Meraki

Community

New MX 19.1.5 stable release candidate: first 19.1 non beta with fixes mainly for smaller MXs

cmr
Kind of a big deal
Kind of a big deal
‎Oct 31 2024 12:56 PM
‎Oct 31 2024 12:56 PM

New MX 19.1.5 stable release candidate: first 19.1 non beta with fixes mainly for smaller MXs

Security appliance firmware versions MX 19.1.5 changelog

Important notice

  • As of MX 19.1, Cisco Meraki will no longer support USB-based Cellular Failover on the MX and Z platforms.

What's new

  • Added support for Advanced Security features on vMX appliances in routed mode
  • eBGP (CloudWAN Support) for vMX-XL appliances
  • Enhanced event logging for vMX-XL appliances
  • Enhanced dashboard tools for vMX-XL appliances
  • Enhanced uplink statistics for vMX-XL appliances
  • Enhanced client tracking for vMX-XL appliances
  • Enhanced fragmentation support for vMX-XL appliances
  • Enhanced security center reporting for vMX-XL appliances
  • Enhanced route tracking for vMX-XL appliances
  • Added API support for configuring VPN NAT Translation
  • Added API support for configuring Multicast Forwarding
  • Added API support for configuring Split DNS

Legacy products notice

  • When configured for this version, Z1 devices will run MX 14.56.
  • When configured for this version, MX400 and MX600 devices will run MX 16.16.9.
  • When configured for this version, MX64(W), MX65(W), MX84, MX100, and vMX100 devices will run MX 18.107.11.

Bug fixes

All

  • Resolved an issue that could result in consecutive Dashboard-initiated reboots triggering MX appliances to fallback to an older version of their configuration
  • Improved the management of network flows when source ports are exhausted. This will greatly reduce the impact of port exhaustion on network clients.

Small

  • Fixed an issue that resulted in client traffic being dropped for clients connected to ports with 802.1X port authentication on MX67(C,W) and MX68(W,CW) appliances after port or VLAN-based group policy configuration changes were made.
  • Corrected an issue that could result in the association time for wireless clients connected to Z3(C), Z4(C), MX67(W), and MX68(W,CW) appliances incorrectly reporting as “-”.
  • Resolved an MX 19.1 performance regression affecting Z4(C) appliances.

Medium and large

  • Corrected an issue that resulted in MX75, MX85, MX95, MX105, MX250, and MX450 appliances failing to forward inbound GRE traffic to LAN clients.

Known issues

  • During the upgrade process, MX appliances upgrading from versions prior to MX 19 may experience a failure to properly classify traffic. This issue will be resolved once the appliance has completed the upgrade to MX 19.
  • There is an increased risk of encountering device stability and performance issues on all platforms and across all configurations.
If my answer solves your problem please click Accept as Solution so others can benefit from it.
36 Replies 36
thomasthomsen
Kind of a big deal
‎Oct 31 2024 1:16 PM
‎Oct 31 2024 1:16 PM

Upgrading right now 🙂

In response to thomasthomsen
cmr
Kind of a big deal
Kind of a big deal
‎Oct 31 2024 1:28 PM
‎Oct 31 2024 1:28 PM

It's been running stably for me on an MX75 for 28 minutes...

If my answer solves your problem please click Accept as Solution so others can benefit from it.
0 Kudos
In response to cmr
thomasthomsen
Kind of a big deal
‎Nov 1 2024 2:33 AM
‎Nov 1 2024 2:33 AM

And it also seems fine for me on MX85.

MartinLL
Building a reputation
‎Oct 31 2024 1:17 PM
‎Oct 31 2024 1:17 PM

Nice! 

MLL
0 Kudos
JonnyM
Getting noticed
‎Oct 31 2024 1:53 PM
‎Oct 31 2024 1:53 PM

@cmr wrote:

What's new

  • Added API support for configuring Multicast Forwarding
  • Added API support for configuring Split DNS

Is there any documentation about these two features?

0 Kudos
In response to JonnyM
thomasthomsen
Kind of a big deal
‎Oct 31 2024 2:50 PM
‎Oct 31 2024 2:50 PM

I was also wondering about Split DNS ... but perhaps its for Anyconnect ? - Or do you mean the API support and not the feature as documentation ?

 

/Thomas

0 Kudos
In response to thomasthomsen
JonnyM
Getting noticed
‎Oct 31 2024 2:57 PM
‎Oct 31 2024 2:57 PM

Both, I think I was hoping that we'd get some DNS proxy / conditional forwarder support on the MX platform but that might be asking too much.

0 Kudos
In response to JonnyM
jimmyt234
A model citizen
‎Nov 1 2024 12:35 AM
‎Nov 1 2024 12:35 AM

Security and SD-WAN (MX,Z) Features Directory - Cisco Meraki Documentation

API for Local/Split DNS Service*

Gives administrators the power to control which DNS requests are answered by which servers.

 

Sounds like it may be just that! Lacking any other documentation at this time. They have also updated that entry to be 'API for..', it used to just say 'Local/Split DNS Service' so sounds like it will only be configurable in the API and not the GUI??

