponsored products. I've seen some of their reviews on cameras and the difference in clarity across brands is shocking. Not that important if you just want to know "my package was stolen", but very important if you want to read their license plate.
He does a good job at reviewing the cameras themselves but IIRC, all of the cameras he reviewed require cloud connectivity, and many of those clouds are "overseas."
ONVIF is the (now quite old, but still very relevant) standard for interfacing IP cameras locally on a network.
A cheap-but-performant ONVIF camera on an isolated VLAN (or a physically-isolated network; I won't tell anyone) can be a thing of beauty that is also completely unable to call home to some mothership in the clown.
I'm frankly very surprised that I don't see it mentioned here more often when discussions of cameras arise.
ONVIF and RTSP are different things.
ONVIF is a device and services discovery protocol
RTSP is a video streaming protocol.
ONVIF can be used to discover a camera on a network, query it for its RTSP URL, and facilitate a connection between a client service and the RTSP stream. But you can't stream video via "ONVIF".
I have also found that poor onvif implementations run as root and not as any other user. If you’re sending auth creds, better make sure you have something protecting them on the wire…
And profiles. There are many different feature sets in onvif and just because a camera has onvif logo or compatibility doesn’t mean it will play nice with your gear.
Not my experience. I've tried several such cameras and most of them are underpowered and suffer from very low fps or are fine when there's no movement but with movement the fps drops drastically essentially making the camera close to useless.
Reolink with Synology NAS using their native Surveillance app. All stored locally, no cloud.
One issue with Reolink I haven’t solved is that it is unable to detect approaching cars in the night. Departing cars work fine though. Otherwise no complaints.
What's wrong with their NVRs? I have one connected to some Reolink cameras (though not yet the full house-surrounding setup I have planned) and it seems fine so far.
Blue-line domes, the $240 ones. Four of them. I'd get more but do not know how to make outside routing look neat. i have one bullet and i don't like it and don't use it, i prefer the wide-angle domes with ir.
I have built out several Amcrest systems. You have the many options for recording and access, that will allow remote access without going to the cloud.
What switch do you use? I have PoE wifi APs throughout the house, but I bought an Aruba switch and it's super noisy tbh. Fine for me because it's in the basement, but I couldn't recommend it
At one of our offices (it is not a large office), I have a 24-port Netgear POE switch running the show. If it has a fan inside (it may! there's cutouts for fans on the sides of the chassis but I have not looked inside), I've never heard it.
It fit the price-performance curve for our needs several years ago when we eventually outgrew the previous Netgear POE switch...that was also apparently fanless, and that I installed in 2007.
IIRC, it is a GS724TP. It's running a dozen cameras and some access points, and almost all of the rest of the ports are filled up with computers and printers and other Ethernet stuff. No issues at all to to report so far.
(A used enterprise switch with serious fans may be cheaper and/or more featureful and/or more reliable, but do we need that kind of noise at home? We sure don't need it at that small office.
I've also installed some fanless Cisco POE switches with big heatsinks (and dual power supplies, each fed from different sources) on some high-dollar projects where ultimate reliability was kind of a big deal, but... sheesh.
If one of these installed Netgear switches dies in one of these low-risk environments, I'll just patch things up for now and get a replacement coming under warranty.)
some netgear 8-ch poe switch. i don't recall. it's been on and running for about 8 years with no issues, way up near the ceiling of my garage, covered with dust. its plugged into a wrt1900 router i bridged via wifi to my main router.
Do you upload events to a remote location? How is your storage box secured against theft? That’s my biggest concern for doing local cctv- if you are robbed, they’ll grab anything that looks of value.
yes that is something you need to decide for yourself i'm ok with it. i push my segments up to an s3 bucket but yes if they find the box before the rsync i lose. oh well. there's much more valuable stuff in the house they'll probably go for first. i suspect junkies aren't that smart.
At higher power the Ethernet drops quite a bit of voltage/power compared to the wiring in your walls. Furthermore 48v vs 110v is double the amperage/more loss on top of that.
Then there’s double/sometimes triple conversion (120:48 and then 48:dc; 120:48 and then 48:12, and then 12:dc).
Furthermore magnetics are a must on both side of the PoE which also isn’t great.
At lower power there’s more circuitry to run and multiple conversions aren’t great compared to a simple cheap flyback.
No, there aren't, not in the way you imply. There is the IEEE 802 PoE standards, which are all compatible (save for not enough power), and designed to carefully negotiate and especially never break non-PoE devices. And there is bullshit (sorry) like "Passive PoE" that is ironically an active violation of the IEEE specs, can break pretty much anything, and you shouldn't buy so the likes of Ubiquiti and Mikrotik finally get the wallet vote and stop f*cking doing. Unfortunately, the proper PoE PD logic is a few dollars of extra expense.
Yes, there is a slightly higher risk of killing devices due to faults in the PoE supply logic. I have the official PoE HAT for a RPi 4. I have to say it is somewhat poorly designed due to space constraints; the isolation between 48V and 3.3V should be better. I'm not even sure the RPi PoE HAT is spec compliant.
But I don't think you can/should blame this on PoE.
I have a ubiquiti 30w poe+ injector that somehow doesnt provide enough power for 20W aruba AP. When I plug it in a 120W switch it works unless the cable gets too twisted or something. I vote not awesome
Don't buy Ubiquiti. Personally speaking, anyone doing passive PoE (even if only on other device series you're not looking at) is automatically on my shitlist.
I'm not surprised they can f* up a basic PoE injector. The reason for doing passive PoE is saving a few bucks, on the back of safety and compatibility. Of course they would try to pinch hard on the PoE injector too.
Oh and I'd say they (together with Mikrotik) are responsible for 90% of the bad rep PoE gets. The IEEE 802 stuff really just works. And I say that having been part of rolling out 15000 people conference deployments with several hundred wifi APs in the span of a few days. The only real problem is broken cables, but the Ethernet link commonly fails before PoE is impacted.
Fwiw, I’ve had a few different PoE switches from Ubiquity and at least so far haven’t had any problems with the switches.
My current one is the 48 Pro-Max etherlighting , and I have around fifteen PoE devices and it’s pretty much plug and play always.
I did have issues with some of their other products - eg an old CloudKey gen1 that I had remotely in my parents place that I think ran out of space to the point it can’t update itself and can’t compact some old mongodb.
Ubiquity only did passive PoE in the very early days. Everything has been 802.11 variants for a long while wow. The injectors that shipped a decade ago with my APs were all 802.11af.
The UniFi line has moved away from passive PoE. The "UISP" line is almost exclusively passive PoE, even for brand new products. Ubiquiti has proven they know how to make devices that support both when they transitioned the UniFi line, but they actively choose not to and to enforce the use of bad nonstandard trash with their new products in their ISP product line.
The majority of UISP devices they sell are all relatively old products. For example the 'NanoStation 5AC Loco' is a great $50 product that continues to work well, but it was released in ~2019. And they continue to sell new models of products that have been unchanged for over a decade.
In the last 2 years they've released very few new UISP products and you're right that they continue to be passive PoE. I suspect this is for continued compatibility with their older product line. Upgrading from passive PoE to active 802.3 PoE requires replacing the injector and maintaining passive PoE makes it easier to upgrade. And the UISP product line is really meant for wireless ISP operators, not consumers, where the risks of passive PoE are smaller.
Anyway, I agree with the sentiment, but I don't hold it against Ubiquiti too much for continuing to use passive PoE for their UISP line, since I think it makes sense for their customers. As so-so work around you can get a 802.3 -> passive 24V converter: https://store.ui.com/us/en/products/ins-3af-i-g
> If they had just stuck with 12VDC and buildings had 12VDC wall sockets everywhere, everything would have been fantastic.
Huh? We used to have low-voltage AC and DC powered cameras in the world (and we still do, too).
