If you are using a combined network with both MX appliances and MS switches where the MS switches are routing your VLAN's and you are using track by mac address you will run into strange statistics.
Since the MX does deep packet inspection it can recognize more traffic types than the switches. So what I believe happens is that traffic that is recognized as coming from your client on both the access switch and the MX is consolidated into one and attributed to your client.
However other traffic that only recognized by the MX will seem to originate from the mac address of the coreswitch point to point interface pointing to the MX. And the dashboard has the strange behavior of choosing a tracked client to attach it's name to it.
You can verify this if you check that duplicate client as having the MAC address of the core switch.
Usually if you are running a layer 3 core you should have a separate network for your MX where you track by IP and another for your switches/AP's/sensors/etc... This is cumbersome and that is why Meraki came out with the track by unique client identifier, however I have not been able to see this run stably in any environment.
So I am extremely curious what the science is behind it, how flows are married between MX and MS/MR tracking and where they are with the implementation of unique client identifier since that has been in BETA for a long while now.
