New MR 28.5 beta release - MT updates and a number of security related fixes

cmr
Kind of a big deal
Kind of a big deal

New MR 28.5 beta release - MT updates and a number of security related fixes

Wireless firmware versions MR 28.5 changelog

Important note

  • Meraki APs use UDP port 7351 for cloud communication and TCP ports 80 and 443 for backup communications when running MR 27 and older firmware. When running MR 28 firmware, Meraki APs will now use TCP port 443 as the primary means for cloud connectivity. In order to maintain connectivity to the Meraki cloud on MR 28+ ensure that TCP port 443 is allowed to communicate with 209.206.48.0/20 on firewalls that are deployed upstream of your Meraki APs. (Wi-Fi 6 MRs)

Legacy product notice

  • When configured for this version the MR12, MR16, MR18, MR24, MR26, MR32, MR34, MR62, MR66, and MR72 will run MR 26.8.2.

New

  • Improved connection logic to support up to 32 MT sensors per gateway (Wi-Fi 5 Wave 2 and Wi-Fi 6 MRs)

Bug fixes

  • General stability and performance improvements (Wi-Fi 5 Wave 2 and Wi-Fi 6 MRs)
  • Windows devices may fail re-authentication when the PMK cache timer has expired (Wi-Fi 5 Wave 2 and Wi-Fi 6 MRs)
  • MRs do not respond to SNMP GET requests when the 5 GHz radio is disabled (Wi-Fi 5 Wave 2 and Wi-Fi 6 MRs)
  • Group policy L7 firewall rules may not take effect (Wi-Fi 5 Wave 2 and Wi-Fi 6 MRs)
  • NBAR may drop traffic for whitelisted clients (Wi-Fi 5 Wave 2 and Wi-Fi 6 MRs)

Known issues

  • Sporadic packet loss & instability on Layer 3 roaming & Teleworker VPN SSID's (Wi-Fi 5 Wave 2 MRs/Wi-Fi 6 MRs)
  • UNII-2e channels not available for indoor MRs in Israel IL regulatory domain (Wi-Fi 6 MRs)
  • No DHCP response error is seen after a client performs a successful L3 roam (Wi-Fi 5 Wave 2 and Wi-Fi 6 MRs)
6 REPLIES 6
dwinter
Conversationalist

Interested to hear peoples experience with this upgrade and performance with Intel NICs. We had consistent issues up until 28.3, which appeared to fix all the roaming / unspecified / auth errors we had seen. Upgrading to 28.4 then brought all the same errors back, so am hesistant to make any changes. 

WB
Getting noticed

Mmm bit confused with this one. I saw yesterday it was released so went to schedule the upgrade to our 28.3 fleet, it refused to schedule the upgrade stating at least 1x MR was not able to communicate with their server via 443 (HTTPS) as is mentioned in the release notes. Double checked all our local settings and 443 is most definitely allowed outbound for those devices.

 

Come in this morning and I find an email from Meraki saying it's been so kind as to automatically schedule the upgrade for us... our MR comms issue has magically disappeared?

 

Fills me with confidence!

cmr
Kind of a big deal
Kind of a big deal

The 28.5 release moved to Stable Release Candidate today.  We are using it across 120+ APs and it definitely seems decently stable.

wirelessnerd
Conversationalist

Definitely interested to see if the MQTT with TLS issues were addressed

wirelessnerd
Conversationalist

Are there more specific release notes? Looking for information regarding MQTT over TLS

cmr
Kind of a big deal
Kind of a big deal

The release is now marked as stable, something which I would totally agree with.

Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.