Switch approach to PoE Devices and Backup Power

Avery

Regular Contributor
I am starting to design my home network topology, and could use some guidance on switch topology and backup power strategy. My AP's (5-7) and security/doorbell cameras (6) will be PoE - totaling maybe 125-150W. I see myself going with a fanless switch, but a a bit challenged on how to handle backup power.

In my head, if I lose power, a UPS will keep up the router and cable modem; however, runtime with all those PoE devices will be greatly diminished (at any size UPS). With my wife and I working from home, ideally I would keep connected as long as possible.

How do I approach this in the least complex way? Ideally I would keep up a few PoE devices, but not all.

Are some switches smart enough to know when they are on UPS power, and able to kill power/connectivity to certain PoE ports/devices? Or am I relinquished to having multiple switches, where a small one stays up and a big one goes down?

Many thanks for the guidance!

Note: I will need to have different VLANs for the cameras, various IoT devices, etc, but would like to keep the architecture simple, where possible.
 

OzarkEdge

Part of the Furniture
I am starting to design my home network topology, and could use some guidance on switch topology and backup power strategy. My AP's (5-7) and security/doorbell cameras (6) will be PoE - totaling maybe 125-150W. I see myself going with a fanless switch, but a a bit challenged on how to handle backup power.

In my head, if I lose power, a UPS will keep up the router and cable modem; however, runtime with all those PoE devices will be greatly diminished (at any size UPS). With my wife and I working from home, ideally I would keep connected as long as possible.

How do I approach this in the least complex way? Ideally I would keep up a few PoE devices, but not all.

Are some switches smart enough to know when they are on UPS power, and able to kill power/connectivity to certain PoE ports/devices? Or am I relinquished to having multiple switches, where a small one stays up and a big one goes down?

Many thanks for the guidance!

Note: I will need to have different VLANs for the cameras, various IoT devices, etc, but would like to keep the architecture simple, where possible.

Having a switch disconnect clients when the power drops just to not overload an undersized UPS would sort of defeat the purpose of using a UPS.

My approach would be to size a UPS for its intended load and runtime, but keep it as small as possible to control its weight and cost including replacement battery cost every 3-5 years. To do this, you would plan ahead to limit the load and runtime accordingly.

If you need more UPS capacity and/or need a UPS at more than one location, then install more than one UPS. If this gets ridiculous and can't be helped with a better plan, then consider installing a backup power generator for the entire building/site.

Finally, I like to standardize on one minimally-sized but sufficient UPS capacity/build and replacement battery so that I can use the same battery in all of my UPSs. This minimizes all related overhead, imo, like only needing to source/hold one replacement battery. And when a UPS dies (they will), I can salvage its battery for use in another UPS.

So, the tricks are to determine this minimum load and runtime 'standard' for your application(s); where/how to distribute your loads/UPSs to not exceed this 'standard'; and which UPS make/build/battery size to standardize on.

For my simple home network, I use three ~750VA UPSs that all use the same 12VDC 9AH replacement battery... one at my office 'rack' (modem, router, passive switch, 1 or 2 PCs, ATA, and a few other miscellany), one at my media center (passive switch, TV, AVR, etc.), and one in the garage (wireless node/AP, ATA).

I recently bought a 1500VA UPS for someone else for a larger load/runtime. Besides selecting it to meet the application (~1000VA), I also selected it because is uses two of my 'standard' batteries ganged together. So, still standard... just weighs and costs more.

I'm currently sourcing replacement batteries from https://www.atbatt.com.

OE
 
Last edited:

degrub

Very Senior Member
use separate power injectors or a separate POE switch for the the APs you don't care about. Plug them into a non battery backup circuit on the UPS or a power strip on regular ac circuit. Everything else on as large a UPS as you want to deal with for x runtime.

i have core network gear scattered around my house with separate small UPS ( >1000 VA) so i can last at least an hour. Allows me to ride through most power interruptions. If you want to run longer than that ( check your ISP's ability to stay up as well), you might look into a natural gas powered generator for your house. My ISP uses small ones ( generac usually) to maintain power to their distributed outdoor clusters that supply my service.
 
Last edited:

rhimbo

Occasional Visitor
I am starting to design my home network topology, and could use some guidance on switch topology and backup power strategy. My AP's (5-7) and security/doorbell cameras (6) will be PoE - totaling maybe 125-150W. I see myself going with a fanless switch, but a a bit challenged on how to handle backup power.

In my head, if I lose power, a UPS will keep up the router and cable modem; however, runtime with all those PoE devices will be greatly diminished (at any size UPS). With my wife and I working from home, ideally I would keep connected as long as possible.

