- Preface
- Using the Command-Line Interface
-
- Managing Switch Stacks
- Security Features Overview
- Preventing Unauthorized Access
- Controlling Switch Access with Passwords and Privilege Levels
- Configuring TACACS+
- Configuring RADIUS
- Configuring Kerberos
- Configuring Local Authentication and Authorization
- Configuring Secure Shell (SSH)
- Configuring Secure Socket Layer HTTP
- Configuring IPv4 ACLs
- Configuring IPv6 ACLs
- Configuring DHCP
- Configuring IP Source Guard
- Configuring Dynamic ARP Inspection
- Configuring IEEE 802.1x Port-Based Authentication
- Configuring Web-Based Authentication
- Configuring Port-Based Traffic Control
- Configuring IPv6 First Hop Security
- Configuring Cisco TrustSec
- Configuring FIPS
- XML Schema for SNMP Endpoint Proxy
- Important Notice
- Index
Configuring PoE
Finding Feature Information
Your software release may not support all the features documented in this module. For the latest caveats and feature information, see Bug Search Tool and the release notes for your platform and software release. To find information about the features documented in this module, and to see a list of the releases in which each feature is supported, see the feature information table at the end of this module.
Use Cisco Feature Navigator to find information about platform support and Cisco software image support. To access Cisco Feature Navigator, go to http://www.cisco.com/go/cfn. An account on Cisco.com is not required.
Restrictions for PoE
Note | This feature is supported only on the LAN Base image. |
Information about PoE
Power over Ethernet Ports
A PoE-capable switch port automatically supplies power to one of these connected devices if the switch senses that there is no power on the circuit:
-
a Cisco pre-standard powered device (such as a Cisco IP Phone or a Cisco Aironet Access Point)
-
an IEEE 802.3af-compliant powered device
A powered device can receive redundant power when it is connected to a PoE switch port and to an AC power source. The device does not receive redundant power when it is only connected to the PoE port.
- Supported Protocols and Standards
- Powered-Device Detection and Initial Power Allocation
- Power Management Modes
Supported Protocols and Standards
The switch uses these protocols and standards to support PoE:
-
CDP with power consumption—The powered device notifies the switch of the amount of power it is consuming. The switch does not reply to the power-consumption messages. The switch can only supply power to or remove power from the PoE port.
-
Cisco intelligent power management—The powered device and the switch negotiate through power-negotiation CDP messages for an agreed-upon power-consumption level. The negotiation allows a high-power Cisco powered device, which consumes more than 7 W, to operate at its highest power mode. The powered device first boots up in low-power mode, consumes less than 7 W, and negotiates to obtain enough power to operate in high-power mode. The device changes to high-power mode only when it receives confirmation from the switch.
High-power devices can operate in low-power mode on switches that do not support power-negotiation CDP.
Cisco intelligent power management is backward-compatible with CDP with power consumption; the switch responds according to the CDP message that it receives. CDP is not supported on third-party powered devices; therefore, the switch uses the IEEE classification to determine the power usage of the device.
-
IEEE 802.3af—The major features of this standard are powered-device discovery, power administration, disconnect detection, and optional powered-device power classification. For more information, see the standard.
Powered-Device Detection and Initial Power Allocation
The switch detects a Cisco pre-standard or an IEEE-compliant powered device when the PoE-capable port is in the no-shutdown state, PoE is enabled (the default), and the connected device is not being powered by an AC adaptor.
After device detection, the switch determines the device power requirements based on its type:
-
The initial power allocation is the maximum amount of power that a powered device requires. The switch initially allocates this amount of power when it detects and powers the powered device. As the switch receives CDP messages from the powered device and as the powered device negotiates power levels with the switch through CDP power-negotiation messages, the initial power allocation might be adjusted.
-
The switch classifies the detected IEEE device within a power consumption class. Based on the available power in the power budget, the switch determines if a port can be powered. Table 1 lists these levels.
