Power Over Ethernet (poe) Basics and Beyond
Key topics
The article discusses the basics and advanced concepts of Power over Ethernet (PoE), sparking a discussion on its applications, benefits, and potential issues in various contexts, including home security systems, consumer devices, and industrial settings.
Snapshot generated from the HN discussion
Discussion Activity
Very active discussionFirst comment
5d
Peak period
115
Day 6
Avg / period
32
Based on 160 loaded comments
Key moments
- 01Story posted
Oct 16, 2025 at 10:09 AM EDT
3 months ago
Step 01 - 02First comment
Oct 21, 2025 at 8:12 PM EDT
5d after posting
Step 02 - 03Peak activity
115 comments in Day 6
Hottest window of the conversation
Step 03 - 04Latest activity
Oct 25, 2025 at 11:14 AM EDT
3 months ago
Step 04
Generating AI Summary...
Analyzing up to 500 comments to identify key contributors and discussion patterns
Want the full context?
Jump to the original sources
Read the primary article or dive into the live Hacker News thread when you're ready.
As a result, it tends to be relegated to the "high end switch which has every feature those one-off customers demand but costs an arm and a leg as a result" model/family. E.g. the only ones I ever sold were to a hospital that wanted to have select switches have 10G for radiology workstations but also wanted to still be able to plug 1G APs in without having to think about the port types. Radiology was covering the cost, so they didn't care it was a waste of money.
The new 14” MacBook Pro comes with a 70 watt charger. An M4 Air only gets a 35 watt adapter.
Basically seems like enough power is available to run something pretty powerful.
Additionally, it's not difficult to fit 10gigabit worth of data munging in a 10-15watt envelope.
Pulling data off of modern professional cameras is an easy example.
Realtek's latest NIC is 10/100/1000/2.5/5/10, has a <2w envelope and has offloading that works (unlike intel).
I have not yet tested WiFi 7 APs, but they are supposed to be even faster. The use-case for me is video editing over WiFi (I do have a 10GBe Thunderbolt adapter but hey, I like wireless).
In theory at peak throughput the access point might use close to 10 gigabit. But definitely more than 1G/2.5G.
So any 10GbE (and 2.5GbE) PoE/PoE+ devices out there are technically not to spec (lots of these on Ali Express) but I believe the the Ubiquiti 10GbE stuff is all at least PoE++. [1]
(They do have their own non spec labeled PoE+++ products though, which are really just “802.3bt Type 4” but they added another plus because that probably sounded better.) [2]
[1] https://store.ui.com/us/en/products/us-xg-6poe, https://store.ui.com/us/en/category/accessories-poe-power/co...
[2] https://store.ui.com/us/en/category/accessories-poe-power/co... , https://help.ui.com/hc/en-us/articles/115000263008-PoE-Avail...
2. How does PoE compare to Powerline Networking?
2. Powerline networking is considerably slower and less reliable than CAT5/6. Additionally, building code for running power lines is much more strict than low voltage CAT5/6
(However, UL will list them for the full 15A -> 1800W, and I'm sure plenty carry that. And for that matter, I suppose you can get twice that in Europe on 240v...)
Reolink cameras are pretty good for what they are. Just dont buy into their NVR solution...
Frigate also has some interesting applications to go along with it, see: https://github.com/mmcc-xx/WhosAtMyFeeder
I also have YOLO on my to do list for the home cameras.
ONVIF is the (now quite old, but still very relevant) standard for interfacing IP cameras locally on a network.
A cheap-but-performant ONVIF camera on an isolated VLAN (or a physically-isolated network; I won't tell anyone) can be a thing of beauty that is also completely unable to call home to some mothership in the clown.
I'm frankly very surprised that I don't see it mentioned here more often when discussions of cameras arise.
https://en.wikipedia.org/wiki/ONVIF
Or ONVIF has a multiple cameras behind a IP, but a crappy ONVIF client only picks one (Unifi Protect).
And profiles. There are many different feature sets in onvif and just because a camera has onvif logo or compatibility doesn’t mean it will play nice with your gear.
ONVIF can be used to discover a camera on a network, query it for its RTSP URL, and facilitate a connection between a client service and the RTSP stream. But you can't stream video via "ONVIF".
I put them on separate vlan where they get no outbound network connectivity.
For cases where you want things like facial detection or license plate detection (automatic doors/gates) get a Unifi AI though and those things cost, but for normal perimeter/room monitoring the cheap ones are very good
Any specific POE with a good sensor/fl on ali that you recommend? I'm all POE/Protect but would like to play with some cheaper poe cameras.
Have a look at this thread [1] I have bookmarked. I found it quite informative. I already got some cheap cameras and set them up, but I wish I would have found it earlier. The ones I got are 4MP with 1/3" sensor and perform absolutely terribly in night setting.
[1] https://ipcamtalk.com/threads/getting-cameras-with-the-right...
* https://www.a1securitycameras.com/blog/non-chinese-security-...
Some names: Axis, Avigilon, Bosch, Vivotek, Hanwha Techwin (SK), Acti (TW), Motorola, Mobotix.
Here is one such review: https://www.youtube.com/watch?v=HYUY61ZFZAs
Blue-line domes, the $240 ones. Four of them. I'd get more but do not know how to make outside routing look neat. i have one bullet and i don't like it and don't use it, i prefer the wide-angle domes with ir.
Versus
110v (long thick cable) -> 12v
Top has more conversions and more current running on smaller gauge
Then there’s double/sometimes triple conversion (120:48 and then 48:dc; 120:48 and then 48:12, and then 12:dc).
Furthermore magnetics are a must on both side of the PoE which also isn’t great.
At lower power there’s more circuitry to run and multiple conversions aren’t great compared to a simple cheap flyback.
For more technical feel free to check here, although it isn’t quite end to end: https://e2e.ti.com/cfs-file/__key/communityserver-discussion...
Life is a balance between inefficiency and inconvenience. Throwing that statement in without actual numbers is just derailing the conversation.
If they had just stuck with 12VDC and buildings had 12VDC wall sockets everywhere, everything would have been fantastic.
I also had a PoE HAT for a RPi that smoked it. Never doing PoE again. 48V and 3.3V electronics probably don't belong within 10cm of each other.
I mean, yes and no. My laptop case is at 78VAC to ground right now. It gives the tingles. I don't use my laptop much while plugged in. They all skimp on making proper 3-pronged chargers these days. My desktop has a grounded case and doesn't have this issue.
My phone, when plugged into wall AC, the touch screen stops working because the whole phone is at an elevated potential and it messes up the capacitive sensing.
Huh? We used to have low-voltage AC and DC powered cameras in the world (and we still do, too).
Those are awful in implementation because buildings, whether or old or new, don't have 12VDC sockets everywhere -- or at all, really.
Nor should they have 12VDC sockets for cameras; they're unnecessary.
I've run my share of siamese coax for low-voltage-fed analog cameras, and also separate power for low-voltage Ethernet-connected cameras, and I'm completely over those concepts.
With proper-fucking IEEE POE, we have standards and it only takes one cable to make it work properly instead of more than one.
If a switch isn't up to the power demands of a particular camera, then: No big deal. I can upgrade or supplement that switch without rewiring even more of the building than was already necessary to get Ethernet going.
(Structured cabling for the win.
Passive POE: Not even once.)
Amen.
No, there aren't, not in the way you imply. There is the IEEE 802 PoE standards, which are all compatible (save for not enough power), and designed to carefully negotiate and especially never break non-PoE devices. And there is bullshit (sorry) like "Passive PoE" that is ironically an active violation of the IEEE specs, can break pretty much anything, and you shouldn't buy so the likes of Ubiquiti and Mikrotik finally get the wallet vote and stop f*cking doing. Unfortunately, the proper PoE PD logic is a few dollars of extra expense.
Yes, there is a slightly higher risk of killing devices due to faults in the PoE supply logic. I have the official PoE HAT for a RPi 4. I have to say it is somewhat poorly designed due to space constraints; the isolation between 48V and 3.3V should be better. I'm not even sure the RPi PoE HAT is spec compliant.
But I don't think you can/should blame this on PoE.
I'm not surprised they can f* up a basic PoE injector. The reason for doing passive PoE is saving a few bucks, on the back of safety and compatibility. Of course they would try to pinch hard on the PoE injector too.
Oh and I'd say they (together with Mikrotik) are responsible for 90% of the bad rep PoE gets. The IEEE 802 stuff really just works. And I say that having been part of rolling out 15000 people conference deployments with several hundred wifi APs in the span of a few days. The only real problem is broken cables, but the Ethernet link commonly fails before PoE is impacted.
In the last 2 years they've released very few new UISP products and you're right that they continue to be passive PoE. I suspect this is for continued compatibility with their older product line. Upgrading from passive PoE to active 802.3 PoE requires replacing the injector and maintaining passive PoE makes it easier to upgrade. And the UISP product line is really meant for wireless ISP operators, not consumers, where the risks of passive PoE are smaller.
