Meraki Community
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 

MX Client Tracking Options with VPN Concentrator

Solved
RWelch
Getting noticed
a week ago
a week ago

MX Client Tracking Options with VPN Concentrator

I am hoping to get a better understanding after reading the recent Documentation Digest: June 14th - June 22nd specifically regarding the MX Client Tracking Options.

 

I appreciate the document changes (as well as new articles) but struggle with understanding which client tracking option to go with:

1. Unique Client Identifier or 

2. IP Address

 

My current setup is a “combined network” with the below hardware BUT choosing IP address isn’t an option.  Perhaps I need to “split the network” to be able to use IP address option?  And is IP address the right choice when using the MX95 as a VPN concentrator behind another MX95?

 

Combined network:

MX95

MS350-24 (L3)

MS120-24 (L2)

MS120-8FP (L2)

 

Separate organization

MX95 as a VPN Concentrator

 

Thank you for any feedback you might offer.

0 Kudos
Subscribe
1 Accepted Solution
7 Replies 7
alemabrahao
Kind of a big deal
Kind of a big deal
a week ago
a week ago

Maybe it will help you.

 

https://documentation.meraki.com/MX/Monitoring_and_Reporting/Client-Tracking_Options

I am not a Cisco Meraki employee. My suggestions are based on documentation of Meraki best practices and day-to-day experience.

Please, if this post was useful, leave your kudos and mark it as solved.
0 Kudos
Subscribe
rhbirkelund
Kind of a big deal
a week ago
a week ago

In most cases you would simply just use Track By MAC Address.

 

The Unique Client ID is primarily used for when you are doing some form or L3 routing between your end users and the MX, such as a single VLAN on the MX, with some form of L3 routing between vlans on a downstream switch.

LinkedIn ::: https://blog.rhbirkelund.dk/

Like what you see? - Give a Kudo ## Did it answer your question? - Mark it as a Solution 🙂

All code examples are provided as is. Responsibility for Code execution lies solely your own.
Subscribe
In response to rhbirkelund
rhbirkelund
Kind of a big deal
a week ago
a week ago

In your case, if your network is a simple flat network structure, with all network segmentation being done with Vlans on the MX, and the MS350 as a collapsed Core-Aggregation switch and MS120s as access layer, with no L3 interfaces on the MS350, you'd just use Track By MAC.

LinkedIn ::: https://blog.rhbirkelund.dk/

Like what you see? - Give a Kudo ## Did it answer your question? - Mark it as a Solution 🙂

All code examples are provided as is. Responsibility for Code execution lies solely your own.
Subscribe
In response to rhbirkelund
RWelch
Getting noticed
a week ago
a week ago

Sorry - I should have included that this site serves as a HUB for 4 remote sites with 5 VLANs per site.  Each remote site has 1 VLAN enabled for VPN access to the HUB.  I felt configuring L3 routing at the HUB to be the best option or choice for the setup.

0 Kudos
Subscribe
In response to RWelch
rhbirkelund
Kind of a big deal
a week ago
a week ago

The Hub should probably still use Track by Mac. 🙂

LinkedIn ::: https://blog.rhbirkelund.dk/

Like what you see? - Give a Kudo ## Did it answer your question? - Mark it as a Solution 🙂

All code examples are provided as is. Responsibility for Code execution lies solely your own.
Subscribe
Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.
Labels
© 2024 Cisco Systems, Inc.