Ethernet surge protectors?

[Evil Lair]

A couple weeks ago had a nearby lightning strike that seems to have fried the 10GbE ports in a couple of Macs. Luckily nothing else seems to have been bothered by it. Both were on completely separate lines coming from the switch, one line just run along the floor and the other taking a detour up through the attic.

I see these sacrificial surge protectors on Amazon with an extra ground strap. Would you put these between the keystone and the switch for every major device? And where would the ground strap go? It also looks like most are only rated for 1GbE and not 10GbE.

 

[GaitherBill]

The switch was ok?

Is that plugged into a proper surge protector?

I feel like something else is going on here.

 

[KD5MDK]

You attach the ground to the ground pin of a 3prong plug where it is in the socket, or you ground them to the rack body and ground that.

I haven’t seen any rated for 10GbE. Many of them are intended for 100Mbit because they protect security cameras and other outdoor equipment that doesn’t need high speed.

Note they are usually used to protect the switch, not the endpoint. Mine specify they need a 3ft shielded cable between the surge protector and the protected equipment. There are also entire rack mounted versions to simplify covering multiple ports in 1U.

For short distance runs inside your house you can you shielded Ethernet patch cables but it isn’t expected to usually need surge protection. For high value connections like you described (and as a potential connection workaround for the already damaged ports) the safest thing is switch to fiber, either with PCIe cards, USB/Thunderbolt peripherals, or external media converters. It’s pretty cheap in many ways, except for those peripherals.

 

[Andrewcw]

So it depends where the switch is and how your wiring is laid out.

The Lighting arrestors you see are meant to be properly grounded Not 3 prong electrical ground. Like GROUND GROUND. They are sacrificial but only to the point where the sacrifice is only effective enough to make sure the lighting path goes to the ground. The lighting will jump if not grounded.

So you have to tell us where the lighting strike hit. If it was just in the area. Then it's most likely that it went through the electrical grid where a lighting arrestor would of just made other devices die. Good surge protectors if they were able to absorb a lighting strike would cease to work as it was built properly. As in it would cut all electricity from flowing after the strike.

Unless you're dealing with outside lines going in. Or a roof lighting strike and you're trying to protect that Attic run. In which case you'd need Two arrestors on each end. You'll just be buying a Placebo.

 

[KD5MDK]

In which case you'd need Two arrestors on each end.

Do you mean you’ll need one arrestor on each end of the Ethernet cable and then one on each end’s power source? Because I think that’s pretty much what anyone should expect. Your mains powered devices need protection at each power connection, and then we’re adding the Ethernet protection in addition.

 

[Andrewcw]

Do you mean you’ll need one arrestor on each end of the Ethernet cable and then one on each end’s power source? Because I think that’s pretty much what anyone should expect. Your mains powered devices need protection at each power connection, and then we’re adding the Ethernet protection in addition.

I have no idea where Evil Lair lives. But this is all dependent on how many lighting strikes you actually experience/d. Sometime letting the equipment just eat it is way cheaper than the actual cost of prevention that might not even work.

I mentioned this is just a Placebo as if it was a roof strike. Sure your equipment might survive. But the Hole and fire are going to be much higher concern and cost than saving a few Thousand on electronics. I'm fairly certain this was a ground strike. Where only the top end surge protectors have a chance of blowing and the circuitry is spread out enough where the gap jump is physically spread out enough so the lighting doesn't jump that gap.

 

[Evil Lair]

Thanks for the tips so far. I was afraid ethernet protectors/arrestors were like some common thing everyone knows about and assumes we are all using, but never talk about. My battery backups have built-in 1GbE ports for supposed protection but not sure if those would really do anything (not currently using them).

After doing additional testing there is definitely something screwy going on. All of my devices are on various APC 1500VA UPS’s with the oldest no more than 5 years old. Also just did all the firmwares and hard power cycles on the switch & router to rule that out. Like mentioned the PC and other wired devices connected to the switch seem normal. Based on how the USB adapter is also still working fine I’m guessing some 10GbE thunderbolt adapters may be in my future.

Here are the hardware components in the wired network chain:
-Fiber modem
-Asus Rapture GT-AXE16000
-Zyxel XS1930-10
-Desktop PC
-few other IOT ethernet things
-Mac Studio
-Mac Mini

The fiber modem is in the same room as the Studio, and goes out a keystone, across the attic over to a keystone in a different room to the router. The switch then connects to the router, and from the switch another run comes back over the same route (different keystones/cable) to connect to the Studio. The Mini just has a cable from the switch running loose along the floor to a third room.

My totally scientific test results:

Mac Studio, plugged into built-in 10GbE port
-Connected to switch: macOS can see there is ethernet hardware now (before it was completely gone), but does not recognize a cable plugged in. Lights on switch show no connection. Also tried booting into an older macOS partition with same result.
-Connected to router: same thing, router dashboard shows no connection.
-Connected to fiber modem: same thing.

