New MS 15.21 stable firmware - fixes PoE on older switches and multiple 390 bugs squashed

cmr
Kind of a big deal
Kind of a big deal

New MS 15.21 stable firmware - fixes PoE on older switches and multiple 390 bugs squashed

Switch firmware versions MS 15.21 changelog

Alerts

  • HTTP proxy is no longer supported on MS 15+. Nodes that use HTTP proxy without any other means to connect to dashboard may fail to connect.
  • While Meraki switches have traditionally relied on UDP port 7351 for cloud communication and TCP ports 80 and 443 for backup communications, with MS 15.1+ we are beginning a transition to using TCP port 443 as the primary means for cloud connectivity. In order to ensure proper connectivity to the Meraki cloud after this upgrade, please ensure that all “Meraki cloud communication” traffic specified in the Help > Firewall Info page is allowed through any firewalls or security filtering devices that may be deployed upstream of your Meraki switches. These requirements have been updated on Nov 2022, so it’s important that you review them.

Ms390 alerts

  • Switches can only downgrade to MS 12 with an incremental step to MS 14
  • Upgrades from MS 15.20 or later will result in minimal impact to client traffic

Ms390 features

  • Additional client analytics added
  • Alternate Management Interface (AMI) support
  • Critical/failed authentication support
  • Group policy ACL support
  • IPv6 static routing support
  • MAC flap detection support
  • Meraki authentication support
  • Multi-auth with voice VLAN bypass support
  • Netflow and Encrypted Traffic Analytics (ETA) support
  • STP anomaly detection
  • Stack power is supported by default
  • UDLD support
  • UPoE (802.3bt) support
  • URL redirect support

New features

  • IPv6 management interface support

Ms220/320 fixes

  • PoE telemetry data is not sent to dashboard (present since MS 15.20)

Ms320 fixes

  • In rare instances, PoE may fail to be supplied to end devices (present since MS 15.20)

Ms390 fixes

  • Configurations from dashboard do not overwrite changes made from the local status page
  • Configuring an empty custom ACL in an adaptive policy group will result in the entire adaptive policy config failing to be configured
  • Enabling and disabling storm control can cause ports to stay disabled
  • Packet captures may stop working after a reboot (present since MS 15)
  • Stacks may fail to complete an upgrade past MS 15.15 and will revert back to the starting version. If this happens, splitting the stack and upgrading individually is required (present since MS 15.15)
  • Switches are unable to directly upgrade from MS 12 to MS 15.15+

General known issues

  • Connecting a stacking cable to a stack that is online may result in a stack member going offline (present since MS 12)
  • Non-MS390 switches move LACP ports to an active forwarding state if configured. This can cause loops when connecting to an MS390 unless the bundles are configured on the MS390 first. All Non-MS390 ports are configured in passive LACP mode so that loops do not occur between Meraki switches (always present)

Ms120 known issues

  • In rare instances, switches may return empty packet captures until they are rebooted
  • Switches in extremely rare instances will experience reboots every few minutes (present since MS 11)

Ms125 known issues

  • The local status page cannot be accessed from the management port (always present)

Ms12x known issues

  • Ports with an odd-numbered MTU value fail to initialize (predates MS 11)
  • Switches will never move a RADIUS server's connectivity status to available if it was ever lost resulting in all authentications being placed into the critical auth VLAN (present since MS 14.32)

Ms2xx/35x/4xx known issues

  • Cross-stack LACP bundles experiencing a switch reboot will cause the remaining online port to experience an outage for up to 30 seconds. The same is seen again when the switch comes back online (present since MS 10)
  • If the same MAC address is associated with multiple IPs, adding or removing an SVI may lead to an incorrect VLAN ID mapping leading to packet loss on one or more SVIs
  • Loops can be seen when rebooting a stack member containing a cross-stack lag port (always present)
  • Switch stacks will learn MAC addresses from ports in the STP blocking state which can trigger a constant flood of MAC flaps in the event log

Ms355 known issues

  • In rare instances, stack ports fail to initialize after an upgrade (always present)

Ms35x known issues

  • Enabling Combined Power results in events being logged once per minute (present since MS 11)
  • UPoE does not negotiate over LLDP correctly (always present)
  • mGig switches will have an amber light for all physical ports that do not negotiate to the highest supported speed. Dashboard will continue showing a light green status for all ports above 100Mbps. For example, MS355 switch ports will incorrectly show an amber light for 1G, 2.5G, and 5G, but will show a green light for 10G.

