It's not clear quite what Merki gear you have, but personally I'd recommend the following approach, which matches some of the previous replies:
Having separate physical networks for this kind of thing is a dying approach, I would say and for good reasons, that I won;t go into.
Provision one common reliable, resilient, performant network for all of your traffic, then apply appropriate logical separation and controls (e.g. rate shaping) for the stuff that needs it (that probably includes BMS). While there are other approaches, simply using VLANs and firewalling between them is a relatively simple and well understood and scalable approach. Generally you provide one gateway per site that interconnects the VLANs at Layer-3 and this is where you define the (firewall) rules for what can talk to what. In a Meraki network, you'd probably be best using an MX appliance as that common gateway. It would also provide the necessary protection between your Internet uplink - particularly if you use the Advanced Security license.