Mac Studio, plugged into 1GbE USB-C ethernet adapter
-Connected to switch: works no problem
-Connected to router: works no problem
-Connected to fiber modem: works no problem


Mac Mini, plugged into built-in 10GbE port
-Connected to switch: the switch has the blue 10GbE connection light. The Mac mini shows under hardware info it has a 5GbE connection instead of the usual 10. It can’t get an IP address and self-assigns.
-Connected to router: connects and works no problem, but still limited to 5GbE.

Mac Mini, plugged into 1GbE USB-C ethernet adapter
-Connected to switch: works no problem
-Connected to router: works no problem

 

[gusgizmo]

I feel like 10gbase-T is just too sensitive to effectively provide surge protection for. Lightning protection in general is usually quite a bit more effort than slapping a couple magic bits on and calling it a day.

A media converter and going to fiber is probably your best bet to harden the built-in ports against lightning. Maybe at least for specific runs that are more vulnerable to induced current than others.

https://www.amazon.com/TP-Link-Multi-Gigabit-Converter-Hot-Swappable-Indicators/dp/B0DLM8Q77G

For the ones on USB-C either allow the dongles to be sacrifical or swap for SFP style usb-c 10gb adapters which I think startech is basically the only option for.

Then buy some 10gbase-LR LC SFP's and LC single mode patch cables to complete the setup.

 

[Kyuu]

Surge protection devices on ethernet are extremely common and actually generally required for my runs that are going up towers. We have a fair number of these in use:

https://www.ispsupplies.com/Siklu-AX-SRG-10G

As has been said, though, these are not magic bullets. If you get a direct lightning strike these are not going to save you. They may (or may not) save you from a surge induced by an indirect strike. They also work fine on 10G, although I have found that if you're running on the ragged edge of the 100m distance limitation (which has happened on a couple of my runs) the surge protection device may push you ever the edge from working to having issues.

 

[Paladin]

If those Macs could take a PCIe card, you'd be looking at a sub $100 fix for everything (cheap switch with SFP+ ports, used transceivers, used cards and a couple of fiber patch cables). No more worries about ESD in the future (as least for the network connections). Maybe look into external PCIe enclosure options? Not sure if there is a good solution for that on Mac. A USB-C or Thunderbolt SFP+ adapter is at least $250 each from last time I looked.

 

[w00key]

I see an affordable one here, https://tripplite.eaton.com/in-line-network-surge-protector-10gbps-cat6a~B110SP10G


Surge protectors are simple tools, once voltage exceeds a preset number it opens to short it to ground. The ground better be proper and can handle the current, because it will be a lot.

Ethernet ports are isolated, with a 1 to 4 kV rating. If the voltage exceeds it, it can jump around and majorly mess stuff up. Surge protectors using TVS diodes and gas discharge tubes will open long before that though and by draining the power, prevent voltage to rise that high. Ideally, you should have an isolator on both sides. Practically, protect the more expensive side like the Mac, a 10Gb switch is cheap and usually comes with higher protection rating.

 

[KD5MDK]

Interesting thing about that one:
If you install 1, you may have a 5m cable on the equipment end and a 100m cable on the "cable" end.
If you want to protect both ends, you may have a 5m cable on each equipment end and 73m cable in between the two surge protectors. I wonder why that is.

 

[Kyuu]

Interesting thing about that one:
If you install 1, you may have a 5m cable on the equipment end and a 100m cable on the "cable" end.
If you want to protect both ends, you may have a 5m cable on each equipment end and 73m cable in between the two surge protectors. I wonder why that is.

Where did you get the 5m figure?

 

[KD5MDK]

Where did you get the 5m figure?

https://tripplite.eaton.com/support/owners-manual/1057148
Installation Guide.

The 73m dual protection limitation is on page 6 of the Quick Start Guide, as is the 5m bit repeated.
https://tripplite.eaton.com/support/owners-manual/899964

 

[w00key]

It probably adds a bit of capacitance and pushes the cable out of spec if you have two of them + maximum cable length. It's for 10Gb/Cat 6A so tolerance is super tight.

 

[KD5MDK]

It probably adds a bit of capacitance and pushes the cable out of spec if you have two of them + maximum cable length. It's for 10Gb/Cat 6A so tolerance is super tight.

Sure, but I'm surprised they're willing to specify a full 100m + the client end in that scenario. Lots of confidence that they can handle 105m as it is.

Here are the spec sheets for the products I've done more research on:
DTK-RM12ETHS - "When used with STP cabling, the DTK-RM12ETHS provides grounding to remote devices."
DTK-RM12NETS - "It supports data speeds up to 10GbE, and provides surge protection grounding to remote devices when used with STP cabling."

It took me a long time to figure out the difference between them. ETHS does not support PoE, NETS does.

Plug a 3' RJ45 male to RJ45 male patch cable from the "OUT PROTECTED" RJ45 jack to the equipment to be protected. The 3' patch cable will give this device time to react.

I suppose TrippLite is assuming no one will plug a 1-2ft patch cable on their protected side, or that it's not important to them.