Jump to content
Security Installer Community

sanhaowangluo

Member
 View Profile  See their activity

  • Posts

    24

  • Joined

  • Last visited

 Content Type 

Everything posted by sanhaowangluo

  1. sanhaowangluo
    Haha, @MrHappy, don't undersell yourself! Those 'coloured wires' are the backbone of everything we’re trying to build on top of. At the end of the day, if the circuit doesn't close, the smartest Zero Trust software in the world is just a fancy UI. The reason I’m digging into this is that the IT guys on this project are making life difficult for the onsite installers. They want everything on the network, but they don't always understand the 'field' reality of hardware reliability. Trying to find that middle ground where it’s secure but still practical for someone to actually maintain without a Ph.D. in
  2. sanhaowangluo
    Hi guys, I’m currently consult on a project for a boutique colocation data center where the client's IT department is pushing hard for a 'Zero Trust' architecture—not just for their network, but extended to physical access. We’ve already got OSDP readers at the perimeter and biometrics for the main halls, but the tenant requirements for cabinet/rack-level security are getting increasingly granular. They are starting to push back against traditional physical fobs, citing them as the 'weakest link' in the audit trail. I’m curious how many of you are actually seeing a real-world shift toward integrating physical access (like mobile credentials or MFA) directly into the logical security stack to satisfy Zero Trust audits? Are you finding that dedicated DC managers are ready to ditch physical cards entirely, or is the industry still too reliant on the 'safety' of a physical token? Would love to hear some field experience on the integration hurdles between the physical layer and IT security protocols in these high-stakes environments.
  3. sanhaowangluo
    Morning gents, just a quick update on this one. As most of you accurately predicted, the client completely balked at the quote for pulling new shielded cable. Typical! Instead of fighting the 20-year-old 22/6 wire and trying to smooth out the OSDP latency, we decided to pivot entirely. We are pitching them a mobile credential solution (BLE/Smartphone) to bypass the physical wiring constraints as much as possible for the main entrances. We actually had to put together a bit of a primer for their management on how mobile credentials and BLE access control stack up against traditional cards just to justify the architecture change. I figured I'd share the link to the guide here in case anyone else needs some ammo to convince a tight-budget client to ditch legacy setups: https://www.civintec.com/Mobile-Credential-Access-Control-Systems-BLE-QR-Code-Solutions-for-Seamless-Security Looks like mobile/wireless is quickly becoming the only headache-free way out of these retrofit nightmares. Cheers again for all the input over the weekend!
  4. sanhaowangluo
    You hit the nail on the head, @al-yeti. It always boils down to the budget. When clients want the high-end encrypted OSDP readers but refuse to pay for a proper cable pull to support them, we end up fighting these exact gremlins. Cheap wire always ends up costing more in labor! @james.wilson - 2.5 miles is absolutely insane! That really speaks to the magic of using proper Belden twisted pair. You are completely right about the termination resistors; I made sure we have the 120-ohm resistors fitted across the bus. It definitely stabilized the connection, but I think the untwisted nature of this 20-year-old alarm wire is just struggling with the constant two-way polling of the OSDP Secure Channel. Appreciate the sanity check from both of you. Guess it's time to have that tough conversation with the client: if they want that instant card read speed, we need to pull new cable. No magic tricks this time.
  5. sanhaowangluo
    Haha, the universal 'get out of jail free' card! I might just have to use that if the client complains about the half-second card read delay. I was secretly hoping someone here had a magical impedance-matching trick for 20-year-old alarm wire, but I guess 'blame the sparky' is the gold standard for a reason! Enjoy the rest of the weekend, mate.
  6. sanhaowangluo
