New MR 28.5 beta release - MT updates and a number of security related fixes

cmr
Kind of a big deal
Kind of a big deal

New MR 28.5 beta release - MT updates and a number of security related fixes

Wireless firmware versions MR 28.5 changelog

Important note

  • Meraki APs use UDP port 7351 for cloud communication and TCP ports 80 and 443 for backup communications when running MR 27 and older firmware. When running MR 28 firmware, Meraki APs will now use TCP port 443 as the primary means for cloud connectivity. In order to maintain connectivity to the Meraki cloud on MR 28+ ensure that TCP port 443 is allowed to communicate with 209.206.48.0/20 on firewalls that are deployed upstream of your Meraki APs. (Wi-Fi 6 MRs)

Legacy product notice

  • When configured for this version the MR12, MR16, MR18, MR24, MR26, MR32, MR34, MR62, MR66, and MR72 will run MR 26.8.2.

New

  • Improved connection logic to support up to 32 MT sensors per gateway (Wi-Fi 5 Wave 2 and Wi-Fi 6 MRs)

Bug fixes

  • General stability and performance improvements (Wi-Fi 5 Wave 2 and Wi-Fi 6 MRs)
  • Windows devices may fail re-authentication when the PMK cache timer has expired (Wi-Fi 5 Wave 2 and Wi-Fi 6 MRs)
  • MRs do not respond to SNMP GET requests when the 5 GHz radio is disabled (Wi-Fi 5 Wave 2 and Wi-Fi 6 MRs)
  • Group policy L7 firewall rules may not take effect (Wi-Fi 5 Wave 2 and Wi-Fi 6 MRs)
  • NBAR may drop traffic for whitelisted clients (Wi-Fi 5 Wave 2 and Wi-Fi 6 MRs)

Known issues

  • Sporadic packet loss & instability on Layer 3 roaming & Teleworker VPN SSID's (Wi-Fi 5 Wave 2 MRs/Wi-Fi 6 MRs)
  • UNII-2e channels not available for indoor MRs in Israel IL regulatory domain (Wi-Fi 6 MRs)
  • No DHCP response error is seen after a client performs a successful L3 roam (Wi-Fi 5 Wave 2 and Wi-Fi 6 MRs)
If my answer solves your problem please click Accept as Solution so others can benefit from it.
7 Replies 7
dwinter
Conversationalist

Interested to hear peoples experience with this upgrade and performance with Intel NICs. We had consistent issues up until 28.3, which appeared to fix all the roaming / unspecified / auth errors we had seen. Upgrading to 28.4 then brought all the same errors back, so am hesistant to make any changes. 

WB
Building a reputation

Mmm bit confused with this one. I saw yesterday it was released so went to schedule the upgrade to our 28.3 fleet, it refused to schedule the upgrade stating at least 1x MR was not able to communicate with their server via 443 (HTTPS) as is mentioned in the release notes. Double checked all our local settings and 443 is most definitely allowed outbound for those devices.

 

Come in this morning and I find an email from Meraki saying it's been so kind as to automatically schedule the upgrade for us... our MR comms issue has magically disappeared?

 

Fills me with confidence!

cmr
Kind of a big deal
Kind of a big deal

The 28.5 release moved to Stable Release Candidate today.  We are using it across 120+ APs and it definitely seems decently stable.

If my answer solves your problem please click Accept as Solution so others can benefit from it.
wirelessnerd
Conversationalist

Definitely interested to see if the MQTT with TLS issues were addressed

wirelessnerd
Conversationalist

Are there more specific release notes? Looking for information regarding MQTT over TLS

cmr
Kind of a big deal
Kind of a big deal

The release is now marked as stable, something which I would totally agree with.

If my answer solves your problem please click Accept as Solution so others can benefit from it.
muels7
Just browsing

I just started having issue with the No DHCP response after having been on this release for about 2 months.  It seems restarting the AP fixes the issue temporarily.  Does anyone have a workaround?  I can't be constantly restarting APs every day.

 

I see it is also listed as a known issue with the 28.6 RC also, so they obviously have not fixed it yet.

Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.
Labels