I am in the process of designing a site using the full Meraki stack.
All Layer 3 routing will be done on the "5th floor" stack,
All other switches and switch stacks (other floors) will come from this Core stack, with a Single transient VLAN passing all external destined traffic to the MX .
This is a combined network, and I am looking at the best method for Tracking Clients ?
According to the Meraki documentation, I can’t track by IP as this isn’t supported in a combined network.
Tracking by client MAC address isn’t an option for us, because the switches are doing the layer 3 and the downstream clients are not on the same broadcast domain as the MX.
Our only option seems to be the Cloud tracking, which is still in beta.
Does anyone have any advice as to how the Cloud tracking works and good/bad experiences with it, and will it provide the client tracking information?
This is a good place to start.
Some basic explanation of how it works.
Cloud Track is a Meraki technology that leverages network topology and device information to uniquely identify and track clients. It uses an algorithm that intelligently correlates client MAC and IP addresses seen across the Meraki stack, allowing the security appliance to generate a unique identifier for each client in a combined network with other Meraki devices. This is specifically useful when there are Meraki MS switches routing layer 3 between end clients and the security appliance, which segregates broadcast traffic containing the client's MAC address.
This method should be used only if the network has downstream layer 3 routing devices that are all Meraki devices. In this deployment scenario, tracking by IP would otherwise require the security appliance to be split into a separate dashboard network, as tracking by IP is not supported in combined networks. Tracking by MAC would fail to identify end client devices due to the layer 3 boundary, associating downstream client traffic to the routing switch and negatively affecting network usage numbers in dashboard.
Note: Cloud Track does not allow the MX to identify clients connected to an SSID utilizing NAT mode with Meraki DHCP, even for MRs in the same dashboard network.
Hi thanks for getting back so quickly. Yep, looked through this document already, just wondered if anyone has actually implemented this in a production environment. Conscious that Cloud Track is still in Beta...
I have clients using CloudTrack and it seems to work well.
Note that for doing per client group policy clients still need to be layer 2 adjacent to the MX (or on an MR), but for just monitoring and reporting it works great.
I've tried this for one client, but not getting accurate names was a problem so I had to swap them back to mac address tracking and deal with its inadequacies. I'd like to eventually move them back to cloud tracking when it's a little bit less beta.