What this page solves (outdoor-specific failure reality)

Outdoor cabling behaves like an antenna and a ground-coupled injection path. Long runs, unknown remote earthing, and large common-mode impulses make “lab-stable” designs fail in the field.

• Random reboot / reset storms → brownout on a rail, RESET pin injection, or ground bounce entering logic reference.
• Link drop / unstable Ethernet → common-mode hit on the cable shield/PE path, or secondary clamp capacitance/leakage degrading eye margin.
• Dead port (permanent) → energy not diverted to PE (long return path), TVS overheats, or coordination causes the wrong element to absorb the surge.

Engineering mindset: outdoors, “voltage is not the story.” The story is energy + return path inductance + mode (CM/DM).

Hard boundary (mechanically checkable)

Out of scope here (handled by other pages):

• PTP/IEEE-1588 timing architecture and clock distribution.
• NVR/VMS recording integrity, watermark/signing, or stream encryption protocols.
• ISP algorithm tuning, radar DSP derivations, cloud platform/OS walkthroughs.
• Whole PoE switch design (this page only covers port-level PoE protection on an outdoor endpoint).

What “good” looks like in practice (evidence-first)

• Short-to-PE discharge path: the primary energy route is physical and low-inductance, not “through the PCB ground maze.”
• Coordinated stages: primary element diverts bulk energy; secondary clamp limits IC pin stress; series/CMC shapes di/dt and common-mode.
• Field visibility: ground-health status (PE continuity / shield bond), surge counters, reset reasons, link-down correlation are logged.

Threat families (engineer’s view: signature → injection point → first symptom)

Outdoor events differ mainly by rise time, energy, and where they inject. Treat them as repeatable families:

• ESD (IEC 61000-4-2): very fast edge, local injection at metal/shield/connector → link drop, latch-up, or transient reset.
• EFT/Burst (IEC 61000-4-4): pulse trains coupling through wiring harness → false triggers, sporadic reboot, IO misread.
• Surge (IEC 61000-4-5): higher-energy impulse (lightning induced / switching) → port damage, brownout, magnetics/PHY stress.
• Ground potential rise (GPR) / ground loop: remote earth differs; the whole cable shifts in potential → common-mode dominated failures repeating at the same site.

Coupling paths (what actually carries the energy)

• Shield/PE coupling: shield bonds and chassis connections become the main current path during CM events.
• Reference ground coupling: inductive ground leads turn “protective grounding” into a voltage injector into logic reference.
• Port structures coupling: magnetics, ESD arrays, IO clamps can unintentionally route energy into silicon if coordination is wrong.

Practical consequence: protection selection without return-path geometry is unreliable. Outdoors, layout is part of the component.

Minimum evidence checklist (before replacing hardware)

• Site repeatability: does the issue happen only at one location / one cable route? (CM/GPR suspicion)
• Reset reason & rail dip: brownout flag, watchdog vs external reset indicator, or measured rail sag during event.
• Port health: TVS leakage/short check, connector shield bond continuity, and visible damage near discharge path.
• Correlation: link-down timestamp aligns with IO bursts / relay switching / lightning weather window.

Event labels to design against (use as acceptance tags)

Use standard waveforms as labels (not as an excuse to “copy a reference design”): each waveform stresses a different weakness — energy handling, clamping, or repeated ringing.

• ESD: contact / air discharge level; pay attention to secondary hits and post-event leakage drift.
• Surge current (8/20 µs): energy and thermal stress; checks staged energy sharing and return path quality.
• Surge voltage (10/700 µs): common in comm ports; stresses clamp hierarchy and insulation gaps.
• Ring wave: repeated overshoot; exposes loop inductance and “bounce-back” coordination issues.

