What is the realistic LoRa range in real installations?

Up to about 1 km line-of-sight in optimal conditions. In practice, range degrades rapidly with obstructions. A clear shot across a parking lot may give the full 1 km; a link that has to penetrate one or two interior walls typically delivers 300–500 m reliably; a link through several walls or through dense vegetation drops further. Use the 500 m configuration as a conservative planning baseline indoors or in mixed environments, and reserve the 1 km configuration for genuinely line-of-sight outdoor links. Site survey with an actual radio is strongly recommended before committing the network layout.

Why LoRa instead of Wi-Fi or cellular for long-range access?

Three reasons. First, range: LoRa achieves hundreds of metres on a few hundred milliwatts where Wi-Fi cannot reach without repeaters and access points. Second, infrastructure independence: LoRa does not require a Wi-Fi network at the remote end or a cellular plan and signal at every node — useful at perimeter sites where neither exists. Third, power: LoRa nodes can run on small power budgets, making solar or battery-backed remote sensors feasible. Trade-off: LoRa is low-bandwidth, so it is appropriate for short authorisation events and heartbeats, not for video or large data transfers.

How does end-to-end encryption work on the LoRa link?

Credentials and authorisation messages are encrypted at the originating node (or master) and decrypted only at the destination. Anyone sniffing the LoRa radio sees ciphertext; the same goes for the RS-485 BUS leg between the master and local nodes. This is important because LoRa, like all wireless, is trivially eavesdropable with a sub-€50 SDR — the protection has to live in the application layer, not in the radio link. Anti-replay counters travel with each message so a recording cannot be re-injected.

Does ICM-LR replace the building master or sit alongside it?

Either, depending on site design. On a small distributed site, ICM-LR can be the only master, holding the user database for all remote nodes. On a larger site, ICM-LR can sit alongside an ICM-GE: the ICM-GE handles the main building's wired access points, and the ICM-LR handles the remote outbuildings or perimeter gates over LoRa. They can be configured to coordinate so user changes propagate to both, with the LoRa link used only for the part of the site that needs it.

What power does ICM-LR draw, and can it be solar-powered at remote nodes?

The master itself uses 12–24 V DC and draws 3–6 W. Remote LoRa-attached nodes can be smaller still. This makes the remote leg compatible with a modest solar panel and battery, which is the typical solution for perimeter gates and remote barriers where running cable for grid power is impractical. Size the battery for the worst expected sun-week per local climate; in Kosovo, plan for several consecutive overcast days in winter.

How many nodes can one ICM-LR support?

The cap is set by LoRa airtime budget more than by addressing space. LoRa is a shared-medium, duty-cycle-limited radio: too many nodes transmitting too often will collide. For typical access-control traffic (a few short messages per minute per node, plus heartbeats), tens of nodes per master are achievable. The exact number depends on the LoRa spreading factor used (lower SF = more throughput, shorter range), the regulatory duty cycle in your region, and how chatty each node is configured to be.

What LoRa frequency does ICM-LR use and is it licence-free in Kosovo and Albania?

ICM-LR is configured for the EU 868 MHz ISM band, which is licence-free for low-power use in Kosovo, Albania and across the EU under standard short-range device rules. Regional duty-cycle limits apply (typically 1% per sub-band) and the firmware respects these by default. If a specific deployment needs a different band — for example, the 433 MHz ISM band for cross-border equipment compatibility — confirm with us at commissioning time.

AXON ICM-LR — Long-Range LoRa Master for Distributed Access

Name: AXON ICM-LR
Brand: AXON
SKU: ICM-LR
Availability: InStock

The master for campuses, parking lots and fragmented sites where pulling cable between locations is impractical. LoRa link up to ~1 km line-of-sight, RS-485 BUS for local nodes, end-to-end encryption, low power.

Role: Long-range master Wireless: LoRa ~1 km LOS Local bus: RS-485 Architecture: Single / Multi-segment Encryption: End-to-end 12–24 V DC, 3–6 W In testing

AXON ICM-LR is the long-range master for sites that are too spread out to wire cheaply: campuses, parking lots, gated yards, and fragmented infrastructure. It uses a LoRa radio link up to about 1 km line-of-sight to reach distant nodes, runs a local RS-485 BUS for readers and I/O at each site, and encrypts traffic end-to-end so a wireless eavesdropper sees only ciphertext.

