Since the inclusion process is the same for both S2-AccessControl as it is for S2-Authenticated, what is the real difference between these two security classes?
The S2-AccessControl group is not using a more secure communication than S2-Authenticated. The improved security comes from segmenting the network so that access control devices are only accessible by controllers that need to control them.
As such it is recommended to separate the device types into the following Security Classes.
All types of secure end devices including, but not limited to: