Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
5306
Views
0
Helpful
2
Replies

PoE on ASA 5505 not working (8.4)

scottywc42
Level 1
Level 1

‎06-03-2012 05:08 PM - edited ‎03-11-2019 04:15 PM

I recently acquired a used ASA 5505 and have encountered issues with getting the PoE output on Ports 6 & 7 working. Theese two PoE ports are behaving like all the other ports (100mbit, Vlan 1). Per the best I could Google, I made sure the all relevant ports are set to "auto" for duplex and link speed. Again, the ports do work for data - just not PoE. The LEDs light up ok.

I've tested four different working devices that can be powered off PoE with it, and all failed to power up using a straight-thru Ethernet cable connected to ports 6 & 7.

Ubiquiti PicoStation M2

MikroTik OmniTik

MikroTik RB450G

MikroTik RB433

What should I do to get PoE working? Is it a defective unit?

: Saved

: Written by enable_15 at 18:56:43.926 CDT Sun Jun 3 2012

!

ASA Version 8.4(4)

!

hostname <redacted>

domain-name <redacted>

enable password <redacted> encrypted

passwd <redacted> encrypted

names

!

interface Ethernet0/0

description wan

switchport access vlan 2

speed 100

duplex full

!

interface Ethernet0/1

description MikroTik

speed 100

duplex full

!

interface Ethernet0/2

description Ubnt

speed 100

duplex full

!

interface Ethernet0/3

description airave

speed 100

duplex full

!

interface Ethernet0/4

speed 100

duplex full

!

interface Ethernet0/5

switchport access vlan 5

speed 100

duplex full

!

interface Ethernet0/6

!

interface Ethernet0/7

!

interface Vlan1

nameif inside

security-level 100

ip address 10.0.1.1 255.255.255.0

!

interface Vlan2

nameif outside

security-level 0

ip address dhcp setroute

!

ftp mode passive

clock timezone CST -6

clock summer-time CDT recurring

dns domain-lookup inside

dns server-group DefaultDNS

name-server 208.67.222.222

name-server 75.75.76.76

name-server 8.8.8.8

name-server 8.8.4.4

name-server 4.2.2.3

name-server 4.2.2.4

domain-name <redacted>

object network obj_any

subnet 0.0.0.0 0.0.0.0

object network wan

host <redacted>

description wan ip on 06.03.2012

object network xbox

host 10.0.1.11

description Xbox TCP 3074

object network xbox_udp88

host 10.0.1.11

description Xbox UDP 88

object network xbox_tcp3074

host 10.0.1.11

description Xbox TCP 3074

object network xbox_tcp1863

host 10.0.1.11

description Xbox Video Kinect TCP 1863

object network xbox_udp1863

host 10.0.1.11

description Xbox Video Kinect UDP 1863

object network airave_udp500

host 10.0.1.10

description Airave UDP 500

object network airave_udp4500

host 10.0.1.10

description Airave UDP 4500

access-list outside_in_airave extended permit udp any object airave_udp500

access-list outside_in_airave extended permit udp any object airave_udp4500

access-list outside_in_ssh extended permit tcp any interface outside eq ssh log

access-list outside_in_xbox extended permit udp any object xbox

access-list outside_in_xbox extended permit udp any object xbox_udp88

access-list outside_in_xbox extended permit udp any object xbox_udp1863

access-list outside_in_xbox extended permit tcp any object xbox_tcp3074

access-list outside_in_xbox extended permit tcp any object xbox_tcp1863

pager lines 24

logging enable

logging timestamp

logging buffer-size 5000

logging asdm-buffer-size 200

logging trap warnings

logging flash-bufferwrap

logging flash-minimum-free 512000

logging flash-maximum-allocation 256000

mtu inside 1500

mtu outside 1500

ip verify reverse-path interface outside

ip audit name attack attack action alarm drop

ip audit name info info action alarm

ip audit interface outside info

ip audit interface outside attack

icmp unreachable rate-limit 1 burst-size 1

icmp permit 10.0.1.0 255.255.255.0 inside

icmp permit any outside

asdm history enable

arp timeout 14400

!

