The following outline was written by Steve Surfaro of Axis Communications:
When troubleshooting physical infrastructure, integrators must examine:
- Cabling and wireless networks,
- Equipment that controls the network devices and system power, and
- Wiring plant that supports the multiple network-based security systems.
To determine the source problem, ask these questions:
Is there power?
This is the most obvious place to start troubleshooting. Ferret out whether a break in the network cable is present or if the problem lies with the power sourcing equipment (PSE) or the powered device (PD) itself. It’s advantageous to have a network management system that can consistently monitor the endpoints of the network and pinpoint where performance has slowed down or stopped altogether, especially for larger networks.
Is the PSE’s capacity exceeded?
If an Ethernet cable connects devices to a Power-over-Ethernet (PoE) switch, confirm that the device being powered can accept and use power from that Ethernet cable for its operation. As a safety precaution, a PoE switch or other PoE-compliant PSE won’t supply power over an Ethernet cable if it’s not connected to a PoE-compliant device.
Second, check the wattage rating of the network switch and the power requirements of all the PoE devices being powered by that switch. The PoE standard — also known as the IEEE 802.3af standard — designates a maximum power output of 15.4 watts per port, or 12.95 watts to the powered device after factoring in the normal power loss that occurs on a twisted pair cable. Attaching too many devices with large power requirements to a switch can exceed its power capacity. To determine the classification of a particular powered device, check the manufacturer’s specification sheet.
If the network switch supports the newly ratified Hi PoE standard — also known as IEEE 802.3at or PoE+ — it can deliver 25 watts of power per port, or 22.55 watts to the powered device once power dissipation in the cable is considered. If the Hi PoE network switch uses all four of the twisted pairs in the Cat 5 cable, it can deliver up to 51 watts of power per channel. This is more than sufficient to power and control pan/tilt/zoom network cameras, as well as (small) heaters and fans in outdoor network cameras, over a single Ethernet cable.
Is the wireless network experiencing interference?
Much like hardwired network systems, integrators should set up a network management system to monitor wireless transceivers or radios for power loss, fluctuating network throughput and poor signal strength. Radios can also be monitored for interference from external sources.
Rooting Out Logical Infrastructure Problems
When troubleshooting logical infrastructure, integrators must examine:
- Network switches,
- Firewalls, and
- Network management systems.
To determine where the problem might be originating in the logical infrastructure, here are a few pertinent questions to investigate:
Does the user have permission to access the system?
If a user complains that they’re not receiving information from a particular network-based device, check the Virtual Local Area Network (VLAN) to see if they have been granted permission to access that device. The VLAN is designed to separate groups of users to prevent unauthorized access to network components such as devices or databases.
For instance, human resources might have permission to look at an access control database but is barred from the access control panels themselves. A school superintendent may be able to see all of the video cameras in the district, but principals can see only the cameras covering their own campuses. Or in an emergency, first responders may be given temporary access to a building’s security cameras.
Is a new logical security application causing communication failures?
If network-based devices suddenly stop communication, check to see if the network administrator has introduced a new logical security application that may have triggered the failure. This could be a new proxy server that doesn’t recognize the device, a new firewall that creates a barrier between the device and the network in accordance with the company’s information security management (ISM) policy, or a piece of security software that is blocking the network port used by the device.
The best way to test for these problems is to shut down the new application and see if the device begins communicating again. Start with the simplest communications path possible and then add layers of logical infrastructure and tracking when things start to fail.
Troubleshooting Specific, Network-Based Security Systems
After investigating the infrastructures, integrators should move on to the specific network systems for further inspection. The diagnostic strategies for two of the more popular network-based security systems — video surveillance and access control — are very similar.
Is the powered device working?
Whether it’s a network camera or a card reader, the first thing to check is the device itself. Is it receiving power? Are all its parts functioning? If the problem doesn’t seem to be power or part failure, try resetting the device. Start with a soft reset: simply powering down the device and then powering it back up again. If that doesn’t work, a hard reset will restore the device’s settings to its factory default. Then you can change the settings one at a time to see if a particular new setting is causing the problem.
Is the problem in the firmware?
One of the most common oversights in upgrading network-based systems is firmware compatibility between the network camera and the video management system or between the card reader, the door control panel and the access control management system. A manufacturer might have shipped you a firmware revision for the network device that isn’t supported by the management system. Or the network administrator might have upgraded the management system without considering its compatibility with the network device. Any of these scenarios could lead to a communications issue.
Are the databases synched?
If multiple network-based security systems are designed to work in tandem, it’s important to synchronize their databases to ensure that they operate properly. For example, a visitor management system might allow visitors to enroll online to ensure a badge is waiting for them when they arrive at the facility. However, if that information doesn’t automatically populate the access control system database, then the visitor’s badge won’t be recognized by the card reader.
Is remote access being hampered?
For network video surveillance systems in particular, problems can emerge with WAN connectivity when monitoring video streams remotely. To correct, first ensure that the individual monitoring the cameras is accessing the correct static IP addresses. If the network doesn’t use static IP addresses for the network cameras, check that correct port forwarding or network address translation protocols are in place. This might require specialized programming to determine if the camera’s video stream is transmitting properly through the router. Hosted video solutions (i.e www.USrelay.com) avoid much of this complex protocol connectivity by connecting the cameras to an outside dispatch service. The service automatically reconfigures the cameras to stream video to a hosted video portal, where it can be accessed by remote users.
Keeping It Simple
Even in a complex network environment, the simplest approach is the most effective one. Start troubleshooting by ruling out more obvious problems such as power loss before exploring other possible issues affecting system performance. Try to recreate a simple communications path between the network device and the user of that device’s information — be it a video stream or an entrance permission. Then gradually introduce other areas of the network to determine where and when the problem occurs. This systematic layering of complexity will make it easier and faster for you to root out the problem and bring the security systems back to full operation.
Troubleshooting Checklist:
Check physical infrastructure
- Power to all devices?
- Manual soft or hard reset?
- PoE capacity exceeded?
- Wireless interference?
- User permission for VLAN?
- New logical security application?
- (Proxy server, firewall, security software, etc.)
- Firmware compatibility?
No comments:
Post a Comment