I´m about to change the network for a SMB customer. I have been thinking of the steps to proceed with the swap. I know the basic of network processes. All the hints or experience would help me.
Zyxel USG-210 firewall: There is two networks (LAN1 and OPT) to each network is a DHCP range configured. The two networks are untagged VLAN 1.
There is also a third DHCP server on the network used for the IP-phone system.
Switches: There are five unmanaged switches connect with the LAN1 port of the firewall.
Another switch is connected to the OPT port and used for access points.
The Meraki products are. 1* MX84, 2* MS210 and 10* MR33
My plan is to first setup the two MS210. Stack the switches and connect them to the LAN1.
Move over ports from the five unmanaged to the stacked MS210.
Next step would be to connect and register the MX through DHCP. Configure the MX as much as possible and then plan a time to do the firewall swap and configure the access points.
Have I missed anything?
I don´t have the steps when it comes to the firewall. But I´m thinking of connecting the MX to the network through DHCP or static IP address on LAN1 and then configure as much as possible before I do the swap. Is it possible to configure DHCP range and static without turning on the feature? Can I configure NAT and rules without configure the public IP? Or should I connect the MX84 to a separate network and do the configuration before and then swap?
Couple things that I can think of off the top of my head:
1. It doesn't sound like you're that familiar with Meraki yet. I'd strongly suggest getting familiar before you start replacing the entire network of a client.
2. I believe that you'll have to create a VLAN for the second network, either the OPT or the LAN1 network. I'm guessing that the Zyxel acted the same way as pfSense acts where it has multiple NICs that are each a network, that's not how Meraki works though. You need to create VLANs for each network and then configure the ports to allow traffic on those VLANs to whichever ports are connected to whichever VLANs.
3. You can almost completely configure Meraki gear through the web portal without hooking them up before hand, when they do get online, they go up to the cloud (asuming there's connectivity) and download firmware if needed and the configuration. The only place where I believe you need to physically connect to the gear is for the MX with configuring the network details of the WAN(s) so i'd suggest that you connect a laptop or one workstation to the LAN port and nothing to the WAN port and configure that as you can't connect it to the network and tell it to have the same IP as the existing gateway (the Zyxel).
Hopefully someone else will chime in with some more thoughts.
I have setup a MR33 and MS220-8p.
The first steps I specify with the switches are only involving Zyxel-LAN1 and gear that is default untagged VLAN 1. The wireless OPT isn´t mention during the first switch steps.
So, the first steps shouldn’t be a problem?
Yes, VLAN is needed to configure wireless that isn’t guest network. But creating VLAN can only be done when the MX is connected. That’s why I ask If somebody could give leads when it comes to the MX. Most of the stuff can be configured before setup. But I haven’t a MX to try with. As an example. According to the documentation, DHCP need to be active to be configured.
2. Turn of RTP/SRTP. (My consideration is that otherwise the new switches will interfere?)
Never this. Disabling STP because you don't understand it is absolutely the wrong move 100% of the time. When it comes to STP the right answer is to understand it, and set things up so they function properly.
If you have unmanaged switches then they will not be running STP today, so there's nothing to "interfere" with. Moreover, all versions of STP can interoperate with each other, so that's still not a concern provided they are set up properly.
Meraki implements Rapid-STP which is the 802.1w standard. There's tons fo good resources on the web for it. You really should consider giving one a read through.