Skip to main content

 

Cisco Meraki Documentation

How to Shape Traffic of a Local Subnet or Host

  1. Last updated
  2. Save as PDF

Introduction

This article explains how to configure traffic shaping rules for a local subnet or individual host on the Local Area Network (LAN) side of a Meraki MX Security Appliance or MR Access Point. Use a Custom expression in the rule definition to target Request for Comments 1918 (RFC 1918) private address ranges. 

Use this guide to: 

  • Cap or remove bandwidth limits for individual hosts 

  • Apply traffic shaping rules to an entire private subnet 

Prerequisites  

  • Familiarity with Classless Inter-Domain Routing (CIDR) notation (e.g., /16 for a subnet, /32 for a single host) 

Step-by-step instructions

MX security appliance 

1. Navigate to Security & SD-WAN > Configure SD-WAN & Traffic Shaping 

2. Select Create a new rule, or if rules already exist, select Add a new shaping rule 

3. In the Definition field, select Add + 

4. In the Custom expressions field, enter the local subnet: 

  • For a subnet: localnet:172.16.0.0/16 where 172.16.0.0/16 is your private subnet range 

  • For a single host: localnet:192.168.1.50/32 where /32 is the CIDR notation for a single host 

5. Select Add + again to confirm the expression 

6. Configure the following settings as required: 

  • Bandwidth limit 

  • Priority 

  • Differentiated Services Code Point (DSCP) tagging value 

New SD WAN traffic shaping.png

7. Select Save changes 

MR access point

1. Navigate to Wireless > Configure > Firewall & Traffic Shaping 

2. Select your network from the SSID drop-down menu at the top of the screen 

3. Next to Shape traffic, select the drop-down menu and choose Shape traffic on this SSID 

4. Select Create a new rule 

5. In the Definition field, select Add + 

6. In the Custom expressions field, enter the local subnet: 

  • For a subnet: localnet:172.16.0.0/16 where 172.16.0.0/16 is your private subnet range 

  • For a single host: localnet:192.168.1.50/32 where /32 is the CIDR notation for a single host 

7. Select Add + again to confirm the expression 

8. Configure the following settings as required: 

  • Per-device bandwidth limit 

  • Priority Code Point (PCP) / DSCP tagging values 

New MR Firewall and traffic shaping.png

9. Select Save changes 

Verification 

After saving, confirm the rule has been applied correctly: 

MX security appliance 

  • Return to Security & SD-WAN Configure > SD-WAN & Traffic Shaping and verify the new rule appears in the list with the correct Bandwidth limitPriority, and DSCP tagging settings.

MR access points 

  • Return to Wireless Configure Firewall & Traffic Shaping, select your Service Set Identifier (SSID), and verify the new rule appears with the correct Per-device bandwidth limit and PCP / DSCP tagging values.