01 — What ICM-LR Does in the System

AXON ICM-LR is the long-range variant of the AXON master. Where ICM-GE assumes a building with structured cabling and an Ethernet drop, ICM-LR assumes a site where running cable between locations is the limiting cost — a logistics yard with the gatehouse on one side and the truck gate on the other, a residential complex with a separate visitor parking 400 m away, a hospital campus with a remote staff entrance, a school with detached outbuildings. The defining capability is reach: ICM-LR uses LoRa to extend access-control reach to places where Ethernet, Wi-Fi and direct cabling all fail on cost or installability grounds.

Like other AXON masters, ICM-LR holds a local user database and makes authorisation decisions locally. The LoRa link is not a "thin terminal" link to a remote brain — it carries the encrypted authorisation messages between the master and the local node at each remote site, but the decision still happens on the master, in milliseconds, even when the management server is unreachable.

The other half of ICM-LR is conventional: at each location where the master sits, it drives a local RS-485 BUS to readers and I/O. That means a remote barrier point typically has a small package — one URX-Secure reader, one barrier relay node, one LoRa-attached aggregator — and the aggregator talks back to the master over LoRa rather than back to a building cabinet over cable.

ICM-LR is offered in two range configurations (500 m and 1 km) and two architectural modes (single-segment star and multi-segment). Choose the configuration based on the site survey, not the brochure number: real LoRa range varies dramatically with obstructions.

02 — Required Components

A typical ICM-LR installation includes:

Part	Role	Notes
AXON ICM-LR PCB	Master controller	One per site, holding the user database and decision logic.
LoRa antenna (master side)	Wireless uplink to remote nodes	Outdoor-grade omni or directional, sized to the worst-case link.
Remote LoRa nodes	Far-site aggregators	One per remote location, each driving a local RS-485 BUS.
AXON URX-Secure readers	Credential capture	At each remote access point; talks to the local aggregator over RS-485.
Relay / I/O nodes	Barrier / strike control	At each remote access point, driven by the local aggregator.
RS-485 cable plant (local)	Per-site bus	Short runs within each remote location.
12–24 V DC supply	Power	Per location. Solar + battery is feasible at low-traffic remote sites.
Outdoor enclosure	Mounting	IP65 cabinet for outdoor master / remote nodes.

Why these specific parts

LoRa was chosen for the long-range link because it is the only widely available wireless standard that gives hundreds of metres of reach without infrastructure at each end. Wi-Fi cannot do it without access points and Ethernet backhaul; cellular requires a SIM and a usable signal at every remote node, which often does not exist at perimeter gates. The trade-off is bandwidth — LoRa is slow — which is why every other path (uplink to the management server, OTA firmware updates, audit log sync) still goes through wired Ethernet or GSM on the master side. RS-485 was kept for the per-location bus because it is the same physical layer the rest of the AXON ecosystem uses, so the same URX-Secure readers and W2R-N converters work behind both ICM-GE and ICM-LR.

03 — How ICM-LR Works End-to-End

An authorisation event at a remote LoRa-attached gate flows like this:

Credential capture. A user presents a card at a URX-Secure reader installed at the remote gate.
Local bus exchange. The reader sends the credential to the remote LoRa node over RS-485 in encrypted form, with the reader address and an anti-replay counter.
LoRa uplink to master. The remote node packages the authorisation request as a LoRa frame and transmits it to the master. End-to-end encryption means the LoRa frame contains ciphertext, not the credential.
Master decision. The master decrypts the request, looks up the user and the site policy, and decides.
LoRa downlink command. The master sends an encrypted authorisation response back over LoRa to the remote node, including the gate command and the reader feedback pattern.
Local execution. The remote node energises the barrier or door relay through its local RS-485 BUS, and signals the reader's LED/buzzer to acknowledge the user.
Event log. The master appends the event to its local log and syncs to the management server when its own uplink is available.

End-to-end this is a few hundred milliseconds, dominated by LoRa airtime — appropriate for a barrier or pedestrian gate, not appropriate for a high-throughput turnstile where dozens of credentials per minute may need to be processed. For high-throughput points, install ICM-GE at the location instead and use the LoRa-attached architecture only where the trade-off makes sense.

