Added expanded VPN NAT solutions. There is now support for configuring IPv4 subnet translation, VPN host translation rules, and VPN port forwarding rules.   Is there documentation about these new bits yet? ... View more

I really wonder what they will do with the Subscription licensing. The Subscription page is unclear how the subscription levels will map to Meraki feature-sets.   The Cisco Routing Advantage vs Cisco WAN Essentials vs Cisco WAN Advantage is unclear, because in Meraki world, it's not the same thing as Cisco Catalyst SD-WAN (Viptela). For example, which option would include security features, which one includes SD-WAN?   This is really the first series to go unified with the licensing so hopefully we don't get shortended with a product that is limited by the Meraki control plane, and cannot be converted to run IOS-XE or be part of Cisco Catalyst SD-WAN, but be forced to pay the same licensing fees as Cisco Catalyst SD-WAN.   We are looking to swap out MX64s to MX67/75, and this client uses Enterprise agreement with Subscription licensing. So, the clear match would be one of these 8111's would be great replacements for those! ... View more

Security appliances software versions MX 26.1.2 changelog   Executive summary This is a new beta release for MX 26.1. It contains new feature functionality that expands connectivity options and security capabilities. For customers already running MX 26.1, this release contains a range of fixes across dynamic routing and VPN. It also improves device stability and the consistency of network performance. Please read through the full details below. What's new Added support for configuring Virtual Router Forwarding domains (VRF) through the Early Access feature program. Added support for configuring up to 4 WAN interfaces on C8455-G2-MX appliances. Added expanded VPN NAT solutions. There is now support for configuring IPv4 subnet translation, VPN host translation rules, and VPN port forwarding rules. Added support for non-NATed WAN uplinks (Routed interfaces) and the ability to manually configure the L3 inbound firewall rules. Expanded support for Adaptive Policy, including Secure Group Tag (SGT) assignment based on Group Policy, SGT to group policy mapping, and SGT transport with MDATA. Bug fixes - general fixes Fixed multiple issues that could result in an unexpected device reboot. (MX-44148) (MX-44723) (MX-39828) Resolved an issue that could result in eBGP connections failing to form over PPPoE uplinks. (Tracking ID available soon) Resolved an issue that could cause eBGP packets being routed incorrectly when 1) the MX appliance was configured in passthrough VPN concentrator mode, 2) eBGP multihop was configured, and 3) another AutoVPN peer advertised a VPN route that overlapped with the eBGP peer’s IP address. (MX-44272) Fixed an issue that resulted in MX appliances configured in routed mode incorrectly sending management traffic to their default gateway, as opposed to a default route learned via eBGP. (MX-43274) Corrected a case that resulted in MX appliances operating as VPN concentrators failing to advertise a connected AutoVPN spoke’s routes via OSPF. (MX-42189) Resolved a rare issue that could result in AutoVPN traffic being dropped. (MX-43737) Corrected a rare issue that could result in disruption to AnyConnect client VPN connectivity if Mobile Device Management (MDM) had ever been enabled in the organization. (MX-44403) Fixed an issue that resulted in route status information for IPsec VPN peers to be displayed as “-” in the Meraki Dashboard. (MX-43028) Resolved a regression that could result in traffic being incorrectly dropped when 1) a port forward, 1:1 NAT, or 1:M NAT was configured, 2) a static default route (0.0.0.0/0) was also configured, and 3) a LAN client was responding to a WAN-initiated connection. (MX-43847) Corrected an MX 26.1 problem that resulted in content filtering not automatically initializing after being enabled. This could have been worked around by rebooting the appliance. (Tracking ID available soon) Fixed a very rare issue that could result in elevated device workload when processing HTTP traffic with out of order packets. (MX-44666) Fixed a rare issue that could result in firewall rule configurations being unnecessarily reloaded. This may have introduced momentary reductions in network performance, especially when complex firewall rule sets were in use. (MX-45846) Resolved an issue that could result in unexpectedly high memory usage when Meraki Insight was enabled. (MX-43469) Bug fixes - limited platform fixes Corrected an issue that could result in IPsec VPN tunnels failing to establish on MX95, MX105, MX250, MX450, and C8455-G2-MX appliances. (MX-44724) Fixed an issue that could result in IPsec VPN traffic failing on C8455-G2-MX appliances. (MX-45847) Resolved an issue that could result in network routing problem when 1) C8455-G2-MX appliances were configured for warm spare (HA) and 2) an administrator swapped the primary and spare roles of the two appliances. (MX-44412) Corrected an issue that resulted in MX85 appliances erroneously dropping CDP and LLDP frames. (MX-44332) Legacy products notice When configured for this version, Z3(C) devices will run MX 19.2.7. When configured for this version, MX64(W), MX65(W), MX84, MX100, and vMX100 devices will run MX 18.107.13. Known issues Due to an MX 26.1 regression, Z4C appliances may fail to establish IPv6 connectivity over a cellular connection. (Tracking ID available soon) Other C8455-G2-MX appliances will no longer automatically drop all packets with an invalid layer 4 checksum value. This aligns behavior with other MX and Z appliances. This traffic may still be dropped by other product features like AMP or Intrusion Prevention. MX250, MX450, and C8455-G2-MX appliances will now default to 50% of their typical maximum concurrent flow capacity when Intrusion Detection or Intrusion Prevention is enabled. The product complies with EN 18031-1:2024 and EN 18031-2: 2024   ... View more

