Meraki

Community

MX Client Tracking Options with VPN Concentrator

Solved
RWelch
Kind of a big deal
Kind of a big deal
‎Jun 25 2024 10:51 AM
‎Jun 25 2024 10:51 AM

MX Client Tracking Options with VPN Concentrator

I am hoping to get a better understanding after reading the recent Documentation Digest: June 14th - June 22nd specifically regarding the MX Client Tracking Options.

 

I appreciate the document changes (as well as new articles) but struggle with understanding which client tracking option to go with:

1. Unique Client Identifier or 

2. IP Address

 

My current setup is a “combined network” with the below hardware BUT choosing IP address isn’t an option.  Perhaps I need to “split the network” to be able to use IP address option?  And is IP address the right choice when using the MX95 as a VPN concentrator behind another MX95?

 

Combined network:

MX95

MS350-24 (L3)

MS120-24 (L2)

MS120-8FP (L2)

 

Separate organization

MX95 as a VPN Concentrator

 

Thank you for any feedback you might offer.

If you found this post helpful, please give it Kudos. If my answer solves your problem please click Accept as Solution so others can benefit from it.
0 Kudos
1 Accepted Solution
PhilipDAth
Kind of a big deal
Kind of a big deal
‎Jun 25 2024 1:15 PM
‎Jun 25 2024 1:15 PM

You should be using "Unique Client Identifier".

https://documentation.meraki.com/MX/Monitoring_and_Reporting/Client-Tracking_Options#Unique_Client_I...

 

View solution in original post

7 Replies 7
alemabrahao
Kind of a big deal
‎Jun 25 2024 10:55 AM
‎Jun 25 2024 10:55 AM

Maybe it will help you.

 

https://documentation.meraki.com/MX/Monitoring_and_Reporting/Client-Tracking_Options

I am not a Cisco Meraki employee. My suggestions are based on documentation of Meraki best practices and day-to-day experience.

Please, if this post was useful, leave your kudos and mark it as solved.
0 Kudos
rhbirkelund
Kind of a big deal
Kind of a big deal
‎Jun 25 2024 10:59 AM
‎Jun 25 2024 10:59 AM

In most cases you would simply just use Track By MAC Address.

 

The Unique Client ID is primarily used for when you are doing some form or L3 routing between your end users and the MX, such as a single VLAN on the MX, with some form of L3 routing between vlans on a downstream switch.

LinkedIn ::: https://blog.rhbirkelund.dk/

Like what you see? - Give a Kudo ## Did it answer your question? - Mark it as a Solution 🙂

All code examples are provided as is. Responsibility for Code execution lies solely your own.
In response to rhbirkelund
rhbirkelund
Kind of a big deal
Kind of a big deal
‎Jun 25 2024 11:02 AM
‎Jun 25 2024 11:02 AM

In your case, if your network is a simple flat network structure, with all network segmentation being done with Vlans on the MX, and the MS350 as a collapsed Core-Aggregation switch and MS120s as access layer, with no L3 interfaces on the MS350, you'd just use Track By MAC.

LinkedIn ::: https://blog.rhbirkelund.dk/

Like what you see? - Give a Kudo ## Did it answer your question? - Mark it as a Solution 🙂

All code examples are provided as is. Responsibility for Code execution lies solely your own.
In response to rhbirkelund
RWelch
Kind of a big deal
Kind of a big deal
‎Jun 25 2024 11:14 AM
‎Jun 25 2024 11:14 AM

Sorry - I should have included that this site serves as a HUB for 4 remote sites with 5 VLANs per site.  Each remote site has 1 VLAN enabled for VPN access to the HUB.  I felt configuring L3 routing at the HUB to be the best option or choice for the setup.

If you found this post helpful, please give it Kudos. If my answer solves your problem please click Accept as Solution so others can benefit from it.
0 Kudos
In response to RWelch
rhbirkelund
Kind of a big deal
Kind of a big deal
‎Jun 25 2024 11:21 AM
‎Jun 25 2024 11:21 AM

The Hub should probably still use Track by Mac. 🙂

LinkedIn ::: https://blog.rhbirkelund.dk/

Like what you see? - Give a Kudo ## Did it answer your question? - Mark it as a Solution 🙂

All code examples are provided as is. Responsibility for Code execution lies solely your own.
PhilipDAth
Kind of a big deal
Kind of a big deal
‎Jun 25 2024 1:15 PM
‎Jun 25 2024 1:15 PM

You should be using "Unique Client Identifier".

https://documentation.meraki.com/MX/Monitoring_and_Reporting/Client-Tracking_Options#Unique_Client_I...

 

In response to PhilipDAth
RWelch
Kind of a big deal
Kind of a big deal
‎Jun 28 2024 6:32 PM
‎Jun 28 2024 6:32 PM

Thank you @PhilipDAth 

If you found this post helpful, please give it Kudos. If my answer solves your problem please click Accept as Solution so others can benefit from it.
Back to the top
Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco ID. If you don't yet have a Cisco ID, you can sign up.
Labels
© 2025 Cisco Systems, Inc.