04 — Communication Architecture: LoRa and RS-485 BUS

Why LoRa for the long-range link

LoRa / LoRaWAN (Long Range, a chirp spread-spectrum modulation operated in sub-GHz ISM bands) trades bandwidth for reach. A few-byte access-control message takes hundreds of milliseconds to transmit, but it can be received at distances impossible for Wi-Fi or Bluetooth at the same power budget. The defining trade-off compared to cellular is independence: LoRa needs only the two endpoints; it does not need a carrier, a SIM, or coverage from a network operator that may not exist at the gate. That independence is the whole point at perimeter sites.

Realistic range

The 1 km figure is line-of-sight in optimal conditions. In practice:

Open parking lot, antennas above roof level: close to the 1 km figure.
Through one or two interior walls: typically 300–500 m reliable.
Through several walls or through dense vegetation: 100–200 m, sometimes less.
Around a corner of a metal structure: highly site-dependent; site survey required.

Always survey with the actual radio before committing. A LoRa link that "should work" on a Google Maps measurement frequently does not, because the line of sight crosses a steel container, a parked truck, or a row of mature trees the site survey missed.

End-to-end encryption

LoRa is wireless and therefore trivially eavesdropable with a sub-€50 SDR. The protection lives in the application layer: every authorisation message is encrypted at the originating node and decrypted at the destination, with an anti-replay counter to defeat record-and-replay attacks. The RS-485 BUS legs on either side of the LoRa link are similarly encrypted. There is no plaintext credential anywhere on the wireless or wired data path.

Single-segment vs multi-segment

Single-segment is the default: one master, multiple LoRa-attached remote nodes, each running a small local RS-485 BUS for its readers. Multi-segment splits a larger site into independent segments, each with its own master scope, for fault isolation. Choose single-segment for clarity; choose multi-segment only when the site is large enough that a single master is a single point of failure you want to mitigate.

05 — Interface Layout

Interface	Function	Notes
LoRa antenna SMA	Long-range wireless link	External outdoor antenna; placement is critical.
RS-485 BUS terminals	Local node bus	A / B / GND; one or more segments per master.
Power input	12 V or 24 V DC	Polarity-protected, fused on the bus.
Uplink (Ethernet or GSM)	To management server	For server sync, log push, OTA.
Status LEDs	Diagnostics	Power, LoRa activity, bus activity, uplink status.
Service port	Commissioning	Used for site survey, address provisioning, key loading.

06 — Security and Robustness

ICM-LR's security model reflects the wireless reality:

End-to-end encryption on every authorisation message — LoRa frames contain ciphertext, not credentials.
Anti-replay counters in every message defeat record-and-replay attacks against the radio.
Per-link keys. Each remote node pairs with the master using its own key, so compromising one remote does not compromise the whole site.
Encrypted local RS-485 BUS on both sides of the LoRa link.
Bounded retry / fallback. If the LoRa link is degraded, the firmware degrades gracefully — does not flood the radio with retries that would violate the duty cycle.
Local-first decision logic. The master holds the user database; the LoRa link delivers the request to the master, but does not depend on a cloud round-trip.

07 — Real-World Deployment Scenarios

Logistics yard near Prishtinë

A logistics yard with the security cabin near the office and the truck gate 600 m across the yard uses an ICM-LR in the office cabin and a LoRa-attached remote node at the gate. The remote node drives a URX-Secure reader and the boom barrier solenoid. Drivers tap their credential, the master authorises in under a second, the boom lifts. Trenching cable across an active yard would have cost more than the entire access system; LoRa makes it tractable.

Multi-building campus in Tiranë

A university-style campus with several detached buildings and a perimeter pedestrian gate uses an ICM-GE in the main building (for wired in-building doors) and an ICM-LR alongside it for the outlying buildings and gates. User changes propagate to both masters from the management server. Students see consistent access policy regardless of which building they are in, but the cabling cost was a fraction of running fibre to every outbuilding.

Distributed parking complex in Pejë

A retail complex has main customer parking adjacent to the store and an overflow lot 300 m away. The overflow lot has its own ramp barrier for staff and contractor access. ICM-LR sits in the store's IT closet; a LoRa-attached node drives the overflow barrier. Staff use the same card at both lots; the management software shows usage of each lot for capacity planning.

