Detection confirms a valid PD signature before power is applied.

• Primary risk: false detect / detect fail under long cable, moisture, or leakage paths.
• What to log: attempt count, fail count, and a stable reason code (e.g., DETECT_FAIL).

Evidence fields: detect_attempt_count, detect_fail_count, port_fault_reason

Classification selects the safe power envelope for the port.

• Primary risk: mis-classification → “power-on loops” (too low) or budget collapse (too high).
• Engineering requirement: classification results must be repeatable for the same port + cable.

Evidence fields: classify_result, classify_fail_count, allocated_power_W, power_denied_budget

Power on must tame inrush; maintain must avoid false drop due to MPS behavior.

• Primary risk: inrush triggers OCP / UVLO → repeated resets; MPS drop triggers false off.
• Engineering requirement: bounded retries + backoff, never endless oscillation.

Evidence fields: power_on_fail, power_on_retry_count, OCP_trip_count, UVLO_event_count, MPS_drop_count

If supported, LLDP power enables dynamic requests, but must remain bounded and auditable.

• Benefit: tighter budgeting and metered allocation.
• Risk: unexpected power changes if policies are inconsistent.
• CCTV preference: “predictable, capped power” with priority for critical ports.

Evidence fields: lldp_power_request_W, lldp_power_grant_W, lldp_change_count

Per-port vs multiport architectures decide whether faults are isolated or contagious.

• Per-port isolation: one port trips without dragging neighbors.
• Multiport sharing: bus sag or protection actions can cascade across a group.

Evidence fields: port_fault_count, group_fault_count, bus_48V_min

Hot-plug events are where CCTV ports most often “loop” (power on → trip → retry).

• Failure mechanism: inrush → OCP/UVLO → retry oscillation.
• Requirement: foldback / controlled ramp, plus bounded retries and backoff.

Evidence fields: power_on_retry_count, OCP_trip_count, UVLO_event_count

MPS robustness prevents false power-off when the load behavior is intermittent.

• Failure symptom: “works for minutes, then drops” with no clear trigger.
• Requirement: log MPS drops and correlate with port state transitions.

Evidence fields: MPS_drop_count, port_state, port_fault_reason

Deterministic dropback defines what happens after OCP/OTP/budget events.

• Must define: retry cap, backoff time, lockout conditions, restore conditions.
• CCTV expectation: critical ports should survive via priority before non-critical ports.

Evidence fields: retry_backoff_ms, lockout_state, derating_state

Budget is sustained power, not a nameplate number.

• Accounting: conversion efficiency loss + thermal derating + reserve.
• Engineering outcome: an explicit available_budget_W under worst-case temperature.

Evidence fields: available_budget_W, reserve_W, derating_state

Guaranteed power protects critical CCTV ports from brownout and oscillation.

• Applies to: entrance/exit cameras, critical PTZ zones, safety-related coverage.
• Rule: guaranteed allocations must not be reclaimed during budget stress.

Evidence fields: port_priority, guaranteed_W, guaranteed_total_W

Oversubscription (sum of caps > budget) is allowed only with a documented shed policy.

• Trigger: budget waterline crosses Warning/Critical.
• Requirement: cap-down first, selective off second, staged restore last.

Evidence fields: oversubscription_enabled, budget_waterline, shedding_active

• Trigger: budget crosses Warning waterline.
• Action: reduce caps on P2, then P1 if needed.
• Log: event_type=CAP_APPLIED, cap_target_W, port_id, reason=BUDGET

• Trigger: cap-down applied; wait for bus and thermals to recover.
• Action: hold state for a bounded window.
• Log: grace_timer_ms, bus_48V_min, hotspot_temp

• Trigger: budget remains in Critical after grace window.
• Action: turn off lowest priority ports (P2 first), using a fixed ordering rule.
• Log: event_type=PORT_OFF, reason=BUDGET_SHED, duration_ms

• Trigger: budget returns to Safe waterline for a stable window.
• Action: restore ports in priority order, with backoff to avoid synchronized inrush.
• Log: event_type=RESTORE, restore_backoff_ms, restore_sequence_id

• Metering: V_port, I_port, P_port (avg/peak suggested).
• Counters: power_on_count, OCP_trip_count, MPS_drop_count.
• Reason codes: port_fault_reason = OCP/UVLO/OTP/MPS/BUDGET/DETECT/CLASS.

Use: distinguish “inrush loop” vs “thermal drop” vs “budget shed”.

