Say I opted to do a per-floor subnet, I know there's signal bleed through the floors so I'd run the risk of someone on the 11th floor connecting to a 10th floor AP and getting an address in their subnet. But it sounds like if I allow the VLANs for each floor on the AP's trunk port, the client will be anchored to that original 10th floor subnet even if it roams to an 11th floor AP due to the tunneling between the Meraki APs. This feels like a lot of administrative overhead for a 25-story building, though.
The other option I was thinking about was similar to above, but instead of per-floor wireless VLANs, I'd just chunk the building up into thirds with larger subnets.
My only hesitation with either of those two above scenarios is clients associating with the first floor APs in the building when they first walk in, and maintaining addresses in that subnet when they roam to other floors/thirds of the building via the stairs/elevators. If I'm reading the article correctly, this would ONLY be an issue if they lost network connectivity for 30 seconds or less?
Curious to hear what others in my situation may have done, and how well that's worked out (or if your implementation created any unintended side-effects)
How many total devices are you expecting (or planning to allow) to connect?
Depending on the number of devices, I would either run with a single subnet for the whole building, or split the subnets into chunks above and below the mechanical floors. Failing that, a subnet per floor and enable L3 roaming.
Purely a guess at this point since we have almost zero visibility into the current Wi-Fi environment. Going solely off of DHCP statistics, I'd hazard a guess that we'll have about 1,500 or so clients but that will ebb and flow.
That first link you provided was one I referenced above. We don't have any MX devices in our environment so if we go that route I'd need to use their 10 floor example as a starting point, but I'm not really seeing how much 'better' it's making the network by adding that complexity (even if I chunk up the building into three sections instead of floor-by-floor) versus using a flat /20 or /21 for the entire building. I'd be worried that, although unlikely, clients might still roam from floor to floor while going up in an elevator and keep their original IP from the lower floor/section and we'd exhaust that address space while the upper floor/sections would be emptier. Though I'm probably giving the coverage too much credit and that there won't be a 30-second period where the client would lose its connectivity.