Ms390 known issues

  • "Port Up/Down" events will generate an event log for each stack member
  • Adding additional ports to a port bundle will cause the entire bundle to be reconfigured causing traffic loss (always present)
  • Cloning a stack member results in configurations for LACP to be missing, requiring the bundles to be reconfigured or the system to be rebooted (present since MS 15.14)
  • DHCP options longer than 180 characters may fail to be configured on the device resulting in the configuration being reverted (always present)
  • IGMP snooping enabled will send an IGMP message on every configured VLAN every 125 seconds (always present)
  • If a link aggregate has an adaptive policy group added or removed, the link aggregate ports will be disabled and stay disabled
  • Large stacks may experience intermittent management plane loss resulting in config fetch delays (always present)
  • Loop detection is not supported
  • Rebooting a switch in a stack via the UI will result in the entire stack rebooting (always present)
  • Receiving incorrectly flooded CDP packets may incorrectly report VLAN mismatches and SFP port information (present since MS 12)
  • Warm spare/VRRP is not supported

Ms425 known issues

  • Stacks in rare instances will start dropping DHCP traffic on trusted ports while DAI is enabled until rebooted (present since MS 12)

Ms4xx known issues

  • When an SFP module is inserted/removed, BPDUs can be delayed leading to STP transitions in the network (predates MS 12)
If my answer solves your problem please click Accept as Solution so others can benefit from it.
12 Replies 12
jimtombari2
Here to help

This firmware broke POE on several GS110 switchs 

https://www.reddit.com/r/networking/comments/11sv2uk/meraki_go_poe_issues/

 

cmr
Kind of a big deal
Kind of a big deal

@jimtombari2 this firmware is not the same as that for the Go range.  I suspect the Go release could have something in common with the issue fixed here that was in the 15.20 release...

If my answer solves your problem please click Accept as Solution so others can benefit from it.
jimtombari2
Here to help

current firmware is 15.21 - that is the firmware that is causing the issue in multiple locations.

https://community.meraki.com/t5/Questions-and-Answers/2x-24port-1x-48-port-POE-switches-NO-POE/m-p/1...

 

JeremieB
New here

Same here, with 3x GS110-48P , NO POE since this morning

cmr
Kind of a big deal
Kind of a big deal

15.21 only applies to Meraki MS switches, the issues you are reporting are for Meraki GS switches.  They are NOT the same.

If my answer solves your problem please click Accept as Solution so others can benefit from it.
jimtombari2
Here to help

yes, the problem is with 15.21 on a GS110-48P switch

cmr
Kind of a big deal
Kind of a big deal

What was it running before, I wonder if the wrong firmware has been pushed...

If my answer solves your problem please click Accept as Solution so others can benefit from it.
jimtombari2
Here to help

It was set to update on Sunday at 4am but most places having this problem appeared to start having it within the last 8 hours or so, the firmware says GS 15.21 so it looks like there is a major bug in it.

 

cmr
Kind of a big deal
Kind of a big deal

I have installed this firmware on an MS220-8p that was not showing PoE stats and it is now fully working.

If my answer solves your problem please click Accept as Solution so others can benefit from it.
MiriamK
Meraki Employee
Meraki Employee

Hi all - for anyone using Meraki Go, and still encountering PoE issues with their Meraki Go GS110 PoE switches, we found a workaround to the firmware issue.

 

More details in this thread in our Meraki Go Community: https://community.meraki.com/t5/Questions-and-Answers/Meraki-Go-PoE-Switches-Resolved/m-p/188466#M14...

 

Note: Meraki Go is a completely different product line than our Cisco Meraki products 🙂 

Miriam Kung
Cisco Meraki Product Marketing
cmr
Kind of a big deal
Kind of a big deal

15.21.1 stable patch has now been released with the sole change of fixing the PoE for the GS range of switches.

If my answer solves your problem please click Accept as Solution so others can benefit from it.
JamesC_AB
Here to help

This announcement: MS 15.21 Stable (GA) is available for install!

...says that MS 15.21 introduces port isolation under "new features".

But then links to this old article :Restricting Traffic with Isolated Switch Ports

...which says:


Firmware MS 11.22 adds support for Port isolation on the following.

  • MS Switch Stacks
  • All ports on the MS210, MS225, and MS250 series switches. Prior to MS 11.22, these switch models supported Port isolation on ports 1 - 24 only.

But that same article as recently as October 2022 use to say:


For MS210, MS225, and MS250 series switches, port isolation is only supported on the first 24 ports

 

Port isolation is not supported across stack members


Back in October 2022, MS 11.22 was ~3 years old.

Colour me confused by the mixed messaging! 😕

 

Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.
Labels