Meraki

cmr · ‎Jan 23 2023

Security appliance firmware versions MX 18.105 changelog

New features

Added support for forwarding Secure Group Tags (SGT) on traffic. This is available on Z3(C), MX64(W), MX65(W), MX67(C,W), and MX68(W,CW), MX75, MX84*, MX85, MX95, MX100, MX250, and MX450 appliances and enables full stack (MR+MS+MX) Adaptive Policy operation. * Please see the known issues for important information about SGT on MX84 appliances.

Bug fixes

MX appliances will now drop additional types of erroneous traffic received from AnyConnect VPN clients.
Resolved a rare case that could result in non-Meraki VPN traffic being incorrectly forwarded when MX appliances were configured in passthrough mode.
Performance improvements for MX250 and MX450 appliances.
Corrected an issue that resulted in client traffic being will be dropped by MX65(W), MX67(C,W), and MX68(W,CW) appliances when 1) The client was connected to a LAN port with 802.1X authentication enabled and 2) The VLAN ID of the port was configured to 16, 32, 48, 64, 80, 96, 112, 128, 144, 160, 176, 192, 208, 224, or 240.
Fixed several rare cases that could result in a device reboot.
Fixed an issue that could result in MX appliances replying to ARP messages for an incorrect IP address when 1) The MX was configured to operate as the standby/spare device in a high availability configuration and 2) the MX appliance was configured to operate in passthrough mode.

Legacy products notice

When configured for this version, Z1 and MX80 devices will run MX 14.56.
When configured for this version, MX400 and MX600 devices will run MX 16.16.6.

Known issues

After making some configuration changes on MX84 appliances, a brief period of packet loss may occur. This will affect all MX84 appliances on all MX firmware versions
Due to an MX 15 regression, the management port on MX84 appliances does not provide access to the local status page
When SGT is enabled on MX84 appliances, any packet larger than 1440 bytes will be dropped. Due to this, we recommend that the SGT feature only be enabled in lab or other non-production environments on MX84 appliances.
There may be an increased risk of encountering device stability and performance issues.

Other

If DNS is not available on the MX’s IPv6 uplink, MX appliances will now attempt to fetch a configuration using DNS over HTTPS to the Meraki cloud.

If my answer solves your problem please click Accept as Solution so others can benefit from it.

zeestrat-nina · ‎Jan 24 2023

Hi, the email I received from Meraki regarding the MX 18.105 update also mentioned support for the following: "- Added support for configuring VPN exclusion rules for non-Meraki VPN peers". This is however missing from this post and in the firmware upgrade page on the dashboard.

Could you please elaborate if this support is added or not and preferably some documentation on this new feature?

thomasthomsen · ‎Jan 24 2023

Is the SGT support also across AutoVPN ? So "true" End-to-End ?

KarstenI · ‎Jan 24 2023

This is what I expected when I saw this new firmware. But the documentation is not yet updated. This would be great although IMO this feature is quite useless with only the MS390 supporting it on the switch side.

If you found this post helpful, please give it Kudos. If my answer solves your problem, please click Accept as Solution so others can benefit from it.

Lurick · ‎Jan 24 2023

Does this also fix the connectivity and resolution issues with slow response times for wireless clients that I've seen reported on 17.x and 18.x firmware?

Edit: Does not seem to have fixed anything compared to previous 18.x and latest 17.x code.

Slow wifi client issues, wifi calling doesn't work, several issues with this code as well. 17.x does the same thing on the latest version too. Issues not present in 16.x codes

LeoTran · ‎Jan 25 2023

I agree. The Wi-fi issue has not been fixed.

BrianMorris · ‎Feb 15 2023

I just upgraded one of my client's MX64W to 18.105 to see if it fixes the wifi being trash. Not fixed...

I added an Omada WAP and the wifi works perfectly now. Cisco....................please fix!

CptnCrnch · ‎Jan 25 2023

Running good so far. Looking forward to playing around with SGT forwarding in the next few days!

JGill · ‎Feb 7 2023

Since this just got scheduled for my MX-450 Hub networks, any details on the known issue:

There may be an increased risk of encountering device stability and performance issues.

James_NFX · ‎Feb 23 2023

Posting if this helps others, upgrading MX units to 18.105 which only have cellular/4G internet (ie, no ethernet internet connectivity) there appears to be a bug which the unit reports on the dashboard as upgraded to 18.105 however the device goes offline for 15 minutes every 2 hours.

Meraki support engineer confirmed the device was stuck in a upgrade loop and was actually still running 17.10.2 firmware even though the dashboard says its updated.

Telling the MX to reboot via the web dashboard 'fixes' the issue for a few hours before it comes back again. The actual fix is to pull the power out of the MX and reconnect, the hard power off/on appears to force it to update correctly.