Hey MartinLL:

Definitely running in NAT mode which explains a lot of my roaming issues between APs as well. I setup a test SSID in bridge mode but had to give it access to the LAN so it would use my DHCP. Problem is I would prefer to not open wifi up like that just for a doobell app. Does this sound like something I could solve with VLAN? Thanks!

Maybe you can add a new VLAN and subnet to your site and bridge a new ssid then move the devices there? That way you can keep your old setup and isolate the AIPhone devices instead.

I think this will probably be the best solution, I just need to find the right documents to assist me in the setup

This one is for Meraki MR and VLAN tagging.

https://documentation.meraki.com/MR/Client_Addressing_and_Bridging/VLAN_Tagging_on_MR_Access_Points 

For your downstream switch you need to make it a trunk port.

On your router you create a new SVI or subinterface depending on what you are using today.

which vendor do you use for your switch and router/firewall?

Thank you, I may have to get one of our consultants on the case, most of our infrastructure setup was done for us during a recent relocation. Our switches are Cisco and our firewall is Fortinet and I have beginner knowledge of both!

Undestandable. Good luck to you!