Which route did you go?
Notice any quirks?
Our organization is set up on a private block of IP's so for the most part, in our practice, it has been much simpler to sort by IP. Of course variables like DHCP lease time and devices with multiple IP's can get tricky every once in a while. For that reason we also track devices by MAC separately using either 3rd party software or switching up the filter on occasion.
@NFL0NR Are you talking about MAC filtering as a way to limit network access, or "Client tracking" in MX networks?
For the latter, I always go with MAC tracking if the topology allows for it (no L3 boundaries between the MX and clients). Otherwise IP tracking is the way to go.
client tracking.
We've had some issues with MAC's not being tracked right but the PC's do... But we do tracking via IP.
client tracking.
We've had some issues with MAC's not being tracked right but the PC's do... But we do tracking via IP.
Both...
We've seen (and this only seems to happen to Mac users) that the AD user that's "logged in" on the laptops (again only the macintosh ones) will sometimes get the wrong IP (we track via ip currently) and thus when you look up the IP it can show the previous person who had that ip, and the Macintosh user will not have AD rights for certain things... like access to social media.
The only way we've been able to work around this is search by mac... to find the actual device and then force it into the correct security group
*i can't tell if that is confusing to anyone else... so if so i'll try to clarify again, lol*