Skip to main content

 

Cisco Meraki Documentation

Simple Traffic Shaping Strategy

Traffic shaping can be used on Cisco Meraki MR and MX/Z devices to limit client throughput based on different rules. This allows less desirable traffic to be throttled while allowing more important traffic to be processed normally. It can also be used to limit the throughput for individual devices, to prevent a small number of clients from saturating the network, while other clients are unable to function. 

This article details some examples of how traffic shaping can be used to allow 20 users to surf the web and use LAN based Terminal Services freely, while virtually disabling unwanted traffic types such as Music and Video while on Meraki access points. Please keep in mind configurations may differ based on the environment and network requirements. For these examples, it is assumed the internet connection is 10Mbps down and 5Mbps up and that approximately half of the users will access remote web services on the internet while the other half connect to Terminal Services on the high-speed LAN .

 

Example 1: Limiting overall bandwidth for individual clients to 1024Kbps down and 512Kbps up:

For the MX security appliance:

  1. In the dashboard, navigate to Security & SD-WAN > Configure > Traffic shaping
  2. Under the Global bandwidth limits section, select the Per-client limit.
  3. Select the details option.
  4. Enter 1024 in the down (Kbps) field and 512 in the up (Kbps) field.
  5. Check the box Enable SpeedBurst if desired (this will allow the client to temporarily exceed the limit).
  6. Select the Save changes button.

 

For the MR APs:

  1. In the dashboard, navigate to Wireless > Configure > Firewall & traffic shaping.
  2. Select the SSID you want to configure from the SSID drop-down.
  3. Navigate to the Per-client bandwidth limit section.
  4. Choose the details link.
  5. Enter 1024 in the down (Kbps) field and 512 in the up (Kbps) field.
  6. Check the box Enable SpeedBurst if desired (this will allow the client to temporarily exceed the limit).
  7. Select the Save changes button.

 

Example 2: Configuring a traffic shaping rule to limit unwanted bandwidth consumption for Video & Music traffic to 20kbps down/up:

On the MX security appliance:

  1. In the dashboard, navigate to Security & SD-WAN > Configure > SD-WAN & Traffic shaping.
  2. Under Traffic shaping rules, choose the Create a new rule option.
  3. In the Definition field, choose Add+.
  4. Select Video & music, then All Video & music.
  5. Select "Choose a limit" from the Bandwidth limit drop-down.
  6. Choose the detail link and enter 20 in the down (Kbps) field and 20 in the up (Kbps) field.
  7. Change the Priority to "Low".
  8. Choose the Add a new shaping rule link and repeat these steps for each type of traffic you want to apply the lowest limit to, selecting the Save changes button when finished.

 

On the MR APs:

  1. In the Dashboard, navigate to Wireless > Configure > Firewall & traffic shaping.
  2. In the Shape traffic dropdown, select Shape traffic on this SSID, then select Create a new rule.
  3. In the Definition field, choose Add+.
  4. Select Video & music, then All Video & music.
  5. Select "Choose a limit" from the Bandwidth limit drop-down.
  6. Choose the detail link and enter 20 in the down (Kbps) field and 20 in the up (Kbps) field.
  7. Select the Add a new shaping rule link and repeat these steps for each type of traffic you want to apply the lowest limit to, selecting the Save changes button when finished.

 

Example 3: Set a port-based traffic shaping rule to ignore bandwidth limits on Terminal Services (Port 3389):

  1. For an MX security appliance, navigate to Security & SD-WAN > Configure > SD-WAN &Traffic shaping.
    For an MR AP network navigate to Wireless > Configure > Firewall & traffic shaping, then select the SSID to update.
  2. Select the Add a new shaping rule link.
  3. In the Definition field, choose Add+.
  4. Choose Custom expressions, enter "3389" in the text field, and select Add expression.
  5. Select "Ignore SSID/Network limit (unlimited)" from the Bandwidth limit drop-down.
  6. Select the Save changes button.

 

  • Was this article helpful?