Those are awful in implementation because buildings, whether or old or new, don't have 12VDC sockets everywhere -- or at all, really.
Nor should they have 12VDC sockets for cameras; they're unnecessary.
I've run my share of siamese coax for low-voltage-fed analog cameras, and also separate power for low-voltage Ethernet-connected cameras, and I'm completely over those concepts.
With proper-fucking IEEE POE, we have standards and it only takes one cable to make it work properly instead of more than one.
If a switch isn't up to the power demands of a particular camera, then: No big deal. I can upgrade or supplement that switch without rewiring even more of the building than was already necessary to get Ethernet going.
I use a PoE "extractor" to power my RPi over PoE and it works great. The extractor does the negotiation and safely gets the normal 48V PoE power, then converts that to 5V outputted on a USB-C cable that powers the RPi. Extractor also has an Ethernet[1] passthrough port that goes into the RPi as well. A bit basic, but seems relatively error proof.
240V AC and 5V DC manage to live close in a charger without problems. Problems with quality does not depend on voltage.
I love the concept of PoE with one exception that it requires constant 1W or similar load to work even if it is not needed for low power device.
> 240V AC and 5V DC manage to live close in a charger without problems.
I mean, yes and no. My laptop case is at 78VAC to ground right now. It gives the tingles. I don't use my laptop much while plugged in. They all skimp on making proper 3-pronged chargers these days. My desktop has a grounded case and doesn't have this issue.
My phone, when plugged into wall AC, the touch screen stops working because the whole phone is at an elevated potential and it messes up the capacitive sensing.
PoE is a godsend that should really be in more consumer devices and households, alongside structured wiring. An AppleTV, Chromecast, or NVIDIA Shield can easily fit within the envelope of PoE+, as can many enterprise-grade switches and WAPs (see UniFi as an example). Converting AC to DC once at the switch is more efficient (in resources and often, but not always, power) than including bulky PSUs for every device, while simplifying the ease of setup for end users (in theory).
Whenever possible, I opt for PoE. It’s a damn shame it’s limited to a niche userbase given its myriad advantages.
Where ever you're putting the TV you have to put in regular power anyways, so it's fairly tidy to just put the device's power cable parallel with the TV's power cable. WiFi will handle communication. On the other hand, NEC and CEC requires minimum of 2 inches gap for communication wiring to electrical so you're now you've got that minor complication.
POE makes sense mostly when it makes sense to combine communication and power cabling. Corded phones, wifi access points, security cameras, small touch screen modules, etc. Not saying what you're doing can't work, but the added expense of installing parallel CAT6 everywhere doesn't seem worth it.
My Chromecast uses USB C for its network. I got a power brick (official Chromecast) that also takes an ethernet cable and then provides a wired ethernet connection.
That being said, a quick Google search for "poe usbc" yields some devices that are much more expensive than the power brick I bought, but in theory would let you run a Chromecast from a poe ethernet port with wired ethernet.
I bought last year a device like that I think - was from some company named TexasPoE I think, and it took Ethernet cable, and output has usb-c with 1GbE and power. I sometimes use it with my iphone or iPad and do get the wired Ethernet connection and charging
There are finally PoE adapters that give USB-C power and USB Ethernet. Those should allow home theater devices to be powered and use wired Ethernet. But the ones I have found are expensive, but should drop if there is demand.
I also haven’t found any bidirectional ones yet, even though the hardware (except maybe the negotiation chip if it’s pure PDE) should be able to support it. Would be really nice for development of PoE devices to just hook up one dongle to my laptop.
In my head enterprise grade switch has 48 ports with some >10g SFPs for uplink. What does enterprise grade mean to you? And what enterprise grade switches are poe powered?
It's such a wide field that it's hard to pin down. I agree if your thinking about what a business that isn't just a handful of people needs then we'd be looking at the kind of switch you're thinking of if it has standard office workers. But soon as you start talking about businesses that are manipulating central data (which keep in mind would probably include most primary business, design workers or anyone working with media not just software people) you're talking about a wide gamut of devices that you wouldn't really (at least traditionally) call consumer grade.
Mikrotik website has a good selection of them and if you look at the other hardware types it'll be interesting in getting an idea of weird things you don't see in normal offices.
Apart from obviously larger bandwidth options like 28qfsp 100gb (I'm unaware if mikrotik does them but 400gb is normal in some circles) there's things like reverse POE switches, media converter switches, and all sfp+ switches.
Poe++ exists and you can use switches with it to power poe+ switches that will power poe switches. Or they can be used to power laptops or NUCS directly.
So my arista 710p-16p isn’t entries because it’s not 48 ports? Or my Nexus 9300 24p? I’ve got some old juniper 4300 32F ports handling 1g fibres (moderns arista switches aren’t great as the 25g SFPs won’t autoneg at 1g on fibre as they don’t support clause 37)
My standard campus switches are 722s with 48 ports and 25/10 SFPs, but there are use cases when smaller switches make sense.
Arista 710P for instance. I don’t see what port count has to do with it, it runs the same OS and has the same capabilities as all their other switches. Cisco has a Catalyst 9k like this too.
In my head, one of the things that makes up an "enterprise grade" switch is 48 ports. Because "for the enterprise", in my opinion, evokes some idea of large scale deployment, not a mom and pop trinket store with one PoS cash register device and three company computers.
The smaller switches like the Arista 710P are meant for deployment out at the edge of the network where you want something small and quiet (e.g. at people’s desks or in conference rooms) to provide more ports without needing as many runs back to the network core where the big loud switches live. They’re still enterpise grade since they support enterprise features like centralized management, VLANs, QoS, IGMP snooping, etc.
> Converting AC to DC once at the switch is more efficient (in resources and often, but not always, power)
Can you expand on "often, but not always, power"? Here's my guess:
* It's more efficient for the small stuff: little wall warts aren't very efficient I think in part because there's some no-load consumption for each. The switch pays that no-load cost once for many devices and has like an 80-plus gold or better PSU, hopefully. And then I think even cheap buck converters are like 95% efficient; they have some no-load consumption too but I think less than the wall warts? And even though this goes over 2 (or 4) tiny wires, at 48V–56V, the current is low enough that power loss is not bad because those wires are just for one small device, and P=I^2R.
* It's less efficient for the big stuff: that P=I^2R starts to suck for the PoE case, and in the non-PoE case they're more likely to have efficient AC->DC conversion on their own. 90% efficient beats 90% * 95% efficient.
A power supply can operate most efficiently if its power output is close to what it was designed to supply. Typically, a PoE switch has a large power budget to take into account the myriad devices that might be connected to it.
If you have one small PoE device connected to a large PoE switch then it would be less efficient compared to a non-PoE switch and a small separate power supply for the device.
I feel your pain. Prior to my network rebuild at home, I had splitters powering the EdgeRouter, Philips Hue Bridge v2, a Raspberry Pi, and was tempted to add more for the various small (<8-port) ethernet switches scattered about. UniFi expanding their switch lineup to include PoE-powered gigabit and 2.5G switches was a godsend, as were PoE HATs for the RPis’. Only the Hue Bridge remains on a splitter, because Signify won’t make one with native PoE.
All our desk phones at work are poe and they have pass through ports to allow connecting a PC to the LAN. Really neat to just have one cable that gives you a powered phone, and Ethernet access.
Ubiquiti has stopped selling anything with passive 24V PoE, and has lots of standard PoE. The risk is low since I think only worked with injector so no switches providing power to everything.
> Ubiquiti has stopped selling anything with passive 24V PoE
In their consumer "UniFi" product line. Pull up their store and switch over to the "UISP" product line. Most of the smaller wireless devices and consumer-tier CPE are 24v passive, most of the larger wireless devices, 60GHz bridges, etc. are 48v passive, a few devices in the middle support both, and standard "active" PoE is almost nowhere to be found. Even on product lines that weren't even dreamed up when modern standard PoE was ubiquitous.
