Meraki AP Management Vlan

pgrovesnz
Getting noticed

Meraki AP Management Vlan

Hi

 

We have started to replace our Cisco Access Points with Meraki.

 

We have just over 100 Access Points across a dozen sites.

 

Does it matter if all access points are in the same vlan or is it better to have a vlan for each site.

 

With the client tracking being synced to access points, would this create a lot of traffic on the management vlan if there was only one vlan?

 

Thanks

7 REPLIES 7
PhilipDAth
Kind of a big deal

The amount of Meraki management traffic will not be affected by the quantity of VLANs, weather that be 1 or some other number.

 

I tend to use the same VLAN number scheme at each site.

 

I tend to put all the APs in the same VLAN (assuming you have 2,000 or fewer users connected at the same time).



@PhilipDAth wrote:

The amount of Meraki management traffic will not be affected by the quantity of VLANs, weather that be 1 or some other number.

 

I tend to use the same VLAN number scheme at each site.

 

I tend to put all the APs in the same VLAN (assuming you have 2,000 or fewer users connected at the same time).


So, one site with 28 APs can have up to 2000 devices so I assume at least I should have a separate management VLAN for those APs?

 

I assume each of your sites is in its own network. And I also assume the subnet on each site for that vlan id is different. Then you only have to take one site into consideration as the broadcast domain would be separate on each site.

 

Also note that the management vlan is only used for clients if you're using ssids in nat-mode or if you don't specify vlan tagging on your ssids which in your case I definitely would...

 

So the main worry is not the number of aps, and the management vlan, but rather the number of clients and the client vlans. I believe Cisco usually recommends to stay below 254 (/24) clients per vlan. So in your case if you have 2000 clients connected to a single ssid you should split them up by using per ap multiple vlan tagging:

https://documentation.meraki.com/MR/Client_Addressing_and_Bridging/VLAN_Tagging_on_MR_Access_Points#...


@BrechtSchamp wrote:

I assume each of your sites is in its own network. And I also assume the subnet on each site for that vlan id is different. Then you only have to take one site into consideration as the broadcast domain would be separate on each site.

 

Also note that the management vlan is only used for clients if you're using ssids in nat-mode or if you don't specify vlan tagging on your ssids which in your case I definitely would...

 

So the main worry is not the number of aps, and the management vlan, but rather the number of clients and the client vlans. I believe Cisco usually recommends to stay below 254 (/24) clients per vlan. So in your case if you have 2000 clients connected to a single ssid you should split them up by using per ap multiple vlan tagging:

https://documentation.meraki.com/MR/Client_Addressing_and_Bridging/VLAN_Tagging_on_MR_Access_Points#...


Hi

 

We use different VLANs our desktop computers, voice, switch management, wireless APs, SSIDs, etc. Also, the SSID that can have up to 2000 devices is already split into 2 VLANs with around 1000 client limit for each.

 

Do you have a reference to the recommendation Cisco / Meraki has for staying below 254 clients?

 

Thanks

Unfortunately I can't find an official reference. But when googling I do find multiple recommendations to stay below /24 or /23 networks.

 

There's also this post:

https://community.meraki.com/t5/Switching/Broadcast-domain-sizing/m-p/40919/highlight/true#M3422

 

Closest I've come to an official reference.

 

But it's not an exact science. Everything depends on the behavior if your clients, performance of the switches, and performance of the clients.

 

nikiwaibel
Getting noticed

i've all APs in the same (management)VLAN, but i do create specific a VLAN for each SSID.


@nikiwaibel wrote:

i've all APs in the same (management)VLAN, but i do create specific a VLAN for each SSID.

That's fine.

Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.