Anyway, I agree with the sentiment, but I don't hold it against Ubiquiti too much for continuing to use passive PoE for their UISP line, since I think it makes sense for their customers. As so-so work around you can get a 802.3 -> passive 24V converter: https://store.ui.com/us/en/products/ins-3af-i-g
I'm afraid that's not how it works out in actual practice, it's the other way around:
WISP devices are installed in random people's windows, roofs and chimneys. The injector might end up behind their TV set. If their TV doesn't work, they unplug and replug random things. Which will fry whatever has the unlucky pleasure of ending up on the output side of the injector. I'm unfortunately speaking from experience.
Meanwhile, people buying and putting up a wifi AP beyond their CPE wifi router tend to have a bit of understanding. If you told them to never plug anything other than the given device into the output side of an injector, it'd probably go reasonably well.
Still being sold with 24V passive "PoE"
(It's 802.3af btw)
I did have issues with some of their other products - eg an old CloudKey gen1 that I had remotely in my parents place that I think ran out of space to the point it can’t update itself and can’t compact some old mongodb.
What's your cabling like? Contact Ubiquiti? Looking at the datasheet, I do not see any IEEE standards listed, so they could be doing their own thing:
* https://dl.ubnt.com/datasheets/poe/PoE_Adapters_DS.pdf
You don't mention a specific Aruba AP, but their AP22 stuff lists the needed IEEE standard and wattage:
* https://instant-on.hpe.com/products/access-points/access-poi...
[1] https://x.com/varenc/status/1961587127931867466
There are three: IEEE 802.11af, at, and bt.
af can deliver up to 12W at the powered device (PD), at delivers up to 25 W, and bt either 51W (Type 3) or 71W (Type 4):
* https://en.wikipedia.org/wiki/Power_over_Ethernet#Standard_i...
Any device you purchase should list the IEEE standard it supports and how much power it may draw.
Netgear are hard to beat in terms of reliability/price. They also have a 5 and 16 ports fanless version.
I also got an old Juniper EX2200 24ports and replaced the fans with quiet noctua. It run quite hot, better go with Netgear.
It fit the price-performance curve for our needs several years ago when we eventually outgrew the previous Netgear POE switch...that was also apparently fanless, and that I installed in 2007.
IIRC, it is a GS724TP. It's running a dozen cameras and some access points, and almost all of the rest of the ports are filled up with computers and printers and other Ethernet stuff. No issues at all to to report so far.
(A used enterprise switch with serious fans may be cheaper and/or more featureful and/or more reliable, but do we need that kind of noise at home? We sure don't need it at that small office.
I've also installed some fanless Cisco POE switches with big heatsinks (and dual power supplies, each fed from different sources) on some high-dollar projects where ultimate reliability was kind of a big deal, but... sheesh.
If one of these installed Netgear switches dies in one of these low-risk environments, I'll just patch things up for now and get a replacement coming under warranty.)
[0] https://en.wikipedia.org/wiki/Private_VLAN
If the security association isn't completed on a "must-secure" configured port then no traffic is transmitted. One would need access to the pre-shared keys to successfully use the link.
Now, could one perform a side-channel attack of the memory on the camera and get access to them? Maybe.
Sure the switch will only accept encrypted L2 traffic...but that encrypted link is set up via MKA, which is a part of the 802.1X standard. If you don't have 802.1X authenticating the endpoint, you don't have MKA setting up the encrypted link between that endpoint and the switch and you don't have MACsec.
So if you're trying to prevent a bad guy from getting on your LAN, you need 802.1X, whereas MACsec is an optional extra (a very useful extra if you're worried about MITM attacks). But 802.1X is still doing the heavy lifting w.r.t access control.
It's not veering, it's a full on car crash ;)
You run MACsec either with 802.1X, or with your switch vendor's favorite color of proprietary switch-to-switch 802.1X replacement. MACsec without 802.1X [or equivalent] is a bit like TLS without certificates. It exists in a few places because some people have really weird custom requirements (TLS with pre-shared keys… TLS with NULL encryption…) but those things shouldn't drive a discussion outside their special usage areas.
In that sense: MACsec implies and requires 802.1X. Exceptions confirm the rule.
The absolute low-tech solution would be to dedicate a switch for it.
If you have decent infrastructure with a managed switch, you can easily create a VLAN.
Besides the fact that the female RJ45 is usually inside the dwelling. You'd have to unmount the camera, pull out the cables and connect to it, all at typical heights of 6' and above. That's maybe a concern in commercial setups, although then we're circling back to VLAN.
