New MS 15.4 beta firmware - general SFP fix and many fixes for MS390

cmr
Kind of a big deal
Kind of a big deal

New MS 15.4 beta firmware - general SFP fix and many fixes for MS390

Switch firmware versions MS 15.4 changelog

Alerts

  • HTTP proxy is no longer supported on MS 15+. Nodes that use HTTP proxy without any other means to connect to dashboard may fail to connect.
  • SecureConnect fails on MS355 series switches
  • MS390 ports are not disabled when configured to do so by dashboard
  • Moving or re-provisioning an MS390 stack in dashboard can cause at least one member to stay offline until rebooted (this only affects control plane traffic).
  • MS390 upgrades to this version will experience a full system reload
  • MS390s that have SecureConnect configured may lose uplink connectivity and would require a factory reset to recover
  • If SecureConnect is enabled on the network, MS390 access ports will not be a part of STP or receive broadcast traffic
  • MS390 upgrades to this version will result in a full system reload

Branch additions

  • IPv6 static routing support for MS390 series switches
  • Additional client analytics added for MS390 series switches
  • Meraki authentication support for MS390 series switches
  • Alternate Management Interface (AMI) support for MS390 series switches
  • UDLD support for MS390 series switches
  • Group policy ACL support for MS390 series switches
  • IPv6 management interface support
  • URL redirect support for MS390 series switches
  • UPoE (802.3bt) support for MS390 series switches
  • Netflow export for Adaptive Policy
  • Critical/failed authentication support for MS390 series switches
  • Multi-auth with voice VLAN bypass support
  • MAC flap detection support for MS390 series switches
  • Named VLAN support for MS120/125/210/225/250/350/355/390 series switches
  • Stack power is supported by default for MS390 series switches
  • Netflow support for MS390 series switches

Bug fixes

  • DHCP traffic is dropped on the voice VLAN if MAC allow list is configured
  • In rare instances, DAI inspection may fail to snoop DHCP transactions on stacks leading to those clients being in a blocked state
  • MS250 switches in rare instances could experience a crash when configuring LACP (predates MS 12)
  • MS210/225/250/350/355/410/425 series switches may be unable to initialize 1Gbps SFP modules. Current, only some MA-SFP-1GB-SX modules are in scope (present since MS 15.0)

MS390

  • Rebooting a MS390 switch in a stack via the UI will result in the entire stack rebooting
  • MS390 group policy ACL port ranges are not applied
  • MS390 ports are limited to the lowest link speed since boot if QoS is enabled
  • MS390 ports that have MAC allow list configured will not change between access and trunk once configured in dashboard

Known issues

  • If the voice VLAN authenticates before the data VLAN, the voice VLAN will stop working after the data VLAN authenticates (present since MS 14.28)
  • In rare circumstances, changes made to SVIs may result in connectivity loss for one or more SVIs until reboot (predates MS 12)
  • When applying an access policy to a port, voice VLAN clients will not be updated in the MAC table without bouncing the port (present since MS 14.28)
  • Connecting a stacking cable to a stack that is online may result in a stack member going offline (present since MS 12)
  • In rare instances, a stack member may go offline until rebooted (present since MS 12)
  • Networks containing a large number of switches may encounter issues saving changes on the Switch Settings page
  • Stack members may experience delays in updating their configuration for up to an hour after a config change (present since MS 9)
  • The "clone from" list may fail to load when cloning a switch in an organization with 1,000+ switches or networks
  • Broadcast types of traffic can leak into the Guest VLAN if a port that fails authentication has a voice VLAN configured, and dashboard has a Guest VLAN defined (present since MS 11)
  • AMI IP addresses do not send gratuitous ARP packets which can lead to packet loss if the AMI address has aged out in the network
  • Meraki authentication does not work with guest VLAN

MS120

  • Links being established on an MS120 can result in neighbouring ports to flap (present since MS 11)
  • In rare instances, MS120 series switches may have empty packet captures until they are rebooted
  • MS120s switch ports with MAB authentication may randomly de-authenticate clients. In order to resume client authentication on that port, a switch reboot is required (present since MS 12)

MS35X/4XX

  • Enabling Combined Power on MS350/355 switches results in events being logged once per minute (present since MS 11)
  • mGig switches will have an amber light for all physical ports that do not negotiate to the highest supported speed. Dashboard will continue showing a light green status for all ports above 100Mbps. For example, MS355 switch ports will incorrectly show an amber light for 1G, 2.5G, and 5G, but will show a green light for 10G.
  • MS350-24X and MS355 series switches do not negotiate UPoE over LLDP correctly (predates MS 10)
  • SecureConnect fails on MS355 series switches (present since MS 15)
  • Ports with an odd-numbered MTU value fail to initialize for MS120/125 series switches (predates MS 11)
  • When an SFP module is inserted/removed on MS420/425 series switches, BPDUs can be delayed leading to STP transitions in the network (predates MS 12)
  • MS350/450 series switches in a stack configuration will lose dashboard connectivity if a "Deny Any Any" ACL is added without having higher "Allow" rules in place for dashboard connectivity (predates MS 12)

MS390

  • Packet loss is observed when pinging the MS390 management IP (present since MS 12)
  • In rare circumstances, MS390 series switches may disconnect from dashboard until rebooted. Data plane traffic is not impacted unless RADIUS authentication is used (present since MS 14.28)
  • MS390 "Port Up/Down" events will be shown across all members
  • MS390 control plane may experience brief outages which will show as red lines on the connectivity bar in dashboard. These events do not affect data plane traffic.
  • MS390 series switches do not support loop detection
  • MS390 series switches do not support warm spare/VRRP
  • Moving or re-provisioning an MS390 stack in dashboard can cause at least one member to stay offline until rebooted (this only affects control plane traffic).
  • MS390 ports are not disabled when configured to do so by dashboard
  • MS390 series switches will go offline if a "Deny Any Any" ACL is added without having higher "Allow" rules in place for dashboard connectivity
  • MS390s that have SecureConnect configured may lose uplink connectivity and would require a factory reset to recover
  • If SecureConnect is enabled on the network, MS390 access ports will not be a part of STP or receive broadcast traffic
5 Replies 5
DarrenOC
Kind of a big deal
Kind of a big deal

Cheers @cmr 

 

Love the fact that this is in there twice:

 

  • MS390 upgrades to this version will result in a full system reload

 

And what is with this one:

 

  • MS390s that have SecureConnect configured may lose uplink connectivity and would require a factory reset to recover

 

I think this should just state **"DON'T UPGRADE YOUR MS390's TO THIS VERSION"**

Darren OConnor | doconnor@resalire.co.uk
https://www.linkedin.com/in/darrenoconnor/

I'm not an employee of Cisco/Meraki. My posts are based on Meraki best practice and what has worked for me in the field.
PhilipDAth
Kind of a big deal
Kind of a big deal

A factory reset?  really.  This release should be blocked for MS390's give that.

Greenberet
Head in the Cloud

Is the named vlan feature working for anyone? My MS120 is still showing IDs without any names =(

cmr
Kind of a big deal
Kind of a big deal

@Greenberet apparently it is only for RADIUS server use at the moment...

redsector
Head in the Cloud

Will the MS390 ever work as designed?

Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.
Labels