I was considering taking some advice I heard here and put my switches on their own VLAN, and some other advice.
@PhilipDAth you commented on this thread: https://community.meraki.com/t5/Security-SD-WAN/Best-practices-for-native-VLAN-configuration/td-p/48...
that the OP shouldn't really worry about all this. But say you are like me and have a relatively low risk network (rural area, guest network, nobody unknown allowed onto bridge SSID, etc) how would you arrange the VLANs?
The nice thing about a mgmt vlan in large networks is you can reduce the number of vlans you trunk. For example, if you had a large deployment with dozens of data, voice and wireless vlans, you may not want to trunk every vlan every where.
Instead, you trunk just the required vlans to the physical switches, then add a single mgmt vlan. This accomplishes two thing.
1) you can easily move a switch at any time and have mgmt access to it since the mgmt vlan is trunked everywhere
2) you can spin up/down the user vlans separate from the mgmt vlan. Handy if you need to do work on the vlan and don't want to kill the vlan the Meraki is on.
Yes, this is maybe the old way to do it and not required for the Meraki deployments, but it's still good practice and something to consider.
@PhilipDAth ditto. So leaving the VLAN situation more or less alone then? I dont use 802.1x. I just dont want to leave myself unnecessarily open to attack of some kind. It wouldn't come from within and all my switches (2 Mikrotik and 2 Netgear) are password protected. Just thinking if those switches should be on another VLAN or something. Precautionary only.
I’m going w your advice. I’d prefer to keep my switches on the native default VLAN so I’m gonna do that. Thanks for the info and guidance as always, @PhilipDAth