Cameras are on their own VLAN. Port isolation is enabled so they can't connect to each other. Only connectivity allowed to/from that VLAN is from the cameras to the router for NTP, and from the NVR to the cameras.
So if you plug in you can... check the current time on my router. Maybe see how many other cameras are on that segment? Likely not going to get very far given you're already caught on camera, an alert's been fired, and pretty soon I'm going to be making a call to the police.
Do you buy Ethernet cables of different colors and say "Yellow is reserved for PoE, all yellow cables should be assumed to have power on them"? Or do you slap a "48V" label on both ends of the cables you're going to use for PoE and the label is what warns you that this cable should only go into the PoE receiver, and not into an unpowered device? Or do you just not label your PoE cables any differently, and trust that the injector will never malfunction at the same time that you plug the PoE cable into the wrong device?
Apparently, some mag-jacks have the center taps for each pair commoned via 75ohms to ground through a capacitor... so I could be wrong.
The only issue arises if somebody wires a patch cable completely wrong (neither A nor B), and manages to put one leg of passive PoE's +24v pair matched to one leg of the 0v pair. Which, will promptly smoke the signal transformer... assuming short circuit protection doesn't cut power first. This is why we killed passive PoE.
The data travels as the differential voltage in each of the twisted pairs, and is transmitted magnetically by the transformer to the secondary winding. The power is applied between different pairs, and in each pair appears as a common mode voltage. This is all stopped by the transformer, and in devices designed to support PoE, the PoE circuits tap the mid-point of the primary windings to access the supplied voltage.
So at a first glance, it seems that if 48 volts is applied between the twisted pairs to a non-PoE device, this voltage would simply be blocked by the transformer. But since there is a widespread concern about this, there must be more to the story -- maybe somebody who actually worked with these circuits can explain why this is more complicated than it seems at first?
Edit: Found an answer. It seems that at least some of the designs of non-PoE Ethernet jacks terminate the common mode signals to a common ground though 75 Ohm resistors. In this case, if the voltage were applied between the twisted pairs, the resistors would dissipate far too much power and would burn out. So there is definitely a concern with the dumb PoE injectors and at least some non-PoE devices. https://electronics.stackexchange.com/questions/459169/how-c...
Theres fixes, but passive PoE was a pretty dirty hack- so negotiation got added.
This is a bit analogous to USB-C PD power supplies, which can supply 12V/24V, but only do this when devices ask for it. I don't worry that my laptop's USB-C power supply will go rogue and send 24V to my earbuds.
Once I accidentally plugged the cable into a laptop and the port didn’t work until I powered the laptop off and on again, but no lasting ill effects on laptop at all.
Whenever possible, I opt for PoE. It’s a damn shame it’s limited to a niche userbase given its myriad advantages.
What does enterprise grade mean to you?
My standard campus switches are 722s with 48 ports and 25/10 SFPs, but there are use cases when smaller switches make sense.
> Oh, so you hate waffles?
Mikrotik website has a good selection of them and if you look at the other hardware types it'll be interesting in getting an idea of weird things you don't see in normal offices.
https://mikrotik.com/products/group/switches
Apart from obviously larger bandwidth options like 28qfsp 100gb (I'm unaware if mikrotik does them but 400gb is normal in some circles) there's things like reverse POE switches, media converter switches, and all sfp+ switches.
Poe++ exists and you can use switches with it to power poe+ switches that will power poe switches. Or they can be used to power laptops or NUCS directly.
I realize that for whatever unknown reason there are a subset of people who think everything should be wireless, but those people are wrong and should not be listened to.
For those thinking about adding one they've grabbed off amazon and installing themselves, please do a bit of hunting and reading rather than just buying the first word soup brand cheapest ones. Also remember installing uncertified electronics in your walls is a good way to void your insurance if they're the cause of disaster and turn it into a legal battle even if they're not.
In their consumer "UniFi" product line. Pull up their store and switch over to the "UISP" product line. Most of the smaller wireless devices and consumer-tier CPE are 24v passive, most of the larger wireless devices, 60GHz bridges, etc. are 48v passive, a few devices in the middle support both, and standard "active" PoE is almost nowhere to be found. Even on product lines that weren't even dreamed up when modern standard PoE was ubiquitous.
They say it's because the WISP crowd loves passive PoE as it can easily be wired to batteries on towers, and I get that, but that's no excuse for not also supporting standard-based PoE on the device end. There's no good reason for a product designed in the 2020s to force the installation of passive PoE where there was none prior.
