cmr,  Thanks for confirming that routing on the MS switches should provide the best performance and thanks for leading me to selecting different pull-down options when looking for clients.   For reference, I am attaching screenshots showing what a client entry looks like from the view of "All", "only security appliance clients", and "only switch clients".   The "only switch clients" seem like the best option for me to get accurate client information.    Client "All" screenshot - Two client entries - same MAC - one on-offline connected to MS425 core stack - one online connected to actual switch port.   Client "only security appliance clients" screenshot - Two client entries - same MAC - both connected to the MS425 core stack -  one on-line - one off-line   Client "only switch clients" screenshot -  One client entries connected to actual switch port and on-line     ... View more

cmr, I have a similar setup to you.   Full Meraki stack.  Two MX250s security appliances in HA connected to two MS425 switches stacked.   I initially set client tracking to "Unique client identifier"  which didn't work well.  I wasn't able to find clients I knew were online.    So, I have switched to "MAC address" tracking.   This is working better, but I am still getting duplicate client entries.  Typically one off-line client entry showing connected to the MS425 stack and one on-line entry showing connected to the actual downstream switch port.  Are you seeing the same?    I am wonder if this is do to where I am doing routing.  Where are you doing routing?  On the MX, MS, or both?      I am currently doing routing on both.  I have VLANs that require special group policies and firewall rules on the MX250 HA and all other VLANs on the MS425 stack.    My thinking is the MS425 stack would be faster at routing internal traffic.   Hopefully Meraki can get client tracking working better with the recommended campus design.   ... View more