Buy or Renew
Buy or Renew
NEW: Try the Beta AI Summary feature on posts in the Routing and SD-WAN forum. Click to go to the forum.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
2357
Views
1
Helpful
3
Replies

MS425-16 support CMD encapsulation

Go to solution
rlwilson
Visitor

‎10-20-2023 09:39 AM

Will a MS425-16 support CMD encapsulation. Will a MS425-16 preserve and propagate the CMD header if the MS425-16 is used only as a layer 2 switch for aggregate level. No client endpoints will terminate on the MS425-16. This is for Adaptive Policy and SGT tags.

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
aleabrahao
Meraki Community All-Star
Meraki Community All-Star
In response to rlwilson

‎10-20-2023 09:57 AM

No

I am not a Cisco employee. My suggestions are based on documentation of Meraki best practices and day-to-day experience.

Please, if this post was useful, leave your kudos and mark it as solved.

View solution in original post

3 Replies 3

Go to solution
aleabrahao
Meraki Community All-Star
Meraki Community All-Star

‎10-20-2023 09:47 AM

For micro-segmentation policies, each hop must support preserving and propagating the CMD header. Switches that do not support CMD encapsulation may be able to still forward the tagged packets if the switch is operating in an L2 only capacity. This however means that any client / endpoints connected directly to the non-CMD capable switch will not be classified correctly with an Adaptive Policy Group (SGT) and micro-segmentation policy enforcement will not be performed.

https://documentation.meraki.com/General_Administration/Cross-Platform_Content/Adaptive_Policy/Adaptive_Policy_Overview

Adaptive Policy Requirements

Adaptive Policy has a few requirements for the feature to be enabled on a network including specific hardware and software revisions. On top of hardware and software there are a few licensing requirements to meet including:

  • Advanced licensing on all MX/Z3+ (Advanced or SD-WAN), MR, and MS in a network when in a Per-Device Licensing organization

  • Advanced licensing organization-wide on MX/Z3+ (Advanced or SD-WAN), MR, and MS390/C9300-M when in a Co-Termination licensed organization

For more information on Per-device licensing please refer to the following documentation: Meraki Per-Device Licensing Overview

Hardware Requirements:

  • MS390 / C9300-M: all models

  • MR: all Wifi5 wave 2, Wifi6, and Wifi6E MR and CW access points.

  • MX/Z3+: all models capable of running MX18+ firmware (MX84 is not supported due to hardware limitations)

Software Requirements:

  • MS390: 14 + (latest stable release is recommended)

  • C9300-M: CS15-21-1+ (latest stable release is recommended)

  • MR: 27 + (latest stable release is recommended)

  • MX/Z3+: 18.1 +

Note: If the network is a combined network please ensure both MR and MS are on their respective required firmware versions as mentioned above.

MX version 18.1 only supports preserving and propagating SGTs over AutoVPN on NAT mode MXs. Support for VPN concentrator mode MXs will come at a later release. Classification of untagged traffic and policy enforcement on MX will also come at a later release. Please see this article for more information: MX Adaptive Policy Configuration Guide

I am not a Cisco employee. My suggestions are based on documentation of Meraki best practices and day-to-day experience.

Please, if this post was useful, leave your kudos and mark it as solved.
0 Helpful

Go to solution
rlwilson
Visitor
In response to aleabrahao

‎10-20-2023 09:55 AM

Yes, I have ready that in documentation but doesn't answer my question. Can a MS425-16 in layer 2 forward a CMD header? Yes or No?

Thanks

0 Helpful

Go to solution
aleabrahao
Meraki Community All-Star
Meraki Community All-Star
In response to rlwilson

‎10-20-2023 09:57 AM

No

I am not a Cisco employee. My suggestions are based on documentation of Meraki best practices and day-to-day experience.

Please, if this post was useful, leave your kudos and mark it as solved.
Customers Also Viewed These Support Documents