Meraki

Community

MX 26.1.1 - First beta

RaphaelL
Kind of a big deal
Kind of a big deal
‎Dec 5 2025 5:56 PM
‎Dec 5 2025 5:56 PM

MX 26.1.1 - First beta

Security appliance firmware versions MX 26.1.1 changelog

What's new

  • Expanded BGP attribute support to include outbound well-known and custom communities and increased route integrity with inbound filtering.
  • Client VPN now supports IKEv2 for establishing connections.
  • VPN full-tunnel exclusion now includes source-based and NBAR application-based exclusion definitions.
  • Added support for encrypted (TLS) syslog

Legacy products notice

  • When configured for this version, Z3(C) devices will run MX 19.2.4.
  • When configured for this version, MX64(W), MX65(W), MX84, MX100, and vMX100 devices will run MX 18.107.13.

Other

  • The product complies with EN 18031-1:2024 and EN 18031-2: 2024
23 Replies 23
RaphaelL
Kind of a big deal
Kind of a big deal
‎Dec 5 2025 5:58 PM
‎Dec 5 2025 5:58 PM

First Meraki product to have the CalVer format

0 Kudos
cmr
Kind of a big deal
Kind of a big deal
‎Dec 5 2025 11:50 PM
‎Dec 5 2025 11:50 PM

I thought they were just copying the Apple IOS numbers by mistake...

If my answer solves your problem please click Accept as Solution so others can benefit from it.
In response to cmr
GIdenJoe
Kind of a big deal
Kind of a big deal
‎Dec 7 2025 1:15 AM
‎Dec 7 2025 1:15 AM

Hehe, no, all the releases are going with calendar year format.
Even IOS-XE and Catalyst SD-WAN will start following this format.

In response to GIdenJoe
KarstenI
Kind of a big deal
Kind of a big deal
‎Dec 7 2025 2:04 AM
‎Dec 7 2025 2:04 AM

The Secure Firewall Thread Defense just now went back to 2010 ...

If you found this post helpful, please give it Kudos. If my answer solves your problem, please click Accept as Solution so others can benefit from it.
In response to KarstenI
GIdenJoe
Kind of a big deal
Kind of a big deal
‎Dec 7 2025 2:24 AM
‎Dec 7 2025 2:24 AM

That's the exception... for now 😜

0 Kudos
PhilipDAth
Kind of a big deal
Kind of a big deal
‎Dec 7 2025 11:50 AM
‎Dec 7 2025 11:50 AM

>Client VPN now supports IKEv2 for establishing connections.

 

Now that is interesting.

0 Kudos
In response to PhilipDAth
RaphaelL
Kind of a big deal
Kind of a big deal
‎Dec 7 2025 4:36 PM
‎Dec 7 2025 4:36 PM

I wouldn't be surprised to finaly see a sunset on L2TP. Something like MX 26 to be the last version offering support for it.

In response to RaphaelL
KarstenI
Kind of a big deal
Kind of a big deal
‎Dec 7 2025 4:39 PM
‎Dec 7 2025 4:39 PM

I would be happy if that option disappeared. One click less to go to AnyConnect.

If you found this post helpful, please give it Kudos. If my answer solves your problem, please click Accept as Solution so others can benefit from it.
In response to RaphaelL
AlexP
Meraki Employee
Meraki Employee
‎Dec 10 2025 9:56 AM
‎Dec 10 2025 9:56 AM

I cannot say when, but yes, this is the plan. IKEv1 is no longer secure enough, as per what the IETF stated a few years back - ref https://datatracker.ietf.org/doc/rfc9395/ - and IKEv2 can handle client addressing natively, so there's no more reason to keep using L2TP for it.

In response to AlexP
RaphaelL
Kind of a big deal
Kind of a big deal
‎Dec 10 2025 10:44 AM
‎Dec 10 2025 10:44 AM

Music to my ears ! 

