Protecting 1Gb Ethernet From Lightning Strikes

I’m working with a client site that has been hit twice, very close by lightening.

I did lots of electrical work/upgrades/grounding but now I want to focus on protecting Ethernet connections between core switching/other devices that can’t be migrated to fiber optic.

I was looking for surge protection devices for Ethernet but have never shopped for anything like this before. Was wondering if anyone has deployed a solution?
They don’t have a large presence on site (I have been moving all of their core stuff to AWS) but they still have core networking / connectivity and PoE cameras / APs around the property.
Since migrating their onsite servers/infra to the cloud, now their connectivity is even more important.

This is a small site, maybe about 200 switch ports, but I would only need to protect maybe 12 core ones. but would be something I could use in the future with larger deployments.
it’s just a 1Gbe network BTW.

Hope someone with more experience can help make hardware recommendations?

Thanks in advance.

• Javier

This probably won't fully solve your problem, but I run a bunch of
Ubiquiti access points and similar -- I suffered a number of lightning
related outages, and then started using their TOUGHcable -
https://www.ui.com/accessories/toughcable/
(don't forget to also get the special jacks / ends). Since changing to
this I've had no more issues. You should also look at
https://www.ui.com/accessories/ethernet-surge-protector/- I haven't
needed them, but...

W

You might look at mccowntech.com,
they make surge suppressors geared toward
the wireless provider market which are pretty good.
(not associated, we just use their products).

The correct answer is use fiber.

If you really, really can’t then APC make a single port transient arrestor p/n PNET1GB.

I’ve used these in the past for a PoE phone in a wooden gatehouse hut right on the 100M max length with no power for active kit and they seem to work fine. I’m using one at the moment for a PoE access point in my garden shed. Not sure I would bring an inter building link in copper onto an expensive core switch though.

Don’t know of anything in higher density than “one port”.

+1 on the Ubiquiti surge protectors specifically designed for PoE gear in mind (other brands like Cambium that are outdoor AP or camera oriented may work equally as well). I would also recommend continuing to isolate and protect as much as possible. For example, connecting your outdoor PoE cameras or APs to dedicated PoE switches that connect back to the core or aggregation switches via fiber. The PoE switches powering the outdoor gear could be connected to power on dedicated PDUs that are connected to dedicated circuits. I would imagine that PDUs that provide surge protection or on-line/line-interactive UPS units would be preferred over standby UPS units or PDUs that do not provide surge protection. Would also be nice to keep spare parts on-site or conveniently accessible, but not connected to power (e.g. focus on cold spares before focusing on hot spares).

--Blake

The correct answer is use fiber.
Not sure I would bring an inter building link in copper onto an expensive core switch though.

Yeah.

Don't know of anything in higher density than "one port”.

This on Amazon:

https://smile.amazon.com/Protector-Lightning-Suppressor-Protection-TP323/dp/B07P3XDXN3/ref=sr_1_6?keywords=apc+PNET1GB&qid=1565722471&s=gateway&sr=8-6

…but I haven’t used it, so can’t specifically recommend.

                                -Bill

You will want to check out these.

They are made to fit into the 1U APC Chassis PRM24. We rely on them heavily in the WISP Market. I’ve had equipment on a tower that was physically destroyed by lightening, and the Router Port on the other side of these arrestors was just fine.

The university I worked at used ITW Linx surge arrestors for years, never had any issues.

https://www.itwlinx.com/products/surgegate-modular-communications-surge-protectors/cat6-75z

The model above will work with POE+, careful of their cheaper CAT5-POE and CAT6-POE models as they are not designed for POE+ and did not work well with Cisco POE.

Never had issues with the CAT6-75 model, worked perfect with Cisco equipment.

We also used the CAT6-LAN models where POE was not needed, as they clamp to 16v vs the 75v of the CAT6-75 model.

