06-03-2012 05:08 PM - edited 03-11-2019 04:15 PM
I recently acquired a used ASA 5505 and have encountered issues with getting the PoE output on Ports 6 & 7 working. Theese two PoE ports are behaving like all the other ports (100mbit, Vlan 1). Per the best I could Google, I made sure the all relevant ports are set to "auto" for duplex and link speed. Again, the ports do work for data - just not PoE. The LEDs light up ok.
I've tested four different working devices that can be powered off PoE with it, and all failed to power up using a straight-thru Ethernet cable connected to ports 6 & 7.
Ubiquiti PicoStation M2
MikroTik OmniTik
MikroTik RB450G
MikroTik RB433
What should I do to get PoE working? Is it a defective unit?
: Saved
: Written by enable_15 at 18:56:43.926 CDT Sun Jun 3 2012
!
ASA Version 8.4(4)
!
hostname <redacted>
domain-name <redacted>
enable password <redacted> encrypted
passwd <redacted> encrypted
names
!
interface Ethernet0/0
description wan
switchport access vlan 2
speed 100
duplex full
!
interface Ethernet0/1
description MikroTik
speed 100
duplex full
!
interface Ethernet0/2
description Ubnt
speed 100
duplex full
!
interface Ethernet0/3
description airave
speed 100
duplex full
!
interface Ethernet0/4
speed 100
duplex full
!
interface Ethernet0/5
switchport access vlan 5
speed 100
duplex full
!
interface Ethernet0/6
!
interface Ethernet0/7
!
interface Vlan1
nameif inside
security-level 100
ip address 10.0.1.1 255.255.255.0
!
interface Vlan2
nameif outside
security-level 0
ip address dhcp setroute
!
ftp mode passive
clock timezone CST -6
clock summer-time CDT recurring
dns domain-lookup inside
dns server-group DefaultDNS
name-server 208.67.222.222
name-server 75.75.76.76
name-server 8.8.8.8
name-server 8.8.4.4
name-server 4.2.2.3
name-server 4.2.2.4
domain-name <redacted>
object network obj_any
subnet 0.0.0.0 0.0.0.0
object network wan
host <redacted>
description wan ip on 06.03.2012
object network xbox
host 10.0.1.11
description Xbox TCP 3074
object network xbox_udp88
host 10.0.1.11
description Xbox UDP 88
object network xbox_tcp3074
host 10.0.1.11
description Xbox TCP 3074
object network xbox_tcp1863
host 10.0.1.11
description Xbox Video Kinect TCP 1863
object network xbox_udp1863
host 10.0.1.11
description Xbox Video Kinect UDP 1863
object network airave_udp500
host 10.0.1.10
description Airave UDP 500
object network airave_udp4500
host 10.0.1.10
description Airave UDP 4500
access-list outside_in_airave extended permit udp any object airave_udp500
access-list outside_in_airave extended permit udp any object airave_udp4500
access-list outside_in_ssh extended permit tcp any interface outside eq ssh log
access-list outside_in_xbox extended permit udp any object xbox
access-list outside_in_xbox extended permit udp any object xbox_udp88
access-list outside_in_xbox extended permit udp any object xbox_udp1863
access-list outside_in_xbox extended permit tcp any object xbox_tcp3074
access-list outside_in_xbox extended permit tcp any object xbox_tcp1863
pager lines 24
logging enable
logging timestamp
logging buffer-size 5000
logging asdm-buffer-size 200
logging trap warnings
logging flash-bufferwrap
logging flash-minimum-free 512000
logging flash-maximum-allocation 256000
mtu inside 1500
mtu outside 1500
ip verify reverse-path interface outside
ip audit name attack attack action alarm drop
ip audit name info info action alarm
ip audit interface outside info
ip audit interface outside attack
icmp unreachable rate-limit 1 burst-size 1
icmp permit 10.0.1.0 255.255.255.0 inside
icmp permit any outside
asdm history enable
arp timeout 14400
!
object network obj_any
nat (inside,outside) dynamic interface
object network xbox
nat (inside,outside) static interface service udp 3074 3074
object network xbox_udp88
nat (inside,outside) static interface service udp 88 88
object network xbox_tcp3074
nat (inside,outside) static interface service tcp 3074 3074
object network xbox_tcp1863
nat (inside,outside) static interface service tcp 1863 1863
object network xbox_udp1863
nat (inside,outside) static interface service udp 1863 1863
object network airave_udp500
nat (inside,outside) static interface service udp isakmp isakmp
object network airave_udp4500
nat (inside,outside) static interface service udp 4500 4500
timeout xlate 3:00:00
timeout pat-xlate 0:00:30
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00
timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00
timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute
timeout tcp-proxy-reassembly 0:01:00
timeout floating-conn 0:00:00
dynamic-access-policy-record DfltAccessPolicy
user-identity default-domain LOCAL
aaa authentication ssh console LOCAL
http server enable
http 10.0.1.0 255.255.255.0 inside
http authentication-certificate inside
no snmp-server location
no snmp-server contact
snmp-server enable traps snmp authentication linkup linkdown coldstart warmstart
sysopt connection tcpmss minimum 48
no service resetoutbound interface outside
crypto isakmp nat-traversal 3600
telnet timeout 5
ssh scopy enable
ssh 10.0.1.0 255.255.255.0 inside
ssh 0.0.0.0 0.0.0.0 outside
ssh timeout 5
ssh version 2
ssh key-exchange group dh-group14-sha1
console timeout 0
dhcpd dns 8.8.8.8 8.8.4.4
dhcpd auto_config outside
!
dhcpd address 10.0.1.40-10.0.1.70 inside
dhcpd dns 8.8.8.8 8.8.4.4 interface inside
dhcpd auto_config outside interface inside
dhcpd enable inside
!
threat-detection basic-threat
threat-detection scanning-threat shun except ip-address 10.0.1.0 255.255.255.0
threat-detection scanning-threat shun duration 180
threat-detection statistics host number-of-rate 3
threat-detection statistics port number-of-rate 3
threat-detection statistics protocol number-of-rate 3
threat-detection statistics access-list
threat-detection statistics tcp-intercept rate-interval 30 burst-rate 400 average-rate 200
ntp server 96.44.157.90
ntp server 64.73.32.135
ntp server 64.251.10.152
ntp server 155.101.3.113
ntp server 184.105.192.247
ntp server 24.124.0.251
webvpn
username <redacted> password <redacted> encrypted privilege 15
!
class-map inspection_default
match default-inspection-traffic
!
!
policy-map type inspect dns preset_dns_map
parameters
message-length maximum client auto
message-length maximum 512
policy-map global_policy
class inspection_default
inspect dns preset_dns_map
inspect ftp
inspect h323 h225
inspect h323 ras
inspect rsh
inspect rtsp
inspect esmtp
inspect sqlnet
inspect skinny
inspect sunrpc
inspect xdmcp
inspect sip
inspect netbios
inspect tftp
inspect ip-options
class class-default
user-statistics accounting
!
service-policy global_policy global
prompt hostname context
no call-home reporting anonymous
hpm topN enable
Cryptochecksum:1eb06680bfc5fc26cff663e402591c1d
: end
06-03-2012 06:19 PM
I did more research and found MikroTik and Ubiquiti products generally use "passive PoE". This is not compatible with 802.3af, which the ASA 5505 (and everyone else) uses. As a result I'm going to have to get an inline adapter of some kind the converts 802.3af to passive PoE.
02-07-2015 12:07 PM
Scotty, Thanks for the info. I was just starting to troubleshoot this and your post saved me a bunch of time!!! Thanks again.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide