Hardened LAN/PoE Field Hub
Router + managed PoE+ switch + UPS/DC in a compact road case. VLANs, LTE/Starlink failover, IP65 I/O, dust-filtered cooling, and live telemetry.
Mission Profile
Dual-WAN (Starlink + LTE/5G)
8-port PoE+ (120–150 W)
24 V LiFePO₄ (20–50 Ah)
IP65 RJ45 feed-throughs
Anderson SB50 DC IN + C14 AC IN
ESP32 power stats
Safety: Fuse near sources. Use proper gauge. Never tie portable power into building wiring without a transfer switch installed by a pro.
Tools
- Step bit, hole saws (RJ45/C14/vent)
- Crimper + ferrules/lugs, heat-shrink
- Torque driver (DC lugs), multimeter
- Labeler, deburring tool, rivnut kit
Consumables
- 8–14 AWG wire, loom, zip ties, Velcro
- Neoprene gasket, dust filters, mesh
- Class-T fuse + holder, blade fuses
- Desiccant, pressure vent, grommets
Layout Tips
- Battery low/center; switch/router above
- Intake low/front → exhaust high/rear
- Shortest DC runs to high-load devices
- Label every panel I/O clearly
Power Math
- PoE+ Budget: 120 W (switch)
- Router: 8–18 W
- Switch overhead: 10–20 W
- Worst case: ~160 W AC-equiv
- 24 V DC draw @90%: ~7.4 A
Battery Runtime
- 24 V 20 Ah (≈480 Wh) → ~2.7 h
- 24 V 50 Ah (≈1.2 kWh) → ~6.7–7.0 h
- Add solar or AC charger for 24/7 ops.
Cooling Reality
- Filtered intake low, exhaust high
- Fans ≥ 40 °C, off ≤ 37 °C (hysteresis)
- Positive pressure beats dust
Bill of Materials
| Case | 4U half-rack shallow case or Pelican 1520 + rack ears/plate |
|---|---|
| Router | Teltonika / Peplink / MikroTik dual-WAN (with SIMs) |
| Switch | 8-port PoE+ managed (120–150 W budget) |
| Power | 24 V LiFePO₄ 20–50 Ah + LiFePO₄ charger; Class-T 60–100 A at battery +; DC breaker 30–60 A |
| I/O | IP65 RJ45 feed-throughs (x4–8), CAT6a outdoor patch leads, Anderson SB50, C14 AC IN |
| Cooling | 2× 120 mm filtered fans + pressure vent + desiccant |
| Wiring | 6–8 AWG short bus runs; 10–14 AWG branches; ferrules, lugs, heat-shrink, labels |
| DC Option | 24→48 V booster (if your PoE switch accepts DC input). Otherwise use switch’s AC PSU. |
| Monitoring | Inline wattmeter + 200–300 A shunt to ESP32 power dashboard |
Wiring Snapshot
24V Batt + -> Class-T 60–100A -> DC Breaker 30–60A -> 24V Bus 24V Bus -> 24->48V Booster -> PoE Switch DC IN (Option B: DC-native) C14 AC IN -> AC Charger -> 24V Bus (and/or Switch OEM PSU, Option A: AC) 24V Bus -> 5–10A fuse -> Router (DC in or OEM PSU) 24V Bus -> 5A fuse -> 24->12V Buck -> Fans Battery Negative -> SHUNT -> Bus- (ESP32 taps here) RJ45 IP65 Panel -> short shielded patch -> PoE switch ports Starlink Ethernet -> Router WAN1 | LTE/5G -> Router WAN2
Pick Option A for simplicity (AC to PoE switch PSU). Pick Option B to run fully DC and skip inverter losses.
Step-by-Step Assembly
- Dry-fit layout. Place battery low/center; mount router and switch on a shock-isolated tray above. Mark intake (front/bottom) and exhaust (rear/top) fan positions; mark RJ45/C14/SB50 panel holes.
- Cut & mount I/O. Drill/cut for IP65 RJ45 feed-throughs, C14 AC IN, and SB50 DC IN. Deburr, add gaskets, and torque per hardware spec.
- Install cooling. Fit 120 mm filtered intakes low/front and exhaust high/rear. Add a pressure vent and desiccant pouch inside the lid area.
- Build DC bus. Crimp 6–8 AWG from battery + to Class-T fuse (within ~20 cm), then to DC breaker, then to the 24 V bus bar. Battery − goes to the shunt, then to the 24 V bus-.
- Power branches.
- Router: 24 V bus → 5–10 A blade fuse → router DC-in (or OEM PSU from AC).
- PoE switch: Option A (AC): 24 V bus → AC charger only; switch uses its OEM AC PSU. Option B (DC): 24 V bus → 24→48 V booster → switch DC-in.
- Fans: 24 V bus → 5 A fuse → 24→12 V buck → fan hub.
- ESP32 monitor. Install shunt sense leads (post-shunt and bus+), 5 V supply, and mount the small display/antenna where readable. Tie wraps to relieve strain.
- Panel cabling. Terminate short shielded patch leads from each IP65 RJ45 to the PoE switch ports; label by VLAN/PoE role.
- Network config (switch). Create VLAN 10/20/30/99. Port map: Gi1=TRUNK (tags 10/20/30/99) to the router; Gi2–Gi5=VLAN10, Gi6–Gi7=VLAN20, Gi8=VLAN30. Enable LLDP and per-port PoE power caps.
- Network config (router). Set WAN1=Starlink (DHCP), WAN2=LTE (DHCP). Add default routes with distance 1/2, health checks (ICMP+HTTPS). Create bridge with VLAN 10/20/30/99 interfaces, add DHCP servers, and firewall rules (VLAN20 → VLAN30 allowed; VLAN10 ↛ VLAN30).
- First power-up. Breaker OFF. Verify polarity at bus and device inputs with a multimeter. Close lids, then breaker ON. Fans spin (or wait for 40 °C threshold if using auto control). No smoke/odors.
- Connectivity bring-up. Confirm WAN1 gets IP; yank Starlink to validate failover to LTE in ≤15 s; restore and confirm fallback. Validate SSIDs/VLANs; check that VLAN10 cannot reach VLAN30.
- Load & thermals. Attach PoE loads (APs/cams) up to 80–90% of budget. Run 60 min. Record bus volts/amps and internal temps. Re-torque warm lugs. Replace/clean dust filters.
Bring-Up Checklist
- Starlink online → WAN1 gets IP
- Pull Starlink → LTE takes over ≤ 15 s (then restores)
- DHCP scopes good in all VLANs
- VLAN10 ↛ VLAN30 (blocked); VLAN20 → VLAN30 (allowed)
- PoE load ≤ budget; temps stable 60 min
- Filters clean; no hot smells; lugs torqued
Acceptance Tests (field)
- PoE name/LLDP visible; per-port power caps enforced
- Packet loss < 1% at 25–50 Mbps uplink
- Brownout test: brief DC interruption does not corrupt configs
- Transit test: tilt 45°, mild drop (0.3–0.5 m) → no faults
VLAN Plan
- VLAN 10 — Gamer/Attendee (Internet only)
- VLAN 20 — Staff/Stream (priority + access to prod hosts)
- VLAN 30 — Cameras/IoT (isolated; reachable from Staff)
- VLAN 99 — Management
Switch ports: Gi1 → TRUNK to router (tags 10/20/30/99) Gi2–Gi5 → ACCESS VLAN 10 (PoE on) Gi6–Gi7 → ACCESS VLAN 20 (PoE on) Gi8 → ACCESS VLAN 30 (PoE on) Enable: RSTP, LLDP (naming), PoE per-port caps.
RouterOS v7 (MikroTik) — Dual-WAN Failover
# Bridge + VLANs (abbrev) /interface bridge add name=br1 vlan-filtering=yes /interface vlan add name=v10 interface=br1 vlan-id=10 /interface vlan add name=v20 interface=br1 vlan-id=20 /interface vlan add name=v30 interface=br1 vlan-id=30 /interface vlan add name=v99 interface=br1 vlan-id=99 /ip address add address=192.168.10.1/24 interface=v10 ... (v20/v30/v99 + DHCP servers) # WANs /ip dhcp-client add interface=ether8 add-default-route=no # Starlink /ip dhcp-client add interface=lte1 add-default-route=no # LTE # Routes (failover) /ip route add dst=0.0.0.0/0 gateway=ether8 distance=1 check-gateway=ping /ip route add dst=0.0.0.0/0 gateway=lte1 distance=2 # NAT + lists /interface list add name=WAN /interface list add name=LAN /interface list member add list=WAN interface=ether8 /interface list member add list=WAN interface=lte1 /interface list member add list=LAN interface=br1 /ip firewall nat add chain=srcnat out-interface-list=WAN action=masquerade # Health check (quick) /tool netwatch add host=1.1.1.1 interval=10s timeout=3s \ down-script="/ip route set [find where distance=1] disabled=yes" \ up-script="/ip route set [find where distance=1] disabled=no" # Inter-VLAN policy /ip firewall filter add chain=forward action=accept src-address=192.168.20.0/24 dst-address=192.168.30.0/24 add chain=forward action=drop src-address=192.168.10.0/24 dst-address=192.168.30.0/24 add chain=forward action=accept connection-state=established,related
Teltonika/Peplink: set WAN priority, ICMP+HTTPS health checks, create VLAN 10/20/30/99 on the LAN bridge, add DHCP pools, mirror the firewall policy.
PoE Budget Helper
Used: — W Headroom: — W
Keep 10–20% headroom. Cap each PoE port at real draw + ~10%.
Bring-Up Checklist
- Starlink online → WAN1 gets IP
- Pull Starlink → LTE takes over ≤ 15 s (then restores)
- DHCP scopes good in all VLANs
- VLAN10 ↛ VLAN30 (blocked); VLAN20 → VLAN30 (allowed)
- PoE load ≤ budget; temps stable 60 min
- Filters clean; no hot smells; lugs torqued
Cooling & Dust Control
- Filtered intake low/front, exhaust high/rear; positive pressure.
- Fans on at ≥ 40 °C internal; off at ≤ 37 °C (ESP32 auto-control works great).
- Clean filters after dusty venues; replace if airflow drops.
- Use a pressure vent and desiccant to prevent “dust breathing.”
Maintenance & Ops
- Export router & switch configs to USB; QR link taped in lid.
- SIM diversity (e.g., Verizon + T-Mobile) for LTE WAN.
- Color code by VLAN (10=blue, 20=yellow, 30=orange, 99=purple).
- Carry spares: 2× 30–50 m CAT6a reels, spare AP, PoE injector.
Reality Notes
Option A (AC PSU) is simpler. Option B (24→48 V DC) is leaner and avoids inverter losses.
Fuse to the wire. If your main run is 8 AWG, a 60–80 A Class-T is saner than 150 A.