In response to jimmyt234
thomasthomsen
Kind of a big deal
‎Nov 1 2024 2:34 AM
‎Nov 1 2024 2:34 AM

Very interesting - Lets see what happens.

0 Kudos
In response to jimmyt234
JonnyM
Getting noticed
‎Nov 1 2024 3:34 AM
‎Nov 1 2024 3:34 AM

I'm thinking API first and then they'll build the dashboard interface for it later

RaphaelL
Kind of a big deal
Kind of a big deal
‎Oct 31 2024 2:45 PM
‎Oct 31 2024 2:45 PM

  • During the upgrade process, MX appliances upgrading from versions prior to MX 19 may experience a failure to properly classify traffic. This issue will be resolved once the appliance has completed the upgrade to MX 19.

I dont understand that at all ... 

0 Kudos
In response to RaphaelL
cmr
Kind of a big deal
Kind of a big deal
‎Oct 31 2024 2:51 PM
‎Oct 31 2024 2:51 PM

I'm guessing the traffic classification engine changed and while it updates, it might not work.  Therefore people could visit sites that are blocked or similar, but just for the few minutes the upgrade takes.

If my answer solves your problem please click Accept as Solution so others can benefit from it.
0 Kudos
In response to RaphaelL
thomasthomsen
Kind of a big deal
‎Oct 31 2024 2:51 PM
‎Oct 31 2024 2:51 PM

I was wondering the same thing.

So ... "during" the upgrade the MX can misclassify traffic ??? .. until the upgrade is done at it reboots ?

Is that what it is saying ?

In response to thomasthomsen
RaphaelL
Kind of a big deal
Kind of a big deal
‎Oct 31 2024 2:53 PM
‎Oct 31 2024 2:53 PM

Same... because when the MX is upgrading , well it's upgrading , nothing is working and the device has to reboot to perform the upgrade. 

 

Orrrr let's say you schedule a device upgrade in 2 weeks. The software is downloaded on the MX and untill the upgrade window , the classification is broken ? 🤔

0 Kudos
In response to RaphaelL
cmr
Kind of a big deal
Kind of a big deal
‎Oct 31 2024 2:57 PM
‎Oct 31 2024 2:57 PM

Normally the MX continues to work from the time you schedule the upgrade, through the download and install and only stops for the reboot.  I think it's the install part where it will pass traffic but might misclassify it.

If my answer solves your problem please click Accept as Solution so others can benefit from it.
In response to RaphaelL
Brash
Kind of a big deal
Kind of a big deal
‎Oct 31 2024 6:48 PM
‎Oct 31 2024 6:48 PM

I think it's as @cmr described - Once you kick off the upgrade, there's a few steps involved (simplified below):
 - 1. Downloading
 - 2. Updating packages/services etc.
 - 3. Reboot of device

I assume the time of misclassifying traffic is specifically between steps 2 and 3 which is probably like a 5-10 minute window.

Holli69
Getting noticed
‎Nov 1 2024 3:28 AM
‎Nov 1 2024 3:28 AM

Running 19.1.5 since 24 hours ago on MX95 without any issue

AnythingHosted
Building a reputation
‎Nov 1 2024 6:27 AM
‎Nov 1 2024 6:27 AM

Upgrading MX75 now...

0 Kudos
sptech
Conversationalist
‎Nov 1 2024 6:58 AM
‎Nov 1 2024 6:58 AM

I upgraded a few to test with, any without dual WAN connections immediately quit passing traffic. WAN2 showed 100% loss, even though there was never a WAN2 connected. I converted LAN to WAN and then WAN to LAN and everything started functioning properly and the WAN2 loss went away and the networks started functioning properly.

0 Kudos
In response to sptech
cmr
Kind of a big deal
Kind of a big deal
‎Nov 1 2024 7:01 AM
‎Nov 1 2024 7:01 AM

@sptech what models were those? MX67?

If my answer solves your problem please click Accept as Solution so others can benefit from it.
0 Kudos
In response to cmr
sptech
Conversationalist
‎Nov 1 2024 7:02 AM
‎Nov 1 2024 7:02 AM

Yes, all MX67.

Only effected devices with something plugged into Port 2 from what I can tell. I've found this to be true on 9 devices so far.

Possibly only devices with static addresses assigned to WAN1. I've got some devices that are DHCP on WAN1 and they weren't affected.

In response to sptech
sptech
Conversationalist
‎Nov 2 2024 10:15 AM
‎Nov 2 2024 10:15 AM

One of these devices was a new MX67 that operated perfectly fine for about 22 hours, then at 20:00 yesterday started going offline randomly (100 + times in 12 hours). Reverted back to 18.211.2 and the issue went away. Device has something plugged into port 2 for the LAN side, no way to go on-site and unplug it to check if converting it to a WAN port and back to LAN port would resolve that issue or not so just rolled back firmware. Issue is resolved on it.

