New MX 16.10 beta firmware - fixes compatibility issue with some 1Gb Cu modules

cmr
Kind of a big deal
Kind of a big deal

New MX 16.10 beta firmware - fixes compatibility issue with some 1Gb Cu modules

Security appliance firmware versions MX 16.10 changelog

Important notice

  • This is an early-stage beta version for the MX 16 release. Due to this, we recommend taking additional caution before upgrading production appliances. Where applicable, MX 15 or MX 14 releases will provide a more stable upgrade alternative.

Legacy products notice

  • When configured for this version, Z1, MX60, MX60W, MX80, and MX90 devices will run MX 14.56.

Bug fixes

  • Resolved an MX 16 regression that resulted in MI’s Web App Health feature not collecting data correctly.
  • Corrected a rare issue that could result in the service responsible for synchronizing information between primary and spare MX appliances not initializing properly.
  • Resolved an issue that resulted in MX250, MX450, MX95, and MX105 appliances being unable to properly utilize some MA-SFP-1GB-TX SFP modules.
  • Update the AnyConnect VPN service.
  • BGP stability improvements.
  • Stability improvements for MX64W and MX65W appliances.
  • Fixed an MX 16 regression that resulted in SSIDs configured for WPA2-Enterprise with Meraki authentication to broadcast as an open authentication SSID.

Known issues

  • After making some configuration changes on MX84 appliances, a brief period of packet loss may occur. This will affect all MX84 appliances on all MX firmware versions
  • Some stability-impacting issues present in MX 14 that affect a small population of MX67(C,W) and MX68(W,CW) appliances still exist.
  • Some stability-impacting issues present in MX 14 that affect a small population of Z3(C) appliances still exist.
  • Please note that until certification has been obtained, the Z3C will not be supported on Verizon's network.
  • MX67C, MX68CW, and Z3C units must be connected to the Meraki Dashboard initially to retrieve an update to allow for proper use of the integrated cellular connectivity. This is most likely to be an issue when bringing the units online for the very first time.
  • On the MX67(C,W) and MX68(W,CW) platforms, when the MX is providing PoE to a connected device, this information will not be reflected on the Meraki Dashboard.
  • Due to MX 15 regressions, USB cellular connectivity may be less reliable on some modems
  • Due to an MX 15 regression, the management port on MX84 appliances does not provide access to the local status page
  • Client traffic will be dropped by MX65(W), MX67(C,W), and MX68(W,CW) appliances if 1) The client is connected to a LAN port with 802.1X authentication enabled and 2) The VLAN ID of the port is configured to 16, 32, 48, 64, 80, 96, 112, 128, 144, 160, 176, 192, 208, 224, or 240.
  • Significant performance regressions for VPN traffic may be observed on MX84 and MX100 appliances
  • Group policies do not correctly apply to client devices
  • Z3(C) appliances that are upgraded to MX 16 versions cannot directly downgrade to MX 14 releases. They must first downgrade to an MX 15 release.
  • MX IDS security alerts are not detected for AnyConnect VPN traffic
  • BGP-learned routes may not be properly reflected in the Route Table page on the Meraki Dashboard, despite BGP and packet routing operating correctly.
  • Due to a regression, MX appliances are not able to properly utilize dashboard auto-enrolled certificates for AnyConnect VPN connections. MX appliances will default to using a self-signed certificate, which will provide users connecting to the AnyConnect VPN service with a warning message about connecting to an untrusted server.
  • There is an increased risk of encountering device stability issues on all platforms and across all configurations.
2 REPLIES 2
PhilipDAth
Kind of a big deal
Kind of a big deal

I've been hanging out for this one for some more AnyConnect magic sauce.

akh223
Getting noticed

16.10 appears to have a bug in the BGP routing.  Routes are no longer being passed from a one-armed concentrator to a remote MX running 16.10.

 

We have a HA pair in our datacenter operating as a one-armed concentrator for our SD-WAN sites.  The MX pair is directly connected and BGP peered to a pair of 93240's.  The MX and 93240's advertise routes between each other so the two sides of the network are aware of what networks exists on the other side.

 

Upgrading a test site to 16.10 has made it clear that the BGP routes are no longer propagating from the MX concentrator pair to the remote MX.

 

I am working with support to see if they can determine the cause, but if you are doing any BGP route advertisement in to your Meraki infrastructure I would be very cautious of MX16.10.

 

Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.
Labels