Key electrical metrics (each must map to a system consequence)

• Clamp voltage (V_CL): pin stress limit; too high → silicon damage; too low (with high C) → SI/PoE side effects.
• Dynamic resistance (R_DYN): how “hard” the clamp is under current; higher R_DYN → higher residual peak.
• Capacitance (C_J): SI killer on fast ports; too high → reflections/eye closure on GbE and some RS-485 edges.
• Leakage: temperature-dependent drift can destabilize PoE detection or bias networks; high leakage is a post-event damage indicator.
• Response vs loop inductance: the clamp can be fast but the package + trace inductance creates overshoot first.
• Thermal capacity / energy share: staged network must prevent the secondary clamp from “hard carrying” surge energy.

Practical rule: if a design “passes once” but fails after repeated field events, suspect leakage drift, aging, or poor energy sharing rather than a single missing component.

Metrics → system impact table (design decisions, not a datasheet dump)

Coordination principles (what must be true in a working design)

• Trigger ordering: primary diversion should engage before the secondary is forced to absorb bulk energy.
• Energy sharing: secondary clamps should handle residual peaks, not the main surge energy (avoid thermal runaway).
• Geometry: the primary-to-PE loop must be short and wide; long loops create overshoot and reset injection (L·di/dt).
• Bounce-back control: prevent “re-strike / rebound” that repeatedly stresses the secondary after primary action.
• Service recovery: avoid follow-current conditions that keep primary devices conducting after the event.

Component roles (where each device belongs, and what it is bad at)

Use the following cards as a placement checklist. Each card includes a typical misuse pattern that causes real field failures.

Primary stage options (bulk energy diversion)

• GDT / Spark gap: strong energy handling; best when chassis/PE path is reliable and physically short. Risk: spread in trigger voltage, follow-current behavior, rebound.
• MOV (mostly power-side): absorbs energy but ages; can drift in leakage and clamping. Risk: long-term degradation and thermal stress outdoors.
• Placement rule: primary devices belong at the boundary with a short discharge route to chassis/PE — not deep inside the PCB.

Secondary stage options (residual clamp near silicon)

• TVS near PHY/MCU: clamps residual peaks; must be chosen with C_J and leakage limits for the port.
• Series impedance (R/PTC/ferrite): shapes di/dt and limits surge current into the secondary clamp.
• CMC (common-mode choke): does not “clamp voltage” but helps keep CM current out of sensitive reference domains.
• Placement rule: secondary clamp must sit close to the victim pins, with a tight local loop; otherwise overshoot happens first.

Top 3 coordination failures (what breaks in the field first)

• Primary “fires” but cannot dump: PE path too long or high inductance → energy flows through PCB reference and causes reboots/PHY lockups.
• Secondary hard-carries energy: primary never triggers or is mis-ordered → TVS overheats, leakage drifts, and the port becomes unstable over time.
• Ground path is the injector: “good parts, bad geometry” → L·di/dt generates overshoot and reference bounce before any clamp helps.

A robust design makes the energy path obvious: from the port boundary straight into chassis/PE, not into logic ground.

What each part is good at (and what it is bad at)

• CMC (common-mode choke): reduces CM current while preserving differential behavior (when balanced). Bad at: fixing a missing chassis/PE discharge path.
• Ferrite bead: adds HF impedance; useful for spikes and noisy IO rails. Bad at: high energy events and predictable behavior under large DC current.
• Series impedance (R/PTC): limits di/dt and shares energy with clamps. Bad at: high-speed ports if it disturbs impedance/matching.
• π filter (C-L/C): strong for power entry noise. Bad at: creating resonance with cable inductance if damping is not explicit.

Interface group A — Ethernet/PoE (RJ45)

Ethernet ports are often CM-dominated in outdoor failures, but they are also the most sensitive to parasitic capacitance and imbalance. Treat any added component as a signal-integrity part.

• CMC placement: near the boundary is preferred only when the shield/chassis return is clearly defined; otherwise CM energy is redirected inward.
• Symmetry rule: keep pair routing and protection networks symmetric to avoid converting CM↔DM and degrading link margin.
• Capacitance budgeting: clamp arrays add C; keep total port capacitance within the link’s margin budget (verify with eye/BER and drop statistics).

Interface group B — RS-485 terminal

RS-485 is more tolerant than GbE, but it is strongly affected by ground potential differences and CM range limits of the transceiver. Common-mode control and (when necessary) isolation outperform “bigger TVS” approaches.

