Meraki

Community

New MS 14.31 stable release - MS 12 no longer a current release train

cmr
Kind of a big deal
Kind of a big deal
‎Sep 24 2021 1:06 AM
‎Sep 24 2021 1:06 AM

New MS 14.31 stable release - MS 12 no longer a current release train

Switch firmware versions MS 14.31 changelog

Alerts

  • MS390 upgrades from MS 14.29 or later will result in minimal impact to client traffic
  • Clients on a RADIUS authenticated port that ages out of the MAC table due to inactivity will fail to be relearned until a port bounce has occurred (present since MS 14.28)
  • Voice VLAN clients cannot pass traffic on ports that have MAC allowlists enabled (present since MS 14.28)

Branch additions

  • Syslog support for MS390 series switches
  • SNMP support for MS390s
  • RADIUS accounting support for MS390s
  • Alternate Management Interface support for MS210/MS225/MS250/MS350/MS355/MS410/MS425/MS450 series switches
  • QoS support for MS390s
  • CoA support for MS390s
  • STP anomaly detection events for non-MS390 series switches
  • Adaptive policy support for MS390 series switches
  • SecureConnect support for MS210/MS225/MS250/MS350/MS355/MS410/MS425/MS450 series switches
  • NAC enhancements for MS120/125/210/225/250/350/355/425/450 series switches
  • Critical/failed auth VLAN support for MS120/125/210/225/250/350/355/425/450 series switches

Bug fixes

  • Modifying SVIs on switches could cause the next-hop VLAN to be incorrectly set; which would result in routing outages

Known issues

  • Clients on a RADIUS authenticated port that ages out of the MAC table due to inactivity will fail to be relearned until a port bounce has occurred (present since MS 14.28)
  • In rare instances, DAI inspection may fail to snoop DHCP transactions on stacks leading to those clients being in a blocked state
  • Voice VLAN clients cannot pass traffic on ports that have MAC allowlists enabled (present since MS 14.28)
  • If a combined network has Umbrella integration, changes cannot be made to the group policy page (present since MS 14.5)
  • In rare instances, a stack member may go offline until rebooted (present since MS 12)
  • In rare instances, non-390 stack members will reboot (present since 12.29+)
  • Clients connected to a trunk port on the native VLAN will show "native" for the VLAN information rather than the native VLAN ID.
  • Networks containing a large number of switches may encounter issues saving changes on the Switch Settings page
  • Stack members are not being marked to update their configuration when changes are made on other members
  • The list of switches to clone from fails to load when cloning a switch in an organization with a large number of switches and networks
  • Broadcast types of traffic can leak into the Guest VLAN if a port that fails authentication has a Voice VLAN configured, and dashboard has a Guest VLAN defined (present since MS 11)

MS120

  • MS120s may show PoE usage on the incorrect port
  • MS120s on rare occasions will reboot (present since MS 11)
  • Links being established on a MS120 can result in neighboring ports to flap (present since MS 11)
  • MS120s with multiple access policies enabled may reboot when port changes are made
  • MS120s switchports with MAB authentication may randomly deauthenticate clients. In order to resume client authentication on that port, a switch reboot is required (present since MS 12)

MS35X

  • Enabling Combined Power on MS350/355 switches results in events being logged once per minute (present since MS 11)
  • mGig switches will have an amber light for all physical ports that do not negotiate to the highest supported speed. Dashboard will continue showing a light green status for all ports above 100Mbps. Example, MS355 switchports will incorrectly show an amber light for 1G, 2.5G, and 5G, but will show a green light for 10G.

MS390

  • Packet loss is observed when pinging the MS390 management IP
  • Stackpower is not enabled on MS390s by default
  • MS390 ports are limited to the lowest link speed since boot if QoS is enabled
  • MS390s may experience a brief 1-2 minute control plane outage. The data plane will not experience issues during this time.
  • MS390 - Port Up/Down Events Shown Across All Members
  • MS390 series switches do not support SM sentry
  • MS390 series switches do not support Meraki authentication
  • MS390 series switches do not support URL redirection
  • MS390 series switches do not support MAC whitelists
  • MS390 series switches do not support loop detection
  • MS390 series switches do not support warm spare/VRRP
  • MS390 series switches do not support UDLD
  • MS390 series switches do not support MAC flap detection
  • MS350-24X and MS355 series switches do not negotiate UPoE over LLDP correctly (predates MS 10)
  • Rebooting any MS390 stack member via the UI will result in the entire stack rebooting
35 Replies 35
Mloraditch
A model citizen
‎Sep 24 2021 11:44 AM
‎Sep 24 2021 11:44 AM

I like your model breakdown of the bugs. Maybe someone smart at Meraki will start doing that!! You do have the second to last MS390 bug listed wrong. Its a 355 bug.

 

This is a fun one when you are in the middle of an ISE Rollout: 

  • Clients on a RADIUS authenticated port that ages out of the MAC table due to inactivity will fail to be relearned until a port bounce has occurred (present since MS 14.28)

At least it's identified now.

