I have a questions to see if anyone can help me look at the pros and cons of this scenario:
I have 2x MS 250's in H/A, down steam in the distribution there is 2X MS 355's stacked. Then for the access layer there are 3x MS 250s stacked.
Can someone describe the pros/cons of having the L3 gateway on the MS stack vs the MX ? I really want to put a transit VLAN between the MX and MS pair for management and then put all my layer 3 gateways on the MS 355's.
I do see those are "access" switches in the documentation, but that's neither here nor there.
I would try to think of your traffic flows, in such cases. You normally look to route in a Layer-3 switch when the routing process is the potential bottleneck for your applications, because a layer-3 switch generally does this at wire speed in silicon . Do you have any servers, hosted on the site in question? If not and you're going to access all your applications across the WAN, probably with much lower bandwidth and routed through the MX anyway - then I don't see that routing on your switching buys you very much (the latency for one ethernet patch cord???).
If you do have local stuff you access, is that definitely inter-VLAN traffic? If not, then again you don't lose anything. If it is inter-VLAN, is the application latency / throughput sensitive?
Hopefully you see where I'm going with that...
The Meraki approach is about simplicity and generally I think keeping Layer-3 to the MX is simpler, so stick with it, if there's no unacceptable downside to doing so.
Following on from the comments @GreenMan made, I tend to look at the MX vs. MS decision as security vs. bandwidth (it’s not that simple, but it’s a good starting point).
The MX is slow (in comparison to the MS) and this may be a problem if you’re pushing a large amount of data between VLANs, but it does give you a stateful firewall if you’re trying to segment/secure some servers for instance. The MS on the other hand will switch traffic at line rate (or close to), and so throughput generally isn’t an issue, but it doesn’t have the firewall capabilities, although it does support ACLs (which aren’t stateful).
I tend to do inter-VLAN routing on a switch if I can, especially where I don’t need the security of the MX so as to reduce the load on the MX - but that’s just personal opinion.