sanhaowangluo
-
Posts
24 -
Joined
-
Last visited
sanhaowangluo's Achievements
-
Haha, @MrHappy, don't undersell yourself! Those 'coloured wires' are the backbone of everything we’re trying to build on top of. At the end of the day, if the circuit doesn't close, the smartest Zero Trust software in the world is just a fancy UI. The reason I’m digging into this is that the IT guys on this project are making life difficult for the onsite installers. They want everything on the network, but they don't always understand the 'field' reality of hardware reliability. Trying to find that middle ground where it’s secure but still practical for someone to actually maintain without a Ph.D. in -
Hi guys, I’m currently consult on a project for a boutique colocation data center where the client's IT department is pushing hard for a 'Zero Trust' architecture—not just for their network, but extended to physical access. We’ve already got OSDP readers at the perimeter and biometrics for the main halls, but the tenant requirements for cabinet/rack-level security are getting increasingly granular. They are starting to push back against traditional physical fobs, citing them as the 'weakest link' in the audit trail. I’m curious how many of you are actually seeing a real-world shift toward integrating physical access (like mobile credentials or MFA) directly into the logical security stack to satisfy Zero Trust audits? Are you finding that dedicated DC managers are ready to ditch physical cards entirely, or is the industry still too reliant on the 'safety' of a physical token? Would love to hear some field experience on the integration hurdles between the physical layer and IT security protocols in these high-stakes environments.
-
Morning gents, just a quick update on this one. As most of you accurately predicted, the client completely balked at the quote for pulling new shielded cable. Typical! Instead of fighting the 20-year-old 22/6 wire and trying to smooth out the OSDP latency, we decided to pivot entirely. We are pitching them a mobile credential solution (BLE/Smartphone) to bypass the physical wiring constraints as much as possible for the main entrances. We actually had to put together a bit of a primer for their management on how mobile credentials and BLE access control stack up against traditional cards just to justify the architecture change. I figured I'd share the link to the guide here in case anyone else needs some ammo to convince a tight-budget client to ditch legacy setups: https://www.civintec.com/Mobile-Credential-Access-Control-Systems-BLE-QR-Code-Solutions-for-Seamless-Security Looks like mobile/wireless is quickly becoming the only headache-free way out of these retrofit nightmares. Cheers again for all the input over the weekend!
-
You hit the nail on the head, @al-yeti. It always boils down to the budget. When clients want the high-end encrypted OSDP readers but refuse to pay for a proper cable pull to support them, we end up fighting these exact gremlins. Cheap wire always ends up costing more in labor! @james.wilson - 2.5 miles is absolutely insane! That really speaks to the magic of using proper Belden twisted pair. You are completely right about the termination resistors; I made sure we have the 120-ohm resistors fitted across the bus. It definitely stabilized the connection, but I think the untwisted nature of this 20-year-old alarm wire is just struggling with the constant two-way polling of the OSDP Secure Channel. Appreciate the sanity check from both of you. Guess it's time to have that tough conversation with the client: if they want that instant card read speed, we need to pull new cable. No magic tricks this time.
-
Haha, the universal 'get out of jail free' card! I might just have to use that if the client complains about the half-second card read delay. I was secretly hoping someone here had a magical impedance-matching trick for 20-year-old alarm wire, but I guess 'blame the sparky' is the gold standard for a reason! Enjoy the rest of the weekend, mate.
-
Morning gents, We’ve been pushing hard to migrate most of our commercial clients away from legacy Wiegand and over to OSDP v2 (Secure Channel) for the obvious encryption benefits. However, I'm running into a frustrating real-world issue. In a perfect lab environment, the RS-485 backbone handles the two-way OSDP handshake beautifully. But on actual retrofits—where we are forced to reuse the client's existing, ancient 22/6 untwisted alarm wire—I'm noticing a slight, but perceptible, latency when swiping the card before the door actually fires. It feels like the reader and controller are struggling with packet loss/retries over the degraded cable before finally authenticating the secure channel. I know the textbook says RS-485 is good for 4,000 feet, but what is your actual safe distance limit when pushing OSDP over crappy legacy wire? Do you guys just bite the bullet and pull new shielded twisted pair, or are there any termination tricks (besides the standard 120-ohm resistor) to clean up the signal on old cables? Curious to hear your field experiences.
-
Haha, well that’s a classic translation error on my end! I completely read 'home office' as a residential WFH setup, not the UK Gov Home Office. That context makes way more sense now. Thanks for the clarification, @sixwheeledbeast. You hit the nail on the head regarding liability, @sixwheeledbeast. 'You get what you pay for' is the universal truth in this industry. If a client insists on running a heavy CCTV load over their aging IT infrastructure against our recommendations, getting that formal sign-off in writing is the only way to sleep at night. @al-yeti - I'm glad (well, not glad, but you know what I mean) that you've seen that exact same issue. Murphy's Law guarantees the switch buffer will choke exactly when the incident occurs, never when the frame is empty! Appreciate the insights, gents. Good to know the headaches of existing infrastructure are universal.
-
Fair point, @al-yeti. For a standard home office or a couple of basic 2MP cams, the 'plug and play' approach usually holds up fine. However, we're seeing more residential clients pushing for high-bitrate 4K/8K deployments and multi-node mesh setups where the margin for error is much smaller. In those cases, that 'constanish feed' starts to stutter during high-motion events if the hardware can't handle the micro-bursts. I guess I'm just trying to build a more predictable baseline so we’re not the ones getting called back when the owner notices a few dropped frames during a security event. In your experience, at what camera count or resolution do you usually start seeing these 'non-critical' systems actually start to break down?