They say it's because the WISP crowd loves passive PoE as it can easily be wired to batteries on towers, and I get that, but that's no excuse for not also supporting standard-based PoE on the device end. There's no good reason for a product designed in the 2020s to force the installation of passive PoE where there was none prior.
They demonstrated they can do both with most of the transition-era UniFi products. Support and encourage the use of standards, allow the use of non-standard but common alternatives where they make sense.
Also my UniFi AP has passive poe cause it's just that old. Without researching, idk when that got fixed because nothing on the boxes tells you. Consumer tier means people will plug whatever fits.
> Without researching, idk when that got fixed because nothing on the boxes tells you.
In fact it did, in the transitional models that were sold both with and without 802.3af support there was a sticker added to the box on the ones that had it.
The switch was early in the life of the UAP-AC series of access points. IIRC the "Pro" and in-wall models always supported 802.3af but the "Lite" and "LR" models initially were 24v passive only. I vaguely recall there also being transitional models of their cameras but we were not deploying those at the time.
> Consumer tier means people will plug whatever fits.
And this is why I hate passive PoE with a passion. Standards-based PoE ports are safe, you can plug devices not supporting PoE (or requiring passive PoE) in to them with no risk of damage. Passive PoE ports are dangerous, they can and will destroy things that are not expecting to receive power on those ports.
They're even dangerous to devices designed for it in some cases, Ubiquiti actually famously had problems with UAPs on the end of long cables being damaged when fed by passive PoE from the source and eventually recommended that those installs add their "Instant 802.3af" adapters which took standard 802.3af over the wire and converted it to passive right at the device end. I had one site that lost three UAP-LRs before that was revealed.
Theory and practice and all that, but that shouldn’t happen regardless.
A correctly-designed Ethernet interface is galvanically isolated at both ends to avoid ground loops, differing grounds, and other nasties over long distances.
I agree sentimentally but apparently it's not considered the brightest idea to run data and real amounts of power together. I think that's why PoE is always treated like alcoholic beverages.
Besides being reversible, USB-C is a horrible connector. Tiny contacts, no positive retention, and a massively overengineered standard that should've been broken up.
Which is ok if done right, but if they're anything like the usb-a ones there'll be plenty that are continuously pulling much more power than they need let alone the danger of uncertified ones.
For those thinking about adding one they've grabbed off amazon and installing themselves, please do a bit of hunting and reading rather than just buying the first word soup brand cheapest ones. Also remember installing uncertified electronics in your walls is a good way to void your insurance if they're the cause of disaster and turn it into a legal battle even if they're not.
I thought so as well when USB-C was first seeing widespread adoption, but now I’m not so sure. High-end PoE deployments can reach 90W of power down the line, and even HDBASE-T can support 100W of power down the line. Combined with the 8P8C connector both use (which is easy to field repair or replace and has positive retention), and I’d much rather see more structured ethernet runs and outlets with PoE/HDBASE-T for all but the most demanding or performant kit.
I don’t follow. What part of this would a USB-C wall outlet solve? This would just be swapping a 120/240v cable for a USB cable, right? PoE reduces the number of cables, among other advantages.
If you're plugging in anyways why not make it ethernet though? Then you actually get multiple benefits (faster more reliable networking, freeing up wifi capacity for devices that actually need it) rather than just changing one cable for another.
I realize that for whatever unknown reason there are a subset of people who think everything should be wireless, but those people are wrong and should not be listened to.
I have a mild obsession with the idea that there should be a PoE lighting standard. There is a two wire automotive ethernet standard that can deliver 50-100W. Which is enough to run a couple of LED or fluorescent lights.
My entire basement is currently lit by Poe++. Poe ethernet cable to metal utility box. Metal utility box contains Poe++ to 12v adapter. 12v adapter output wires screwed into utility light socket base. 12v led lightbulb screwed in to led lightbulb socket.
> I have a mild obsession with the idea that there should be a PoE lighting standard.
Ubiquiti did this for a while, the product line was called UniFi LED and IIRC it didn't get much further than a few panel lights intended for drop ceilings and a wall mount dimmer switch.
IIRC the justification was that because it was low voltage it could be installed by anyone instead of potentially requiring an electrician and you then also got the ability to dynamically adjust grouping, switch behaviors, etc. if for example your floorplan changed.
I remember when USB first came out and there was a ton of novelty in powering all sorts of random stuff out of your computer’s USB port like fans and mug warmers. This has me wondering what sort of whacky stuff I could do with a PoE extractor/splitter. An ethernet desk lamp would be fun. I have 24 PoE ports on my switch and I’m only using three of them for PoE. Time to get creative.
Quite the mix of comments in 2025 from something that has existed and been foundationally critical in many unseen systems.
I designed and built my first POE system in 2004, at my own house as a dogfooding POC, and that system stills works to this day. Since that time I have built and installed many more without issue that continue to move along doing what they were intended to do, protect life and property via recording activity privately. My own home footage has been called upon several times by law enforcement and was critical in convicting at least one home break in crew.
The benefit of install is simple to comprehend for those with significant experience in the electrical field, run one small wire for data and power and ensure the POE supply is on a battery - done. Additionally I add those using WiFi for security are laughed at daily as losses pile up, web search MLB player home break-ins, as running a hardline cannot be jammed but many foolishly put all their assets solely behind WiFi security. Also these surveillance systems require no external cloud by design so no one is watching remotely, unlike the Fed and State viewing your Ring cameras for years and now which recently partnered with Flocker. No one cares more about you than you so if someone is selling you security ask yourself what it is you are actually paying for.
In closing, as we move into a new era of technological efficiency forced by rising energy prices and costly electrician labor hours, one is going to witness an uptake of POE adoption in more and more nontraditional places. It is already happening and its moment will come as more recognize the cost benefit to this greatly simplified power delivery method with integrated battery backup.
POE switches can have more jacks than they can provide power for. I have five pan-tilt-zoom (PTZ) cameras but learned they can need up to 40 watts each, preventing plugging them all into a particular POE switch I had. Chaining a couple of switches solved the problem, be beware how much power your devices need to consume.
Is it actually likely that all 5 would be drawing full power at once though?
It's normal in household wiring (at least here in the uk) for circuits to be somewhat undersized based on the concept of "diversity" (i.e. it's highly unlikely every socket on the circuit will be drawing 13A simultaneously)
> The above figure shows a PoE injector with auto negotiation, a safety and compatibility feature that ensures power is delivered only when the connected device can accept it. Before supplying power, the injector initiates a handshake with the PD to detect its PoE capability and determine the appropriate power level.
If PoE requires negotiation, and the device requires PoE for power.. how does it perform the handshake without being powered/booted first?
Practical question for HN: How do you all label your PoE cables so that you don't accidentally plug the powered cable into a socket that wasn't expecting 48 volts on those pins and fry something? (I know the power injector is supposed to only deliver power when it's safe, but if all your devices work exactly as they should all the time, then I'd like to buy that bridge in Manhattan you're selling).
Do you buy Ethernet cables of different colors and say "Yellow is reserved for PoE, all yellow cables should be assumed to have power on them"? Or do you slap a "48V" label on both ends of the cables you're going to use for PoE and the label is what warns you that this cable should only go into the PoE receiver, and not into an unpowered device? Or do you just not label your PoE cables any differently, and trust that the injector will never malfunction at the same time that you plug the PoE cable into the wrong device?
All 21,000 ports I administer have 802.3 standard PoE enabled at all times. Incidents of inadvertent powering are at zero. I think this is just a non problem.
Because of how ethernet works (differential signaling + signal transformers), PoE is effectively a wire at 48v connected to nothing if the device doesn't support it.