Congratulations everyone, great start to the year. Some very deserved winners this month!     ... View more

I am interested in this because it is a configuration I would like to use. ... View more

after upgrading to this version my non-meraki IPSec stopped working. The other end is ASAv. ... View more

I guess the randomness is simply teething issues as the RC tab is ordered completely randomly, has some of the missing labelling, but an odd selection of what is and is not RC:     ... View more

Security appliances software versions MX 19.2.7 changelog   Important notice As of MX 19.1, Cisco Meraki will no longer support USB-based Cellular Failover on the MX and Z platforms. Starting with MX 19.1 firmware on vMX platforms, Meraki has begun to deprecate the use of 3DES encryption for Phase 2 (IPsec) of Client and IPsec VPN connections due to its insecure nature. Subsequent firmware releases will continue to deprecate it on all platforms. New feature highlights Added support for Diffie-Hellman Groups 15 (3072-bit ECDH) and 21 (521-bit ECDH encryption) in IPsec and AutoVPN configurations, ensuring interoperability with modern cryptographic standards and enhances security postures for sensitive communications. Added support for Active-Active Non-Meraki VPN peer connections. Modem firmware visibility on dashboard - Z4C. Expanded the list of built-in APNs for Z3C, Z4C, MX67C, and MX68CW appliances. Executive summary This is the first Stable / Recommended release for MX 19.2. It contains new functionality that continues to expand the available choices for VPN connectivity and strengthens cellular serviceability. For customers already running MX 19.2, this maintenance release contains a range of fixes across AnyConnect VPN and Site-to-Site VPN. It also improves device stability and the consistency of network performance. Please read through the full details below. This release contains fixes and improvements for the C8455-G2-MX that launched at the end of 2025. Please read through the full details below. Additionally, MX 19.2 contains several important fixes for MX85 appliances that have been shown to significantly reduce cases of unexpected device reboots. We strongly encourage customers on versions prior to MX 19.2 to consider upgrading. With the promotion of MX 19.2 to Stable / Recommended release, we strongly encourage customers to begin their process of migrating from older releases. We do not intend for additional fixes to become available through future MX 19.1 releases. Bug fixes - general fixes Resolved several cases that could result in an unexpected device reboot. (MX-42084) (MX-42484) (MX-41540) (MX-43044) (MX-44148) (MX-44723) Resolved a rare issue that could result in AutoVPN traffic being dropped. (MX-43737) Fixed a rare issue that could result in AnyConnect Client VPN incorrectly rejecting valid authentication attempts. (MX-34380) Corrected a rare issue that could result in disruption to AnyConnect client VPN connectivity if Mobile Device Management (MDM) had ever been enabled in the organization. (MX-44403) Corrected an issue that could result in some devices connected via client VPN not being displayed in the Clients page on the Dashboard. (MX-21479) Corrected an issue with the VPN status reporting for IPsec VPN peers when a primary and secondary tunnel configuration was in place. (MX-41539) Fixed a rare issue that could result in a temporary network performance reduction in cases where a previous large burst of flow all expired at the same time. (MX-45842) Fixed a rare issue that could result in firewall rule configurations being unnecessarily reloaded. This may have introduced momentary reductions in network performance, especially when complex firewall rule sets were in use. (MX-45846) Fixed a very rare issue that could result in elevated device workload when processing HTTP traffic with out of order packets. (MX-44666) Resolved a regression that could result in traffic being incorrectly dropped when 1) a port forward, 1:1 NAT, or 1:M NAT was configured, 2) a static default route (0.0.0.0/0) was also configured, and 3) a LAN client was responding to a WAN-initiated connection. (MX-43847) Fixed an issue that could result in periods of incomplete data when viewing a 2-hour window of Dashboard latency graph data on the Appliance Status page. (MX-21351) Bug fixes - limited platform fixes Resolved an issue that could result in network routing problem when 1) C8455-G2-MX appliances were configured for warm spare (HA) and 2) an administrator swapped the primary and spare roles of the two appliances. (MX-44412) Fixed an issue that could result in IPsec VPN traffic failing on C8455-G2-MX appliances. (MX-45847) Corrected an issue that resulted in C8455-G2-MX appliances being unable to start the processes for performing ThousandEyes monitoring. (MX-45840) Resolved an issue that resulted in XDR flows not being exported correctly on C8455-G2-MX. (MX-45844) Resolved an issue that resulted in C8455-G2-MX appliances sending additional, unneeded ARP responses (MX-45841) Corrected an issue that could result in some SFP modules failing to be recognized on C8455-G2-MX appliances. (MX-45843) Corrected an issue that resulted in MX85 appliances erroneously dropping CDP and LLDP frames. (MX-44332) Legacy products notice When configured for this version, MX64(W), MX65(W), MX84, MX100, and vMX100 devices will run MX 18.107.13. Known issues status This list is being reviewed and updated. Other The product complies with EN 18031-1:2024 and EN 18031-2: 2024 Clarified the wording for the Cellular Override options in the Local Status Page. (MX-29835)   ... View more

