New MS 15.6 beta firmware - 15.5 skipped; fixes for both below, mainly MS390

cmr
Kind of a big deal
Kind of a big deal

New MS 15.6 beta firmware - 15.5 skipped; fixes for both below, mainly MS390

Switch firmware versions MS 15.6 changelog

Alerts

  • HTTP proxy is no longer supported on MS 15+. Nodes that use HTTP proxy without any other means to connect to dashboard may fail to connect.
  • SecureConnect fails on MS355 series switches (present since MS 15.0)
  • MS390 ports are not disabled when configured to do so in dashboard
  • Moving or re-provisioning an MS390 stack in dashboard can cause the management plane of at least one member to stay offline until rebooted (present since MS 15.0)
  • MS390 upgrades from MS 15.4 or later will result in minimal impact to client traffic
  • If SecureConnect is enabled on the network, MS390 access ports will not be a part of STP or receive broadcast traffic

Branch additions

  • STP anomaly detection support for MS390 series switches
  • IPv6 static routing support for MS390 series switches
  • Additional client analytics added for MS390 series switches
  • Meraki authentication support for MS390 series switches
  • Alternate Management Interface (AMI) support for MS390 series switches
  • UDLD support for MS390 series switches
  • Group policy ACL support for MS390 series switches
  • IPv6 management interface support
  • URL redirect support for MS390 series switches
  • UPoE (802.3bt) support for MS390 series switches
  • Critical/failed authentication support for MS390 series switches
  • Multi-auth with voice VLAN bypass support
  • MAC flap detection support for MS390 series switches
  • Named VLAN support for MS120/125/210/225/250/350/355/390 series switches
  • Stack power is supported by default for MS390 series switches
  • Netflow and Encrypted Traffic Analytics (ETA) support for MS390s

Bug fixes

  • Performance and stability improvements (15.5)
  • Group policy ACL does not get configured on MS390 stacks
  • MS390 SNMP ifIndex integer offset starts at 9 instead of 1

Known issues

  • If the voice VLAN authenticates before the data VLAN, the voice VLAN will stop working after the data VLAN authenticates (present since MS 14.28)
  • In rare circumstances, changes made to SVIs may result in connectivity loss for one or more SVIs until reboot (predates MS 12)
  • When applying an access policy to a port, voice VLAN clients will not be updated in the MAC table without bouncing the port (present since MS 14.28)
  • Connecting a stacking cable to a stack that is online may result in a stack member going offline (present since MS 12)
  • The "clone from" list may fail to load when cloning a switch in an organization with 1,000+ switches or networks
  • Broadcast types of traffic can leak into the Guest VLAN if a port that fails authentication has a voice VLAN configured, and dashboard has a Guest VLAN defined (present since MS 11)
  • In rare instances, a stack member may go offline until rebooted (present since MS 12)
  • Networks containing a large number of switches may encounter issues saving changes on the Switch Settings page
  • Stack members may experience delays in updating their configuration for up to an hour after a config change (present since MS 9)
  • AMI IP addresses do not send gratuitous ARP packets which can lead to packet loss if the AMI address has aged out in the network
  • Meraki authentication does not work with guest VLAN

MS120/125

  • In rare instances, MS120 series switches may have empty packet captures until they are rebooted
  • Links being established on an MS120 can result in neighboring ports to flap (present since MS 11)
  • MS120s switch ports with MAB authentication may randomly deauthenticate clients. In order to resume client authentication on that port, a switch reboot is required (present since MS 12)
  • Ports with an odd-numbered MTU value fail to initialize for MS120/125 series switches (predates MS 11)

MS35X/42X

  • mGig switches will have an amber light for all physical ports that do not negotiate to the highest supported speed. Dashboard will continue showing a light green status for all ports above 100Mbps. For example, MS355 switch ports will incorrectly show an amber light for 1G, 2.5G, and 5G, but will show a green light for 10G.
  • Enabling Combined Power on MS350/355 switches results in events being logged once per minute (present since MS 11)
  • MS350-24X and MS355 series switches do not negotiate UPoE over LLDP correctly (predates MS 10)
  • SecureConnect fails on MS355 series switches (present since MS 15.0)
  • When an SFP module is inserted/removed on MS420/425 series switches, BPDUs can be delayed leading to STP transitions in the network (predates MS 12)
  • MS350/450 series switches in a stack configuration will lose dashboard connectivity if a "Deny Any Any" ACL is added without having higher "Allow" rules in place for dashboard connectivity (predates MS 12)

MS390

  • MS390 management plane may restart which will show as an outage on the connectivity bar in dashboard. This does not impact data plane traffic but can cause disruptions to RADIUS authentication (present since MS 14)
  • MS390 stacking ports incorrectly show 40Gbps half duplex in the UI
  • MS390 stacks may send frequent DHCP requests despite having a valid static IP address, which can result in IP flapping (present since MS 14)
  • In rare circumstances, MS390 series switches may disconnect from dashboard until rebooted. Data plane traffic is not impacted unless RADIUS authentication is used (present since MS 14.28)
  • MS390 management plane may experience brief outages which will show as red lines on the connectivity bar in dashboard. These events do not affect control or data plane traffic.
  • Packet loss is observed when pinging the MS390 management IP (present since MS 12)
  • MS390 "Port Up/Down" events will be shown across all members
  • MS390 series switches do not support loop detection
  • MS390 series switches do not support warm spare/VRRP
  • Moving or re-provisioning an MS390 stack in dashboard can cause the management plane of at least one member to stay offline until rebooted (present since MS 15.0)
  • MS390 ports are not disabled when configured to do so in dashboard
  • MS390 series switches will go offline if a "Deny Any Any" ACL is added without having higher "Allow" rules in place for dashboard connectivity
  • If SecureConnect is enabled on the network, MS390 access ports will not be a part of STP or receive broadcast traffic
2 REPLIES 2
UCcert
Kind of a big deal

thats a tad alarming:

 

  • MS390 ports are not disabled when configured to do so in dashboard

 

Whats an admin supposed to go, go down to the cabinet and put sellotape over the port?

Darren O'Connor | uccert.co.uk
https://www.linkedin.com/in/darrenoconnor/

I'm not an employee of Cisco/Meraki. My posts are based on Meraki best practice and what has worked for me in the field.
KarstenI
Kind of a big deal

Either fitting foam glue, or (if it has to be reversible):

https://www.padjack.com

I have some from delock, but they are similar.

Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.
Labels