Hello,
I have some doubts about MX content filtering in this scenario:
MX84 as firewall/internet edge with MS350 as L3 downstream with 5 Vlans
Can I have the full functionality of Content Filtering feature in this case? I mean tracking clients by MAC?
Or I'll still need to split my network and choose client tracking by IP?
I think by MAC is the best way to go, Am I right?
Solved! Go to solution.
>Can I have the full functionality of Content Filtering feature in this case? I mean tracking clients by MAC?
You wont be able to track clients by MAC because the MX can not see the MAC addresses (only the default gateway can).
Also note you wont be able to use per-client group policy. Group policy works based off MAC address.
You will be able to apply global content filtering policies.
Note you can only use tracking by IP address if the network is not in combined mode. If you have an MX and an MS in the same network it runs in combined mode. So you will have to create a seperate network for the MX if you want to use the tracking by IP option.
https://documentation.meraki.com/MX/Monitoring_and_Reporting/Client_Tracking_Options
MAC would be the way to go since it is "hard coded".
Thanks @kYutobi !
But do you know if it'll work in this topology that I've mentioned?
As default to work with Client tracking by MAC MX should be L3...
Hello @Flavio_Vieira ,
As content filtering looks at the URL information, configuring an MX for track by IP (or) MAC would be okay.
Tracking by IP would mean you need your MX to track client traffic by IP. This is a configuration you would use most when you have a layer 3 device downstream of the MX handling inter-vlan communication.
To be able to track your client traffic more accurately I would recommend you track by IP (meaning you will need to split the network).
Again this will not impact the way your MX handles content filtering.
>Can I have the full functionality of Content Filtering feature in this case? I mean tracking clients by MAC?
You wont be able to track clients by MAC because the MX can not see the MAC addresses (only the default gateway can).
Also note you wont be able to use per-client group policy. Group policy works based off MAC address.
You will be able to apply global content filtering policies.
Note you can only use tracking by IP address if the network is not in combined mode. If you have an MX and an MS in the same network it runs in combined mode. So you will have to create a seperate network for the MX if you want to use the tracking by IP option.
https://documentation.meraki.com/MX/Monitoring_and_Reporting/Client_Tracking_Options