Tech Forum

Just installed new Managed switches. I'm a network engineer, so I understand the purpose behind using s VLAN, but the Church doesn't allow us STS's to see the policies behind the Zone. Does anyone understand the intended purpose behind the following:

1. Special Purpose Zone: What advantages / disadvantages does a Special Purpose Zone provide? When should we apply one?

2. Link: Should we use Link to connect larger Unmanaged switches in the meetinghouses? Or Public?

While deploying these switches I have adhered to the following principles:

1. Nothing but the Managed Switch and Modem Uplink connected to the Firewall.

2. ALL of the Meraki POE Access Points connected to the Managed Switch and tagged to Zone "AP".

3. ALL of the Facilities connections connected to the Managed Switch and tagged to Zone "Facilities".

4. Currently I have the Unmanaged switch connected to the new Managed Switch on the Public Zone, but I'm not sure if that's correct.

5. ALL Meetinghouse endpoints connected to the Unmanaged Switch.

I don't currently deal with Workforce users, so I haven't had to tag any endpoints to Workforce, but I don't see that as an option on these Meraki MS120 switches. Along those lines, I might need to deploy a managed switch into a Bishops Storehouse. Would those be considered Workforce users or Public?

Here's what I know:

Public: is assigned an IP in the 192.168.x.x range. This same range is re-used at every site, so the church has enough IPs for overlapping congregations of devices.

All other zones tend to be assigned a unique 10.x.x.x address so someone outside the building can VPN to them.

Facilities: For devices like A/C, Door control, Parking gates, and satellite receivers.

Special Purpose: Generally it's for a FHC This allows the Family History Department to monitor the printer. It's also likely important for the FHC access to paid portals.

Workforce: Church Employees

Special Purpose and Workforce will only show up if they've been authorized for your location. I'm not sure what the differences are between the non-Public zones, but I'm guessing it has to do with web filtering rules.

Link: Only for connecting managed switches. Unmanaged switches are connected to the appropriate zone.

All APs must have a connection to their own port on a managed switch. I had gotten an indication from one source that it should be direct (no POE - the switch will take care of that), but I'm not 100% about that. Given that both the APs and managed switches belong to the same family, some non-standard stuff might be going on. Perhaps using the extra wire pairs as a side channel, or since the switch would be supplying power, it could be used to power cycle the AP remotely.

I'm not sure about the Bishop's Storehouse. If you install it and see it as an option, I'd take hat as a suggested answer. Otherwise, you'd need to contact MHT.

Thanks for the thorough answer. This is good information and very helpful!