Setting up your network to filter by mac or ip address

NFL0NR
Getting noticed

Setting up your network to filter by mac or ip address

Which route did you go?

Notice any quirks?

6 REPLIES 6
MerakiJockey505
Building a reputation

Our organization is set up on a private block of IP's so for the most part, in our practice, it has been much simpler to sort by IP.  Of course variables like DHCP lease time and devices with multiple IP's can get tricky every once in a while.  For that reason we also track devices by MAC separately using either 3rd party software or switching up the filter on occasion. 

MRCUR
Kind of a big deal

@NFL0NR Are you talking about MAC filtering as a way to limit network access, or "Client tracking" in MX networks? 

 

For the latter, I always go with MAC tracking if the topology allows for it (no L3 boundaries between the MX and clients). Otherwise IP tracking is the way to go. 

MRCUR | CMNO #12
NFL0NR
Getting noticed

client tracking.

 

We've had some issues with MAC's not being tracked right but the PC's do...   But we do tracking via IP.

NFL0NR
Getting noticed

client tracking.

 

We've had some issues with MAC's not being tracked right but the PC's do...   But we do tracking via IP.

MRCUR
Kind of a big deal

I’m confused... are you saying MAC like a MAC address or Apple devices?

I certainly haven’t seen any specific Mac tracking issues when using MAC client tracking in a network. What kind of issues have you seen?
MRCUR | CMNO #12
NFL0NR
Getting noticed

Both...  

 

We've seen (and this only seems to happen to Mac users) that the AD user that's "logged in" on the laptops (again only the macintosh ones)  will sometimes get the wrong IP (we track via ip currently) and thus when you look up the IP it can show the previous person who had that ip, and the Macintosh user will not have AD rights for certain things...  like access to social media.

 

The only way we've been able to work around this is search by mac... to find the actual device and then force it into the correct security group

 

*i can't tell if that is confusing to anyone else... so if so i'll try to clarify again, lol*

Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.