How do I approach this in the least complex way? Ideally I would keep up a few PoE devices, but not all.

Are some switches smart enough to know when they are on UPS power, and able to kill power/connectivity to certain PoE ports/devices? Or am I relinquished to having multiple switches, where a small one stays up and a big one goes down?

Many thanks for the guidance!

Note: I will need to have different VLANs for the cameras, various IoT devices, etc, but would like to keep the architecture simple, where possible.

One piece of advice would be to consider putting the cameras on a separate switch. Of course, it depends on the camera resolution, number of cameras (eventually that you expect to have) and so forth.

Are you planning to use a network video recorder (NVR) for the cameras? Do you plan to have a RAID system such as Synology backup system? Do you want to have some sliding window of time during which you retain the camera video (and sound if you plan to have audio capture as well)?

One thing I do is to use different color cable for different applications to make it easier to trace cable connections. Mine run in my attic and it helps to be able to visually delineate cables when I'm crawling on my stomach among R30 insulation, a low 4-12 pitch roof and rafters and HVAC ducting....
 

Jose C

Occasional Visitor
As other have mentioned, get a smaller switch for you critical AP and then get a big ups for that switch.

that is what I do, I don’t care about the AP in the backyard but with one ups I manage to get 1.30 hours from ups for ont, OPNsense and 3 AP
 

Tech Junky

Very Senior Member
I don't know how this will pan out for this particular situation but, I use a 30000mah power bank on my laptop and other USB powered devices. The laptop shifted down from MAX to silent mode can get a couple of hours @ 30-45W draw before using the internal battery. The laptop didn't come equipped to use USB as a power source but found a USB-C / DC 5.5 x 2.5 trigger cable to get around that. The power bank @ $60 being compact and easily tucked away somewhere might be ideal.

Using smaller power banks @ each camera / AP could get things where they stay powered for extended periods and then focus comes back to the "core" devices like the modem / switch / PC's.

Since you're POE switch might take a more dramatic hit it might not be as bad with power banks giving power input to the DC connection on the cameras / AP's. It's something to look into / test to see if it's a feasible option. For the camera's a smaller / cheaper PB option should suffice since their power draw is going to be a lot lower than a laptop. AP's shouldn't be too bad @ 30W/ea depending on the AP.
 

Avery

Regular Contributor
Hi All,

Thanks for the many wonderful responses.

@OzarkEdge - I currently have an SmartUPS 1000, and can see having a couple of these, but don't want to go too crazy on the battery reserve, rather be choosy about what draws against it. Since this is for home office use, I probably won't invest yet in a whole house generator... 90% of the things that use network are fine to be down during a power outage, but the other 10% are important and if I can keep internet/laptop run time to 2 hours, that would be great. Thanks!

@degrub - good idea on the PoE injectors for things that aren't mission critical. That may be my best path, just a bit messy if I have 6-8 things on the injectors... but would work. I also like the primary/secondary switch idea... some questions on that, below. Thanks!

@rhimbo - for now, I'm just planning on using ring internet storage for the cameras, so no NVR. I do have a thunder bay RAID setup, but not used for video... I currently use my UPS to keep the computer and that from crashing if there is a power blip. Ideally, for security reasons, I would allow all the cameras to roll for 10-20 mins after a power cut... just incase it was turned off by someone. You must live where it is warmer... here I have to have > R50 in the attic :) After this remodel is complete, the attic will be virtually inaccessible, and I hope to never enter. Will be running some surf tube, however, in the event I have to run something new. Thanks!

@Jose C - I think the 2 switches may be my best option. Some questions on that, below. Thanks!

@Tech Junky - I was trying to get away without more than a few UPS's and would like to keep wiring simple, where possible, and will keep the direct DC power idea in mind. Definitely some good ideas there on the laptop power. Thanks!

I'm seeing three practical options:

1) 2 POE switches & 2 UPS... Little one on a big UPS with cable modem and router, big switch on a little UPS that dies after say 10-30 mins.
2) Use PoE injectors on all the non-critical PoE devices. This is probably the simplest and cheapest option, though potential partial interruptions for any power flicker.
3) Use some automation to kick off a script, which either disables the ports for the non-critical items or turns off the device after power is down X minutes. I have to see if Ring doorbells and cameras can be turned off, per se.

On #1 (2 switches), I could use some guidance here.

Let's assume a small switch (say 8 ports with PoE) as the primary, and a larger switch (say 24) as the secondary switch. Now, lets say that on each of those I want 4 VLANs: 1) Main 2)Cameras 3)IoT 4) Renter.

