Hi guys ,
This is fairly new right ? :
Cloud Track is a Meraki technology that leverages network topology and device information to uniquely identify and track clients. It uses an algorithm that intelligently correlates client MAC and IP addresses seen across the Meraki stack, allowing the security appliance to generate a unique identifier for each client in a combined network with other Meraki devices. This is specifically useful when there are Meraki MS switches routing layer 3 between end clients and the security appliance, which segregates broadcast traffic containing the client's MAC address.
This method should be used only if the network has downstream layer 3 routing devices that are all Meraki devices. In this deployment scenario, tracking by IP would otherwise require the security appliance to be split into a separate dashboard network, as tracking by IP is not supported in combined networks. Tracking by MAC would fail to identify end client devices due to the layer 3 boundary, associating downstream client traffic to the routing switch and negatively affecting network usage numbers in dashboard
I think it wants the L3 switch to be in a central location, too. I've got a network that goes:
MX -> MS120 -> MR74 ~ ~ wireless bridge ~ ~ MS210
Clients end up showing up very strangely. Things on the MX side weren't always identifying by device name. The clients that weren't identifying correctly, I couldn't assign a group policy to them - the option was completely missing from the client page.
I wish I had a network that was a little more standard to test it on, but alas.
Nope, no chance at all. Client didn't want to dig a trench across the parking lot.
Which... ended up being a good thing, since the original remote building was a little bit completely destroyed by flooding this summer, and no longer exists. My remote end is currently a converted shipping container. 🙂
I have a few customers where I use an external VLAN on the same switches to split an ISP modem into two ports for both MX'es. According to the docu, I should add another switch that's not in the same dashboard network.
So for those customers the feature cannot be used because I don't intend to introduce other switches just for this feature to work. I hope they find a way around that.
But all in all it's a move in the right direction since having an L3 switch behind the firewall has always been best practice design in campus environments.