    Morning gents, We’ve been pushing hard to migrate most of our commercial clients away from legacy Wiegand and over to OSDP v2 (Secure Channel) for the obvious encryption benefits. However, I'm running into a frustrating real-world issue. In a perfect lab environment, the RS-485 backbone handles the two-way OSDP handshake beautifully. But on actual retrofits—where we are forced to reuse the client's existing, ancient 22/6 untwisted alarm wire—I'm noticing a slight, but perceptible, latency when swiping the card before the door actually fires. It feels like the reader and controller are struggling with packet loss/retries over the degraded cable before finally authenticating the secure channel. I know the textbook says RS-485 is good for 4,000 feet, but what is your actual safe distance limit when pushing OSDP over crappy legacy wire? Do you guys just bite the bullet and pull new shielded twisted pair, or are there any termination tricks (besides the standard 120-ohm resistor) to clean up the signal on old cables? Curious to hear your field experiences.
  7. sanhaowangluo
    Haha, well that’s a classic translation error on my end! I completely read 'home office' as a residential WFH setup, not the UK Gov Home Office. That context makes way more sense now. Thanks for the clarification, @sixwheeledbeast. You hit the nail on the head regarding liability, @sixwheeledbeast. 'You get what you pay for' is the universal truth in this industry. If a client insists on running a heavy CCTV load over their aging IT infrastructure against our recommendations, getting that formal sign-off in writing is the only way to sleep at night. @al-yeti - I'm glad (well, not glad, but you know what I mean) that you've seen that exact same issue. Murphy's Law guarantees the switch buffer will choke exactly when the incident occurs, never when the frame is empty! Appreciate the insights, gents. Good to know the headaches of existing infrastructure are universal.
  8. sanhaowangluo
    Fair point, @al-yeti. For a standard home office or a couple of basic 2MP cams, the 'plug and play' approach usually holds up fine. However, we're seeing more residential clients pushing for high-bitrate 4K/8K deployments and multi-node mesh setups where the margin for error is much smaller. In those cases, that 'constanish feed' starts to stutter during high-motion events if the hardware can't handle the micro-bursts. I guess I'm just trying to build a more predictable baseline so we’re not the ones getting called back when the owner notices a few dropped frames during a security event. In your experience, at what camera count or resolution do you usually start seeing these 'non-critical' systems actually start to break down?
  9. sanhaowangluo
    Just to add to my original post - I’ve been digging into the chipset specs of some common entry-level 16-port switches. It seems many share the same Realtek silicon with very limited ingress buffer depth. Has anyone noticed if moving to Broadcom-based hardware actually mitigates those 4K frame drops, or is it purely a firmware-level QoS issue? Also, I’ve been looking into STP/FTP grounding on another project today. Could induced noise from poor shielding be a 'hidden' contributor that pushes these shallow buffers over the edge during burst traffic? Curious if anyone has seen a correlation there.
  10. sanhaowangluo
    Just to add to my original post - I’ve been digging into the chipset specs of some common entry-level 16-port switches. It seems many share the same Realtek silicon with very limited ingress buffer depth. Has anyone noticed if moving to Broadcom-based hardware actually mitigates those 4K frame drops, or is it purely a firmware-level QoS issue?
  11. sanhaowangluo
    Following up on my recent post about IGMP Snooping, I wanted to share some field data regarding a performance killer that many budget managed switches hide in their spec sheets: Packet Buffer Memory. We often focus on the total PoE budget, but when deploying high-bitrate 4K or even 8K cameras, I’ve found that small buffers (under 1.5MB) on 8-port "web-managed" switches are the primary cause of random "no signal" or stuttering issues during high-motion events. My Recent Findings: Burst Traffic: When multiple cameras trigger H.265 I-frames simultaneously (e.g., a car driving through multiple FOVs), the switch buffer fills up instantly. If the buffer is shallow, the switch just drops frames, causing the NVR to lose the stream briefly. Management Lag: As I mentioned to al-yeti previously, this buffer congestion often spills over to the CPU of the switch, making the web management UI completely unresponsive until the traffic drops. The "Hull Logic" Workaround: Sometimes, strictly separating the uplinks and disabling flow control on the camera ports actually helped stability, as it forced the NVR to handle the packet pacing instead of relying on a weak switch CPU. Question for the group: > Does anyone have a "go-to" brand for 8-port or 16-port switches that actually lists their packet buffer specs and handles micro-bursts without choking? I’m trying to move away from some of the cheaper units I’ve been testing lately. Curious to hear your experiences with 4K deployments on mid-range gear.
