Content filtering by MAC with MS350 as L3

SOLVED
Flavio_Vieira
Here to help

Content filtering by MAC with MS350 as L3

Hello,

 

I have some doubts about MX content filtering in this scenario:

 

MX84 as firewall/internet edge with MS350 as L3 downstream with 5 Vlans

 

Can I have the full functionality of Content Filtering feature in this case? I mean tracking clients by MAC?

 

Or I'll still need to split my network and choose client tracking by IP?

 

I think by MAC is the best way to go, Am I right?

1 ACCEPTED SOLUTION
PhilipDAth
Kind of a big deal
Kind of a big deal

>Can I have the full functionality of Content Filtering feature in this case? I mean tracking clients by MAC?

 

You wont be able to track clients by MAC because the MX can not see the MAC addresses (only the default gateway can).

 

Also note you wont be able to use per-client group policy.  Group policy works based off MAC address.

 

You will be able to apply global content filtering policies.

 

Note you can only use tracking by IP address if the network is not in combined mode.  If you have an MX and an MS in the same network it runs in combined mode.  So you will have to create a seperate network for the MX if you want to use the tracking by IP option.

https://documentation.meraki.com/MX/Monitoring_and_Reporting/Client_Tracking_Options

View solution in original post

4 REPLIES 4
kYutobi
Kind of a big deal

MAC would be the way to go since it is "hard coded".

Enthusiast

Thanks @kYutobi !

 

But do you know if it'll work in this topology that I've mentioned?

 

As default to work with Client tracking by MAC MX should be L3...

Hello @Flavio_Vieira ,

As content filtering looks at the URL information, configuring an MX for track by IP (or) MAC would be okay.

Tracking by IP would mean you need your MX to track client traffic by IP. This is a configuration you would use most when you have a layer 3 device downstream of the MX handling inter-vlan communication. 

 

To be able to track your client traffic more accurately I would recommend you track by IP (meaning you will need to split the network). 

 

Again this will not impact the way your MX handles content filtering. 

If this was helpful, click the Kudos button below.
If your issue was resolved, we request you to mark the post resolved so other users can benefit in future
PhilipDAth
Kind of a big deal
Kind of a big deal

>Can I have the full functionality of Content Filtering feature in this case? I mean tracking clients by MAC?

 

You wont be able to track clients by MAC because the MX can not see the MAC addresses (only the default gateway can).

 

Also note you wont be able to use per-client group policy.  Group policy works based off MAC address.

 

You will be able to apply global content filtering policies.

 

Note you can only use tracking by IP address if the network is not in combined mode.  If you have an MX and an MS in the same network it runs in combined mode.  So you will have to create a seperate network for the MX if you want to use the tracking by IP option.

https://documentation.meraki.com/MX/Monitoring_and_Reporting/Client_Tracking_Options

Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.
Labels