Again - it's not a change that is ready for production (introduction) yet here we are taking 3 steps backwards (takes longer to do a simple task and is more complex than previously was).  SMH. ... View more

@Dunky Good news is that engineering pushed out the fix today and I have confirmed it is resolved now.   ... View more

Sounds lovely - GUI only does X, CLI only does Y... ... View more

I have only used them in C9300s (where they work fine), I have some MS130s I could try the 1Gb ones with, but I think you already have the 10Gb ones working in MS225s, so that wouldn't prove anything.  Either way as mentioned above they aren't supported in MS switches for some reason... ... View more

The idea is good, but as of today it's a bit of a hassle, and the risk for unexpected behaviour is high.  DNS entries on the appliance are not reflected in the Dashboard, but only available through the API. So one would need to have clear documentation on what has been done to the DNS entries on the appliance, and always have that in mind.  https://documentation.meraki.com/SASE_and_SD-WAN/MX/Operate_and_Maintain/How-Tos/Local_DNS_Service_on_MX   What's to happen in the future, who knows. Hopefully this will be added to the Dashboard, for better management.   ... View more

Wireless firmware versions MR 32.1.6 changelog Important note MR45/55 APs are not supported on MR 32.x.x and will instead upgrade to the backup version (MR 31.1.8) if they are in networks configured for MR 32.x.x versions, and thus, new features will not be available. Enhancement Enable class 2 PoE (7W) output when AP is supplied with PoE+ (802.3at) power budget for CW9172H (https://documentation.meraki.com/Wireless/Product_Information/Overviews_and_Datasheets/CW9172H_Datasheet) Bug fixes General stability, performance, and experience improvements APs not using configured SGT tag (Wi-Fi 6, 6e, Wi-Fi 7) RADSec authentication stuck (Wi-Fi 6, 6e, Wi-Fi 7) Wi-Fi calling not working (Wi-Fi 6, 6e, Wi-Fi 7) WebEx DeskPro connectivity issues (Wi-Fi 6, 6e, Wi-Fi 7) APs previously on 1 Gbps suddenly negotiating at 100mbps after a few hours (Wi-Fi 6, 6e) ... View more

MX68 reboots every 24 hours on this. ... View more

Here we are in 2026 on firmware version 17.2.2 and there is still no reboot stack option for the MS250  ... View more

