MR33 25-8 Firmware

Bovie2K
Getting noticed

MR33 25-8 Firmware

Hello, Having an issue with 25-8 and my MR33. Its stops responding to DNS and DHCP requests to certain clients. (Seems to be Apple but I haven't run it long enough to make sure) as soon as I downgrade to 24-12 it works fine. I first thought it was due to beta firmware on my MX but after upgrading and downgraded realized its the MR. I've tried it 3 times and have the same problem each time. The Lan menu on the AP is showing the unmet requests. It does show the clients do connect to the Wifi they just either don't get a DHCP request or can't get DNS requests. Also I noticed at least for my iPad it keeps working but won't renew its address. I made a case with support and they just had me downgrade which is fine for now I wanted to see of anyone else has the problem.

20 Replies 20
MilesMeraki
Head in the Cloud

I've just tested this with my MR33 and apple devices and none are having any issues. What version of IOS/Mac OSX are your devices on?

Eliot F | Simplifying IT with Cloud Solutions
Found this helpful? Give me some Kudos! (click on the little up-arrow below)
Bovie2K
Getting noticed

@MilesMeraki  iOS 11.1.2 and MacOS 10.13.1.

MilesMeraki
Head in the Cloud

Hello @Bovie2K; The same versions as both the IOS and MAC OSX device I tested with. What mode is the SSID in, bridge, Meraki NAT?

Eliot F | Simplifying IT with Cloud Solutions
Found this helpful? Give me some Kudos! (click on the little up-arrow below)
Bovie2K
Getting noticed

@MilesMeraki its in bridge mode.

MilesMeraki
Head in the Cloud

@Bovie2K That's strange. I'm running a bridge mode SSID on my MR33 and having no problems with the exact same versions of IOS. Is the behaviour being experienced from multiple MR33's or just one?

 

 

Eliot F | Simplifying IT with Cloud Solutions
Found this helpful? Give me some Kudos! (click on the little up-arrow below)
Bovie2K
Getting noticed

@MilesMeraki just one. I only have one MR33 at home. All the ones at work are running Stable Firmware. I've left it with 25-8 for awhile no and no actual issues with the clients but the LAN page for the AP on the Meraki website says lots of requests aren't being answered. I'll have to see what support says when they get back to me.

MilesMeraki
Head in the Cloud

Interesting... I wonder if this is just effecting a certain OUI string of MR33's (Certain batch). Keep the thread updated with what Support has to say.

Eliot F | Simplifying IT with Cloud Solutions
Found this helpful? Give me some Kudos! (click on the little up-arrow below)
Bovie2K
Getting noticed

Will do as soon as I hear back from them. Again so far it seems to be instrumentation glitch. So far no devices are actually impacted even though the AP page claims they are getting responses to DHCP and DNS requests all the time. Thanks.

PhilipDAth
Kind of a big deal
Kind of a big deal

I have not experienced that problem. From memory 25-8 included a lot of security fixes, and some of them related to DNS.

 

Are you using the MR33 in bridge or NAT (aka guest) mode?  What DNS settings are you giving out?

Bovie2K
Getting noticed

@PhilipDAth Bridge mode with VLAN tagging. I have a Public SSID on one VLAN, Private SSDI on another and Mgmt traffic on yet another VLAN with untagged traffic dropped upstream. The AP is plugged directly into an MX64 serving up DHCP and I've tried both google and public dns.

 

Whats weird is after some more investigation this time it looks like it is working correctly (The first time I did this devices weren't getting IP's) the devices are getting IP's and DNS the AP just thinks its not working right. I tried Wireshark and it seemed to confirm that the MX was sending a response. I can also make it happen on a Windows computer buy just doing an ifconfig /renew the computer gets an IP but the AP. Also if it doesn't happen the first time doing it again will make it happen.

 

So anyways it seems its instrumentation rather than an issue. I've reopened my case with support and uploaded screenshots and wireshark captures. I can't explain what happened the first time.

pigeon
Comes here often

I have heard from the support because of the WEP2 crack. That all MR33 should be upgraded to 25.8 but as you say its beta. and no stable in sight. How is your opinion regarding that? I have been using 25.8 in test/Lab but i am skeptical to be using beta in production envoronments. 

PhilipDAth
Kind of a big deal
Kind of a big deal

Upgrade to 25.8.  It is much better than the current "stable" firmware.

JRH
Here to help

Although it’s not perfect (e.g. breaking RADIUS accounting)
Bovie2K
Getting noticed

@pigeon I think the Krack attack only effects 802.11R correct?
PhilipDAth
Kind of a big deal
Kind of a big deal

For infrastructures devices, yes.  For clients, no.

pigeon
Comes here often

sorry for late answer. but yes.

The thing is that they want us to install beta in production environment. And i am not fan of that 😉 i prefer stable 🙂

pigeon
Comes here often

sorry for late answer. but yes.

The thing is that they want us to install beta in production environment. And i am not fan of that 😉 i prefer stable 🙂
Bovie2K
Getting noticed

Not to let Meraki off the hook but they use the term Beta differently than other vendors.

PhilipDAth
Kind of a big deal
Kind of a big deal

>The thing is that they want us to install beta in production environment.

 

Stable .... but not working properly.  Go for the beta software, you don't have much to loose and something to gain.

redsector
Head in the Cloud

I have got a bunch of MR32, MR33, MR42, MR52 all with firmware 25.8, they´re running very solid with that firmware.

The accesspoints are connected to Meraki switches and to Cisco Catalyst 2960X switches.

It´s important to connect them with trunk-ports and the SSID needs a VLAN tag or a connection to a radius server handling out the VLAN (f.e. Guests in VLAN 2 and employees to VLAN 1).

 

regards

redsector

___________________________________________________

Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.
Labels