The only issue arises if somebody wires a patch cable completely wrong (neither A nor B), and manages to put one leg of passive PoE's +24v pair matched to one leg of the 0v pair. Which, will promptly smoke the signal transformer... assuming short circuit protection doesn't cut power first. This is why we killed passive PoE.
From what I have seen, Ethernet ports always have a small isolation transformer for each twisted pair, between the connector and the PHY. Usually four of such transformers are combined in one small magnetics package. The insulation in the transformer is specified to withstand over a kilovolt of lightning induced voltage -- that's one of the purposes of such galvanic isolation.
The data travels as the differential voltage in each of the twisted pairs, and is transmitted magnetically by the transformer to the secondary winding. The power is applied between different pairs, and in each pair appears as a common mode voltage. This is all stopped by the transformer, and in devices designed to support PoE, the PoE circuits tap the mid-point of the primary windings to access the supplied voltage.
So at a first glance, it seems that if 48 volts is applied between the twisted pairs to a non-PoE device, this voltage would simply be blocked by the transformer. But since there is a widespread concern about this, there must be more to the story -- maybe somebody who actually worked with these circuits can explain why this is more complicated than it seems at first?
Edit: Found an answer. It seems that at least some of the designs of non-PoE Ethernet jacks terminate the common mode signals to a common ground though 75 Ohm resistors. In this case, if the voltage were applied between the twisted pairs, the resistors would dissipate far too much power and would burn out. So there is definitely a concern with the dumb PoE injectors and at least some non-PoE devices.
https://electronics.stackexchange.com/questions/459169/how-c...
Unless you’re using the “passive” PoE variants (ubiquiti sold these for awhile, for instance) that always has voltage on the pins, there is no risk. Negotiation is mandatory for the actual IEEE variants. Just use those and don’t worry about it.
With modern 802.3 spec compliant PoE: I don't worry about it. At least with all the switches I've used. Never ever had it send power to some device that wasn't expecting it.
This is a bit analogous to USB-C PD power supplies, which can supply 12V/24V, but only do this when devices ask for it. I don't worry that my laptop's USB-C power supply will go rogue and send 24V to my earbuds.
Always buy standards based equipment. 802.3af, 802.3at, 802.3bt. You can label cables and jacks with red lettering (“Passive PoE. will fry your laptop port. Really!”) but it only takes one mistake to let the magic smoke out.
Many years ago I was using 12v passive homemade PoE at my house, manually had injection wires in on switch side of cable and manual break out on far end into barrel connector plugged into an AP.
Once I accidentally plugged the cable into a laptop and the port didn’t work until I powered the laptop off and on again, but no lasting ill effects on laptop at all.
I completely avoid passive PoE. Not worth the risk. On the standardized active stuff I’ve never had any issues even when I’ve plugged it broken cables to unpowered devices.
For the less electronically inclined, an "ideal diode" surprisingly does not contain plain diodes, it refers to actively controlling MOSFETs to function as diodes.
They're more efficient and quite amazing in PoE applications in particular!
The chassis net should be passed through the cable shield and the power isolated to force the current return through the cable in case power ground is bonded to chassis (which is commonly done, not sure why, I prefer a 1MOhm standoff). While not perfect this link is concise and provides handles to the relevant specs.
Yeah, TVS before any other silicon junction. It's nice to throw a single-use medium or slow blow SM fuse before the TVS to open circuit in device faults.
This is going to be individual preference. I like the density and low design risk of fully integrated solutions like Microchip's PD70224. As long as you spec your FETs appropriately you can't go wrong with TI or AD options (VDS of at least 100 V, ID of at least as much current as you want to cram through with healthy headroom, RDSon that makes you happy, VGS that's compatible with the datasheet charge pump, size and cost that doesn't make you weep). When in doubt, stay very close to the datasheet's design.
I just saw that the PD70224 is not recommended for new designs. What an awful day to have eyes.
Oh, it's been superseded by the PD70288. Much lower RDSon, but a huge 8x8 package. The charge pump is mysteriously gone and there is now a UVLO of 24V. This is more PoE-specific, which is less generally interesting to me.
If only someone would sell me an ideal diode full bridge rectifier IC with integrated FETs, OCP circuit breaking, UVLO, OVLO, a fault flag, control input, and current monitor, I'd never buy a different power entry IC.
> - Was having a conversation today about isolation and grounding for POE (product has a metal case). Do you have a reference? Or standard?
Huh. I'm not the GP poster but interesting question. AFAIK there is no proper ground reference on the LAN cable. I'm not sure I've ever seen a metal case… wait, I do, outdoor wifi APs have metal cases sometimes.
If you find out, report back ;D
> - Do you have a part recommendation or reference design for ideal diode POE?
I've done a PoE device (802.3at, 25W) and just went with TI's reference design; the higher power ones use ideal diodes, sometimes there's multiple circuit variants.
(It's not worth mucking with the PoE design for small-scale builds; the reference design might be a bit more expensive but you get that money back on way less trouble to deal with.)
I use the FDMQ8205. It's an old part, a little pricey, but keeps the board footprint low. It also has a sufficiently high UVLO, so it acts like regular diodes during the classification phase and you don't need to factor those in to the Rcls values.
I recently needed to buy a new power supply for my Mikrotik router (hAP ac²), so I decided to just buy a Ubiquiti PoE injector instead.
It feels magical to have the PoE injector tucked in a cupboard with the optical network terminal, and outside Narnia, the router has only one cable going to it. Also, the Ubiquiti PoE injectors are particularly satisfying. Powered by standard AC cables, and a nice simple design. Now that I've experienced this magic, I'm not going back!
However, as much as I love the hAP ac², it only accepts passive PoE. I don't love passive PoE - it scares me! Unfortunately, it seems like most (all?) Mikrotik routers only accept passive PoE.
Does anyone know of a good alternative when it comes time to replace my router? I would have liked it to be Ubiquiti, but I don't usually read positive things about them around here.
> It feels magical to have the PoE injector tucked in a cupboard with the optical network terminal, and outside Narnia, the router has only one cable going to it.
Last time I remember feeling like that was the day I unplugged a RB5009 and it... just kept running. Was standing there holding the power cable in my hand, clearly unplugged, and the router was sitting there still happily blinking away. Like, this clearly can't be possible but I'm staring right at it and it's happening.
Took me a minute, but eventually realized the Starlink box that provides power to the dish _also_ provides power on the local side for their provided router as well, and apparently it was happily powering mine now.
PoE actually saved me, or at least helped me simplify some things. My router is in one place, while the distribution box where all the cable conduits lead to every room in another place. The distribution box (where also the optical cable originally comes from to the router) has no power plugs. I wanted to have Ethernet plugs in every room (especially for any fixed devices), so I managed to find (quite difficult in Germany) a PoE powered switch for the distribution box with no plugs available, get a PoE injector to power it and from there on to wire and install Ethernet plugs in all rooms.
Not clear on how multiple sources on the same cable work. Is that allowed? Is there a power break at midspan, or does power flow through? How are the regulators coordinated?
There are never multiple sources; a midspan PoE injector breaks the power flow and injects only its own power supply.
It's done through the center tap on the Ethernet transformers. Midspans have another set of those transformers and inject the power on the PoE PD facing side. Whole pair(s) carry common-mode DC current, so basically your green pair could be ±48V and the orange pair 0V. If any, the upstream switch's injected power would just end at the other coil of the Ethernet transformer in the midspan. However, the midspan also doesn't pass through PoE negotiation, so the switch won't turn on power to begin with.
As an EE, once upon a time had a rep pitch PoE lighting fixtures. Cool idea, like allowing each individual fixture to be addressable/ controllable on a BAS, but they just had too many gotchas like coupling lighting (and by extension life-safety systems) to the server/network, additional voltage drop considerations, etc.
Otherwise and for network gear, I really like PoE!