Hospital with detached outbuildings near Prishtinë

A hospital campus with a main building and several outbuildings (mortuary, plant rooms, staff residences) uses ICM-LR at the main IT room to reach the outbuildings without trenching cable through the active hospital grounds. Each outbuilding has a small local RS-485 BUS. Time-window policy enforces appropriate access per role. Power at each remote node is grid; solar is reserved for one perimeter pedestrian gate that has no nearby utility.

08 — Installation Requirements

Site survey: do an actual LoRa range test with the production radio before committing the network plan. Do not trust map-based line-of-sight estimates.
Antenna placement: outdoor, above roof line where possible, away from large metal objects. Place the antenna where you would place a TV aerial, not inside the cabinet.
Power: 12–24 V DC, 3–6 W for the master; remote node consumption depends on configuration. Solar + battery viable at low-traffic remote sites.
Local RS-485 BUS: standard rules — shielded twisted pair, 120 Ω termination at both physical ends only.
Master uplink (Ethernet or GSM): provision so server sync and OTA still work. The LoRa link does not carry server traffic.
Outdoor enclosures: IP65 for master and remote nodes if installed outside; use proper cable glands; route cable with a service loop.
Regulatory: confirm the LoRa frequency band of the production hardware is permitted in the country of installation; in Kosovo and Albania, the EU 868 MHz band is licence-free for low-power use under ETSI EN 300 220.

09 — Recommended Topology

For ICM-LR-based sites:

Single master per site, sized to the LoRa traffic budget and the number of remote nodes you need to support.
Star topology over LoRa: master at the centre, remote nodes around it. LoRa is not a mesh in this architecture — keep links direct.
Short local RS-485 BUS at each remote: a few metres of cable to the local readers and relays. Long local busses defeat the purpose of going wireless at the link.
Master uplink wired (Ethernet) where possible: the LoRa link to remotes is for site-internal traffic, not for hauling traffic to the cloud.

Common mistakes: trying to use LoRa as a mesh by repeating frames through a remote node (collisions and duty-cycle violations), placing the antenna inside the cabinet (range collapses), and skipping the site survey (the link works in pilot, fails in production after the next truck parks in the line of sight).

10 — Troubleshooting Guide

LoRa link works in pilot, fails in production

Almost always an obstruction that appeared after the pilot — a parked truck, a new outbuilding, a row of trees that grew. Re-survey the link, raise an antenna, or relocate the remote node. LoRa does not gracefully handle a Fresnel-zone obstruction; the link can degrade from solid to unreliable with surprisingly little new obstruction in the path.

Authorisation latency is over a second

Expected for LoRa at the higher spreading factors used for maximum range. If the latency is operationally unacceptable, configure a lower spreading factor at the cost of range, or relocate the master closer to the remote node. Pure latency cannot be reduced past the LoRa airtime physics.

Master reports degraded LoRa for one remote node only

Localised obstruction or antenna problem at that remote. Check the remote antenna mounting, look for a recently added metal structure between the two ends, and confirm the remote node is reporting normal signal-to-noise on its end. A bad SMA connector at one end of the link is a frequent culprit.

Duty-cycle warnings in the log

The remote is transmitting too often for the regulatory duty cycle. Reduce the heartbeat frequency at that remote, or batch its messages. Persistent duty-cycle warnings indicate a misconfiguration, not a hardware fault.

Remote node powered by solar starts failing every winter

Insufficient battery sizing for the local insolation profile. Re-size against worst expected sun-week; in Kosovo, plan for several consecutive overcast days. Upgrade the panel and battery, or add an auxiliary grid trickle charge where utility is reachable.

11 — How ICM-LR Compares to Alternatives

Wi-Fi-based remote access points. Require Wi-Fi infrastructure at each remote site (access points, backhaul). For a single barrier 500 m away, this is dramatically more expensive than a LoRa link. Wi-Fi range without repeaters does not span the distances ICM-LR targets.
Cellular (GSM/LTE) at each remote node. Per-node SIM cost and coverage uncertainty at perimeter locations. Workable in places with strong reliable mobile signal, problematic at outbuildings, basements, and rural perimeter installations. ICM-LR avoids the per-node SIM problem entirely.
Trenched cable to every remote point. Highest reliability, often highest cost. Where the site is fragmented, ICM-LR's LoRa link removes 80% of the trenching at the cost of the LoRa latency and bandwidth trade-off.
Stand-alone offline controllers at each remote. Cheap, but the site loses centralised management — users have to be enrolled at each controller individually, and audit logs do not aggregate. ICM-LR keeps centralised management while removing the cable burden.