Hi @Snika - you're right that only one answer can be accepted per thread. If you'd like, you can UN-mark the other answer (under the three-dot menu on that reply - click "Not the solution") and mark this one. Cheers! ... View more

cs.co/am-licensing#ga   > Claiming a free trial license or paid license will automatically transition you to the GA experience within 36-48 hours. ... View more

@cmr , I just want to confirm that this statement, "Resolved an SNMP Denial of Service and Remote Code Execution vulnerability affecting Cisco IOS and IOS XE Software." Refers to CSCwq31287. Can you confirm that? Thank you.  ... View more

I feared as much, I have a lot of device configured 9300s on 17.15.4 and thought perhaps I'd missed an in place upgrade somehow.   Hopefully it's coming soon! ... View more

>AGREED! MILES 4EVA (I am not really cool enough to say "4EVA".... is that even the right way? Or is it "4-eva"? something else?   67 ... View more

I like the level of detail in the release notes. ... View more

Use Cloudflare Zero Trust.  It reliably breaks AnyDesk regardless of configuration 😉 ... View more

Switch firmware versions MS 18.1.5.1 changelog Important notes This firmware release only includes updates for MS150 switches. All other MS switches on MS 18.1.5.1 will run firmware identical to MS 18.1.3.1. New feature highlights Group Policy ACL on MS130 & MS150 Maximum MAC support in MAC Allowlists 802.1x limited access mode with pre-auth GPACL Local Status Page connectivity diagnostics enhancements Layer 2 multicast live tool Traffic Mirroring: RSPAN & VLAN Based SPAN Fixed issues   Ms150 fixed issues Resolved an issue that resulted in some MS150 switches setting a port into a discarding state after a stack member reboot Fixed a bug that caused some clients to experience reduced upload speeds while connected to an MS150 switch that was connected to an MX68 gateway Fixed a bug that sometimes caused MS150 switches in stack configurations to experience unicast traffic floods Resolved an issue that sometimes caused MS150 switches in stack configurations to fail to learn the default gateway’s correct MAC address, which resulted in packet loss for clients on those VLANs Known issues   General known issues MS130 and MS150 switches may not properly display IPv6 RA packets in dashboard packet captures In rare circumstances switches may experience uplink instability when IPv6 link-local addresses are enabled. If this issue is encountered it can be resolved by enabling IPv6 RA Guard to block ICMPv6 neighbor discovery messages. MR access points may be incorrectly assigned to the Default profile instead of the preconfigured Access Point profile when initially connected to a switch port that uses Smartport Automation Some clients may fail to authenticate and resolve DHCP in voice VLANs Ms120 known issues Switches may fail to provide PoE power to legacy access points (always present) Cable tests may report incorrect cable lengths Ms130 known issues MS130X mGig ports may fail to establish a link when both sides are forced to 100 Mbps full-duplex. If either side of the connection uses auto-negotiation the link will be established normally Switches may incorrectly remove or update SGT tags when no policy or VLAN mapping is defined. Until a firmware fix is available, correct SGT tags can be preserved by defining a policy for the SGT group in Adaptive Policies, and binding the SGT group to a VLAN using VLAN profiles. Ms150 known issues When a stacking cable is disconnected from MS150 switches in stack configurations the disconnected port will incorrectly continue to be marked as connected while the still-connected stacking port will incorrectly be marked as disconnected MS150 switches may intermittently negotiate USB-C Ethernet adapters at 10 Mbps half-duplex instead of the expected speed for the switchport, requiring a physical reseat to correct the issue. In some circumstances MS150 switches in stack configurations may fail to blocking redundant links, resulting in looped packets Ms350x known issues Switches may experience an unexpected reboot (present since MS 15) Ms355 known issues Switches in stack configuration may experience some ports failing to reconnect after a firmware upgrade Ms410 known issues Some MS410 switches may encounter alerts for fan failures that will eventually self-resolve Ms425 known issues In rare circumstances MS425 switches may encounter a software crash that results in a reboot In rare circumstances MS425 switches in stack configurations may encounter a software crash that results in a reboot ... View more

@PhilipDAth : 2026 is coming .. now its like a Tower 🙂 ... View more