Here's my take on it. But definitely wait a bit untill others have chimed in too. They may have more experience with a setup like this than I do. So basically what AT&T are saying is that you'd need to trunk multiple VLANs over to their router. This is not supported on the MX's WAN ports, you can only configure one VLAN per WAN port. What I think you could do is have a LAN port trunked over to the router. One of the VLANs on it being the inter office dialing VLAN, and the other being the internet VLAN. You don't actually connect the WAN port but you do define the same internet VLAN on the WAN port. That way I think your internet traffic can be firewalled, use IDS, AMP and URL filtering which I assume is what you want and your interoffice dialing traffic is just considered as one L2 network via the MPLS (which doesn't need all those firewall features). You could create the same architecture with a switch which may make things clearer. A trunk from the switch to the AT&T router, and then two other ports going to the MX, one to the LAN (internet VLAN), one to the WAN (inter-office dialing VLAN). This page has more info about MX in combination with MPLS: https://documentation.meraki.com/MX/Networks_and_Routing/Integrating_an_MPLS_Connection_on_the_MX_LAN
... View more