Class |
Maximum Power Level Required from the Switch |
---|---|
0 (class status unknown) |
15.4 W |
1 |
4 W |
2 |
7 W |
3 |
15.4 W |
4 |
30 W (For IEEE 802.3at Type 2 powered devices) |
The switch monitors and tracks requests for power and grants power only when it is available. The switch tracks its power budget (the amount of power available on the switch for PoE). Theswitch performs power-accounting calculations when a port is granted or denied power to keep the power budget up to date.
After power is applied to the port, the switch uses CDP to determine the CDP-specific power consumption requirement of the connected Cisco powered devices, which is the amount of power to allocate based on the CDP messages. The switch adjusts the power budget accordingly. This does not apply to third-party PoE devices. The switch processes a request and either grants or denies power. If the request is granted, the switch updates the power budget. If the request is denied, the switch ensures that power to the port is turned off, generates a syslog message, and updates the LEDs. Powered devices can also negotiate with the switch for more power.
With PoE+, powered devices use IEEE 802.3at and LLDP power with media dependent interface (MDI) type, length, and value descriptions (TLVs), Power-via-MDI TLVs, for negotiating power up to 30 W. Cisco pre-standard devices and Cisco IEEE powered devices can use CDP or the IEEE 802.3at power-via-MDI power negotiation mechanism to request power levels up to 30 W.
Note | The initial allocation for Class 0, Class 3, and Class 4 powered devices is 15.4 W. When a device starts up and uses CDP or LLDP to send a request for more than 15.4 W, it can be allocated up to the maximum of 30 W. |
Note | The CDP-specific power consumption requirement is referred to as the actual power consumption requirement in the software configuration guides and command references. |
If the switch detects a fault caused by an undervoltage, overvoltage, overtemperature, oscillator-fault, or short-circuit condition, it turns off power to the port, generates a syslog message, and updates the power budget and LEDs.
The PoE feature operates the same whether or not the switch is a stack member. The power budget is per switch and independent of any other switch in the stack. Election of a new active switch does not affect PoE operation. The active switch keeps track of the PoE status for all switches and ports in the stack and includes the status in output displays.
Power Management Modes
The switch supports these PoE modes:
-
auto—The switch automatically detects if the connected device requires power. If the switch discovers a powered device connected to the port and if the switch has enough power, it grants power, updates the power budget, turns on power to the port on a first-come, first-served basis, and updates the LEDs. For LED information, see the hardware installation guide.
If the switch has enough power for all the powered devices, they all come up. If enough power is available for all powered devices connected to the switch, power is turned on to all devices. If there is not enough available PoE, or if a device is disconnected and reconnected while other devices are waiting for power, it cannot be determined which devices are granted or are denied power.
If granting power would exceed the system power budget, the switch denies power, ensures that power to the port is turned off, generates a syslog message, and updates the LEDs. After power has been denied, the switch periodically rechecks the power budget and continues to attempt to grant the request for power.
If a device being powered by the switch is then connected to wall power, the switch might continue to power the device. The switch might continue to report that it is still powering the device whether the device is being powered by the switch or receiving power from an AC power source.
If a powered device is removed, the switch automatically detects the disconnect and removes power from the port. You can connect a nonpowered device without damaging it.
You can specify the maximum wattage that is allowed on the port. If the IEEE class maximum wattage of the powered device is greater than the configured maximum value, the switch does not provide power to the port. If the switch powers a powered device, but the powered device later requests through CDP messages more than the configured maximum value, the switch removes power to the port. The power that was allocated to the powered device is reclaimed into the global power budget. If you do not specify a wattage, the switch delivers the maximum value. Use the auto setting on any PoE port. The auto mode is the default setting.
-
static—The switch pre-allocates power to the port (even when no powered device is connected) and guarantees that power will be available for the port. The switch allocates the port configured maximum wattage, and the amount is never adjusted through the IEEE class or by CDP messages from the powered device. Because power is pre-allocated, any powered device that uses less than or equal to the maximum wattage is guaranteed to be powered when it is connected to the static port. The port no longer participates in the first-come, first-served model.
However, if the powered-device IEEE class is greater than the maximum wattage, the switch does not supply power to it. If the switch learns through CDP messages that the powered device is consuming more than the maximum wattage, the switch shuts down the powered device.
If you do not specify a wattage, the switch pre-allocates the maximum value. The switch powers the port only if it discovers a powered device. Use the static setting on a high-priority interface.
-
never—The switch disables powered-device detection and never powers the PoE port even if an unpowered device is connected. Use this mode only when you want to make sure that power is never applied to a PoE-capable port, making the port a data-only port.
For most situations, the default configuration (auto mode) works well, providing plug-and-play operation. No further configuration is required. However, perform this task to configure a PoE port for a higher priority, to make it data only, or to specify a maximum wattage to disallow high-power powered devices on a port.
- Power Monitoring and Power Policing
- Maximum Power Allocation (Cutoff Power) on a PoE Port
- Power Consumption Values
Power Monitoring and Power Policing
When policing of the real-time power consumption is enabled, the switch takes action when a powered device consumes more power than the maximum amount allocated, also referred to as the cutoff-power value.
When PoE is enabled, the switch senses the real-time power consumption of the powered device. The switch monitors the real-time power consumption of the connected powered device; this is called power monitoring or power sensing. The switch also polices the power usage with the power policing feature.
Power monitoring is backward-compatible with Cisco intelligent power management and CDP-based power consumption. It works with these features to ensure that the PoE port can supply power to the powered device.
The switch senses the real-time power consumption of the connected device as follows:
-
The switch monitors the real-time power consumption on individual ports.
-
The switch records the power consumption, including peak power usage. The switch reports the information through the CISCO-POWER-ETHERNET-EXT-MIB.
-
If power policing is enabled, the switch polices power usage by comparing the real-time power consumption to the maximum power allocated to the device. The maximum power consumption is also referred to as the cutoff power on a PoE port.
If the device uses more than the maximum power allocation on the port, the switch can either turn off power to the port, or the switch can generate a syslog message and update the LEDs (the port LED is now blinking amber) while still providing power to the device based on the switch configuration. By default, power-usage policing is disabled on all PoE ports.
If error recovery from the PoE error-disabled state is enabled, the switch automatically takes the PoE port out of the error-disabled state after the specified amount of time.
If error recovery is disabled, you can manually re-enable the PoE port by using the shutdown and no shutdown interface configuration commands.
-
If policing is disabled, no action occurs when the powered device consumes more than the maximum power allocation on the PoE port, which could adversely affect the switch.
Maximum Power Allocation (Cutoff Power) on a PoE Port
When power policing is enabled, the switch determines one of the these values as the cutoff power on the PoE port in this order:
-
Manually when you set the user-defined power level that the switch budgets for the port by using the power inline consumption default wattage global or interface configuration command
-
Manually when you set the user-defined power level that limits the power allowed on the port by using the power inline auto max max-wattage or the power inline static max max-wattage interface configuration command
-
Automatically when the switch sets the power usage of the device by using CDP power negotiation or by the IEEE classification and LLDP power negotiation.
Use the first or second method in the previous list to manually configure the cutoff-power value by entering the power inline consumption default wattage or the power inline [auto | static max] max-wattage command.
If you do not manually configure the cutoff-power value, the switch automatically determines it by using CDP power negotiation or the device IEEE classification and LLDP power negotiation. If CDP or LLDP are not enabled, the default value of 30 W is applied. However without CDP or LLDP, the switch does not allow devices to consume more than 15.4 W of power because values from 15400 to 30000 mW are only allocated based on CDP or LLDP requests. If a powered device consumes more than 15.4 W without CDP or LLDP negotiation, the device might be in violation of the maximum current (Imax) limitation and might experience an Icut fault for drawing more current than the maximum. The port remains in the fault state for a time before attempting to power on again. If the port continuously draws more than 15.4 W, the cycle repeats.
Note | When a powered device connected to a PoE+ port restarts and sends a CDP or LLDP packet with a power TLV, the switch locks to the power-negotiation protocol of that first packet and does not respond to power requests from the other protocol. For example, if the switch is locked to CDP, it does not provide power to devices that send LLDP requests. If CDP is disabled after the switch has locked on it, the switch does not respond to LLDP power requests and can no longer power on any accessories. In this case, you should restart the powered device. |
Power Consumption Values
You can configure the initial power allocation and the maximum power allocation on a port. However, these values are only the configured values that determine when the switch should turn on or turn off power on the PoE port. The maximum power allocation is not the same as the actual power consumption of the powered device. The actual cutoff power value that the switch uses for power policing is not equal to the configured power value.
When power policing is enabled, the switch polices the power usage at the switch port, which is greater than the power consumption of the device. When you are manually set the maximum power allocation, you must consider the power loss over the cable from the switch port to the powered device. The cutoff power is the sum of the rated power consumption of the powered device and the worst-case power loss over the cable.
We recommend that you enable power policing when PoE is enabled on your switch. For example, if policing is disabled and you set the cutoff-power value by using the power inline auto max 6300 interface configuration command, the configured maximum power allocation on the PoE port is 6.3 W (6300 mW). The switch provides power to the connected devices on the port if the device needs up to 6.3 W. If the CDP-power negotiated value or the IEEE classification value exceeds the configured cutoff value, the switch does not provide power to the connected device. After the switch turns on power on the PoE port, the switch does not police the real-time power consumption of the device, and the device can consume more power than the maximum allocated amount, which could adversely affect the switch and the devices connected to the other PoE ports.
Because the switch supports internal power supplies and the Cisco Redundant Power System 2300 (also referred to as the RPS 2300), the total amount of power available for the powered devices varies depending on the power supply configuration.
How to Configure PoE
- Configuring a Power Management Mode on a PoE Port
- Fast POE
- Configuring Fast POE
- Budgeting Power for Devices Connected to a PoE Port
- Configuring Power Policing
Configuring a Power Management Mode on a PoE Port
Note | When you make PoE configuration changes, the port being configured drops power. Depending on the new configuration, the state of the other PoE ports, and the state of the power budget, the port might not be powered up again. For example, port 1 is in the auto and on state, and you configure it for static mode. The switch removes power from port 1, detects the powered device, and repowers the port. If port 1 is in the auto and on state and you configure it with a maximum wattage of 10 W, the switch removes power from the port and then redetects the powered device. The switch repowers the port only if the powered device is a class 1, class 2, or a Cisco-only powered device. |
1.
enable
2.
configure terminal
3.
interface
interface-id
4.
power inline {auto [max
max-wattage] |
never
|
static
[max
max-wattage]}
5.
end
6.
show power inline
[interface-id |
module
switch-number]
7.
copy running-config
startup-config
DETAILED STEPS
Fast POE
Fast PoE - This feature remembers the last power drawn from a particular PSE port and switches on power the moment AC power is plugged in (within 15 to 20 seconds of switching on power) without waiting for IOS to boot up. When poe-ha is enabled on a particular port, the switch on a recovery after power failure, provides power to the connected endpoint devices within short duration before even the IOS forwarding starts up.
This feature can be configured by the command poe-ha. If the user replaces the power device connected to a port when the switch is powered off, then this new device will get the power which the previous device was drawing.
Configuring Fast POE
To configure Fast POE, perform the following steps:
Note | You will need to configure the poe-ha command before connecting the PD, or you will need to manually shut/unshut the port after configuring poe-ha. |
1.
enable
2.
configure terminal
3.
interface
interface-id
4.
power inline port poe-ha
5.
end
DETAILED STEPS
Command or Action | Purpose | |
---|---|---|
Step 1 |
enable
Example:
Switch> enable
|
Enables privileged EXEC mode. Enter your password if prompted. |
Step 2 | configure terminal
Example:
Switch# configure terminal
|
Enters global configuration mode. |
Step 3 | interface
interface-id
Example: Switch(config)# interface gigabitethernet2/0/1
|
Specifies the physical port to be configured, and enters interface configuration mode. |
Step 4 | power inline port poe-ha
Example:
Switch(config-if)# power inline port poe-ha
|
Configures POE High Availability. |
Step 5 | end
Example:
Switch(config-if)# end
|
Returns to privileged EXEC mode. |
Budgeting Power for Devices Connected to a PoE Port
When Cisco powered devices are connected to PoE ports, the switch uses Cisco Discovery Protocol (CDP) to determine the CDP-specific power consumption of the devices, and the switch adjusts the power budget accordingly. This does not apply to IEEE third-party powered devices. For these devices, when the switch grants a power request, the switch adjusts the power budget according to the powered-device IEEE classification. If the powered device is a class 0 (class status unknown) or a class 3, the switch budgets 15,400 mW for the device, regardless of the CDP-specific amount of power needed. If the powered device reports a higher class than its CDP-specific consumption or does not support power classification (defaults to class 0), the switch can power fewer devices because it uses the IEEE class information to track the global power budget.
By using the power inline consumption wattage interface configuration command or the power inline consumption default wattage global configuration command, you can override the default power requirement specified by the IEEE classification. The difference between what is mandated by the IEEE classification and what is actually needed by the device is reclaimed into the global power budget for use by additional devices. You can then extend the switch power budget and use it more effectively.
Caution | You should carefully plan your switch power budget, enable the power monitoring feature, and make certain not to oversubscribe the power supply. |
Note | When you manually configure the power budget, you must also consider the power loss over the cable between the switch and the powered device. |
Budgeting Power to All PoE ports
1.
enable
2.
configure terminal
3.
no cdp run
4.
power inline consumption default
wattage
5.
end
6.
show power inline consumption default
7.
copy running-config
startup-config
DETAILED STEPS
Command or Action | Purpose | |||
---|---|---|---|---|
Step 1 |
enable
Example:
Switch> enable
|
Enables privileged EXEC mode. Enter your password if prompted. | ||
Step 2 | configure terminal
Example: Switch# configure terminal
|
Enters global configuration mode. | ||
Step 3 | no cdp run
Example: Switch(config)# no cdp run
|
(Optional) Disables CDP. | ||
Step 4 | power inline consumption default
wattage
Example: Switch(config)# power inline consumption default 5000
|
Configures the power consumption of powered devices connected to each PoE port. The range for each device is 4000 to 30000 mW (PoE+). The default is 30000 mW.
| ||
Step 5 | end
Example: Switch(config)# end
|
Returns to privileged EXEC mode. | ||
Step 6 | show power inline consumption default
Example: Switch# show power inline consumption default
|
Displays the power consumption status. | ||
Step 7 | copy running-config
startup-config
Example:
Switch# copy running-config startup-config
|
(Optional) Saves your entries in the configuration file. |
Budgeting Power to a Specific PoE Port
1.
enable
2.
configure terminal
3.
no cdp run
4.
interface
interface-id
5.
power inline consumption
wattage
6.
end
7.
show power inline consumption
8.
copy running-config
startup-config
DETAILED STEPS
Command or Action | Purpose | |
---|---|---|
Step 1 |
enable
Example:
Switch> enable
|
Enables privileged EXEC mode. Enter your password if prompted. |
Step 2 | configure terminal
Example: Switch# configure terminal
|
Enters global configuration mode. |
Step 3 | no cdp run
Example: Switch(config)# no cdp run
|
(Optional) Disables CDP. |
Step 4 | interface
interface-id
Example: Switch(config)# interface gigabitethernet2/0/1
|
Specifies the physical port to be configured, and enter interface configuration mode. |
Step 5 | power inline consumption
wattage
Example: Switch(config-if)# power inline consumption 5000
|
Configures the power consumption of a powered device connected to a PoE port on the switch. The range for each device is 4000 to 30000 mW (PoE+). The default is 30000 mW (PoE+). |
Step 6 | end
Example: Switch(config-if)# end
|
Returns to privileged EXEC mode. |
Step 7 | show power inline consumption
Example: Switch# show power inline consumption
|
Displays the power consumption data. |
Step 8 | copy running-config
startup-config
Example:
Switch# copy running-config startup-config
|
(Optional) Saves your entries in the configuration file. |
Configuring Power Policing
By default, the switch monitors the real-time power consumption of connected powered devices. You can configure the switch to police the power usage. By default, policing is disabled.
