Firmware 16.16 on MX100 -> unstable non-Meraki VPN

Getting noticed

Firmware 16.16 on MX100 -> unstable non-Meraki VPN



I've updated the FW of our MX100 from  FW16.15 to FW 16.16 and observed that several subnets in the VPN tunnel to our ASA  disconnects and are unreachable over hours. After rollback to FW 16.15, everything worked well again.

I've read on Reddit, that some guys had the same issue.

Is this a known problem or had someone the same issue?



4 Replies 4
Kind of a big deal
Kind of a big deal

Hi @Holli69 , not seen or heard of this issue as yet. Have you reported/informed Meraki support?

Darren OConnor |

I'm not an employee of Cisco/Meraki. My posts are based on Meraki best practice and what has worked for me in the field.



It could be part of the Known Issues of FW 16.16 - check you VLAN ID's

Known issues

  • After making some configuration changes on MX84 appliances, a brief period of packet loss may occur. This will affect all MX84 appliances on all MX firmware versions
  • Due to MX 15 regressions, USB cellular connectivity may be less reliable on some modems
  • Due to an MX 15 regression, the management port on MX84 appliances does not provide access to the local status page
  • Client traffic will be dropped by MX65(W), MX67(C,W), and MX68(W,CW) appliances if 1) The client is connected to a LAN port with 802.1X authentication enabled and 2) The VLAN ID of the port is configured to 16, 32, 48, 64, 80, 96, 112, 128, 144, 160, 176, 192, 208, 224, or 240.



 We've VLAN ID 16, 64,128 in our network, but MX100 should not be affected by this issue as mentioned in the Release Notes  (KNOWN ISSUES)



Kind of a big deal
Kind of a big deal

@Holli69 : Not seen in my network, But will check within my circle and will update

Cisco IT Blogs awarded in 2020 & 2021
Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.