MX Client Tracking Options with VPN Concentrator

Solved
RWelch
Head in the Cloud

MX Client Tracking Options with VPN Concentrator

I am hoping to get a better understanding after reading the recent Documentation Digest: June 14th - June 22nd specifically regarding the MX Client Tracking Options.

 

I appreciate the document changes (as well as new articles) but struggle with understanding which client tracking option to go with:

1. Unique Client Identifier or 

2. IP Address

 

My current setup is a “combined network” with the below hardware BUT choosing IP address isn’t an option.  Perhaps I need to “split the network” to be able to use IP address option?  And is IP address the right choice when using the MX95 as a VPN concentrator behind another MX95?

 

Combined network:

MX95

MS350-24 (L3)

MS120-24 (L2)

MS120-8FP (L2)

 

Separate organization

MX95 as a VPN Concentrator

 

Thank you for any feedback you might offer.

If you found this post helpful, please give it Kudos. If my answer solves your problem please click Accept as Solution so others can benefit from it.
1 Accepted Solution
PhilipDAth
Kind of a big deal
Kind of a big deal
7 Replies 7
alemabrahao
Kind of a big deal
Kind of a big deal

Maybe it will help you.

 

https://documentation.meraki.com/MX/Monitoring_and_Reporting/Client-Tracking_Options

I am not a Cisco Meraki employee. My suggestions are based on documentation of Meraki best practices and day-to-day experience.

Please, if this post was useful, leave your kudos and mark it as solved.
rhbirkelund
Kind of a big deal
Kind of a big deal

In most cases you would simply just use Track By MAC Address.

 

The Unique Client ID is primarily used for when you are doing some form or L3 routing between your end users and the MX, such as a single VLAN on the MX, with some form of L3 routing between vlans on a downstream switch.

LinkedIn ::: https://blog.rhbirkelund.dk/

Like what you see? - Give a Kudo ## Did it answer your question? - Mark it as a Solution 🙂

All code examples are provided as is. Responsibility for Code execution lies solely your own.
rhbirkelund
Kind of a big deal
Kind of a big deal

In your case, if your network is a simple flat network structure, with all network segmentation being done with Vlans on the MX, and the MS350 as a collapsed Core-Aggregation switch and MS120s as access layer, with no L3 interfaces on the MS350, you'd just use Track By MAC.

LinkedIn ::: https://blog.rhbirkelund.dk/

Like what you see? - Give a Kudo ## Did it answer your question? - Mark it as a Solution 🙂

All code examples are provided as is. Responsibility for Code execution lies solely your own.
RWelch
Head in the Cloud

Sorry - I should have included that this site serves as a HUB for 4 remote sites with 5 VLANs per site.  Each remote site has 1 VLAN enabled for VPN access to the HUB.  I felt configuring L3 routing at the HUB to be the best option or choice for the setup.

If you found this post helpful, please give it Kudos. If my answer solves your problem please click Accept as Solution so others can benefit from it.
rhbirkelund
Kind of a big deal
Kind of a big deal

The Hub should probably still use Track by Mac. 🙂

LinkedIn ::: https://blog.rhbirkelund.dk/

Like what you see? - Give a Kudo ## Did it answer your question? - Mark it as a Solution 🙂

All code examples are provided as is. Responsibility for Code execution lies solely your own.
PhilipDAth
Kind of a big deal
Kind of a big deal

RWelch
Head in the Cloud

Thank you @PhilipDAth 

If you found this post helpful, please give it Kudos. If my answer solves your problem please click Accept as Solution so others can benefit from it.
Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.
Labels