• Bus health: bus_48V_min, bus_48V_avg.
• Thermals: psu_temp, hotspot_temp, derating_state.
• Cooling: fan_rpm + fan_fault.

Use: prove whether a port fault is isolated or system-wide.

A minimal event record should be consistent across all actions:

• timestamp, event_type, port_id
• reason_code, policy_action
• V/I/P snapshot (optional but recommended)
• duration_ms (when applicable)

• CLI: live port state + last-N events + counters.
• SNMP: counters + alarms + waterline state.
• Web UI: readable dashboards with exportable events.

Only “what to expose” is defined here (no cloud/remote platform design).

• Target: separate Camera VLAN, Uplink/NVR VLAN, and O&M VLAN to reduce broadcast noise and limit lateral exposure.
• Failure it prevents: unknown-unicast/broadcast flooding that steals buffers and creates microburst drops.
• Verification: check broadcast/unknown-unicast counters and ensure cameras cannot talk across VLANs without explicit policy.

• Target: ensure video traffic stays in the higher-priority queue during congestion.
• Failure it prevents: video drops/jitter when management traffic or uplink contention occurs.
• Verification: under a controlled congestion test, video queue drops remain near zero while lower queues absorb loss.

Evidence fields: per_queue_drop, queue_occupancy, egress_rate

• Target: multicast streams only reach ports that joined the group; avoid “multicast = flood”.
• Failure it prevents: multicast flooding that burns bandwidth, heats magnetics, and causes loss spikes.
• Verification: non-subscribed ports should receive no multicast stream; group table should be stable.

Evidence fields: igmp_group_table, querier_state, mcast_flood_count

• Use only if device is placed in industrial ring topologies.
• Target: bounded recovery time after link break without persistent storms.
• Verification: link pull test: measure video recovery time and topology-change event logs.

Evidence fields: topology_change_count, convergence_event_ts

• Target: minimal segmentation and least-exposure between VLANs (only required flows allowed).
• Keep it bounded: no deep routing features; use only what supports CCTV segmentation and auditability.
• Verification: ACL hit counters show allowed flows; denies are counted and time-stamped.

Evidence fields: acl_hit_count, acl_deny_count

• Loss: per-port drops and per-queue drops during normal + stress tests.
• Jitter: bounded variation under uplink contention (watch buffers/queues).
• Microbursts: spikes from I-frames/events should not collapse queues or trigger multicast floods.

The deliverable is a verification plan: inject congestion, observe queue drops, and confirm IGMP membership behavior.

• per-port FETs and current sense regions
• high density: many watts in a small footprint
• field symptom: repeated port resets under high power

• rectification/protection parts can heat during stress
• transient events can create thermal spikes
• field symptom: protection events that correlate with temperature

• throughput-driven thermal rise
• high junction temp may degrade buffering behavior
• field symptom: throughput drop and loss spikes at elevated temps

• continuous PoE current + ambient heat
• hot magnetics can indicate airflow problems
• field symptom: link instability and thermal stress near ports

• hotspot copper spreading and thermal vias in PSE zones
• separate heat islands: avoid stacking PSE + DC/DC + ASIC too tightly
• ensure consistent contact pressure for heatsinks where used

• airflow should sweep the highest density heat sources first
• fan tach monitoring + fault handling (blocked/stalled)
• dust aging: assume airflow drops over time; derate strategy must cover it

• T1: PSE hotspot region (highest risk)
• T2: switch ASIC region
• T3: outlet/near magnetics (airflow indicator)

Sensors must map to actions and logs (not just “for display”).

• ESD: very fast transients; must be handled at the connector edge and return path.
• Surge: higher energy; needs clamp + discharge + impedance control to keep energy out of PHY/PSE.
• Lightning / induced events: common-mode energy and ground potential differences; grounding/isolation boundary matters.
• OC/SC: misuse, water ingress, damaged cables; must trip per-port first without collapsing the whole switch.

• Layer 0 — RJ45 edge: divert common-mode energy to chassis/ground early; keep return loop short.
• Layer 1 — Isolation boundary: magnetics + isolation strategy defines what can cross into PHY domain.
• Layer 2 — Chip guard: final clamp / filtering before PHY/PSE sense nodes.

The same component can be “right” or “wrong” depending on placement and return path.

• Bus OVP/UVLO: keep 48–57V domain stable; protect the PSU and prevent undefined operation.
• Bus short-circuit protection: isolate the fault; avoid a full-system brownout if the fault is per-port.
• Input surge handling: AC/DC front-end must reject surges without dragging the PoE bus into reset cycles.