• CMC near terminal: reduces CM injection from long lines; keep the path to the reference domain controlled.
• Beads/series parts: can tame fast spikes and improve EFT resilience, but do not let them distort bias/termination behavior.
• Avoid unbalanced shunts: single-ended capacitors to logic ground can create mode conversion and pull surges into the PCB reference.

Interface group C — DI/DO / Relay / Alarm IO

Alarm IO and relay lines are EFT/burst magnets. The goal is to prevent false triggers and avoid injecting reference bounce into MCU reset/ADC thresholds.

• Series + clamp: series impedance limits di/dt; local clamps limit pin stress; both reduce false events under burst injection.
• Ferrite with caution: beads can heat or shift impedance; use them as HF impedance, not as a surge absorber.
• π filter for power/coil: only when damping is controlled; otherwise it can ring with cable inductance and worsen reset storms.

Placement rules that prevent “filtering that hurts the link”

• Boundary-first: if a part is meant to stop external CM current, it must sit near the boundary and have an obvious chassis/PE return strategy.
• Pin-protectors close to pins: secondary clamps belong near victim pins with a tight loop (to avoid pre-clamp overshoot).
• Keep pairs symmetric: matched placement, matched routing, matched parasitics — especially across differential pairs.
• Prefer stable networks: if a π network is used, ensure damping/ESR is not “accidentally zero,” or ringing will appear under burst/surge.

Ethernet magnetics + shield/chassis treatment (high-level)

• Magnetics provide isolation for differential signaling, but common-mode stress can still couple via shield and parasitics.
• Design intent: keep cable/shield CM current closing to chassis/PE, not to logic ground.
• Practical check: if “same unit, different site” changes failure rate dramatically, treat shield/chassis return as part of the protection design.

Digital isolators + isolated power (when it becomes necessary)

Isolation is most effective on long external IO/RS-485 lines and external probes/sensors where remote grounding is unknown. It prevents CM stress from directly shifting internal reference domains.

• When to consider isolation: long outdoor runs, unknown remote earthing, repeated storm-related incidents, or CM range violations on transceivers.
• What isolation changes: CM current no longer uses the internal ground as its return path; staged clamps are less likely to hard-carry energy.
• What isolation does NOT remove: each side still needs local clamps and controlled return loops (isolation is not “zero protection”).

Isolation tradeoffs (must be budgeted, not discovered late)

• Creepage/clearance: layout area and mechanical constraints increase; compliance margins must be designed in.
• EMI behavior: isolation can shift noise paths; CM emissions may move unless shield/chassis strategy is clear.
• Bandwidth / timing: isolator channel limits and delay skew can matter on fast IO; keep expectations aligned with interface needs.
• Cost and power: isolated DC/DC and isolators add BOM, loss, and sometimes thermal constraints.

Decision table (environment → isolation recommendation)

Roles that must stay separated (port-level view)

• Chassis / PE: high-current, fast transient return. This is where primary energy diversion must close.
• Logic / Signal GND: stable reference for PHY/MCU/ADC thresholds. It should not be a surge current highway.
• Bonding (equipotential): low-impedance connection that keeps the transient loop outside the logic reference domain.

Do / Don’t checklist (≤10, practical and checkable)

Shield termination principle (port-level only)

• Goal: keep common-mode current closing to chassis/PE near the connector boundary.
• Checkable intent: shield termination should not force CM current to travel through logic reference planes.
• Limit: this page stays at port-level principles; full site cabling and building earthing strategy are out of scope.

Common rules across all ports

• Stage 1 diverts energy to chassis/PE at the boundary with minimal loop impedance.
• Stage 2 clamps near the victim (PHY/IO) to limit pre-clamp overshoot.
• Return intent must be explicit: do not let CM current “choose” the logic ground by accident.
• Symmetry is mandatory on differential ports; imbalance creates mode conversion and link instability.

Pattern A — PoE RJ45 (Ethernet/PoE port only)

Objective: survive surge/ESD while preserving link margin (no eye collapse, no training failures).