  12. sanhaowangluo
    Following up on a great discussion I had here recently about physical network separation, I wanted to share some bench-test results regarding budget-friendly managed switches (the kind we often see coming out of the Asian markets recently). We’ve all been tempted by the price point of 'web-managed' switches for small-to-medium CCTV jobs. However, I’ve found that their implementation of IGMP Snooping and STP (Spanning Tree Protocol) is often inconsistent under heavy multicast load from 4K/8MP cameras. A few things I’ve noticed in the field: Buffer Overflow: On some 128MB buffer models, once you hit about 60% backplane capacity with constant video streams, the management interface becomes unresponsive, even if the traffic keeps flowing. Multicast Leaks: Despite IGMP being 'On', some budget firmware fails to correctly prune ports, leading to packet flooding on the uplink to the NVR. The 'Hull' Logic Fix: As al-yeti jokingly mentioned 'any old how' recently, I’ve found that for these specific budget units, disabling all 'smart' features and treating them as unmanaged (or strictly using physical separation) actually results in higher uptime. Has anyone else found a specific 'budget' brand that actually handles Layer 2 management properly without a full Cisco/Juniper price tag? Curious to hear your field experiences.
  13. sanhaowangluo
    Haha, the 'any old how' approach definitely has its place when you're in a pinch, but physical separation is still my gold standard for sleeping soundly at night. My main reason for pushing physical over VLAN in these multi-node PoE setups is troubleshooting speed. If the client’s IT guy decides to ‘optimize’ the main office network and resets a core switch, I don't want my camera backbone going down with it. There’s nothing quite like the simplicity of a dedicated pipe that doesn't care what the rest of the building is doing. Out of curiosity, when you do go the VLAN route for these, do you usually stick with Layer 2 at the edge or do you prefer routing it at the core to keep the broadcast traffic completely isolated?
  14. sanhaowangluo
    Spot on, James. It’s always the STP (Spanning Tree) or IGMP Snooping that bites you when you least expect it with managed gear. In a high-traffic CCTV environment, I’ve seen those 'optimizations' cause more heartaches than they solve. For these types of multi-node builds, I’ve found that a solid, high-backplane unmanaged switch at the edge—and keeping the 'smart' stuff strictly at the core—tends to keep the ghost in the machine away. Appreciate the feedback, guys! Spot on. 'Removing variables' is the best piece of advice anyone can give in this trade. The moment you share a backbone with a client's generic IT traffic, you're at the mercy of their firmware updates and VLAN misconfigurations. I've been pushing for fibre backbones on larger residential and commercial sites specifically for that reason—it future-proofs the bandwidth and eliminates EMI issues in one go. There’s nothing worse than an intermittent 'ghost' lag that only happens when the site IT decides to run a backup during peak monitoring hours. Dedicated is definitely the way to go for peace of mind.
  15. sanhaowangluo
    Totally get that. Managed switches can be a nightmare if the IGMP snooping or STP isn't dialed in perfectly for multicast video traffic—suddenly you're chasing 'network' issues that are actually just configuration headaches. For those budget-conscious builds, I've started leaning towards high-bandwidth 'unmanaged plus' or web-managed gear. It gives just enough visibility to see if a port is flapping without the complexity of a full enterprise stack. Keeps the project on budget and the service calls to a minimum. Do you guys usually go with a separate physical network for the CCTV, or just VLAN it off on the main house/office net?
