Hello beautiful people, I hope that maybe you could help me.
I can’t seem to be able to provide full 802.3at power (poe+ 30W) to a regular Cisco Aironet 3700 access point.
I’ve tried multiple standard CAT6 and CAT6A cables
CSS610-8P-2S+IN with (latest?) stable version 2.16
Cisco Aironet 3702i access point
Tried the “on” poe mode, and “high” voltage level in below picture, manually
Even though the web portal shows that 54 volts (normal) are supplied, on the Cisco console and web portal it shows that only 15.4W are supplied, and therefore the AP does not power on the 5GHz antenna:
Cisco 3700 web page:
Cisco 3700 console: 15.4 W power - INJECTOR_CONFIGURED_ON_SOURCE inline power source
What could be the issue here?
When I’m using the Access point with the power supply that it came with, of course, it works properly…
Well this AP supports full poe+ (802.at), because this is the only way it can enable 4x4 MIMO antennas. When you connect it in simple poe (802.3af) it actually downgrades to lower speed for 5GHz and 3x3 antennas as stated in getting started guide:
Interesting… I’ve got no other suggestions unfortunately. I have the same switch and it works just fine with POE+ and ubiquiti APs. I know I’ve seen people say that mikrotik doesn’t necessarily adhere to the same standards/protocols as other manufacturers. Wonder if this is one of those cases? Or it’s the Cisco AP? Wish I could be of more help there.
Thanks for your help. I suspect this is a bug. I fully understand what you are saying, but this problem is very weird. I wonder whether anyone else has hit this bug.
Anyone using any Cisco APs out there on this switch?
I have not mentioned that I am using an older Cisco IOS version for this as of now (153-3.JPJ4) with a release date of 01-Aug-2020, while the latest version is actually 15.3.3-JPO released on 01-Dec-2022. Not sure this could be the reason, however I wouldn’t believe this to be a Cisco issue. Seems to me more like a mikrotik bug.
Im using the power cable (C13) that came with it. Isn’t that more than enough to power the full 140W that this switch claims to have as a power budget in the datasheet?
Anyway, the Cisco power adapter in my hand says it provides 0.38A @ 48VDC… So I’m pretty sure this problem has something to do with power negotiation. I will test a hex poe that I have with it and report back. If it works with the hex poe (as it acts as a poe passthrough device) then there’s definitely the CSS610’s problem.
Some math?
48 × 0,38 = 18,24W
are not the 30W needed…
802.3af 15,4W
802.3at 30,0W
Check if the Cisco device need LLDP for detect 802.3at: is not one standard and unsupported on MikroTik device (and not only MikroTik)
Probably Cisco want sell own PSU…
Is not first time than Cisco use own standard for PoE.
Check for example Cisco Discovery Protocol (CDP) used for PoE settings and the Universal Power over Ethernet (UPOE) proprietary Cisco PoE.
Unfortunately no updates. The AP is only drawing 8.3W according to my smart plug tests with the official Cisco power adapter, therefore there is no full POE+ (802.3at) needed. However it seems I am still unable to power it with the CSS610 in full PoE+ mode (which is a requirement for the 4x4 MIMO mode). It downgrades to 3x3 MIMO mode as it detects simply 15.4W 802.3af mode. This could very well be due to the above comments (that SwOS lite is unable to read CDP protocol frames). Even though the AP supports LLDP, it doesn’t seem that LLDP is used for the power negotiation from what I can tell with the console logging.
I am very disappointed with this switch, because I preferred it due to the 802.3af/802.3at specification however it seems not to abide by its promise with one of the biggest networking brands out there…
Here’s hoping for a future SwOS release that will fix this bug.