Thank you,

Kevin McCormick

Could you use a transceiver for the 1000Base-T? copper <-> fiber <-> copper that will create an ‘air gap’ on the data circuit. You still run the risk of a lightning strike entering through the transceiver power. You could filter that through a -48VDC power supply, rectifier/inverter pair.

I would try to isolate it with something like the RBFTC11 or similar if you can. They’re great boxes, but as with all things lightning you usually can’t protect from everything. I’ve had a lightning hit cause some major issues before at a tower site.

You do what you can and keep suitable spares at the ready. You never know why there will be a failure.

- Jared

I'm working with a client site that has been hit twice, very close by
lightening.

I did lots of electrical work/upgrades/grounding but now I want to focus on
protecting Ethernet connections between core switching/other devices that
can't be migrated to fiber optic.

If lightning comes so close that it will break things inside the same
facility because they are connected by structured cabling, two things
typically have failed;

* The building as such is not adequately protected.

* There exist too large potential differences within the electrical
  system inside the building.

For #1, telecoms regulations on site grounding and protection give good,
albeit expensive advice. The most important part is that all cabling
enter the facility with its screens at common potential. The reason
is that most blown equipment comes from in-ground potential difference
between different cables. (I've poured shattered IC's out of a poor ADSL
router after such a strike. ) If that potential difference is cancelled
upon entry in the facility by bonding all grounds the risk is minimised.

For #2, it is mostly solved by fixing #1, but it is proper to fix it by
mesh-connecting grounds on all equipment together. If there is a 10mm^2
(around AWG7) bonding conductor parallel to the 0,14mm^2 (AWG25) drain
wire in the foil screen, which way will the current take?
Do note that star grounds are popular, but they're impossible to maintain
and typically don't work at high frequiencies, which will lessen their
efficiency against fast-rising transients. Mesh grounds are better at
conducting high frequencies and are easier to maintain.

Having several power utility feeds into same facility will of course
exacerbate the problem, which is one of the reasons it is illegal
in Sweden.

If you need to cross between two buildings, copper should be
rejected. Fiber is so much better. And pays for itself immediately upon
first strike survived.

/Måns, has 6 pairs 9/125 between garage and house at home.

Måns Nilsson <mansaxel@besserwisser.org> writes:

/Måns, has 6 pairs 9/125 between garage and house at home.

Now you made me worry that my single OM4 pair to the garden shed might
be insufficient

Bjørn

Måns Nilsson <mansaxel@besserwisser.org> writes:

> /Måns, has 6 pairs 9/125 between garage and house at home.

Now you made me worry that my single OM4 pair to the garden shed might
be insufficient

I have but one comment: "Friends don't let friends run multimode."

Are "surge protectors" really of much use against lightning? I suspect
not, other than minor inductions tho perhaps some are specially
designed for lightning. I wouldn't assume, I'd want to see the word
"lightning" in the specs.

I once had a lightning strike (at Harvard Chemistry), probably just an
induction on a wire some idiot had strung between building roofs (I
didn't even know it existed) and the board it was attached to's solder
was melted and burned, impressive! More impressive was the board
mostly worked, it was just doing some weird things which led me to
inspect it...oops.

My understanding was that the only real protection is an "air gap",
which a piece of fiber will provide in essence, and even that better
be designed for lightning as it can leap small gaps.

Check your insurance, including the deductibles, keep spares on hand.

P.S. My grandmother would tell a story about how what sounded like the
ever-controversial "ball lightning" came into her home when she was
young. Good luck with that!

  https://en.wikipedia.org/wiki/Ball_lightning

Think surge protectors will protect against strikes that is far away, and the residual surge it creates.

A direct strike? Don’t think there’s anything that will really protect against that.

https://imgur.com/a/dzTVw5a has been posted lately here in a swedish fiber-related facebook group.

So even though you might have fiber coming in, remember that both the power grid and copper network cables are conductors and can make the lightning strike jump between devices. So the OP of this thread is right in wanting to protect both the network cables and power cables.

PS. I don't have more details about this specific case.

hi,

have seen and suffered from same. nearby strikes can cause enough
surge to fry things. best solution - air-gaps where possible between
devices (eg fibre to link switches), surge protectors on ethernet
cables where needed (eg feeds from Access points) - and if the APs
have external antennae
then use lightning arrestors on the coax cables.

why main wireless vendors still don't do SFP/SFP+-based APs I don't
know... (would mean only the AP cooks and the edge switch isnt the
victim....

alan

This. Very little will protect you from a direct strike.

Working for a WISP for a long time as a past life, I’ve seen radios physically split in half. Chunks of concrete taken out of walls near the equipment. Black ethernet ports that have functionally soldered themselves into the jack. Six figures worth of lost gear over the years (Does sound like much, But at ~$80 a pop for cheap wisp gear. That’s a lot of equipment.)

I would begin by referencing the grounding section here:

https://www.blm.gov/sites/blm.gov/files/Lands_ROW_Motorola_R56_2005_manual.pdf

Of utmost importance is that everything is bonded to the same potential. This means that if they have stuff on a roof, outdoor antennas or APs, whatever, it ground needs to be bonded to the building’s AC electrical service entrance ground, ufer ground if one exists, and so forth.

This is probably the lowest cost ohm meter that is suitable for real world use: https://www.amazon.com/Extech-382252-Ground-Resistance-Tester/dp/B00390G3YA

The WISP community has over the past twenty years of painful experience learned to use a combination of high quality ethernet surge protectors (previously mentioned McCown Tech suppressors or their competitors) and comprehensive grounding.

While ToughCable isn't bad (especially for the price), if you want something REALLY durable both physically and against electrical transients, I've been very happy with Primus C6CMXFS-1864BK. It costs quite a bit more than the ToughCable but has real water blocking (which means you had better be prepared to deal with "Icky Pic"), heavy shielding with drain, meets or exceeds CAT6 (which means you can push gigE a bit beyond 100m pretty reliably if you've got a tall tower or a hut far away from a tower base), and has 23AWG wire so PoE, especially Ubnt's crummy 24V passive POE, can go farther, too.

Be warned it's a bear to terminate. In addition to the waterblock, the cable diameter is too large for typical crimp-on RJ45 ends. You have to either use special ends (which Primus sells, among others) or terminate it to a punch block which, while not usually a problem in a hut, is often problematic up on a tower.

Ubnt also makes an outdoor fiber media converter I've found useful for "small cell" style wISP deployments where I can drag my own fiber to the tower/pole and don't want/need a hut or enclosure at the base. Part number is F-POE-G2. That'll let you get your power and signal separated. I do wish they'd just put SFP slots in their radios, but at the price they sell them for, I guess I can't complain too much. I'd put real 802.3af/at PoE higher on the list of wants, honestly.

As to actual surge protectors, I see there have been some other suggestions in the list, and I'll defer to them. I've personally had decent luck with just making sure the Ubnt passive POE injectors (which I need since I don't usually use their switches) are well grounded to be mostly sufficient (along with the tower and hut having proper grounding infrastructure). I've not lost any radios, though I've had some lockups requiring power cycle after nearby lightning strikes on some of the lower end WA based platforms. The XC based platforms seem hardier. My sample size isn't huge, though.

I'm usually of the impression that, unless you've got carrier (cellular or committed-rate microwave) class wireless gear on the tower or aggressive SLAs you have to meet from a wireless PoP, it's probably cheaper overall to just take reasonable precautions against lightning than it is to try to make things handle a "direct" strike. Figure in the wISP world, tech moves so fast that you're having to put new things on the tower at least every 3-5 years anyway, so as long as an unscheduled trip up to the tower doesn't cost you $ARM+$LEG, it's probably easier to just take a lightning strike that fries everything due to extreme proximity as an unscheduled upgrade than the try to handle it electrically.

"Nearby" strikes, static, electrical transients on your utility line, etc. are a different matter. Those you can economically protect against i.e. the protection will not cost as much or more than the gear and service you're protecting.