12 — Current Implementation vs Roadmap

ICM-LR is currently in testing (ne faze testimi at the time of writing).

Shipping in pilot today

LoRa link in the 500 m configuration, validated in pilot installations.
Single-segment architecture with one master and one or more remote nodes.
End-to-end encryption with anti-replay counters across LoRa and RS-485 BUS.
Local RS-485 BUS per remote site, compatible with URX-Secure and W2R-N.
12–24 V DC at 3–6 W operating envelope.

On the roadmap (next release)

1 km configuration — optimised antenna and spreading factor for the maximum-range deployment.
Multi-segment architecture — large-site fault isolation across multiple master scopes.
Per-link cryptographic pairing with a per-remote-node key derived from a hardware-rooted identity.
Adaptive duty-cycle management that automatically tunes heartbeat rates based on observed channel utilisation.
OTA updates over LoRa for very small images at low-traffic remote nodes; large updates will continue to require a site visit or a higher-bandwidth secondary link.

13 — Key Takeaways

ICM-LR is the master for fragmented, multi-location sites where cabling between locations is the binding cost.
LoRa gives up to ~1 km line-of-sight reach without needing infrastructure at the remote end — but real range depends on obstructions, so always survey.
End-to-end encryption protects the wireless link; LoRa frames carry ciphertext, not credentials.
The same URX-Secure / W2R-N node ecosystem used by ICM-GE works behind ICM-LR over its local RS-485 BUS.
Currently in testing — the 500 m / single-segment configuration is functional; 1 km and multi-segment are next.

14 — Frequently Asked Questions

When should I choose ICM-LR over ICM-GE?

When the site is geographically distributed and cabling between locations is impractical or expensive — campuses, parking lots, fragmented yards, perimeter installations.

What is the realistic LoRa range?

Up to ~1 km line-of-sight in optimal conditions; 300–500 m through walls; less through dense obstructions. Site survey required.

Why LoRa instead of Wi-Fi or cellular?

Range without infrastructure: LoRa reaches hundreds of metres on low power without needing access points or cellular coverage at every remote node.

How does end-to-end encryption work?

Messages are encrypted at the originating node and decrypted at the destination. LoRa frames carry ciphertext. Anti-replay counters defeat record-and-replay.

What is the difference between single-segment and multi-segment?

Single-segment: one master, many LoRa remotes — the default. Multi-segment: large sites split into multiple master scopes for fault isolation.

Does ICM-LR replace ICM-GE or sit alongside it?

Either, depending on site design. Standalone for small distributed sites; alongside ICM-GE for large mixed sites where one master handles the building and the other handles the perimeter.

What power does ICM-LR draw?

12–24 V DC, 3–6 W operating. Remote LoRa nodes can run on solar + battery at low-traffic perimeter sites.

How many remote nodes can one ICM-LR support?

Tens of nodes for typical access-control traffic, limited by LoRa airtime and regulatory duty cycle more than by addressing.

Is ICM-LR available today?

In testing. 500 m / single-segment is pilot-validated; 1 km and multi-segment are next. Pilot units available on request.

What LoRa frequency is used, and is it licence-free?

EU 868 MHz ISM band, licence-free for low-power use in Kosovo, Albania and across the EU. Regional duty cycle limits apply and are respected by default.

15 — Related Guides and Products

16 — Get an ICM-LR Quote for Your Site

Have a campus, parking lot, gated yard or distributed site where cabling between locations is the deal-breaker? We can run a LoRa site survey, design the topology, supply pilot units and support commissioning. For projects starting in H2 2026, ICM-LR is on track; for projects shipping sooner, pilot units are available on request.

View in Store Request Quote

17 — References and Standards

LoRa Alliance — About LoRaWAN (LoRa / LoRaWAN technology overview)
ETSI EN 300 220 (EU 868 MHz short-range device band)
Semtech LoRa Connect / AN1200.22 (LoRa chirp spread-spectrum modulation)
TIA-485-A (RS-485 differential multi-drop electrical interface)