Skip to main content

 

Cisco Meraki Documentation

China Region Cloud Maintenance New IP Ranges 2023 FAQ

 

Clike 这里 for Chinese

Overview 

As part of ongoing efforts to improve the performance and resiliency of the Meraki Cloud, the Cisco Meraki engineering team will be changing the IP addresses used by Cisco Meraki devices to contact the Meraki Cloud.

For customers with restrictive firewalls that block access to these new IP addresses, firewall changes may be necessary in order to ensure that your devices remain fully functional after March 31, 2024.

What is changing? 

We will be adding two new IP ranges to the list of IP addresses that your devices have traditionally used to contact the Meraki Cloud. Devices will now, additionally, connect to IPs in the 43.196.13.128/25 and 43.192.139.128/25 subnets.

Other addresses required for your Meraki devices to operate correctly generally remain the same. You can reference the Help > Firewall info page within Dashboard to identify the firewall rules required to allow your devices to contact the Meraki Cloud.

Are my devices affected? 

At any time, you can reference the Help > Firewall info page within Dashboard to accomplish two things:

  • Identify the firewall rules required to allow your devices to contact the Meraki Cloud. To ensure the best performance from your Meraki devices, please ensure that you have created each of the firewall rules listed on this page.
  • Identify which specific Meraki devices are failing firewall tests in the section titled "Firewall Test Failures" and downloading the CSV file that will have the details of the nodes and the tests that have failed.
    • Only org admins will be able to view this section
    • This section will only be visible if the org has nodes failing firewall tests.
    • Tests are run every 4-6 hours. If you update your firewall rules to fix all nodes failing firewall tests then the nodes will not show as failed after the next test is run.

Below is a screenshot of the section referred to

Firewall Information

Once you've updated your firewall rules to match the Firewall Info page and do not see any devices with failed firewall tests, no further action is needed. If you update your firewall rules to fix all nodes failing firewall tests then the nodes will not show as failed after the next test is run every 4-6 hours.

Warning: Failing to update any upstream firewall rules to accommodate these new IP address ranges may limit the functionality of your Meraki Devices. Your Meraki Devices will continue to operate and pass traffic, however they may become unable to contact the Meraki Cloud to receive configuration updates and report usage information for your network. Additionally, splash pages which utilize customer-provided external authentication and other features, such as SNMP traps and CMX push, may not function properly.

 

I've received a notice about my firewall rules 

If you've received an email from us asking you to update your firewall rules, please follow the steps mentioned in the above section "Are my devices affected?"

Once you've updated your firewall rules to match the Firewall Info page and do not see any devices with failed firewall tests, no further action is needed.

Warning: Failing to update any upstream firewall rules to accommodate these new IP address ranges may limit the functionality of your Meraki Devices. Your Meraki Devices will continue to operate and pass traffic, however they may become unable to contact the Meraki Cloud to receive configuration updates and report usage information for your network. Additionally, splash pages which utilize customer-provided external authentication and other features, such as SNMP traps and CMX push, may not function properly.

Will this maintenance require any downtime? 

It is very unlikely that this maintenance will require downtime. Much of the maintenance is being performed in such a way that does not require temporarily disabling access to the Meraki Dashboard or any other part of the Meraki Cloud. 

In the event that a brief period of downtime is necessary, or we are performing maintenance that may result in an unexpected loss of connectivity to the Meraki Cloud, a maintenance notice similar to the one displayed below will be posted prior to the maintenance to notify you that there may be a brief disruption in access to the Meraki Dashboard. As always, your Meraki Devices will continue to function and pass traffic, even if their connection to the Meraki Cloud is temporarily disrupted.

Upcoming maintenance

To learn more about our Cloud and out-of-band management, refer to our Meraki Cloud Architecture. If you believe that you are experiencing issues with your devices contacting the Meraki Cloud, or you are unable to access the Meraki Dashboard outside of scheduled maintenance windows, please contact Meraki support for assistance.

How will I know when this maintenance is complete? 

As this maintenance will be ongoing over a period of several months and much of it is happening behind the scenes, we will be unable to send notifications when maintenance for specific customers has been completed. Once the maintenance has been completed your Meraki Devices may begin communicating with the Meraki Cloud using the 43.196.13.128/25 and 43.192.139.128/25 subnets.

Note: Meraki Support is not able to provide specific dates during which this maintenance will occur. Please do not contact Meraki Support to request specific maintenance timelines. In the event that we are performing maintenance that may result in a disruption to the Meraki Cloud, a maintenance notice will be posted in advance above all pages within the Meraki Dashboard.

Additional questions 

If you have additional questions or concerns about this maintenance, please contact Meraki Support for assistance. 

  • Was this article helpful?