0 Kudos
antonis_sp
Building a reputation
‎Dec 8 2025 12:50 AM
‎Dec 8 2025 12:50 AM

Too many reboots on MX67... 

0 Kudos
peto
Getting noticed
‎Dec 8 2025 12:53 AM
‎Dec 8 2025 12:53 AM

i upgraded at 1AM. starting at 9am my MX67 started to reload every few minutes. After I downgraded back to 19 everything started to work.

In response to peto
Holli69
Building a reputation
‎Dec 8 2025 2:04 PM
‎Dec 8 2025 2:04 PM

Same in 2 of my networks, rolled back from 26.1.1 to 19.1.11 and everthing work fine for me.

0 Kudos
In response to peto
JamesT91
Head in the Cloud
Head in the Cloud
‎Dec 9 2025 1:24 AM
‎Dec 9 2025 1:24 AM

Our lab MX67 has been stable on the beta firmware for 24 hours now, although it is the MX67C-WW variant so perhaps that makes a difference 🙃

0 Kudos
ShaunB93
Getting noticed
‎Dec 8 2025 1:38 AM
‎Dec 8 2025 1:38 AM

  • Expanded BGP attribute support to include outbound well-known and custom communities and increased route integrity with inbound filtering.

 

Keen to test this new functionality - does anybody know where the configuration option would be?
Checked under SD-WAN > Routing and no new options there that I can see!

0 Kudos
In response to ShaunB93
ShaunB93
Getting noticed
‎Dec 10 2025 1:01 AM
‎Dec 10 2025 1:01 AM

Within Security & SD-WAN > Routing, Outbound community string and Inbound route filter is now available within eBGP peers in the Route control section:

ShaunB93_0-1765357224875.png

In response to ShaunB93
thomasthomsen
Kind of a big deal
10 hours ago
10 hours ago

Do anyone , by chance, know of some documentation on the inbound route filter part ?
What is the correct input in that field ?
A network like 10.0.0.0/8 or ?

 

(I have not tried it yet 🙂 )

 

/Thomas

0 Kudos
In response to thomasthomsen
RaphaelL
Kind of a big deal
Kind of a big deal
10 hours ago
10 hours ago

The MX feature directory mentions the filtering : https://documentation.meraki.com/Platform_Management/Product_Information/Compatibility_and_Firmware/...

 

but : https://documentation.meraki.com/SASE_and_SD-WAN/MX/Design_and_Configure/Configuration_Guides/Networ... doesn't give much information. 

 

Hope that helps

In response to thomasthomsen
ShaunB93
Getting noticed
10 hours ago
10 hours ago

A space-separated list of IPv4 subnets that controls which routes are to be accepted from this BGP peer. If empty, all routes are accepted.

In response to ShaunB93
thomasthomsen
Kind of a big deal
8 hours ago
8 hours ago

Thanks, that was super helpful, and just the info I needed 🙂
Do you know if it will "allow" a smaller subnet to be recieved then the actual subnet permitted ?
So, for example, I permit 10.10.0.0/16, but the router on the other end advertises 10.10.0.0/24, would 10.10.0.0/24 be accepted ?

armelin1
Comes here often
‎Dec 9 2025 3:43 AM
‎Dec 9 2025 3:43 AM

After upgrading my MX67W it was rebooting every 5 min. This firmware doesn´t work with MX67W.

0 Kudos
ESMichal
Here to help
‎Dec 12 2025 7:26 AM
‎Dec 12 2025 7:26 AM

Still nothing about IPv6 support with high-availably pair 😞 
I think we will ditch HA in order to finally deploy IPv6 next year. Sad though.

jOMeraki2
Getting noticed
‎Dec 13 2025 2:27 AM
‎Dec 13 2025 2:27 AM

what is 

  • VPN full-tunnel exclusion now includes source-based and NBAR application-based exclusion definitions.
0 Kudos
Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco ID. If you don't yet have a Cisco ID, you can sign up.
Labels
© 2026 Cisco Systems, Inc.