  16. sanhaowangluo
    Hi al-yeti, not selling anything here! I'm a system integrator focusing on networking and security infrastructure. I just noticed these latency issues recurring in recent multi-node builds and thought sharing some field-tested tweaks might help others facing the same "ghost in the machine." I'm actually curious—in your 16+ channel installs, do you usually stick with dedicated CCTV switches like Hikvision/Dahua, or do you prefer enterprise gear like Cisco/Aruba for the backbone?
  17. sanhaowangluo
    Hi everyone, Having worked on several high-end residential and industrial security integrations recently, I’ve noticed a recurring issue with video lag and frame drops when scaling beyond 8+ IP cameras on a single managed switch. A few "field-tested" adjustments that have significantly improved stability for my builds: MTU Tuning: Standard 1500 is usually fine, but in high-traffic VLANs, ensuring your NVR and switches are perfectly synced on Jumbo Frame settings (if supported) can reduce overhead. Subnet Isolation: Never let the security traffic mingle with the home/office guest Wi-Fi. It sounds basic, but broadcast storms from IoT devices are the #1 killer of smooth 4K streams. Power Budgeting: Always calculate the "cold start" draw. Some PTZ cameras spike significantly during initialization, which can cause intermittent reboots if your PoE budget is too tight (even if the "active" draw looks fine). Would love to hear how you guys handle bandwidth management for larger 16-32 channel installs. Any specific switch brands you’ve found to be particularly reliable for 24/7 heavy lifting? Best, Eason
  18. sanhaowangluo
    Haha, thanks! Happy to be part of the nerd club here. Looking forward to learning from the experts!
  19. sanhaowangluo
    Haha, thanks for the warm (and realistic) welcome, MrHappy! I'll try to make the most of the 'honeymoon phase' while I can. Looking forward to diving into the technical discussions here.
  20. sanhaowangluo
    Using three armature plates is definitely not ideal for long-term reliability. For outward-opening doors where the magnet doesn't align perfectly with the frame, you should look into a standard Z & L Bracket kit. The 'L' bracket is used to mount the magnet on the header, and the 'Z' bracket allows you to adjust the armature plate to the correct position on the door leaf without needing all those spacers. It’s a much cleaner look and ensures the magnetic pull is consistent across the entire plate.
  21. sanhaowangluo
    Hi Bas, I've seen similar issues with Galaxy Dimension panels before. Since it's pingable and the RSS (Remote Service Suite) is working, have you checked if the port forwarding for the Gx app (usually port 10001 or 5001 depending on your setup) is correctly configured on the router? Sometimes the app requires a more stable handshake than the RSS. Also, double-check if the 'Remote User' codes have the proper 'App Access' permissions enabled in the panel manager.
  22. sanhaowangluo
    Haha, thanks! Happy to be part of the nerd club here. Looking forward to learning from the experts!
  23. sanhaowangluo
    "That 'LOST CONNECTIVITY' error on Galaxy Dimension panels is often a timing issue between the Ethernet module (Iris) and the app's secure handshake. Have you checked if the encryption key in the panel matches the app exactly? Sometimes a slight firmware mismatch on the Iris 4 can also cause the session to drop after the initial connection. In our testing at CIVINTEC, we’ve noticed that ensuring a stable static IP and checking the polling intervals can sometimes stabilize these remote sessions. If the hardware continues to be temperamental, it might be worth looking into readers or controllers that support more robust OSDP v2 protocols for a more reliable secure channel. Hope you get it sorted!"
  24. sanhaowangluo
    Hi everyone, I'm excited to finally join The Security Installer community. I’ve been following the discussions here for a little while and have been impressed by the level of expertise. I’ve been involved in the security and networking field for some time now, with a particular interest in smart integration and IP-based systems. I'm looking forward to learning from you all and contributing where I can as I keep growing in the industry. Cheers!
×
×
  • Create New...

Important Information

By using this site, you agree to our Terms of Use.

  I accept