Managing Firmware Upgrades
Overview
Firmware upgrades allow network administrators to utilize the latest features and security enhancements on their Meraki devices. The Cisco Meraki dashboard allows admins to easily schedule and reschedule firmware upgrades on their networks, opt in to beta firmware releases, view firmware change log notes, and set maintenance windows. This article outlines the functions of the firmware upgrades tool in the dashboard, as well as additional considerations for using and managing firmware.
Learn more with these free online training courses on the Meraki Learning Hub:
Managing Firmware as an Organization Admin
The firmware upgrades tool in the dashboard allows organization admins to quickly and easily manage firmware versions on a per-network and per-device type basis. Additionally, the firmware upgrades tool can be used to schedule, reschedule, and cancel bulk upgrades of networks, view firmware change log notes, view firmware version numbers, and roll back the firmware on a recently upgraded network.
Scheduling Firmware Upgrades
Keeping up-to-date on firmware allows administrators to utilize the latest features and ensures that the latest security enhancements are running on their hardware. Admins can upgrade to the latest stable or beta firmware. Follow the steps below to schedule a firmware upgrade.
- Navigate to Organization > Monitor > Firmware upgrades.
- Click the Schedule Upgrades tab in the upper-left.
- Select the devices or networks to be upgraded by clicking the checkboxes beside the network names. Admins can specify upgrades on a per-network or per-device type basis by using the Device type, Current version, and/or Status drop-down selectors.
- Click the Schedule upgrades button.
- Select the firmware version for upgrade using the Target firmware version selector.
- Select either Perform the upgrade now or Schedule the upgrade for, specifying a specific date and time for the upgrade.
- Review the Change Summary and select Schedule change for network.
Note: When downgrading from a beta firmware to a stable firmware, a feedback request page will be presented. Please select any options that reflect the downgrade reason before selecting Schedule change for network.
Rescheduling or Cancelling a Firmware Upgrade
Rescheduling or cancelling a firmware upgrade can be performed after a firmware upgrade has been scheduled. Follow the steps below to cancel or reschedule a firmware upgrade.
- Navigate to Organization > Monitor > Firmware upgrades.
- Navigate to the Scheduled changes tab instead of the Overview tab, view the Scheduled changes section and find the applicable scheduled upgrade.
- Scheduled upgrades will be grouped by their respective products and scheduled upgrade time.
- For any given scheduled product upgrade, if you want to Reschedule, click the small calendar icon on the upgrade box. Follow the prompts and then choose Schedule upgrade for, specifying a date and time for the upgrade to take place.
- For any given scheduled product upgrade, if you want to Cancel, click the "CANCEL" button on the upgrade box. Follow the prompts and then cancel the upgrade.
Reschedule a Firmware Upgrade from the Overview Tab
Rescheduling a firmware upgrade can be performed after a firmware upgrade has been scheduled. Follow the steps below to reschedule a firmware upgrade.
-
Navigate to Organization > Monitor > Firmware upgrades.
- From the Overview tab, view the Scheduled changes section and find the applicable scheduled upgrade.
- Scheduled upgrades will be grouped by their respective products and scheduled upgrade time.
- For any given scheduled product upgrade, if you want to Reschedule, click the small calendar icon on the upgrade box. Follow the prompts and then choose Schedule upgrade for, specifying a date and time for the upgrade to take place.
Note: Firmware upgrades can be scheduled up to one month in advance and can only be deferred/rescheduled for one month at a time. Cancelling scheduled firmware upgrades does not exclude a given network from future scheduled upgrades.
Rolling Back a Recent Firmware Upgrade
Firmware upgrades can be rolled back to their previous version up to 14 days after an upgrade takes place. Follow the steps below to roll back a firmware upgrade.
- Navigate to Organization > Monitor > Firmware upgrades.
- From the Overview tab, view the Most recent upgrades section and find the applicable upgrade entry.
- Click on the applicable upgrade entry where it lists the number of networks and devices that were upgraded.
- Click the Rollback button.
- Select a reason for the rollback and enter a brief description.
- Select Perform the upgrade now or Schedule the upgrade for, specifying a date and time for the rollback.
- Click Submit to schedule the rollback.
Viewing Firmware Change Log Notes
Change log notes are maintained on a per-firmware version basis and include information about new features, bug fixes, and known issues that are associated with a particular firmware version. Follow the steps below to view the firmware change log notes.
- Navigate to Organization > Monitor > Firmware upgrades.
- From the Overview tab, refer to where it lists Latest firmware versions.
- Select Release notes. This will display the current stable firmware change log notes.
- To view older or newer change log notes, select Previous version or Next version from the change log notes window.
Note: The firmware change log can also be viewed from the Schedule Upgrades tab; click on the firmware version links listed in the "Current firmware version" column.
Managing Firmware as a Network Admin
Firmware upgrades can be scheduled on a per-device type basis for each dashboard network. Follow the steps below to manage a network's firmware upgrades.
- Navigate to Network-wide > Configure > General.
- Scroll down to where it lists Firmware upgrades.
- If there is a new firmware available, select the desired option below:
- (Re)schedule the firmware upgrade or Perform the upgrade now: These options will be active if there is a newer upgrade available, whether it is currently scheduled or not.
