HI All, This might be a length post - apols. In a couple of weeks I plan on re-plumbing our network. This is something I've not had to do in a very long time and I've never done this using Meraki equipment. Our corporate infrastructure consists of 2 sites that are geographically distant. Our routers & firewalls are external and managed. The immediate routers are 2 pairs of Ciscos - I have no access to these or the core networking in this topology. Both sites are completely Meraki. Site 1: A few Meraki APs (MR32 and a MR18) 6x MS 250-48lp - 4 are in a stack and service the user lan. 2x service our Servers and Hyper-V environment. LAN is a single custom network. (10.120.x.x/20) Site 2 (much simpler) 2x MR32 APs 2x MS350-48LPs LAN is a single Class C network (192.168.1.x) There are 2 24/7 SSIDs. We use Meraki to ensure SSID connectivity is the same in both locations. The sub office gains a SSID as part of their deployment. For some of the year we have a sub-office on site who bring their own equipment and we provide infrastructure. For this and other corporate security reasons I want to segment our networks into distinct LANs to serve various pieces of equipment and provide us with a method for providing this sub-office with infrastructure for part of the year. What I am looking for is some advice: am I over-thinking this, are there better ways? What are the gotchas? I'm not clear on how I route some traffic - read-on... Note that, at this point, I cannot buy additional equipment. Table notes: I noticed that routing is stateless so to avoid confusion I've included that VLANs ID, I can't think of a reason why, in our environment packets, should not return to their own VLANs. USERS + SERVERS, PRINTERS should be able to talk. Also needs access to the internet. CS is the WIFI equiv of users so needs same access. PRINTERS is the catch-all for MFDs which are shared. Our MFDs are managed by a secure print service in SERVERS. These do not need access to the Internet but should be accessible from both sites. CS GUEST is a Guest network we use Meraki DHCP for that. It only needs access to the internet. TEST is a proposed separate VLAN for testing purposes. Only needs access to the internet. No traffic on the rest of the LAN. CS + USERS don't need to talk to each other but we're fairly liberal. Our ISP is on board and will facilitate whatever infrastructure we need to build. I've run up a diagram of the proposed network. Hope all is clear.
... View more