Hello @spfister336 ,

thanks for having explained in more detail your network scenario.

Meraki APs act as bridge because their  "WLC" is in the Cisco Meraki public cloud so it would make no sense to tunnel traffic to/from the cloud.

However, you can allocate new SSIDs for Meraki APs and what is more important you can use per site IP subnet / VLAN associated to each SSID.

Your multilayer switch can act as default gateway for new VLAN/ IP subnet and they can route to the central site the new subnets and the central site configuration of routers or firewall need to be updated to perform NAT also for the new IP subnets.

Routing  on the central site has to be updated too. You can consider using a dynamic routing protocol for this like EIGRP or OSPF.

By doing this you can solve the MAC scalability issue.

As suggested by @Joseph W. Doherty you should move to use the VPLS service for a transit VLAN and to use IP routing in this way the only MAC addresses that would be seen are those of the multilayer switches regardless of how many WIFI users are active in each site.

Hope to help

Giuseppe

I don't see a need to not have different wireless VLANs beyond it might simplify any ACL rules you have in place now.

Hmm, would need to really think about using the same SSID, for two different wireless topologies.  It might work, but if it does "roaming" might be problematic, as the wireless host would likely assume moving to a different wireless AP, using the same SSID, doesn't impact wireless host IP.

I would suggest, using different SSIDs and different VLAN networks.  Existing SSID could be changed with adding an "old-/-old" prefix/suffix, new wireless would use existing SSID, and people using wireless would need to know one or the other, or both, SSIDs might be found active, but network resource access (privilege) is the same for either.

With this new information, you might not need to bridge any L2 across WAN, at all.

Again, not 100% sure about using the same SSID, on different APs, that connect to different networks.  But, I think the result would be much like having a wired client you connect to a switch hosting two different VLANs/networks, where you connect to one port and then, decide to reconnect to another port (that's on the different VLAN).

For a wired client, its host would "see" the link drop and restart, and should check its IP, and if it finds it's no longer valid, pull a new IP.  That would should allow client to resume operations, but changing an IP if there are any open network sessions, will very likely drop them.  The whole ideal of wireless "roaming" moving to another AP doesn't break any open sessions.

For a wireless client, that doesn't "move" after getting on-line, I suspect they will work fine.  I.e. their host will connect to the "best" AP and use it.  Again, though, if they start to roam, and the host tried to reconnect to another AP offering the same SSID, but it's not the same network, then that's when I suspect problems may arise.

Of course, much of this might be mitigated by how you deploy.  Only use the existing wireless APs, at any one location, until all the new APs are installed and ready to be activated.  (Difficult to do, tough, if you intend to use the same physical connections.)  Then, say 3 AM on Sunday morning, deactivate the location's old APs and activate the new.  If all works, remove the old APs at your convenience.

it not VPLS it H-VPLS 
Knowledge Base - Hierarchical VPLS (google.com)