New MX 17.10.2 stable release candidate firmware - cellular modem and EBGP fixes.

cmr
Kind of a big deal
Kind of a big deal

New MX 17.10.2 stable release candidate firmware - cellular modem and EBGP fixes.

Security appliance firmware versions MX 17.10.2 changelog

Important notice

  • While Meraki appliances have traditionally relied on UDP port 7351 for cloud communication and TCP ports 80 and 443 for backup communications, with MX 16 we are beginning a transition to using TCP port 443 as the primary means for cloud connectivity. In order to ensure proper connectivity to the Meraki cloud after this upgrade, please ensure that traffic using TCP port 443 between 209.206.48.0/20 is allowed through any firewalls that may be deployed upstream of your Meraki appliances.
  • HTTP proxy, which allows default management traffic from MX appliances to be sent through a proxy, is deprecated on MX 16 and higher firmware versions.
  • The transition to Cisco Talos intelligence for our content filtering services means that some URL categories have changed names, some categories are no longer available, and multiple new categories are now available. Please review your configuration after upgrading to ensure content filtering is effectively tailored to your needs and deployment environment.

Legacy products notice

  • When configured for this version, Z1 and MX80 devices will run MX 14.56.
  • When configured for this version, MX400 and MX600 devices will run MX 16.16.6.

Bug fixes

  • Resolved several rare issues for MX67C, MX68CW, and Z3C appliances that could have resulted in the integrated cellular modem being unable to properly initialize after an upgrade from MX 16 was performed.
  • Corrected an issue that could result in EBGP peering instability when 1) a large number of AutoVPN routes were being advertised via EBGP and 2) the MX appliance had a reduced WAN MTU.

Known issues

  • After making some configuration changes on MX84 appliances, a brief period of packet loss may occur. This will affect all MX84 appliances on all MX firmware versions
  • Due to an MX 15 regression, the management port on MX84 appliances does not provide access to the local status page
  • Client traffic will be dropped by MX65(W), MX67(C,W), and MX68(W,CW) appliances if 1) The client is connected to a LAN port with 802.1X authentication enabled and 2) The VLAN ID of the port is configured to 16, 32, 48, 64, 80, 96, 112, 128, 144, 160, 176, 192, 208, 224, or 240.
4 REPLIES 4
BlakeRichardson
Kind of a big deal
Kind of a big deal

Thanks for sharing, the last known issue could cause a lot of head scratching for anyone unaware. 

Shaun1387
Getting noticed

Hi, thanks for posting this up.

 

I have a spoke site which is showing some iBGP instability since this upgrade, the other spokes are on 16.16.4 and the hub is on 16.16 which are working fine. 

 

In the log i can see that the upgraded branch is reporting its holdtimer as expiring (set to 60 at the moment). it looks as if the iBGP session with the hub is dropping and expiring the prefixes. It stays down for a few mins then comes back up for a few mins, then drops again, with holdtime expired.

 

internet access from this upgraded device is fine its just the BGP session as i cant see any logs indicating the VPN itself is dropping.

 

Has anyone seen this behaviour with this code ?

 

Cheers

Shaun

 

 

LincolnCampos
Conversationalist

I have issues with Radius on MX67W.

Wireless network don't connect, i tried many alternatives,  but the communication dont out of appliance.

 

I downgraded the firmware and is working
I has try 2 other times and the problem occurs

We had the same issue with our MX68W.  Downgrading resolved the issue.  We had an open case with Meraki and they confirmed it is a known bug.

Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.
Labels