object network obj_any

nat (inside,outside) dynamic interface

object network xbox

nat (inside,outside) static interface service udp 3074 3074

object network xbox_udp88

nat (inside,outside) static interface service udp 88 88

object network xbox_tcp3074

nat (inside,outside) static interface service tcp 3074 3074

object network xbox_tcp1863

nat (inside,outside) static interface service tcp 1863 1863

object network xbox_udp1863

nat (inside,outside) static interface service udp 1863 1863

object network airave_udp500

nat (inside,outside) static interface service udp isakmp isakmp

object network airave_udp4500

nat (inside,outside) static interface service udp 4500 4500

timeout xlate 3:00:00

timeout pat-xlate 0:00:30

timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02

timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00

timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00

timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute

timeout tcp-proxy-reassembly 0:01:00

timeout floating-conn 0:00:00

dynamic-access-policy-record DfltAccessPolicy

user-identity default-domain LOCAL

aaa authentication ssh console LOCAL

http server enable

http 10.0.1.0 255.255.255.0 inside

http authentication-certificate inside

no snmp-server location

no snmp-server contact

snmp-server enable traps snmp authentication linkup linkdown coldstart warmstart

sysopt connection tcpmss minimum 48

no service resetoutbound interface outside

crypto isakmp nat-traversal 3600

telnet timeout 5

ssh scopy enable

ssh 10.0.1.0 255.255.255.0 inside

ssh 0.0.0.0 0.0.0.0 outside

ssh timeout 5

ssh version 2

ssh key-exchange group dh-group14-sha1

console timeout 0

dhcpd dns 8.8.8.8 8.8.4.4

dhcpd auto_config outside

!

dhcpd address 10.0.1.40-10.0.1.70 inside

dhcpd dns 8.8.8.8 8.8.4.4 interface inside

dhcpd auto_config outside interface inside

dhcpd enable inside

!

threat-detection basic-threat

threat-detection scanning-threat shun except ip-address 10.0.1.0 255.255.255.0

threat-detection scanning-threat shun duration 180

threat-detection statistics host number-of-rate 3

threat-detection statistics port number-of-rate 3

threat-detection statistics protocol number-of-rate 3

threat-detection statistics access-list

threat-detection statistics tcp-intercept rate-interval 30 burst-rate 400 average-rate 200

ntp server 96.44.157.90

ntp server 64.73.32.135

ntp server 64.251.10.152

ntp server 155.101.3.113

ntp server 184.105.192.247

ntp server 24.124.0.251

webvpn

username <redacted> password <redacted> encrypted privilege 15

!

class-map inspection_default

match default-inspection-traffic

!

!

policy-map type inspect dns preset_dns_map

parameters

  message-length maximum client auto

  message-length maximum 512

policy-map global_policy

class inspection_default

  inspect dns preset_dns_map

  inspect ftp

  inspect h323 h225

  inspect h323 ras

  inspect rsh

  inspect rtsp

  inspect esmtp

  inspect sqlnet

  inspect skinny 

  inspect sunrpc

  inspect xdmcp

  inspect sip 

  inspect netbios

  inspect tftp

  inspect ip-options

class class-default

  user-statistics accounting

!

service-policy global_policy global

prompt hostname context

no call-home reporting anonymous

hpm topN enable

Cryptochecksum:1eb06680bfc5fc26cff663e402591c1d

: end

Labels:
0 Helpful
2 Replies 2

scottywc42
Level 1
Level 1

‎06-03-2012 06:19 PM

I did more research and found MikroTik and Ubiquiti products generally use "passive PoE". This is not compatible with 802.3af, which the ASA 5505 (and everyone else) uses. As a result I'm going to have to get an inline adapter of some kind the converts 802.3af to passive PoE.

0 Helpful

rreichel
Level 1
Level 1
In response to scottywc42

‎02-07-2015 12:07 PM

Scotty,  Thanks for the info.  I was just starting to troubleshoot this and your post saved me a bunch of time!!!  Thanks again.

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card