Operational Defect Database
BugZero found this defect 2054 days ago.
Data sources
All data on this page is proprietary to BugZero® or gathered from public sources
WatchGuard Technologies | kA10H000000g3bTSAQ
WatchGuard APs and PoE+ power with switches and LLDP
Last update date:
10/4/2018
Affected products:
Firebox M200
Firebox M300
Firebox M270
Firebox M370
Firebox M470
Firebox M570
Firebox M670
Firebox M290
Firebox M390
Firebox M400
Firebox M500
Firebox M440
Affected releases:
All
Fireware
11.x
11.1.x
11.10.x
11.10
11.10.1
11.10.2
11.10.3
11.10.4
11.10.5
11.10.6
Fixed releases:
All
Description:
Issue
The Link Layer Discovery Protocol (LLDP, IEEE 802.1AB) is a vendor-neutral layer 2 protocol that can be used by a device connected to a specific LAN segment to advertise its identity and capabilities and receive the same information from other layer 2 devices. When you connect a PoE+ capable WatchGuard AP to a PoE+ switch with LLDP capabilities, the AP sends LLDP packets to the switch every 30 seconds to request 25W of power for PoE+. When the AP receives an LLDP response from the switch, the AP starts to operate in PoE+ power mode. If there is no reply from the switch (if LLDP is disabled), then the AP operates in PoE-only mode, even though the AP is correctly connected to the PoE+ switch.Some WatchGuard AP models such as the AP322, AP325, AP327X, and the AP420, require PoE+ for full operation and capabilities. For more information, see WatchGuard AP Power Requirements.When you use PoE power instead of PoE+, the AP may have these limitations depending on the AP model: USB port and additional LAN ports are disabledReduced transmit power and steams on the 2.4 and 5 GHz radiosFor AP models with a dedicated third-radio for scanning, the radio will have degraded WIPS scanning performance and the inability to prevent 2x2 or higher clients
Workaround/Solution
To make sure that LLDP-capable PoE+ switches provide appropriate power to WatchGuard APs that support PoE+: Enable LLDP on the switch.Disable static allocation of maximum power of 30W (if previously configured) For example, to enable LLDP on a Cisco switch, type these commands: Switch# configure terminalSwitch(config)# lldp runSwitch(config)# end If the switch does not support LLDP, we recommend you disable multicast communications on the switch ports where the APs are connected to prevent APs from sending LLDP responses to each other. About PoE+ Injectors and PoE-only switches If you connect your PoE+ capable AP to the network with a PoE+ injector, and then connect to a non-PoE+ switch, the LLDP responses from the switch broadcast a response for the AP to switch to PoE power, even through it is connected to the network through the PoE+ injector.If your switch does not support LLDP, APs may also switch to lower PoE power if they inadvertently receive LLDP responses from other APs connected to the switch.In this case, we recommend that you disable LLDP on the switch and configure the switch to prevent multicast communications between the switch ports where the APs are connected. How to Check the Power Status of your AP To check the power status of your AP from the Gateway Wireless Controller on a Firebox: Select Dashboard > Gateway Wireless Controller.Select the Access Points tab.Select an Access Point. In the Access Point properties, check the Power Source section that indicates the current power source for the AP (PoE+, PoE, or DC). To check the power status of your AP in Wi-Fi Cloud from Discover: Open Discover.Select Monitor > WiFi > Access Points.Check the Power Source column that indicates the current power source for the AP (PoE+, PoE, or DC).