1.
enable
2.
configure terminal
3.
interface
interface-id
4.
power inline police
[action{log |
errdisable}]
5.
exit
6.
Use one of the
following:
7.
exit
8.
Use one of the
following:
9.
copy running-config
startup-config
DETAILED STEPS
Command or Action | Purpose | |||
---|---|---|---|---|
Step 1 |
enable
Example:
Switch> enable
|
Enables privileged EXEC mode. Enter your password if prompted. | ||
Step 2 | configure terminal
Example: Switch# configure terminal
|
Enters global configuration mode. | ||
Step 3 | interface
interface-id
Example: Switch(config)# interface gigabitethernet2/0/1
|
Specifies the physical port to be configured, and enter interface configuration mode. | ||
Step 4 | power inline police
[action{log |
errdisable}]
Example: Switch(config-if)# power inline police
|
If the real-time power consumption exceeds the maximum power allocation on the port, configures the switch to take one of these actions:
If you do not enter the action log keywords, the default action shuts down the port and puts the port in the error-disabled state. | ||
Step 5 | exit
Example: Switch(config-if)# exit
|
Returns to global configuration mode. | ||
Step 6 | Use one of the
following:
Example: Switch(config)# errdisable detect cause inline-power
Switch(config)# errdisable recovery cause inline-power
Switch(config)# errdisable recovery interval 100
|
(Optional) Enables error recovery from the PoE error-disabled state, and configures the PoE recover mechanism variables. By default, the recovery interval is 300 seconds. For interval interval, specifies the time in seconds to recover from the error-disabled state. The range is 30 to 86400. | ||
Step 7 | exit
Example: Switch(config)# exit
|
Returns to privileged EXEC mode. | ||
Step 8 | Use one of the
following:
Example: Switch# show power inline police
Switch# show errdisable recovery
|
Displays the power monitoring status, and verify the error recovery settings. | ||
Step 9 | copy running-config
startup-config
Example:
Switch# copy running-config startup-config
|
(Optional) Saves your entries in the configuration file. |
Monitoring Power Status
Command |
Purpose |
---|---|
show env power switch [switch-number] |
(Optional) Displays the status of the internal power supplies for each switch in the stack or for the specified switch. The range is 1 to , depending on the switch member numbers in the stack. These keywords are available only on stacking-capable switches. |
show power inline [interface-id | module switch-number] |
Displays PoE status for a switch or switch stack, for an interface, or for a specific switch in the stack. |
show power inline police |
Displays the power policing data. |
Configuration Examples for Configuring PoE
Budgeting Power: Example
this caution message appears:
%CAUTION: Interface Gi1/0/1: Misconfiguring the 'power inline consumption/allocation' command may cause damage to the switch and void your warranty. Take precaution not to oversubscribe the power supply. It is recommended to enable power policing if the switch supports it. Refer to documentation.
Additional References
Error Message Decoder
Description | Link |
---|---|
To help you research and resolve system error messages in this release, use the Error Message Decoder tool. |
https://www.cisco.com/cgi-bin/Support/Errordecoder/index.cgi |
MIBs
MIB | MIBs Link |
---|---|
All supported MIBs for this release. |
To locate and download MIBs for selected platforms, Cisco IOS releases, and feature sets, use Cisco MIB Locator found at the following URL: |
Technical Assistance
Description | Link |
---|---|
The Cisco Support website provides extensive online resources, including documentation and tools for troubleshooting and resolving technical issues with Cisco products and technologies. To receive security and technical information about your products, you can subscribe to various services, such as the Product Alert Tool (accessed from Field Notices), the Cisco Technical Services Newsletter, and Really Simple Syndication (RSS) Feeds. Access to most tools on the Cisco Support website requires a Cisco.com user ID and password. |