RaphaelL
Kind of a big deal
Kind of a big deal
‎Nov 1 2024 8:48 AM
‎Nov 1 2024 8:48 AM

If anyone is upgrading from MX 18.107 or MX 18.211 AND has a signifiant network usage ( device utilization over 15-20% before the upgrade ) I would be curious to see the device utilization AFTER the upgrade. Please share your results.

0 Kudos
In response to RaphaelL
BHC_RESORTS
Head in the Cloud
‎Nov 1 2024 3:01 PM
‎Nov 1 2024 3:01 PM

The 19.x train is supposed to have multicore improvements, yes?

BHC Resorts IT Department
0 Kudos
In response to BHC_RESORTS
RaphaelL
Kind of a big deal
Kind of a big deal
‎Nov 1 2024 5:40 PM
‎Nov 1 2024 5:40 PM

18.211 is supposed to have those improvements , so yes. But I'm curious since I experienced some kind of a bug with device utilization with 18.211.3

0 Kudos
In response to RaphaelL
RWelch
Kind of a big deal
Kind of a big deal
‎Nov 2 2024 8:11 AM
‎Nov 2 2024 8:11 AM

MX 18.211.4 did improve one of my many MX75s that had been averaging 67% device utilization while running 18.211.3. 

I’ve yet to roll the dice on MX 19.1.5 and also curious about what others are seeing. 

I’ve had no high device utilization issues on the MX68s.

If you found this post helpful, please give it Kudos. If my answer solves your problem please click Accept as Solution so others can benefit from it.
GIdenJoe
Kind of a big deal
Kind of a big deal
‎Nov 2 2024 2:57 AM
‎Nov 2 2024 2:57 AM

The multicast forwarding feature is interesting because that is one of the huge feature holes that has been present.  So I am to assume we might be seeing PIM support for MX in the future so you would finally be able to have multicast streams in datacenters being able to be forwarded to branch offices.

CptnCrnch
Kind of a big deal
‎Nov 4 2024 7:05 AM
‎Nov 4 2024 7:05 AM

Looking good so far!

In response to CptnCrnch
cmr
Kind of a big deal
Kind of a big deal
‎Nov 4 2024 7:47 AM
‎Nov 4 2024 7:47 AM

Nearly 4 days uptime here 🎉

If my answer solves your problem please click Accept as Solution so others can benefit from it.
AaronS
Here to help
‎Nov 13 2024 3:46 AM
‎Nov 13 2024 3:46 AM

Known issues - november 12 update

  • Due to an MX firmware regression, traffic sourced by the MX may incorrectly follow the client routing table if a default route is advertised and multiple AutoVPN hubs are configured. This can affect the MX's ability to establish an iBGP connection over AutoVPN, as well as impacting its ability to correctly route traffic such as NetFlow and syslog.
In response to AaronS
jimmyt234
A model citizen
‎Nov 13 2024 4:08 AM
‎Nov 13 2024 4:08 AM

Looks like this is also in the MX 18.211.4 changelog

0 Kudos
RaphaelL
Kind of a big deal
Kind of a big deal
‎Nov 13 2024 4:49 AM
‎Nov 13 2024 4:49 AM

This was also added to the change log : 

 

Added support for Catalyst and Meraki SD-WAN fabric Interconnect
DanStewart
Here to help
‎Dec 11 2024 9:35 AM
‎Dec 11 2024 9:35 AM

"Added support for Advanced Security features on vMX appliances in routed mode"

Anyone know if this will require a different vMX "Advanced Sec" license or will these features be included with the current Enterprise license?
Data sheet only lists a Enterprise license (as there always has been one license flavor for vMX)

0 Kudos
In response to DanStewart
RWelch
Kind of a big deal
Kind of a big deal
‎Dec 11 2024 10:19 AM
‎Dec 11 2024 10:19 AM

MerakiLicensingFAQs.png

Meraki Licensing FAQs as of 8/7/24 (documentation doesn't reflect any changes).  Perhaps it's forthcoming?

If you found this post helpful, please give it Kudos. If my answer solves your problem please click Accept as Solution so others can benefit from it.
0 Kudos
In response to RWelch
DanStewart
Here to help
‎Jan 15 2025 11:05 AM
‎Jan 15 2025 11:05 AM

Following-up on my own post.
Advanced Security Licensing is now available for ordering for the vMX platforms.
Example sku: LIC-VMX-S-SEC-1Y

Today, the online FAQs and other licensing documents do not look to be updated showing exactly which features this license provides.

Also this new Adv. Sec license tier seems to be impacting dashboards running mixed Enterprise and Advanced licenses that was not an issue with vMX prior.
https://community.meraki.com/t5/Cloud-Security-SD-WAN-vMX/vMX-now-requiring-edition-to-match-org/m-p...

Will keep watching for updates. thx.

0AK13Y
Here to help
‎Feb 13 2025 6:58 AM
‎Feb 13 2025 6:58 AM

There is a known routing issue according to TAC for Z3s running 19.1.5. Excessive flapping to SDWAN site connections and to secure connect 

0 Kudos
Back to the top
Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco ID. If you don't yet have a Cisco ID, you can sign up.
Labels
© 2025 Cisco Systems, Inc.