• Port-first principle: per-port trip/cut should handle most cable faults.
• Bus protection as last resort: bus trips only when the bus is actually threatened (not a single port).
• Recovery policy: backoff + staged restore prevents oscillation after surge events.

• Hard failure: power-on fail / link never up → distinguish PSE fault vs PHY fault by timestamps.
• Intermittent: link flaps / CRC errors / drops → correlate with thermal and protection events.
• Minimum log: timestamp, port, reason code, action taken, duration, recovery outcome.

Example evidence fields: port_off_reason, ilim_trip_count, link_flap_count, crc_error_count, bus_uvlo_count

• Power: power-up success rate, current limit response, MPS stability, bus droop margins.
• Network: throughput, microburst loss, IGMP stability, VLAN isolation behavior.
• Thermal: full-load soak, fan policy, derating entry/exit, staged restore without oscillation.
• Protection: ESD/surge robustness with controllable recovery and explainable logs.

• Required: timestamp, device_id, fw_version, test_id, domain, port_id, thresholds, result
• Recommended: ambient, load_profile, traffic_profile, duration_ms
• Events: reason_code, action, recovery_time_ms

A test without evidence fields cannot be debugged or audited after shipment.

• Inject stress (congestion / full-power / long soak / protection stimulus).
• Observe counters (drops, faults, state transitions).
• Require controlled recovery (no endless reboot loops, no port oscillation).

First 2 checks

• port_off_reason + ilim_trip_count (OCP/SC trips)
• bus_uvlo_count + bus_V_min (48–57V bus droop)

Discriminator

• High OCP trips + stable bus → localized port / cable / PD fault
• Low OCP trips + frequent bus UVLO → total budget / PSU droop / simultaneous inrush
• Trips correlate with temperature (T_pse/T_hotspot) → thermal derating oscillation

Isolate

• Force the port to a lower power limit and retest with a short known-good cable.
• Disable other high-power ports, then re-run power-up to see whether bus UVLO disappears.
• Capture a 5–10 minute timeline: reason code → action → recovery result.

First 2 checks

• actual_W trend (or port_power_step if available) at IR-on timestamps
• ilim_trip_count or derating_state changes during IR-on

Discriminator

• Power step → OCP/limit → power-off → port limit too tight or cable loss too high
• Power step without power-off, but link errors rise (crc_error_count) → noise/return-path coupling (still switch-side)

Isolate

• Temporarily raise port priority or limit; compare failure rate before/after.
• Swap to a shorter/known-good cable; if issue disappears, cable loss is dominant.
• Correlate IR-on times with bus droop (bus_V_min) and port events.

First 2 checks

• per_queue_drop / queue_occupancy (microburst congestion evidence)
• mcast_flood_count + igmp_table_state (multicast control plane)

Discriminator

• Queue drops rise while link stays up → buffering/QoS mismatch vs workload bursts
• Multicast flood rises → IGMP snooping/querier misbehavior
• Errors remain low but stutter persists → verify video queue mapping and uplink bottleneck

Isolate

• Halve camera count for 10 minutes: if drops scale down, you have a congestion-driven root cause.
• Force video VLAN separation from management VLAN; verify drops shift to expected queues only.
• Lock one multicast group; verify non-member ports see no multicast traffic.

First 2 checks

• detection_fail_count / classify_fail_count (PoE detect/classify failures)
• port_short_state + port_off_reason (hard short vs protection latch-off)

Discriminator

• Detect/classify fails + link also dead → front-end boundary damage (RJ45/magnetics/PHY-side)
• Hard short detected → external cable/PD fault; validate with known-good short cable first
• Link works but power fails → PSE power path (FET/sense) likely impacted

Isolate

• Test with a known-good short cable + known-good PoE load (avoid risking another port).
• Move the same cable to a different port: cable vs port separation.
• Check whether surge/ESD event logs exist around storm time.

First 2 checks

• T_hotspot_max / T_pse / T_psu (temperature peak and slope)
• derating_state + fan_rpm (derating entry/exit + fan stall evidence)

Discriminator

• Temp rises → derating toggles → ports drop → derating policy oscillation or insufficient airflow
• High temp + abnormal fan RPM → airflow blockage / fan fault dominates
• Normal temp but ports drop → re-check power budget and OCP/UVLO evidence

Isolate

• Reduce total PoE power by 10–20% for 10 minutes: if stable, thermal headroom is the constraint.
• Increase fan duty temporarily; see if dropouts delay.
• Stage port power-up and restore sequence; verify state machine is monotonic (no thrash).