-
Just to add to my original post - I’ve been digging into the chipset specs of some common entry-level 16-port switches. It seems many share the same Realtek silicon with very limited ingress buffer depth. Has anyone noticed if moving to Broadcom-based hardware actually mitigates those 4K frame drops, or is it purely a firmware-level QoS issue? Also, I’ve been looking into STP/FTP grounding on another project today. Could induced noise from poor shielding be a 'hidden' contributor that pushes these shallow buffers over the edge during burst traffic? Curious if anyone has seen a correlation there.
-
Just to add to my original post - I’ve been digging into the chipset specs of some common entry-level 16-port switches. It seems many share the same Realtek silicon with very limited ingress buffer depth. Has anyone noticed if moving to Broadcom-based hardware actually mitigates those 4K frame drops, or is it purely a firmware-level QoS issue?
-
Following up on my recent post about IGMP Snooping, I wanted to share some field data regarding a performance killer that many budget managed switches hide in their spec sheets: Packet Buffer Memory. We often focus on the total PoE budget, but when deploying high-bitrate 4K or even 8K cameras, I’ve found that small buffers (under 1.5MB) on 8-port "web-managed" switches are the primary cause of random "no signal" or stuttering issues during high-motion events. My Recent Findings: Burst Traffic: When multiple cameras trigger H.265 I-frames simultaneously (e.g., a car driving through multiple FOVs), the switch buffer fills up instantly. If the buffer is shallow, the switch just drops frames, causing the NVR to lose the stream briefly. Management Lag: As I mentioned to al-yeti previously, this buffer congestion often spills over to the CPU of the switch, making the web management UI completely unresponsive until the traffic drops. The "Hull Logic" Workaround: Sometimes, strictly separating the uplinks and disabling flow control on the camera ports actually helped stability, as it forced the NVR to handle the packet pacing instead of relying on a weak switch CPU. Question for the group: > Does anyone have a "go-to" brand for 8-port or 16-port switches that actually lists their packet buffer specs and handles micro-bursts without choking? I’m trying to move away from some of the cheaper units I’ve been testing lately. Curious to hear your experiences with 4K deployments on mid-range gear.
-
Following up on a great discussion I had here recently about physical network separation, I wanted to share some bench-test results regarding budget-friendly managed switches (the kind we often see coming out of the Asian markets recently). We’ve all been tempted by the price point of 'web-managed' switches for small-to-medium CCTV jobs. However, I’ve found that their implementation of IGMP Snooping and STP (Spanning Tree Protocol) is often inconsistent under heavy multicast load from 4K/8MP cameras. A few things I’ve noticed in the field: Buffer Overflow: On some 128MB buffer models, once you hit about 60% backplane capacity with constant video streams, the management interface becomes unresponsive, even if the traffic keeps flowing. Multicast Leaks: Despite IGMP being 'On', some budget firmware fails to correctly prune ports, leading to packet flooding on the uplink to the NVR. The 'Hull' Logic Fix: As al-yeti jokingly mentioned 'any old how' recently, I’ve found that for these specific budget units, disabling all 'smart' features and treating them as unmanaged (or strictly using physical separation) actually results in higher uptime. Has anyone else found a specific 'budget' brand that actually handles Layer 2 management properly without a full Cisco/Juniper price tag? Curious to hear your field experiences.
-
Haha, the 'any old how' approach definitely has its place when you're in a pinch, but physical separation is still my gold standard for sleeping soundly at night. My main reason for pushing physical over VLAN in these multi-node PoE setups is troubleshooting speed. If the client’s IT guy decides to ‘optimize’ the main office network and resets a core switch, I don't want my camera backbone going down with it. There’s nothing quite like the simplicity of a dedicated pipe that doesn't care what the rest of the building is doing. Out of curiosity, when you do go the VLAN route for these, do you usually stick with Layer 2 at the edge or do you prefer routing it at the core to keep the broadcast traffic completely isolated?
-
Spot on, James. It’s always the STP (Spanning Tree) or IGMP Snooping that bites you when you least expect it with managed gear. In a high-traffic CCTV environment, I’ve seen those 'optimizations' cause more heartaches than they solve. For these types of multi-node builds, I’ve found that a solid, high-backplane unmanaged switch at the edge—and keeping the 'smart' stuff strictly at the core—tends to keep the ghost in the machine away. Appreciate the feedback, guys! Spot on. 'Removing variables' is the best piece of advice anyone can give in this trade. The moment you share a backbone with a client's generic IT traffic, you're at the mercy of their firmware updates and VLAN misconfigurations. I've been pushing for fibre backbones on larger residential and commercial sites specifically for that reason—it future-proofs the bandwidth and eliminates EMI issues in one go. There’s nothing worse than an intermittent 'ghost' lag that only happens when the site IT decides to run a backup during peak monitoring hours. Dedicated is definitely the way to go for peace of mind.
-
Totally get that. Managed switches can be a nightmare if the IGMP snooping or STP isn't dialed in perfectly for multicast video traffic—suddenly you're chasing 'network' issues that are actually just configuration headaches. For those budget-conscious builds, I've started leaning towards high-bandwidth 'unmanaged plus' or web-managed gear. It gives just enough visibility to see if a port is flapping without the complexity of a full enterprise stack. Keeps the project on budget and the service calls to a minimum. Do you guys usually go with a separate physical network for the CCTV, or just VLAN it off on the main house/office net?