Is POE really relevant in the consumer space? All of my laptops get power and wired data through their USB C port. Does it make more sense to just send data over USB C?
For example, my Chromecast gets power and wired ethernet through its USB C port. (I have an official Chromecast power brick that I plug an ethernet port into.)
Can anyone comment on what VEX robotics kits do with POE? Their controller box connects to motors via cat5 (they call them “smart cables”)which carry’s power, pwm, and encoder data. I don’t think it’s carrying ethernet but could be? Any sources for more info would be appreciated!
It seems to be RJ11 and they might be spec:ed slightly differently (thicker leads?) to power motors. I get the impression it is mainly to control what can be used in competitions.
I doubt it is Ethernet at all, so it wouldn't be Power-over-Ethernet. Just some useful connectors and wires making for an appropriate cable. Also seems like you can make your own perfectly fine. Or they might melt. I suppose try it.
I worked for a PoE lighting company for a couple of years. Yes, the ability to program your lights based on time of day, occupancy sensors etc was all nice for the end consumers. But the big advantage was that since it didn't use mains power, the owner of the building didn't have to hire a union electrician at eleventy gillion an hour to move some light panels around in a drop ceiling.
What about PoE for 10G Ethernet? I see that there are some vendors (e.g. Ubiquity) that are offering devices with it, but I don't see it in the standards?
As of 802.3bt (PoE++) the standard includes support for “all standardized copper link speeds of up to 10GBASE-T.” The previous standard 802.3at (PoE+) added gigabit support.
So any 10GbE (and 2.5GbE) PoE/PoE+ devices out there are technically not to spec (lots of these on Ali Express) but I believe the the Ubiquiti 10GbE stuff is all at least PoE++. [1]
(They do have their own non spec labeled PoE+++ products though, which are really just “802.3bt Type 4” but they added another plus because that probably sounded better.) [2]
I think every major vendor has had 10G PoE switches: Arista, Aruba/HPE/Juniper, Cisco, Extreme, and Fortinet for sure. The problem is there is little use case for 10G + PoE in the enterprise and even less for consumers. Ubiquity likes to tout it for the 10G APs... but, realistically, most are worried about airtime with APs, not 10G wired throughput from a single one when they have a thousand.
As a result, it tends to be relegated to the "high end switch which has every feature those one-off customers demand but costs an arm and a leg as a result" model/family. E.g. the only ones I ever sold were to a hospital that wanted to have select switches have 10G for radiology workstations but also wanted to still be able to plug 1G APs in without having to think about the port types. Radiology was covering the cost, so they didn't care it was a waste of money.
I find it useful in Broadcast Video Production (that’s where I end up using it most) and yeah with Wifi7 supporting > gigabit speeds I’ve seen some Wireless Access Points supporting it (though 2.5GbE Poe++ is more common there and practically speaking enough)
Should work just as well as PoE for 1G ethernet. All four pairs are active data, but you should be able to add a DC bias between pairs and tap it off the transformer on the other side, just like 1G
It's really ~71 watts on the device end (not counting any inefficiencies in the device itself). Still plenty powerful to do a lot with, but also more limiting. Especially if you don't already plan on having a built in battery to handle bursty workloads for whatever reason the device needed a 10G port for.
I have a WiFi 6 AP that can saturate a 2.5GB link when I test it with two devices. So far, for me the peak speed for an individual device was around 1.6GB
I have not yet tested WiFi 7 APs, but they are supposed to be even faster. The use-case for me is video editing over WiFi (I do have a 10GBe Thunderbolt adapter but hey, I like wireless).
1. Assuming IEC refers to cables we plug a desktop PSU into mains/wall: IEC can carry up to 1800w vs 100w PoE++
2. Powerline networking is considerably slower and less reliable than CAT5/6. Additionally, building code for running power lines is much more strict than low voltage CAT5/6
Nerdsniped: You're describing a IEC 60320 C13 cable - they're technically only spec'd for 10A, which means you're looking at ~1200W, not 1800.
(However, UL will list them for the full 15A -> 1800W, and I'm sure plenty carry that. And for that matter, I suppose you can get twice that in Europe on 240v...)
And don't forget that, with ethernet, every device needs its own run of cable, its own port at the router, ect, ect. Normal power cables support multiple devices.
Jeez top post on HN and there's a full overlay ad to "download a mac extension". This deserves a summary post to save others the click. Here's the "what every engineer should know" without the spam:
PoE (Power over Ethernet) sends both DC power and data through the same twisted-pair Ethernet cable, allowing devices like IP cameras, wireless access points, and VoIP phones to run without separate power lines. The power is delivered by Power Sourcing Equipment (PSE) — either an endspan (built-in PoE switch) or a midspan (PoE injector placed between a non-PoE switch and the device). The powered device (PD) negotiates power via detection and classification before voltage is applied, preventing damage to non-PoE gear. IEEE 802.3af (Type 1) provides up to 15.4 W at the source, 802.3at/PoE+ (Type 2) up to 25.5 W delivered, and 802.3bt (Type 3/4) extends that to roughly 60–90 W using all four wire pairs. Engineers need to understand not just wiring, but also cable category limits, pair usage, power losses over distance, and heat dissipation — especially at higher power levels. Modern PoE designs must consider standards compliance, thermal management, and efficiency, as power density rises with new generations of PoE technology.
Running a browser with javascript disabled is great, I recommend it to everyone. More often than not, you get a better experience - more responsive, your battery lasts longer, fewer ads. And, if the site breaks for some reason, you just allow list the site and reload.
Cameras are on their own VLAN. Port isolation is enabled so they can't connect to each other. Only connectivity allowed to/from that VLAN is from the cameras to the router for NTP, and from the NVR to the cameras.
So if you plug in you can... check the current time on my router. Maybe see how many other cameras are on that segment? Likely not going to get very far given you're already caught on camera, an alert's been fired, and pretty soon I'm going to be making a call to the police.
[0] https://en.wikipedia.org/wiki/Private_VLAN
If the security association isn't completed on a "must-secure" configured port then no traffic is transmitted. One would need access to the pre-shared keys to successfully use the link.
Now, could one perform a side-channel attack of the memory on the camera and get access to them? Maybe.
Sure the switch will only accept encrypted L2 traffic...but that encrypted link is set up via MKA, which is a part of the 802.1X standard. If you don't have 802.1X authenticating the endpoint, you don't have MKA setting up the encrypted link between that endpoint and the switch and you don't have MACsec.
So if you're trying to prevent a bad guy from getting on your LAN, you need 802.1X, whereas MACsec is an optional extra (a very useful extra if you're worried about MITM attacks). But 802.1X is still doing the heavy lifting w.r.t access control.
I put them on separate vlan where they get no outbound network connectivity.
For cases where you want things like facial detection or license plate detection (automatic doors/gates) get a Unifi AI though and those things cost, but for normal perimeter/room monitoring the cheap ones are very good
Have a look at this thread [1] I have bookmarked. I found it quite informative. I already got some cheap cameras and set them up, but I wish I would have found it earlier. The ones I got are 4MP with 1/3" sensor and perform absolutely terribly in night setting.
[1] https://ipcamtalk.com/threads/getting-cameras-with-the-right...
Any specific POE with a good sensor/fl on ali that you recommend? I'm all POE/Protect but would like to play with some cheaper poe cameras.
Here is one such review: https://www.youtube.com/watch?v=HYUY61ZFZAs
* https://www.a1securitycameras.com/blog/non-chinese-security-...
Some names: Axis, Avigilon, Bosch, Vivotek, Hanwha Techwin (SK), Acti (TW), Motorola, Mobotix.
ONVIF is the (now quite old, but still very relevant) standard for interfacing IP cameras locally on a network.
A cheap-but-performant ONVIF camera on an isolated VLAN (or a physically-isolated network; I won't tell anyone) can be a thing of beauty that is also completely unable to call home to some mothership in the clown.