They demonstrated they can do both with most of the transition-era UniFi products. Support and encourage the use of standards, allow the use of non-standard but common alternatives where they make sense.
In fact it did, in the transitional models that were sold both with and without 802.3af support there was a sticker added to the box on the ones that had it.
The switch was early in the life of the UAP-AC series of access points. IIRC the "Pro" and in-wall models always supported 802.3af but the "Lite" and "LR" models initially were 24v passive only. I vaguely recall there also being transitional models of their cameras but we were not deploying those at the time.
> Consumer tier means people will plug whatever fits.
And this is why I hate passive PoE with a passion. Standards-based PoE ports are safe, you can plug devices not supporting PoE (or requiring passive PoE) in to them with no risk of damage. Passive PoE ports are dangerous, they can and will destroy things that are not expecting to receive power on those ports.
They're even dangerous to devices designed for it in some cases, Ubiquiti actually famously had problems with UAPs on the end of long cables being damaged when fed by passive PoE from the source and eventually recommended that those installs add their "Instant 802.3af" adapters which took standard 802.3af over the wire and converted it to passive right at the device end. I had one site that lost three UAP-LRs before that was revealed.
A correctly-designed Ethernet interface is galvanically isolated at both ends to avoid ground loops, differing grounds, and other nasties over long distances.
Can you expand on "often, but not always, power"? Here's my guess:
* It's more efficient for the small stuff: little wall warts aren't very efficient I think in part because there's some no-load consumption for each. The switch pays that no-load cost once for many devices and has like an 80-plus gold or better PSU, hopefully. And then I think even cheap buck converters are like 95% efficient; they have some no-load consumption too but I think less than the wall warts? And even though this goes over 2 (or 4) tiny wires, at 48V–56V, the current is low enough that power loss is not bad because those wires are just for one small device, and P=I^2R.
* It's less efficient for the big stuff: that P=I^2R starts to suck for the PoE case, and in the non-PoE case they're more likely to have efficient AC->DC conversion on their own. 90% efficient beats 90% * 95% efficient.
If you have one small PoE device connected to a large PoE switch then it would be less efficient compared to a non-PoE switch and a small separate power supply for the device.
I ended up buying a PoE extractor and barrel plug adapter for my Roku, and another extractor for my HDHomeRun.
It annoyed the heck out of me that they had PoE running to them and still had to be plugged into a separate transformer.
Ubiquiti did this for a while, the product line was called UniFi LED and IIRC it didn't get much further than a few panel lights intended for drop ceilings and a wall mount dimmer switch.
IIRC the justification was that because it was low voltage it could be installed by anyone instead of potentially requiring an electrician and you then also got the ability to dynamically adjust grouping, switch behaviors, etc. if for example your floorplan changed.
That being said, a quick Google search for "poe usbc" yields some devices that are much more expensive than the power brick I bought, but in theory would let you run a Chromecast from a poe ethernet port with wired ethernet.
Where ever you're putting the TV you have to put in regular power anyways, so it's fairly tidy to just put the device's power cable parallel with the TV's power cable. WiFi will handle communication. On the other hand, NEC and CEC requires minimum of 2 inches gap for communication wiring to electrical so you're now you've got that minor complication.
POE makes sense mostly when it makes sense to combine communication and power cabling. Corded phones, wifi access points, security cameras, small touch screen modules, etc. Not saying what you're doing can't work, but the added expense of installing parallel CAT6 everywhere doesn't seem worth it.
https://www.gl-inet.com/products/gl-rm1/
PoE (Power over Ethernet) sends both DC power and data through the same twisted-pair Ethernet cable, allowing devices like IP cameras, wireless access points, and VoIP phones to run without separate power lines. The power is delivered by Power Sourcing Equipment (PSE) — either an endspan (built-in PoE switch) or a midspan (PoE injector placed between a non-PoE switch and the device). The powered device (PD) negotiates power via detection and classification before voltage is applied, preventing damage to non-PoE gear. IEEE 802.3af (Type 1) provides up to 15.4 W at the source, 802.3at/PoE+ (Type 2) up to 25.5 W delivered, and 802.3bt (Type 3/4) extends that to roughly 60–90 W using all four wire pairs. Engineers need to understand not just wiring, but also cable category limits, pair usage, power losses over distance, and heat dissipation — especially at higher power levels. Modern PoE designs must consider standards compliance, thermal management, and efficiency, as power density rises with new generations of PoE technology.
45 more comments available on Hacker News