The same problem! I was trying everything and nothing… I am super disappointed. I bought this switch for 4 Cisco Catalyst 9120 one of them is Cisco Catalyst 9120AXE-EWC ( with Cisco Embedded Wireless Controller ). The switch starts up take the port up and 0 the voltage is drawing 8.3W - 9.2 W and i expect much more from SWITCH that is supporting 802.3at)
@stathismes: I don’t understand what you don’t understand? If some vendor (even if it’s THE vendor) uses proprietary protocols, then it’s unreasonable to expect other vendors to implement them. Sometimes those proprietary protocols are even trade secrets or patented crap. Yes, sometimes other vendors do implement those proprietary protocols, but one should not simply expect them to do it.
It’s the same as if you went to car shop, bought set of wheels (and even cared to pick the right size) but failed to note the number and diameter of bolts. Now you’re asking car manufacturer to support you at mounting those 3rd party rims on your vehicle?
@mkx Are you serious? You try to explain me that from the fist moment this woooow switch is getting red the power is hight because some protocol? it is kind of joke? To explain you much more the problem is not the protocols the problem is the voltage! And stop tell us how great is this brad that is writing POE+ (802.3at) And 8,4w - 9.2W are higher for this device! The protocol is when you get power and can not get any data!
To be honest 50USD SWITCH FROM Aliexpress is much better! And work perfect!
@mkx I get your point however ever since I knew Mikrotiks, they were perfectly capable of reading CDP no problem. Even on SwOS when you enable Mikrotik Discovery Protocol, whenever you connect a Cisco device it is capable of reading CDP frames and give you info about the device. I’m not saying that MDP isn’t perfect, I’m just frustrated that I bought a device that promises to support an open standard (802.3at) and apparently it doesn’t deliver without some critical component as it seems. I am not a Cisco dev nor part of any IETF working group to know exactly what, but isn’t this something to be investigated by the vendors? If they want us to buy into their products I mean. Don’t get me wrong, I love Mikrotik products, but as always, I expect them to work out of the box.
I can’t say much about Cisco, I have very limited experience with those. But 802.3 af/at/bt defines a procedure between PSE (PoE switch) and PD (end device) which tells PSE what power class is PD. OTOH PD can learn power class of PSE. If both devices don’t follow protocol exactly, then there are some defaults (and those are geared towards failsafe operation). Standard 802.3at says that PSE may use LLDP (but it seems it doesn’t have to). And in 802.3 af/at/bt it’s always PSE which “drives” how exactly are things going to work, PD has to accept (and support) everything from standard. Hypothesis: if Cisco implemented PoE negotiation only via LLDP, but MT requires to do it without LLDP, then there’s incompatibility even though both devices are 802.3 af/at compliant (only not compliant enough).
And no, if some generation of devices support other vendor’s proprietary protocol it doesn’t mean every newer generation of deviced will support it as well.
@NAMPSTER: if PD draws some amount of power which is less than limit of PSE it doesn’t necessarily mean that PSE can not provide more. It could as well mean that PD, after (successfully) finished power class negotiation, knows it can’t draw maximum required power and thus doesn’t enable consumers with lower priority.
Most PoE switches have per-port limuts (e.g, 892.3 at limit is 30W per port) and then have global limit (e.g. 12-port switch may have global limit of 200W) which is less than sum of per-port limits. When total power consumption reaches global limit (but individual ports are all below per-port limits), then PSE will have to cut power on some port(s) … where priorities come to play. While power on some ports is cut off, total consumption is lower than global limit … but that doesn’t mean that power adapter, powering PSE, can’t deliver more.
CSS610P has 625mA * high_voltage, 1000mA * low_voltage limit per port, and a total power usage limit of 140W.
PSE does not have to support LLDP, it’s PD that has to support HW and LLDP classification. PSE cannot control what the PD does if LLDP is not supported, it is totally up to PD to make a decision. From what you are describing, Cisco AP backs to the “safest” option and that is to use class 4 802.3af power, not 802.3at. That has nothing to do with MikroTik and if you’d plug in a PD which would decide to go the other way and try to use the whole 25.5W, CSS610P would allow it with no issues.