In response to Mloraditch
cmr
Kind of a big deal
Kind of a big deal
‎Sep 24 2021 11:48 AM
‎Sep 24 2021 11:48 AM

Oops missed that one, as you say, hopefully they'll be sorted at source soon 🤞

0 Kudos
bigben386
Getting noticed
‎Sep 29 2021 2:59 PM
‎Sep 29 2021 2:59 PM

I would definitely recommend anyone running 802.1x not upgrade to this version due to

  • Clients on a RADIUS authenticated port that ages out of the MAC table due to inactivity will fail to be relearned until a port bounce has occurred (present since MS 14.28)

That is killing us. Phones and printers are becoming unreachable due to this and it only takes a few minutes of inactivity for them to age out. Very frustrating.

In response to bigben386
KRobert
Head in the Cloud
‎Oct 5 2021 7:11 AM
‎Oct 5 2021 7:11 AM

Has anyone opened a case about this? Any update on when this will be resolved?
CMNO, CCNA R+S
0 Kudos
In response to KRobert
Mloraditch
A model citizen
‎Oct 5 2021 7:14 AM
‎Oct 5 2021 7:14 AM

I have an open case. No eta yet but I got asked for more info yesterday and told:

"we have identified some backend issues for this firmware that are likely causing this behavior."

Haven't provided the additional info yet or been able to talk to the tech.

In response to Mloraditch
bigben386
Getting noticed
‎Oct 5 2021 7:21 AM
‎Oct 5 2021 7:21 AM

Luckily support was able to roll us back to 14.27 and all our issues went away.

In response to Mloraditch
Mloraditch
A model citizen
‎Oct 6 2021 12:24 PM
‎Oct 6 2021 12:24 PM

Talked to tech today, he indicated the next stable release was the goal. Didn't give a timeline.

0 Kudos
In response to Mloraditch
scytales
Conversationalist
‎Oct 6 2021 12:43 PM
‎Oct 6 2021 12:43 PM

I get the feeling i should delay my upgrade to 14.31 from 12.28.1 set for tonight... 

 

Edit: 

They really should move that bullet point up to the top. This could be very bad for those of us with decent sized ISE deployments. Thankfully,  i came here prior to following through 😁

0 Kudos
In response to scytales
bigben386
Getting noticed
‎Oct 6 2021 12:51 PM
‎Oct 6 2021 12:51 PM

Definitely if you use 802.1x!

In response to Mloraditch
Mloraditch
A model citizen
‎Oct 8 2021 8:29 PM
‎Oct 8 2021 8:29 PM

It appears 14.32 is becoming available with the relevant fix. Just got a push notice for it for a client. It’s not showing up in all my orgs yet but I think that can be a propagation delay.

 

 

In response to Mloraditch
cmr
Kind of a big deal
Kind of a big deal
‎Oct 9 2021 1:07 AM
‎Oct 9 2021 1:07 AM

I've just pushed the upgrade to the switches where the PoE was on the wrong ports, I'll repost here once applied with the result.

0 Kudos
In response to Mloraditch
bmarms
Getting noticed
‎Nov 5 2021 7:59 AM
‎Nov 5 2021 7:59 AM

14.32 doesn't fix the 802.1x problem.  here's my issue after that upgrade:

 

MS250 14.32 access policy - The Meraki Community

0 Kudos
In response to bigben386
bmarms
Getting noticed
‎Nov 5 2021 7:58 AM
‎Nov 5 2021 7:58 AM

agreed.  I'm having this issue which isn't due to a mac age out and nothing resolves the problem.  I either have to remove the access policy or disconnect ethernet and move user's to WiFi

 

MS250 14.32 access policy - The Meraki Community

0 Kudos
bigben386
Getting noticed
‎Oct 11 2021 11:26 AM
‎Oct 11 2021 11:26 AM

Any 802.1x users tried 14.32 yet?

0 Kudos
In response to bigben386
Mloraditch
A model citizen
‎Oct 25 2021 2:27 PM
‎Oct 25 2021 2:27 PM

We have and despite the various bug descriptions, the 802.1x bug we have with voice vlan clients is NOT fixed in 14.32

In response to Mloraditch
bigben386
Getting noticed
‎Nov 3 2021 7:08 AM
‎Nov 3 2021 7:08 AM

@Mloraditch We just tried it too and we are also having issues with the voice vlan. The bug mentions mac whitelist but we are not doing that. We use 802.1x for voice vlan authentication. Are you doing similar? And do you have a ticket open with them?

0 Kudos
In response to bigben386
bigben386
Getting noticed
‎Nov 3 2021 11:02 AM
‎Nov 3 2021 11:02 AM

I have opened a ticket with meraki about this. Looks like 14.32 fixed the issue for the data vlan but our phones on the voice vlan are disappearing from the switch's mac tables just like data vlan devices did in 14.31. Rolling back to 14.27 again!

