Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
The Meraki Community is Moving
We're migrating to the Cisco Community on March 29. The Meraki Community will enter read-only mode starting on March 26.
Learn more- About Nolan_Nguyen
About Nolan_Nguyen
Nolan_Nguyen
Just browsing
Member since Dec 10, 2025
Dec 12 2025
Community Record
3
Posts
0
Kudos
0
Solutions
Dec 11 2025
9:54 AM
Hi Philip, From what I unserstand, the RADIUS package has size larger than VPN MTU → cause fragment → then somehow the network drops that fragmented package (MX, ISP or that Virtual Machine). I was not allowed to make any change on Client side (GPO deployment to adjust the MTU) and the Server side, bcuz it may cause impact to another Meraki Network - which are also using MX64 (fw 18.xxx) and still working properly. → Is it possible to adjust the MTU of Meraki MR? will this be the workaround for this situation? → I'm not sure is "Framed-MTU" available in Windows NPS, letme check with user configuration.
... View more
Dec 10 2025
10:07 AM
Hi alemabrahao, Thank you for your information. As I checked last month, this MX64 only allows firmware 18.xxx. I will check with user on firmware upgrade by tomorrow. It would be better if I can upgrade it to 19.xxx Thank you!
... View more
Dec 10 2025
12:16 AM
Dear all, I'm Nolan. I'm seeking for you guys advice on this issue: Previous situation: MX64 (network: CRESCENT MALL) was running firmware version 14.x MX64 successfully established an IPSec Site-to-Site VPN tunnel to a VM hosted on FPT Cloud (Vietnam) On the MRs, we have configured WiFi authentication via RADIUS, pointing to the AD Server hosted on that VM Everything worked properly without any issues Current situation: After upgrading the MX64 to firmware version 18.x The IPSec VPN tunnel can still be established successfully However, WiFi users are no longer able to authenticate via RADIUS Using Wireshark, we noticed that the VPN packet size is larger than MTU allowed over the VPN, which may cause packet drops during AD authentication As I checked with Support Team → the non-Meraki site-to-site VPN's MTU is set to 1400 for this MX64... and to adjust the MTU, this requires MX19.1.11 or higher firmware → replacing the MX64 or reconfigure the AD Server (FPT VM) are currently not good options due to customer policy → I just wonder is the IPSec VPN MTU in firmware 14.x different from MTU in firmware 18.x? Thank you for your support! -- Nolan Nguyen (Mr.)
... View more
© 2026 Cisco Systems, Inc.