It seems however, that MDP is not reading any LLDP or CDP packets from Cisco devices. It is not transmitting any “readable” frames towards the Cisco devices either. From the command outputs on Cisco APs to show neighbor devices for CDP/LLDP (show cdp neighbor / show lldp neighbor) I am only getting the RouterOS neighbors (a couple 4011 routerboards that I have) but the CSS610 not appearing as a neighbor device on the CDP/LLDP table (mind you that I am directly connecting it on a CSS610 port. The switch appears only on the RouterOS “IP > Neighbors” table.
So I assume that MDP is not working 100% on the SwOS Lite version 2.16 (built at Mon Jul 18 2022 17:55:44 GMT+0300)
I assume that when the MDP is fixed to work correctly in a future version (2.17 out there? Or still rc?) then the Cisco APs will read the frames properly and power on in 802.3at mode.
Until then, future readers, stay away from SwOS Lite switches if you plan to use CSS610 with Cisco APs.
CDP running on the Cisco 3700 series (3700-02) below.
mtk1.xxxxxxxx is a Routerboard 4011 with multiple VLANs
3700-01 is another 3700 cisco AP in the lan
3700-02#show cdp n
Capability Codes: R - Router, T - Trans Bridge, B - Source Route Bridge
S - Switch, H - Host, I - IGMP, r - Repeater, P - Phone,
D - Remote, C - CVTA, M - Two-port Mac Relay
Device ID Local Intrfce Holdtme Capability Platform Port ID
mtk1.xxxxxxxx
Gig 0 68 R MikroTik VRRP-AP-MGMT-VLAN102
mtk1.xxxxxxxx
Gig 0 68 R MikroTik AP-MGMT-VLAN102
mtk1.xxxxxxxx
Gig 0 68 R MikroTik VRRP-DEVTEST-VLAN45
mtk1.xxxxxxxx
Gig 0 68 R MikroTik VRRP-HOTSPOTWIFI-VLAN49
mtk1.xxxxxxxx
Gig 0 68 R MikroTik VRRP-GUESTWIFI-VLAN46
mtk1.xxxxxxxx
Gig 0 68 R MikroTik VRRP-DMZ-VLAN40
mtk1.xxxxxxxx
Gig 0 68 R MikroTik VRRP-CPE-MGMT-VLAN101
mtk1.xxxxxxxx
Gig 0 68 R MikroTik VRRP-WISP-MGMT-VLAN100
mtk1.xxxxxxxx
Gig 0 68 R MikroTik VRRP-VOICE-VLAN35
mtk1.xxxxxxxx
Gig 0 68 R MikroTik VRRP-MGMT-VLAN50
mtk1.xxxxxxxx
Gig 0.10 68 R MikroTik VRRP-PRD-VLAN10
mtk1.xxxxxxxx
Gig 0 68 R MikroTik DEVTEST-VLAN45
mtk1.xxxxxxxx
Gig 0 64 R MikroTik VOICE-VLAN35
mtk1.xxxxxxxx
Gig 0.10 64 R MikroTik PRODUCTION-VLAN10
mtk1.xxxxxxxx
Gig 0 64 R MikroTik MANAGEMENT-VLAN50
mtk1.xxxxxxxx
Gig 0 64 R MikroTik HOTSPOTWIFI-VLAN49
mtk1.xxxxxxxx
Gig 0 64 R MikroTik GUESTWIFI-VLAN46
mtk1.xxxxxxxx
Gig 0 64 R MikroTik DMZ-VLAN40
mtk1.xxxxxxxx
Gig 0 64 R MikroTik CPE-MGMT-VLAN101
mtk1.xxxxxxxx
Gig 0 64 R MikroTik Bridge_Production/ether5
3700-01.xxxxxxxx
Gig 0 132 T B I AIR-SAP37 Gig 0
3700-02#
As you can see, the CSS610 nowhere to be found! I have enabled MDP on the CSS however, plus CDP/LLDP on the Cisco APs.