I'm frankly very surprised that I don't see it mentioned here more often when discussions of cameras arise.
https://en.wikipedia.org/wiki/ONVIF
Or ONVIF has a multiple cameras behind a IP, but a crappy ONVIF client only picks one (Unifi Protect).
ONVIF can be used to discover a camera on a network, query it for its RTSP URL, and facilitate a connection between a client service and the RTSP stream. But you can't stream video via "ONVIF".
And profiles. There are many different feature sets in onvif and just because a camera has onvif logo or compatibility doesn’t mean it will play nice with your gear.
Reolink cameras are pretty good for what they are. Just dont buy into their NVR solution...
Frigate also has some interesting applications to go along with it, see: https://github.com/mmcc-xx/WhosAtMyFeeder
I also have YOLO on my to do list for the home cameras.
Blue-line domes, the $240 ones. Four of them. I'd get more but do not know how to make outside routing look neat. i have one bullet and i don't like it and don't use it, i prefer the wide-angle domes with ir.
It fit the price-performance curve for our needs several years ago when we eventually outgrew the previous Netgear POE switch...that was also apparently fanless, and that I installed in 2007.
IIRC, it is a GS724TP. It's running a dozen cameras and some access points, and almost all of the rest of the ports are filled up with computers and printers and other Ethernet stuff. No issues at all to to report so far.
(A used enterprise switch with serious fans may be cheaper and/or more featureful and/or more reliable, but do we need that kind of noise at home? We sure don't need it at that small office.
I've also installed some fanless Cisco POE switches with big heatsinks (and dual power supplies, each fed from different sources) on some high-dollar projects where ultimate reliability was kind of a big deal, but... sheesh.
If one of these installed Netgear switches dies in one of these low-risk environments, I'll just patch things up for now and get a replacement coming under warranty.)
Netgear are hard to beat in terms of reliability/price. They also have a 5 and 16 ports fanless version.
I also got an old Juniper EX2200 24ports and replaced the fans with quiet noctua. It run quite hot, better go with Netgear.
Life is a balance between inefficiency and inconvenience. Throwing that statement in without actual numbers is just derailing the conversation.
Then there’s double/sometimes triple conversion (120:48 and then 48:dc; 120:48 and then 48:12, and then 12:dc).
Furthermore magnetics are a must on both side of the PoE which also isn’t great.
At lower power there’s more circuitry to run and multiple conversions aren’t great compared to a simple cheap flyback.
For more technical feel free to check here, although it isn’t quite end to end: https://e2e.ti.com/cfs-file/__key/communityserver-discussion...
Versus
110v (long thick cable) -> 12v
Top has more conversions and more current running on smaller gauge
If they had just stuck with 12VDC and buildings had 12VDC wall sockets everywhere, everything would have been fantastic.
I also had a PoE HAT for a RPi that smoked it. Never doing PoE again. 48V and 3.3V electronics probably don't belong within 10cm of each other.
No, there aren't, not in the way you imply. There is the IEEE 802 PoE standards, which are all compatible (save for not enough power), and designed to carefully negotiate and especially never break non-PoE devices. And there is bullshit (sorry) like "Passive PoE" that is ironically an active violation of the IEEE specs, can break pretty much anything, and you shouldn't buy so the likes of Ubiquiti and Mikrotik finally get the wallet vote and stop f*cking doing. Unfortunately, the proper PoE PD logic is a few dollars of extra expense.
Yes, there is a slightly higher risk of killing devices due to faults in the PoE supply logic. I have the official PoE HAT for a RPi 4. I have to say it is somewhat poorly designed due to space constraints; the isolation between 48V and 3.3V should be better. I'm not even sure the RPi PoE HAT is spec compliant.
But I don't think you can/should blame this on PoE.
What's your cabling like? Contact Ubiquiti? Looking at the datasheet, I do not see any IEEE standards listed, so they could be doing their own thing:
* https://dl.ubnt.com/datasheets/poe/PoE_Adapters_DS.pdf
You don't mention a specific Aruba AP, but their AP22 stuff lists the needed IEEE standard and wattage:
* https://instant-on.hpe.com/products/access-points/access-poi...
I'm not surprised they can f* up a basic PoE injector. The reason for doing passive PoE is saving a few bucks, on the back of safety and compatibility. Of course they would try to pinch hard on the PoE injector too.
Oh and I'd say they (together with Mikrotik) are responsible for 90% of the bad rep PoE gets. The IEEE 802 stuff really just works. And I say that having been part of rolling out 15000 people conference deployments with several hundred wifi APs in the span of a few days. The only real problem is broken cables, but the Ethernet link commonly fails before PoE is impacted.
I did have issues with some of their other products - eg an old CloudKey gen1 that I had remotely in my parents place that I think ran out of space to the point it can’t update itself and can’t compact some old mongodb.
Still being sold with 24V passive "PoE"
(It's 802.3af btw)
In the last 2 years they've released very few new UISP products and you're right that they continue to be passive PoE. I suspect this is for continued compatibility with their older product line. Upgrading from passive PoE to active 802.3 PoE requires replacing the injector and maintaining passive PoE makes it easier to upgrade. And the UISP product line is really meant for wireless ISP operators, not consumers, where the risks of passive PoE are smaller.
Anyway, I agree with the sentiment, but I don't hold it against Ubiquiti too much for continuing to use passive PoE for their UISP line, since I think it makes sense for their customers. As so-so work around you can get a 802.3 -> passive 24V converter: https://store.ui.com/us/en/products/ins-3af-i-g
Huh? We used to have low-voltage AC and DC powered cameras in the world (and we still do, too).
Those are awful in implementation because buildings, whether or old or new, don't have 12VDC sockets everywhere -- or at all, really.
Nor should they have 12VDC sockets for cameras; they're unnecessary.
I've run my share of siamese coax for low-voltage-fed analog cameras, and also separate power for low-voltage Ethernet-connected cameras, and I'm completely over those concepts.
With proper-fucking IEEE POE, we have standards and it only takes one cable to make it work properly instead of more than one.
If a switch isn't up to the power demands of a particular camera, then: No big deal. I can upgrade or supplement that switch without rewiring even more of the building than was already necessary to get Ethernet going.
(Structured cabling for the win.
Passive POE: Not even once.)
Amen.
[1] https://x.com/varenc/status/1961587127931867466
There are three: IEEE 802.11af, at, and bt.
af can deliver up to 12W at the powered device (PD), at delivers up to 25 W, and bt either 51W (Type 3) or 71W (Type 4):
* https://en.wikipedia.org/wiki/Power_over_Ethernet#Standard_i...
Any device you purchase should list the IEEE standard it supports and how much power it may draw.
I mean, yes and no. My laptop case is at 78VAC to ground right now. It gives the tingles. I don't use my laptop much while plugged in. They all skimp on making proper 3-pronged chargers these days. My desktop has a grounded case and doesn't have this issue.
My phone, when plugged into wall AC, the touch screen stops working because the whole phone is at an elevated potential and it messes up the capacitive sensing.
Whenever possible, I opt for PoE. It’s a damn shame it’s limited to a niche userbase given its myriad advantages.
Where ever you're putting the TV you have to put in regular power anyways, so it's fairly tidy to just put the device's power cable parallel with the TV's power cable. WiFi will handle communication. On the other hand, NEC and CEC requires minimum of 2 inches gap for communication wiring to electrical so you're now you've got that minor complication.
POE makes sense mostly when it makes sense to combine communication and power cabling. Corded phones, wifi access points, security cameras, small touch screen modules, etc. Not saying what you're doing can't work, but the added expense of installing parallel CAT6 everywhere doesn't seem worth it.
