I have a small campus type of environment: a bunch of buildings connected with fiber, several hundred users, maybe 50-100 APs when we are done. We are looking at migrating to Meraki and have been doing a pilot program. The buildings are connected with Layer 3 connections to the other buildings, so each building has its own voice VLAN, data VLAN, etc.
One of the issues I have is that we have one "Staff LAN" SSID set up to authenticate users with RADIUS and place them on the appropriate subnet depending on which OU they are part of. There are three OUs of interest. I see that Meraki supports Layer 3 Roaming with A Concentrator. Apparently I would need to purchase a large enough concentrator to support multiple tunnels from each access point so that I can have the same subnet between any building for the proper OU. Has anyone used MX devices for this purpose? Did you find that there is a bottleneck within the MX device?
I'm trying to wrap my head around a different way of designing our network to meet the security requirements between the wireless subnets, but change at this scale won't come easily. Tunneling everything through an MX seems like a band aid, especially because Meraki says that not many customers do this. We are currently using a Cisco WLC, which makes all of this easy....but we really like how much easier Meraki is to manage, especially on the guest Wi-Fi side of things.
No comments:
Post a Comment