Is that possible, without great complexity or using lots of ports? My only experience with managed switches is on a single switch, so I'm not clear how I would accomplish that from a networking perspective.

On #3, this might not be that hard with other home automation going in-place. Better yet would be if UPS could trigger the script when it hits 60% or something similar.

Anyone used scripts to turn up or down ports? Any ideas what product lines may support this? I am leaning towards Cisco SMB (fanless) or Zyxel, but could be swayed otherwise.
 

Tech Junky

Very Senior Member
Let's assume a small switch (say 8 ports with PoE) as the primary, and a larger switch (say 24) as the secondary switch. Now, lets say that on each of those I want 4 VLANs: 1) Main 2)Cameras 3)IoT 4) Renter.


With this you simply setup the primary switch first and then when you add the second and configure it to join the primary it will copy over the VL's to the 2nd switch automatically. Just make sure to clear the VL info on the 2nd switch before connecting it to the primary as the highest revision number to the VTP DB takes precedence in sending updates.

 

coxhaus

Part of the Furniture
In the Cisco world you connect 2 switches with a trunk port if you want to pass VLAN information. In the IOS world Cisco enterprise you configure what VLANs will pass. You do not have to pass VLAN info unless you want to. In the Cisco small business world, you pass all VLAN information unless you configure it not to.

This is layer 2. If you assign a network to the VLAN then you can route the VLAN at layer 3 with an L3 switch or router.

The trunk ports can be Laggs as it does not matter.

Oh, when it comes UPS be hard on yourself to only supply power to what really needs backup.

Nowadays when I lose power, I lose my ISP Spectrum. I have 1 small APC on my modem and router just for quick drops as it takes a long time to reboot those devices otherwise it all goes down. When I had my rack with servers like my email server, I had a large APC rack mount UPS to keep it running until it could do a graceful shutdown through APC's software.
 
Last edited:

Avery

Regular Contributor
Ok, thanks @Tech Junky & @coxhaus !

I need a little guidance on layer 2 vs layer 3. I have attempted to educate myself in this area, but still not fully clear.

As mentioned before, I am thinking I would have 4 VLANs: 1) Main 2) cameras/doorbells 3) other IoT devices 4) Renter

From a current day security perspective, does it make sense to have 1), 2), 3) in different VLANs, or is that not needed? I do have concerns about IoT devices being vulnerable to cyber attacks, and wanting to isolate those devices from not being able to get to my main network (computers, network storage, phones, etc). However, of course I want items in the main network to be able to reach cameras and IoT devices, just not the other way around.

Does what I'm proposing make good sense, or are there simpler approaches?

If that is a recommended separation, then to allow the one-way connectivity from my computers to IoT devices, does that mean I need a layer 3 switch, or a layer 2/2+ can accomplish this cleanly?

My goal would be to have a sensibly protected network, without going more complicated than necessary.

Thanks for your thoughts!
 

Tech Junky

Very Senior Member


These should give some more in depth info regarding your potential setup.

The first line of defense is making you SSID hidden and harder to figure out the name. Enabling WPA2 or 3 (AX) and using a decent password.

If the devices are dumb they should still be using these in their deployment. My printer is WIFI enabled but only works on 2.4ghz but still connects to a hidden / WPA2 SSID.

L2 switches get the basic job done in splitting things up i.e. reducing the broadcast packet traffic to other devices
L2+ adds additional functions
L3 gives you the ability to control

1643723782077.png


In the older terms of switching when there were still bridges being used and then deprecated to become L2 switches using ASIC's for forwarding and some intelligence i.e. tagging. Things have evolved but, you can still get dumb gigabit switches w/ 5-8 ports for ~$20 that simply act like a splitter.

Adding management to the mix is where you get the VLAN option and more control over the domain / segmenting the traffic.

Management + IP = Layer 3 control

There's more to it though if you start getting into multiple IP subnets you'll need a way to allocate them from a DHCP server. Most routers are limited to a couple of subnets if they can even do more than 1. If you step up your router to something a bit more substantial than something off the shelf you get more options for addressing. DHCP isn't a high CPU function it's just something that's limited in consumer equipment thinking consumers only need 1 and won't be making things more complex.

On my server / router though I have a full blown DHCP service running and the ability to configure as many or little subnets as needed.
1643724473780.png

You could also roll it into PiHole as a service with less granularity but gain the control over ads / telemetry / etc.
1643724610588.png
 

Similar threads

Latest threads

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!
Top