We've got a solutions specialist coming in tomorrow to discuss upgrading our switches to MX/MS devices, currently we're a cisco house.
The basic network is we've got 2 main offices on either side of the country (UK) and then 5 smaller branch officers.
Main Office A - 100Mb internet connection through fibre and a second fibre connection to the MPLS network which connects to the rest of the offices. There is a layer 3 switch that either pushes traffic to the ASA and then off to the internet and then all internal traffic to the other sites goes through the MPLS router.
Main Office B - 100Mb internet connection through fibre and a second fibre connection to the MPLS network which connects to the rest of the offices. There is a layer 3 switch that either pushes traffic to the ASA and then off to the internet and then all internal traffic to the other sites goes through the MPLS router.
Branch Office 1 - 5 - between a 2Mb to 10Mb connection through the MPLS and then all external internet traffic goes through Main Office A.
My basic knowledge of the Meraki MX setup would be to have 2 MX devices, 1 at each of the Main Offices that'll look after the connections to the internet and keep them secure and then the branch offices will remain with their current config for the time being with them connecting through their existing MPLS router to get internet connectivity from one of the main offices.
Talking to the solutions specialist, he's recommending a single MX device at Main Office 2 and then route all internet traffic through that and get rid of the second internet connection, which we're reluctant to do as then we'll lose failover which we really need as the offices are rural so internet connectivity and power tend to be a little unreliably sometimes.
Also, my presumption is that there will be no changes hardware wise to the MPLS side of things? So the layer 3 switch will still route internal MPLS traffic through the MPLS router and that wouldn't touch the MX device at all?
edit: Just an additional thing as well to add, we do have web servers at Main Office 1.
At the two main offices; do they have other internal VLANs that are being routed between and if so, do you need high bandwidth routing between them?
Yes, both of the main offices have multiple VLANS, the plan with the Meraki kit is to expand the VLANs a little more.
Main Office 2
So currently we have a VLAN for Wireless and IDRAC, a VLAN for Servers and Clients and Printers, a Management VLAN for the switches, a Phone System VLAN and a VOIP VLAN for all of the handsets. Plan is to expand this to lock down the ERP systems to there own heavily locked off VLAN as well.
Main Office 1 doesn't have the dedicated Wireless/IDRAC VLAN but is essentially the same.
All of the branch offices have 2 VLANs, a Client/Server/Wireless/Printer VLAN and a VOIP Handset VLAN.
Our current issue is everything is Cisco kit so network management is a pain and as the kits been upgraded, there's been a lot of left over, old stuff migrated to the new kit so there is a lot of rubbish left over in there as well.
The simplest solution would be to use an MX at each of your main offices, and layer 2 switches. Use the MX to do all the routing.
When the MX can see the mac address of the clients it maximises the features you can use such as per device group policy. It will also reduce complexity as you only have a single device doing layer 3.
The other offices can remain as they are.
Failing that, yes you can use layer 3 switches and MX. This is an example of what you want to do, except the "legacy router" would be your MPLS router.
Thank you. I'm hoping the plan is to get some of the smaller MX devices at the branch offices as then it'll give us much more visibility in regards to data traffic between sites and any devices that might be flooding the MPLS links, this is something we don't have now as we do sometimes have issues of "over-utilisation" with a couple of devices at our branches with the more basic WAN connections, we have several that struggle to get 2Mb.