• Parts: Stage-1 diversion to chassis/PE + CMC for CM control + Stage-2 clamp near PHY/PD domain.
• Layout focus: symmetric differential geometry; short-to-PE for Stage-1; short local loop for Stage-2.
• Common failure: adding clamps with excessive capacitance or imbalance; Stage-1 “exists” but discharges through long/indirect traces.

Pattern B — RS-485 terminal

Objective: control CM stress and protect differential pins; add isolation when grounding is uncertain.

• Parts: differential TVS + CM diversion strategy + optional CMC + optional isolation barrier (interface-dependent).
• Layout focus: boundary-first placement; secondary clamp close to transceiver; keep bias/termination behavior stable.
• Common failure: returning CM diversion into logic ground; unbalanced shunts that convert CM↔DM and increase errors.

Pattern C — Alarm DI/DO / Relay lines

Objective: prevent burst-driven false triggers and keep MCU references stable under wiring transients.

• Parts: line-to-chassis/PE clamp where possible + series limiting (R/FB/PTC) + local pin clamping strategy near MCU/driver.
• Layout focus: keep burst currents from crossing sensitive reference nodes; compact loops; avoid undamped resonant filters.
• Common failure: π networks that ring with cable inductance; clamps that “work” electrically but inject current into logic ground.

Pattern D — DC input (outdoor power entry)

Objective: absorb external surges, prevent reverse/inrush faults, and protect the downstream rail tree.

• Parts: environment-dependent primary element (MOV/GDT/primary clamp) + TVS + reverse/inrush limiting + eFuse/TBU-style current limiting concept.
• Layout focus: Stage-1 diversion loop to chassis/PE; keep hot loops short; ensure downstream rails do not see high dv/dt.
• Common failure: TVS forced to hard-carry energy due to missing diversion path; protection placed deep inside the rail tree.

What to monitor (MVP → Enhanced → Pro)

Signals → sampling → event rules (implementable table)

Recommended event log fields (local “black box” schema)

The purpose is not to log everything; it is to reconstruct “pulse → return path → link/reset → recovery behavior”.

Port classes (drives injection and observation)

• Data ports: Ethernet/PoE RJ45 (focus: link stability, recover time, error counters).
• Control ports: RS-485 / Alarm IO / Relay lines (focus: comm errors, false triggers, latch-up avoidance).
• Power ports: DC input / power entry (focus: brownout behavior, rail integrity, no configuration loss).

Pass criteria (checkable, not ambiguous)

• No damage: port remains functional after test (link/IO/comm can resume).
• Auto recovery: system returns to a usable state without manual power cycling (define recovery window).
• No configuration loss: key settings remain intact across events.
• Traceability: event logs capture timestamp + port_id + trigger + brownout/reset/link evidence.

Evidence capture: always collect two types

Test matrix (execute, record, reproduce)

For reproducibility, each failure record should include: injection method, polarity, fixture grounding, cable length, and port_id.

Quick triage checklist (do this before symptom branches)

• Export last 50 events: timestamp, port_id, trigger_source, surge_counter, brownout_flag, reset_reason, link_state.
• Check PE/chassis continuity: continuity stable vs open vs flapping (record as a status, not just “OK”).
• Protector health check (unpowered): look for short, heavy leakage, or open compared with a known-good unit.
• Swap test baseline: short patch cable + same switch port + known-good PSU (if applicable).

If PE continuity is open/flapping, prioritize bonding/ground path before replacing downstream ICs.

Symptom A — Repeated link drops (Ethernet/PoE)

Symptom B — Port dead / no link / no comm (RJ45, RS-485, IO)

Symptom C — Intermittent reboot / reset

Symptom D — Video artifacts / mosaic / dropped frames

Protector triage cheat-sheet (short / leak / open)

Use a known-good unit for resistance/leakage comparison when absolute readings are ambiguous.

Example “service kit” parts list (quick replacement stock)

Select voltage/current ratings and package options per your port working voltage and energy class; the list above is for fast field substitution patterns.