- Upgrade as scheduled: This option will be selected if an upgrade has been scheduled either by an admin, Support, or the bulk upgrade tool.
- Ignore: This option will appear as selected if there is a newer firmware version available but nothing is currently scheduled. If an upgrade is later scheduled but was subsequently canceled (either from the Organization > Monitor > Firmware upgrades page or by Support), the Ignore option will be selected again. Selecting this option will not prevent future upgrades from being scheduled by Meraki.
- Navigate to the bottom of the page and select Save.
To elect to run beta firmware, select Try beta firmware and select Yes.
Viewing Firmware Change Log Notes as a Network Admin
Change log notes are maintained on a per-firmware version basis and include information about new features, bug fixes, and known issues that are associated with a particular firmware version. Follow the steps below to view the firmware change log notes.
- Navigate to Network-wide > Configure > General.
- Scroll down to where it lists Firmware upgrades.
- If there is a new firmware available, select the What's new button beside the corresponding firmware. This page lists the firmware change log notes.
Firmware Upgrade Barriers
Firmware upgrade barriers is a built-in feature to prevent certain upgrade paths on devices running older firmware versions trying to upgrade to a build that would otherwise cause compatibility issues. Having devices use intermediary builds defined by Meraki will ensure a safe transition when upgrading your devices.
When scheduling a network to upgrade to a specific patched firmware version, you will have to first schedule an upgrade to the major firmware version itself.
For example, as of the time of this writing, if you want to upgrade a security appliance from MX 17.10.2 → MX 18.107.8 ( the latest batch on major firmware version MX 18 ), you will have to schedule it like this:
- MX 17.10.2 → MX 18.107.2 ( the latest stable version on major firmware version MX 18 )
- MX 18.107.2 → MX 18.107.8 ( the latest batch on major firmware version MX 18 )
Please note these versions are examples relevant at the time of writing. The latest stable version and latest batch may be different now.
Here is an example of when firmware upgrade barriers come into effect. You might find yourself in a situation where you are unable to upgrade a device for an extended period of time due to uptime or business requirements. There is a switch in the network that is running MS 9.27 and would like to update to the latest stable version, which at the time of writing, is 11.30. Attempting to upgrade from 9.27 to 11.30 will not be a selectable option in the dashboard and administrators will have to upgrade to 10.35 first.
In order to complete the upgrade from the current version to the target version, two manual upgrades will be required. The first from your current to the intermediary version, and another from the intermediary to your target version.
- Select Organization > Monitor > Firmware upgrades > Schedule Upgrades. From here you can select an individual or many networks within your organization
- Select the Target firmware version you are trying to upgrade to from the drop-down menu. In this case, because we are upgrading from MS 9.27 we must upgrade to MS 10.35 first. Note that the latest stable is not a selectable option and won't be until you upgrade to the required intermediary firmware version. This is a prime example of a firmware barrier
- Select a scheduled time you want to perform the upgrade. You can cancel the upgrade from the Firmware upgrades page and select Reschedule.
- After the first upgrade has completed, repeat steps 1-3 to perform the second half of the upgrade from your intermediary version to your target version.
Firmware Features
For additional information on firmware feature releases, visit the dedicated firmware features homepage.
Firmware Version Status
Cisco Meraki is committed to delivering powerful yet easy-to-manage firmware updates for all Meraki products via the firmware upgrades tool in the dashboard. In order to further simplify and streamline the firmware update process, we are introducing Firmware Status for Meraki firmware. It’s always recommended to run at least the latest stable version for each respective product in order to ensure the best performance, stability, and protection from security vulnerabilities.
Each firmware version now has an additional Status column as follows:
- Good (Green) status indicates that the network's firmware version does not yet have an End of Firmware Maintenance (EFM) date set or it is greater than 6 months away. Minor updates may be available, but no immediate action is required.
-
Warning (Yellow) status means that the network's firmware has an EFM date set and is within 6 months. When a firmware enters this state the date will appear within the warning text. We recommend you upgrade to the latest stable or beta version.
-
Critical (Red) status indicates that the firmware's EFM date for your network is past and may have security vulnerabilities and/or experience suboptimal performance. We highly recommend that you upgrade to the latest stable and latest beta firmware release.
Note: Firmware version status is purely for informational purposes only.
The number of Networks with firmware matching "Warning" and "Critical" status will appear on the overview tab of the firmware upgrades page.
FAQ
Q: What does the date beside “Warning” and “Critical” mean?
A: This date is an End of Firmware Maintenance (EFM) date for that particular firmware version. Six months prior to this date, firmware will go into “Warning” status. Once the EFM has passed, the firmware will go into "Critical" status. We highly recommend updating the firmware before it reaches "Critical" status.
Q: What are the implications of running firmware marked with “Warning” and “Critical” status?
A: You might experience performance degradation, stability issues, and be exposed to the security vulnerabilities addressed in the latest stable or latest beta firmware.
Q: Why does the Firmware upgrades page shows networks that do not have corresponding device types?
A: You likely have combined networks which include network types that no longer contain Meraki devices. Such networks are hidden from Dashboard but still exists (the network configurations are also retained). To remove these networks, split the combined network and delete them individually as per the Combined Dashboard Networks article.