0 Kudos
In response to bigben386
KRobert
Head in the Cloud
‎Nov 3 2021 12:38 PM
‎Nov 3 2021 12:38 PM

Thanks @bigben386. It is good to know this information, especially since the bug fix notes point out this has been resolved in 14.32. Keep us posted on your case.
CMNO, CCNA R+S
0 Kudos
In response to KRobert
bigben386
Getting noticed
‎Nov 4 2021 5:38 AM
‎Nov 4 2021 5:38 AM

Hey @KRobert ,

 

Just got confirmation it is a known issue. Support recommended sticking to 14.27.

In response to bigben386
KRobert
Head in the Cloud
‎Dec 1 2021 8:24 AM
‎Dec 1 2021 8:24 AM

Hi @bigben386 , any update from support yet? 

CMNO, CCNA R+S
0 Kudos
In response to KRobert
bigben386
Getting noticed
‎Dec 1 2021 8:37 AM
‎Dec 1 2021 8:37 AM

No update. I haven't really pushed it since 14.27 is working fine for us.

0 Kudos
bmarms
Getting noticed
‎Nov 5 2021 7:56 AM
‎Nov 5 2021 7:56 AM

here's my issue after an upgrade to 14.32:

 

MS250 14.32 access policy - The Meraki Community

0 Kudos
bmarms
Getting noticed
‎Dec 1 2021 8:29 AM
‎Dec 1 2021 8:29 AM

Meraki was able to identify that STP being disabled on ports was causing the 802.1x issue as the switch was not able to maintain an accurate mac table.  I enabled STP on all ports where it was disabled and upgraded switches to 14.32 and am having no issues.  Dev is reviewing the access policy not working on STP disabled ports in 14.32 as its no an expected behavior

0 Kudos
In response to bmarms
bigben386
Getting noticed
‎Dec 1 2021 8:33 AM
‎Dec 1 2021 8:33 AM

We run STP on all our access ports and had issue on the voice vlan with 14.32. I would recommend anyone doing 802.1x on their voice vlan to still stay on 14.27.

0 Kudos
In response to bigben386
KRobert
Head in the Cloud
‎Dec 1 2021 8:37 AM
‎Dec 1 2021 8:37 AM

Is there any warning "update before x date" on the firmware page for 14.27? I have my networks on 12.28.1 and 14.27 isn't an option so I'll have to work with support on that. If there is a warning status date, what is it?

CMNO, CCNA R+S
0 Kudos
In response to KRobert
bigben386
Getting noticed
‎Dec 1 2021 8:42 AM
‎Dec 1 2021 8:42 AM

No warnings on our firmware page

bigben386_0-1638376927943.png

 

In response to bigben386
KRobert
Head in the Cloud
‎Jan 4 2022 4:59 AM
‎Jan 4 2022 4:59 AM

Hi @bigben386, Can you confirm that 14.27 is still showing "good" in the firmware status?

CMNO, CCNA R+S
0 Kudos
In response to KRobert
mcvosi
Getting noticed
‎Jan 4 2022 6:12 AM
‎Jan 4 2022 6:12 AM

Yep.

3CB89334-7233-4F12-976D-D2EE2C581863.jpeg

In response to mcvosi
bigben386
Getting noticed
‎Feb 4 2022 6:30 AM
‎Feb 4 2022 6:30 AM

I just saw 14.33 pop up in the stable rc channel. It says:

Bug fixes

  • The Voice VLAN fails to stay authenticated if it is authenticated before the Data VLAN (present since 14.28)

Going to give it a go on our beta site.

In response to bigben386
KRobert
Head in the Cloud
‎Feb 8 2022 5:07 AM
‎Feb 8 2022 5:07 AM

Hi @bigben386. How have the results been? 

CMNO, CCNA R+S
0 Kudos
In response to KRobert
bigben386
Getting noticed
‎Feb 8 2022 12:17 PM
‎Feb 8 2022 12:17 PM

So far everything has been working fine on our PCs connected through the voip phones. We haven't had too many people in our beta office so far this week though.

In response to bigben386
bigben386
Getting noticed
‎Feb 14 2022 10:57 AM
‎Feb 14 2022 10:57 AM

We updated a larger batch of sites over the weekend. We have not had any issues with our voip phones authenticating after the update.

In response to bigben386
KRobert
Head in the Cloud
‎Feb 15 2022 6:13 AM
‎Feb 15 2022 6:13 AM

Great to hear @bigben386 ! Of course they  push this version out right after I manually call in to support and update all of my switches to 14.27 😑

CMNO, CCNA R+S
mcvosi
Getting noticed
‎Dec 2 2021 8:18 AM
‎Dec 2 2021 8:18 AM

Running into similar issue with 802.1x and voice VLANs and 14.32. Just opened a case...

 

0 Kudos
KRobert
Head in the Cloud
‎Feb 4 2022 6:38 AM
‎Feb 4 2022 6:38 AM

I just saw this Bug Fix with 14.33. Let me know if anyone has any luck with it resolving the voice VLAN authentication issues. @bigben386 

KRobert_0-1643985497969.png

 

CMNO, CCNA R+S
0 Kudos
Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.
Labels
© 2024 Cisco Systems, Inc.