We are moving to Meraki switches and wireless this year and we are starting to plan ahead for the change. We are a school district with multiple schools connected to our district office through MPLS connections. We currently use the same consistent VLAN numbering for all our sites. As we look at the centralized and consolidated dashboard Meraki provides, I am wondering if we can still do that - or if we need to setup individual VLAN numbering for each site? My question is really looking more for best practice recommendations, not workarounds.
For example, all our sites use VLAN 820 for staff wifi and VLAN 699 for guest wifi. At each site, these VLANs are set at the site's core switch and provide that site's device DHCP, IP range, gateway, and DNS info (which of course is different for each site). I suspect this can be set the same way in Meraki - but the "new" (to us) concept is that all these settings are set and managed from the Meraki dashboard. With the Meraki system, will using the same VLAN numbers across sites cause trouble for us?
Solved! Go to Solution.
Good news - you wont have any problems.
You can use the same VLAN numbering system as you do now.
One "gotcha" I will bring to you attention is that you use Meraki group policies (such as for content filtering by the type of user connectvting) effectively the clients need to be adjacent to the security appliances - which means the layer 3 gateways need to be on the MX units.
Things will still work fine using layer 3 switches, but you just loose some of the extra cool controls that are available.
Group policies work with MR and MX products. They're set at the network level (Network wide -> Group policies). You won't have any issues using them with just an MR network.
As @ww & @PhilipDAth mentioned, this will absolutely work. Since you are deploying MR wireless, I highly recommend using a network template and binding it to all of the MR networks (create one network per physical location!). I typically use Meraki group policies to assign the VLAN based on the user's AD group which impacts the RADIUS "filter ID" (this is what the Meraki group policies use). I use the same set of VLAN's at each building without any problem.
Just wanted to add my 2 cents in since I run the network for a school district currently.
If you don't need devices on the public Wi-fi to access any file servers or printers, then you can simplify and get rid of VLAN 699. The MR access points allow you to differentiate Client IP assignment by SSID. My public SSID uses Meraki DHCP and my private SSID uses Local LAN DHCP. It's allowed me to simplify the VLANs while maintaining security, and that's always a great goal to have- simple and secure.