Documentation Digest: April 4th - April 11th, 2025

Hannah-C
Meraki Employee
Meraki Employee

Documentation Digest: April 4th - April 11th, 2025

DocDigest_Banner.png

 

New articles:

Cisco Secure Access Meraki BGP Configuration Guide

Change: New article.

 

Onboarding Cloud-Managed Catalyst switches to the Meraki Dashboard

Change: New article.

 

Cloud CLI for Cloud-Native IOS XE

Change: New article.

 

Operating mode claim to network API endpoint

Change: New article.

 

Hybrid Operating Mode for Catalyst Cloud-Managed Switches - Overview

Connect Hybrid Operating Mode Catalyst Switch to Dashboard

Upgrading Cloud-Monitored Switches to Hybrid Operating Mode

Hybrid Operating Mode Switches Configuration

Hybrid Operating Mode for Cloud-Managed Catalyst Switches FAQs

Terms and Conditions for Hybrid Operating Mode on Cloud-Managed

Change: New articles.

 

Meraki SD-WAN Secure Access Design Guide

Change: New article.

 

vMX X-Large Relaunch FAQ

Change: New article.

 

 

Secure Connect:

Cisco Secure Connect - Cloud Firewall Policy

Change: Added "Active Directory user groups are not supported to be used as an source identity."

 

Meraki Cloud Authentication (Cisco Secure Connect Embedded)

Change: Added deployment steps 14 and 15.

 

 

MX:

Configuring VLANs on the MX Security Appliance

MX Layer 2 Functionality

Change: Added "Modifying the enabled/disabled status of any LAN interface will reset the WAN interfaces, resulting in a connectivity loss on both Internet uplinks for up to 2 minutes. To minimize disruption, follow best practice and only make changes during a planned maintenance window."

 

MX Warm Spare - High-Availability Pair

Change: Added "For WAN2, the last octet of the virtual MAC will increment by 1."; added "If WAN interfaces are configured to use virtual uplink IPs, this will be the same as the WAN1 virtual MAC."

 

vMX NAT Mode Use Cases and FAQ

Change: Complete article update.

 

AnyConnect on the MX Appliance

Change: Added "A factory reset or device replacement (RMA) will need the custom certifications to be re-added under Security & SD-WAN > Configure  > Client VPN  > AnyConnect."

 

 

MS:

Catalyst 9300X-M Datasheet

Change: Added "The C9300X-NM-2C-M modules will operate at 40Gbps with software support in CS17 firmware. For 100G operation, IOS-XE 17.15+ is required."

 

Catalyst 9300-M Datasheet

Change: Added "The SFP28/QSFP28 modules will be orderable March 2024 with software support in CS16.7. 25Gbps Dashboard support is slated for CS17 firmware. 25Gbps optics can be used in CS16.8, but should be considered 'Beta'."

 

Cloud Operating Mode for Catalyst Cloud-Managed Switches Overview

Change: Added sections "Key highlights" and "Available Firmware and Migration Paths"; updated sections "Prerequisites" and "Unsupported features on IOS XE 17.15.3"; added "9200L stacks of 5 or more switches running IOS XE 17.15.3 or earlier versions may encounter an issue migrating to cloud operating mode or upgrading firmware. For stacks of 5 or more 9200L switches, it is recommended to wait for IOS XE 17.15.4."

 

Cloud-Native IOS XE

Change: Added sections "Cloud Operating Mode", "Hybrid Operating Mode" and "Cloud CLI".

 

MS250 Overview and Specifications

Change: Updated "Power Load (idle/max)" for MS250-48LP: "25 / 480 W".

 

 

MR:

Wireless VoIP QoS Best Practices

Change: Added section "Service Provider WiFi".

 

Cloud-native IOS XE Wireless Controllers Requirements

Change: Added "17.15.1 and later is required for Cloud CLI and CLI terminal."

 

Adding Catalyst 9800 Wireless Controller and Access Points to Dashboard

Change: Added "Cisco Catalyst Wireless LAN Controller can register with your Meraki Dashboard since firmware version IOS XE 17.12.3 or 17.15.1 or later."; added "By default, all access points joined to the wireless controller when adding the wireless controller to a Network will be added to the same network as the wireless controller."; added section "Access point network assignment".

 

Cloud-native IOS XE Wireless Controllers

Change: Added section "Cloud CLI".

 

Meraki Dashboard Catalyst Wireless - What's New

Change: Added "Simplified onboarding and AP network assignment"; added "Cloud CLI".

 

Change of Authorization with RADIUS (CoA) on MR Access Points

Change: Added "If your deployment uses CoA ensure you enable Cisco ISE even if ISE is not used, otherwise audit-session-id is not included and the CoA exchange may not work."

 

 

SM:

Systems Manager Supported Operating Systems

Change: Updated "Older Operating Systems": "Android versions 5 - 9 (these versions can no longer be enrolled, existing enrollments will have limited functionality)".

 

 

General Administration:

Meraki Assurance Overview Page

Change: Added "This is in active tiered rollout, and is being rolled gradually on a percentage basis".

 

Using Layer 3 Firewall Rules

Change: Added "You can specify a range of ports, such as "1024-400" in group policy layer 3 firewall rules. However, listing individual ports separated by commas, such as "80,443" is not supported."

 

Upstream Firewall Rules for Cloud Connectivity

Change: Added "If any Meraki devices fail firewall tests outlined in the rules above, you can download a CSV file with details of the nodes and the tests that failed."

 

Root Cause Analysis (RCA) - Alert Based Workflows

Change: Added "Note that the alert is currently not generated in the following scenarios: APs detect that the connected switch port is a Fast Ethernet port via LLDP/CDP. AP models that are unable to upgrade to the latest firmware versions."

 

Cisco Meraki Firmware FAQ

Change: Updated timeframe of email notification: "If an upgrade is scheduled, the network administrators will receive an email notification approximately one to two weeks prior to an upgrade."

 

Adaptive Policy Overview

Change: Added "Cloud Native IOS XE Switches: 17.15.2+ (model support is expanding and covered here)".

 

Configuring RADIUS Authentication with a Sign-On Splash Page

Change: Added "NAP was deprecated in Windows Server 2012 R2 and removed from Windows Server 2016. This NPS server configuration is an example only. If you need additional support, make sure you consult with your Microsoft Specialist and check Microsoft's current official documentation on Network Policy Server (NPS)."

2 Replies 2
RaphaelL
Kind of a big deal
Kind of a big deal

Added "Modifying the enabled/disabled status of any LAN interface will reset the WAN interfaces, resulting in a connectivity loss on both Internet uplinks for up to 2 minutes. To minimize disruption, follow best practice and only make changes during a planned maintenance window."

 

😤MX never cease to amaze me in the worse possible way !  I just tested this and I lost 1 ping on both enable / disable , which is still odd.

ww
Kind of a big deal
Kind of a big deal

Lets hope it doesnt trigger ids bug.

 

@Hannah-C @Port range "1024-400"  should be 4000?

Get notified when there are additional replies to this discussion.