That being said, a quick Google search for "poe usbc" yields some devices that are much more expensive than the power brick I bought, but in theory would let you run a Chromecast from a poe ethernet port with wired ethernet.
https://www.gl-inet.com/products/gl-rm1/
Mikrotik website has a good selection of them and if you look at the other hardware types it'll be interesting in getting an idea of weird things you don't see in normal offices.
https://mikrotik.com/products/group/switches
Apart from obviously larger bandwidth options like 28qfsp 100gb (I'm unaware if mikrotik does them but 400gb is normal in some circles) there's things like reverse POE switches, media converter switches, and all sfp+ switches.
Poe++ exists and you can use switches with it to power poe+ switches that will power poe switches. Or they can be used to power laptops or NUCS directly.
My standard campus switches are 722s with 48 ports and 25/10 SFPs, but there are use cases when smaller switches make sense.
> Oh, so you hate waffles?
What does enterprise grade mean to you?
Can you expand on "often, but not always, power"? Here's my guess:
* It's more efficient for the small stuff: little wall warts aren't very efficient I think in part because there's some no-load consumption for each. The switch pays that no-load cost once for many devices and has like an 80-plus gold or better PSU, hopefully. And then I think even cheap buck converters are like 95% efficient; they have some no-load consumption too but I think less than the wall warts? And even though this goes over 2 (or 4) tiny wires, at 48V–56V, the current is low enough that power loss is not bad because those wires are just for one small device, and P=I^2R.
* It's less efficient for the big stuff: that P=I^2R starts to suck for the PoE case, and in the non-PoE case they're more likely to have efficient AC->DC conversion on their own. 90% efficient beats 90% * 95% efficient.
If you have one small PoE device connected to a large PoE switch then it would be less efficient compared to a non-PoE switch and a small separate power supply for the device.
I ended up buying a PoE extractor and barrel plug adapter for my Roku, and another extractor for my HDHomeRun.
It annoyed the heck out of me that they had PoE running to them and still had to be plugged into a separate transformer.
In their consumer "UniFi" product line. Pull up their store and switch over to the "UISP" product line. Most of the smaller wireless devices and consumer-tier CPE are 24v passive, most of the larger wireless devices, 60GHz bridges, etc. are 48v passive, a few devices in the middle support both, and standard "active" PoE is almost nowhere to be found. Even on product lines that weren't even dreamed up when modern standard PoE was ubiquitous.
They say it's because the WISP crowd loves passive PoE as it can easily be wired to batteries on towers, and I get that, but that's no excuse for not also supporting standard-based PoE on the device end. There's no good reason for a product designed in the 2020s to force the installation of passive PoE where there was none prior.
They demonstrated they can do both with most of the transition-era UniFi products. Support and encourage the use of standards, allow the use of non-standard but common alternatives where they make sense.
In fact it did, in the transitional models that were sold both with and without 802.3af support there was a sticker added to the box on the ones that had it.
The switch was early in the life of the UAP-AC series of access points. IIRC the "Pro" and in-wall models always supported 802.3af but the "Lite" and "LR" models initially were 24v passive only. I vaguely recall there also being transitional models of their cameras but we were not deploying those at the time.
> Consumer tier means people will plug whatever fits.
And this is why I hate passive PoE with a passion. Standards-based PoE ports are safe, you can plug devices not supporting PoE (or requiring passive PoE) in to them with no risk of damage. Passive PoE ports are dangerous, they can and will destroy things that are not expecting to receive power on those ports.
They're even dangerous to devices designed for it in some cases, Ubiquiti actually famously had problems with UAPs on the end of long cables being damaged when fed by passive PoE from the source and eventually recommended that those installs add their "Instant 802.3af" adapters which took standard 802.3af over the wire and converted it to passive right at the device end. I had one site that lost three UAP-LRs before that was revealed.
A correctly-designed Ethernet interface is galvanically isolated at both ends to avoid ground loops, differing grounds, and other nasties over long distances.
For those thinking about adding one they've grabbed off amazon and installing themselves, please do a bit of hunting and reading rather than just buying the first word soup brand cheapest ones. Also remember installing uncertified electronics in your walls is a good way to void your insurance if they're the cause of disaster and turn it into a legal battle even if they're not.
I realize that for whatever unknown reason there are a subset of people who think everything should be wireless, but those people are wrong and should not be listened to.
Ubiquiti did this for a while, the product line was called UniFi LED and IIRC it didn't get much further than a few panel lights intended for drop ceilings and a wall mount dimmer switch.
IIRC the justification was that because it was low voltage it could be installed by anyone instead of potentially requiring an electrician and you then also got the ability to dynamically adjust grouping, switch behaviors, etc. if for example your floorplan changed.
I designed and built my first POE system in 2004, at my own house as a dogfooding POC, and that system stills works to this day. Since that time I have built and installed many more without issue that continue to move along doing what they were intended to do, protect life and property via recording activity privately. My own home footage has been called upon several times by law enforcement and was critical in convicting at least one home break in crew.
The benefit of install is simple to comprehend for those with significant experience in the electrical field, run one small wire for data and power and ensure the POE supply is on a battery - done. Additionally I add those using WiFi for security are laughed at daily as losses pile up, web search MLB player home break-ins, as running a hardline cannot be jammed but many foolishly put all their assets solely behind WiFi security. Also these surveillance systems require no external cloud by design so no one is watching remotely, unlike the Fed and State viewing your Ring cameras for years and now which recently partnered with Flocker. No one cares more about you than you so if someone is selling you security ask yourself what it is you are actually paying for.
In closing, as we move into a new era of technological efficiency forced by rising energy prices and costly electrician labor hours, one is going to witness an uptake of POE adoption in more and more nontraditional places. It is already happening and its moment will come as more recognize the cost benefit to this greatly simplified power delivery method with integrated battery backup.
What you cannot see matters most!
It's normal in household wiring (at least here in the uk) for circuits to be somewhat undersized based on the concept of "diversity" (i.e. it's highly unlikely every socket on the circuit will be drawing 13A simultaneously)
> The above figure shows a PoE injector with auto negotiation, a safety and compatibility feature that ensures power is delivered only when the connected device can accept it. Before supplying power, the injector initiates a handshake with the PD to detect its PoE capability and determine the appropriate power level.
If PoE requires negotiation, and the device requires PoE for power.. how does it perform the handshake without being powered/booted first?
Do you buy Ethernet cables of different colors and say "Yellow is reserved for PoE, all yellow cables should be assumed to have power on them"? Or do you slap a "48V" label on both ends of the cables you're going to use for PoE and the label is what warns you that this cable should only go into the PoE receiver, and not into an unpowered device? Or do you just not label your PoE cables any differently, and trust that the injector will never malfunction at the same time that you plug the PoE cable into the wrong device?
The only issue arises if somebody wires a patch cable completely wrong (neither A nor B), and manages to put one leg of passive PoE's +24v pair matched to one leg of the 0v pair. Which, will promptly smoke the signal transformer... assuming short circuit protection doesn't cut power first. This is why we killed passive PoE.
The data travels as the differential voltage in each of the twisted pairs, and is transmitted magnetically by the transformer to the secondary winding. The power is applied between different pairs, and in each pair appears as a common mode voltage. This is all stopped by the transformer, and in devices designed to support PoE, the PoE circuits tap the mid-point of the primary windings to access the supplied voltage.
So at a first glance, it seems that if 48 volts is applied between the twisted pairs to a non-PoE device, this voltage would simply be blocked by the transformer. But since there is a widespread concern about this, there must be more to the story -- maybe somebody who actually worked with these circuits can explain why this is more complicated than it seems at first?
Edit: Found an answer. It seems that at least some of the designs of non-PoE Ethernet jacks terminate the common mode signals to a common ground though 75 Ohm resistors. In this case, if the voltage were applied between the twisted pairs, the resistors would dissipate far too much power and would burn out. So there is definitely a concern with the dumb PoE injectors and at least some non-PoE devices. https://electronics.stackexchange.com/questions/459169/how-c...
