Addressing the Challenges of PoE-Based Access Control Systems
What exactly is Power over Ethernet (PoE)? In the simplest terms, it is utilizing Ethernet cabling to carry not only data between devices, but also to carry the necessary electrical power. This solution has some obvious advantages when you the cabling is often already in place. Since additional cabling doesn’t need to be installed it is clearly cheaper. Right? That is usually the case but not always.
Editor's Note: This article is part of the bonus publication "Access Control Trends & Technology 2018" - follow the link to download the full magazine.
Standards
Typically, if a device states that it is “PoE compatible”, this means that it adheres to the universal standard for PoE, which is IEEE 802.3af. It also means that it can be safely connected to other PoE compatible devices. So two devices connected across a network link, such as an Open Options NSC-100 receiving its power from a PoE network switch, becomes a PD (Powered Device), while the PoE network switch becomes known as PSE (Power Sourcing Equipment).
Clearly, not everything connected to a network is designed to receive PoE. The standard includes a process that checks to be sure that the equipment is compatible before “turning on the power”. The PD has to display a signature that the PSE checks before enabling PoE to the port. This takes place within a very small amount of time, so wiring something up for PoE is as simple as just plugging it in.
What about IEEE 802.3at, or PoE-plus? This updated standard provides up to 25.5 W of power to compatible devices. Unfortunately, this standard was heavily discussed before it was actually adopted and released, and many different “non-standard” configurations were fielded in anticipation of what the standard might actually be. With only a couple of exceptions, nearly all current PoE access control systems are specified as 802.3af compliant, and it is wise to stay within those boundaries when calculating things like power budgets unless you know for certain the device and the PSE is 802.3at compliant.
Advantages
Now that we’ve laid out the basics, let's discuss the primary advantages of PoE. First, both data and power are carried along the same CAT5/6 Ethernet cable with standard RJ45 connectors. The voltage present on the actual cable is typically 48 VCD. This is low enough to be safe but high enough to supply the typical voltage and current to drive most of what is needed for a typical access control portal. Part of the standard discussed above also includes current monitoring so that if something is malfunctioning, the PSE will shut down power to that particular device and safety is maintained.
Additionally, most network setups incorporate some level of central power backup (i.e. uninterruptible power supply, or UPS), so you are saving on backup batteries and the associated maintenance that goes with them. Another component of the standard is the utilization of power classification, where PDs provide an indication of how much power they require (this is classified in bands of 4, 7, and 13 watts), allowing for more efficient power allocation and savings. This also means that on more sophisticated equipment, a remote device, such as a door controller that is not functioning correctly, can be power cycled and remotely reset without having to dispatch a field engineer to manually perform this function.
Limitations
First, there is the 300-meter cable length limitation. Though it’s not a severe limitation and there are ways around it, it can be costly. Another limitation is the power budget of the PSE. For example, we learned early on that many inexpensive PoE switches have eight ports with a total power budget of 30 watts. For all intents and purposes, an access control door will require the entire 13 watts that 802.3af can supply. Devices like an Open Options NSC-100 with the full 13 watts of power available can supply 700 mA. of current downstream. Let’s say we have a strike that requires 300 mA., a reader that needs 150 mA., and a motion detector as the request to exit device that needs 26 mA. With all this, we’re bumping up to around 500 mA. Anything additional and we have consumed pretty much all the available power.
Given the eight ports with only 30 watts of power, we are only going to get what we need on a couple of ports, and the others aren’t going to have enough power to power our portal. The seemingly obvious solution is to get a really expensive and sophisticated managed PoE switch with a full power budget. Unfortunately, this can work against you, too. Some of these switches will monitor the current consumption on the ports, and over a period of time, they will reduce the output on the port to the calculated average consumption. On a door that doesn’t get used often, this can wreak havoc when the switch reduces the power to a level that won’t support the current draw when the strike activates. This causes the device to be current-starved and the controller to reboot.
In the end, it is simple. If you are utilizing PoE for access control, the managed switch needs to be programmed to provide full power at all times, and all scheduled shutoffs need to be disabled. Be sure you are aware of how much power your PoE device can provide, as not all PoE door controllers deliver the same power output for downstream peripheral devices. Monitor your power budget and you will be fine.
UL Listed Devices
Earlier PoE access control controllers came with a carefully crafted disclaimer that it could only be UL listed if it were powered by a UL 294 non-PoE power supply, because there were no UL (or more appropriately, Nationally Recognized Testing Laboratory) listed PoE power supplies in existence at that time. If you are required to have an NRTL listed system, be sure that you are incorporating listed PSE to power your PoE equipment.
What About Life Safety?
Unfortunately, life safety is an issue that is easier to deal with in the non-PoE world. Not only does it have the building codes behind it, but in most places, it carries the weight of the law as well. On one hand, this can be pretty simple – just have the fire alarm contractor install an addressable relay module at the door that needs override, routes your lock power through it, and you are done.
Do not make the mistake of thinking that you can just program the access control system to unlock the door when it sees an input from the fire alarm system. Access control systems are not listed for this kind of service. This must be accomplished outside the system. Per NFPA 101 Life Safety Code Section 7.2.1.6.2 Access-Controlled Egress Doors: “When operated, the manual release device shall result in direct interruption of power to the lock – independent of the access control system electronics – and the doors shall remain unlocked for not less than 30 seconds.”
Best Practices
Power over Ethernet is an elegant and efficient solution that can result in cost savings on access control systems and provided you take the proper precautions, you can easily and safely power locks and peripheral devices on PoE.
The first and most important thing to remember is the never-ending need for constant and clear communication between the integrator, IT department, end user, and the locksmith/installer. However, to break it down into those categories:
- Integrator: First, as a systems integrator, you should confirm that only specified equipment is installed at each location so current demands do not deviate from specifications. You should also be able to clearly enumerate the current requirements for each PoE drop to the IT group that manages the PoE switch. Lastly, be sure that life safety requirements are met, and that the end user clearly understands what the requirements and liabilities are.
- IT Department: If you are in the IT department, verify that managed PoE switches are correctly configured for access portals. You should also confirm that current requirements are not being exceeded, and work with other stakeholders to ensure a successful deployment.
- Locksmith/Installer: In addition to ensuring that only specified equipment is installed, locksmiths are also responsible for coordinating with the integrator and IT group to ensure that current capacities can safely be met. It is also best practice for locksmiths to carefully follow wiring diagrams and specifications.
- End User: As an end user, it is always a good idea to accompany the integrator for final testing and turnover to ensure that functionality is correct and life safety rules are carried out, and to stay in communication with the various groups who play a role in your PoE solution so that any issues can be resolved quickly.
Roscoe Coffman is Vice President of Operations at Open Options, Inc. He began his career in the security industry in 1985 as a resident technician at Mosler Safe Company. After eight years at Mosler, he went to work for Sensormatic Corporation, where he spent his first 18 months as the project manager for the installation of a hybrid access control, video surveillance, and audio system installation. After that, he joined Securenet as a Senior Project Manager, and in 1992, he joined Open Options where he currently serves as the VP of Operations.