Theres fixes, but passive PoE was a pretty dirty hack- so negotiation got added.
Apparently, some mag-jacks have the center taps for each pair commoned via 75ohms to ground through a capacitor... so I could be wrong.
This is a bit analogous to USB-C PD power supplies, which can supply 12V/24V, but only do this when devices ask for it. I don't worry that my laptop's USB-C power supply will go rogue and send 24V to my earbuds.
Once I accidentally plugged the cable into a laptop and the port didn’t work until I powered the laptop off and on again, but no lasting ill effects on laptop at all.
- PoE endpoints should have isolation barriers, factor this into cost and size estimates
- Don't skimp on TVS
- ideal diode full bridge rectifiers are really cool and you should use them (in more power entries than just PoE)
For the less electronically inclined, an "ideal diode" surprisingly does not contain plain diodes, it refers to actively controlling MOSFETs to function as diodes.
They're more efficient and quite amazing in PoE applications in particular!
- Was having a conversation today about isolation and grounding for POE (product has a metal case). Do you have a reference? Or standard?
- TVS ahead of the bridge right?
- Do you have a part recommendation or reference design for ideal diode POE?
https://www.brainboxes.com/faq/power-isolation-in-poe-ethern...
Yeah, TVS before any other silicon junction. It's nice to throw a single-use medium or slow blow SM fuse before the TVS to open circuit in device faults.
This is going to be individual preference. I like the density and low design risk of fully integrated solutions like Microchip's PD70224. As long as you spec your FETs appropriately you can't go wrong with TI or AD options (VDS of at least 100 V, ID of at least as much current as you want to cram through with healthy headroom, RDSon that makes you happy, VGS that's compatible with the datasheet charge pump, size and cost that doesn't make you weep). When in doubt, stay very close to the datasheet's design.
I just saw that the PD70224 is not recommended for new designs. What an awful day to have eyes.
Oh, it's been superseded by the PD70288. Much lower RDSon, but a huge 8x8 package. The charge pump is mysteriously gone and there is now a UVLO of 24V. This is more PoE-specific, which is less generally interesting to me.
If only someone would sell me an ideal diode full bridge rectifier IC with integrated FETs, OCP circuit breaking, UVLO, OVLO, a fault flag, control input, and current monitor, I'd never buy a different power entry IC.
Huh. I'm not the GP poster but interesting question. AFAIK there is no proper ground reference on the LAN cable. I'm not sure I've ever seen a metal case… wait, I do, outdoor wifi APs have metal cases sometimes.
If you find out, report back ;D
> - Do you have a part recommendation or reference design for ideal diode POE?
I've done a PoE device (802.3at, 25W) and just went with TI's reference design; the higher power ones use ideal diodes, sometimes there's multiple circuit variants.
(It's not worth mucking with the PoE design for small-scale builds; the reference design might be a bit more expensive but you get that money back on way less trouble to deal with.)
This. I know from a friend (ahem) that if you do, you will discover problems in production deployments, when it's too late to fix things.
It feels magical to have the PoE injector tucked in a cupboard with the optical network terminal, and outside Narnia, the router has only one cable going to it. Also, the Ubiquiti PoE injectors are particularly satisfying. Powered by standard AC cables, and a nice simple design. Now that I've experienced this magic, I'm not going back!
However, as much as I love the hAP ac², it only accepts passive PoE. I don't love passive PoE - it scares me! Unfortunately, it seems like most (all?) Mikrotik routers only accept passive PoE.
Does anyone know of a good alternative when it comes time to replace my router? I would have liked it to be Ubiquiti, but I don't usually read positive things about them around here.
Last time I remember feeling like that was the day I unplugged a RB5009 and it... just kept running. Was standing there holding the power cable in my hand, clearly unplugged, and the router was sitting there still happily blinking away. Like, this clearly can't be possible but I'm staring right at it and it's happening.
Took me a minute, but eventually realized the Starlink box that provides power to the dish _also_ provides power on the local side for their provided router as well, and apparently it was happily powering mine now.
It's done through the center tap on the Ethernet transformers. Midspans have another set of those transformers and inject the power on the PoE PD facing side. Whole pair(s) carry common-mode DC current, so basically your green pair could be ±48V and the orange pair 0V. If any, the upstream switch's injected power would just end at the other coil of the Ethernet transformer in the midspan. However, the midspan also doesn't pass through PoE negotiation, so the switch won't turn on power to begin with.
For example, my Chromecast gets power and wired ethernet through its USB C port. (I have an official Chromecast power brick that I plug an ethernet port into.)
This was what I found from skimming around: https://www.robotevents.com/V5RC/2018-2019/QA/35
I doubt it is Ethernet at all, so it wouldn't be Power-over-Ethernet. Just some useful connectors and wires making for an appropriate cable. Also seems like you can make your own perfectly fine. Or they might melt. I suppose try it.
I have a Ring home security system. I would like to get an offline home CCTV that only records when the alarm is set (either in Home or Away).
A quick internet search does not show an API. I'm not sure Ring has a device that I could wire a relay (if that's the right thing) to.
So any 10GbE (and 2.5GbE) PoE/PoE+ devices out there are technically not to spec (lots of these on Ali Express) but I believe the the Ubiquiti 10GbE stuff is all at least PoE++. [1]
(They do have their own non spec labeled PoE+++ products though, which are really just “802.3bt Type 4” but they added another plus because that probably sounded better.) [2]
[1] https://store.ui.com/us/en/products/us-xg-6poe, https://store.ui.com/us/en/category/accessories-poe-power/co...
[2] https://store.ui.com/us/en/category/accessories-poe-power/co... , https://help.ui.com/hc/en-us/articles/115000263008-PoE-Avail...
As a result, it tends to be relegated to the "high end switch which has every feature those one-off customers demand but costs an arm and a leg as a result" model/family. E.g. the only ones I ever sold were to a hospital that wanted to have select switches have 10G for radiology workstations but also wanted to still be able to plug 1G APs in without having to think about the port types. Radiology was covering the cost, so they didn't care it was a waste of money.
In theory at peak throughput the access point might use close to 10 gigabit. But definitely more than 1G/2.5G.
The new 14” MacBook Pro comes with a 70 watt charger. An M4 Air only gets a 35 watt adapter.
Basically seems like enough power is available to run something pretty powerful.
I have not yet tested WiFi 7 APs, but they are supposed to be even faster. The use-case for me is video editing over WiFi (I do have a 10GBe Thunderbolt adapter but hey, I like wireless).
2. How does PoE compare to Powerline Networking?
2. Powerline networking is considerably slower and less reliable than CAT5/6. Additionally, building code for running power lines is much more strict than low voltage CAT5/6
(However, UL will list them for the full 15A -> 1800W, and I'm sure plenty carry that. And for that matter, I suppose you can get twice that in Europe on 240v...)
PoE (Power over Ethernet) sends both DC power and data through the same twisted-pair Ethernet cable, allowing devices like IP cameras, wireless access points, and VoIP phones to run without separate power lines. The power is delivered by Power Sourcing Equipment (PSE) — either an endspan (built-in PoE switch) or a midspan (PoE injector placed between a non-PoE switch and the device). The powered device (PD) negotiates power via detection and classification before voltage is applied, preventing damage to non-PoE gear. IEEE 802.3af (Type 1) provides up to 15.4 W at the source, 802.3at/PoE+ (Type 2) up to 25.5 W delivered, and 802.3bt (Type 3/4) extends that to roughly 60–90 W using all four wire pairs. Engineers need to understand not just wiring, but also cable category limits, pair usage, power losses over distance, and heat dissipation — especially at higher power levels. Modern PoE designs must consider standards compliance, thermal management, and efficiency, as power density rises with new generations of PoE technology.