Skip to main content
Cisco Meraki

Traffic and Bandwidth Shaping

Bandwidth Shaping

Bandwidth shaping ensures that users do not consume more bandwidth than they should. The Meraki cloud includes an integrated bandwidth shaping module that enforces upload and download limits. This setting could be used, for instance, to assign more bandwidth for VOIP handsets on one SSID and less bandwidth for data-only users on another SSID. The bandwidth limits are enforced by the Meraki APs so that they are applied consistently to a wireless client, even if that client roams from one AP to another.

The Meraki dashboard supports separate upload and download limits. Asymmetric upload and download limits are useful, for example, when a user only needs to periodically download large images (e.g., CAD drawings) but not upload them. Specific application requirements and available bandwidth should be considered to determine the optimum bandwidth settings.

Bandwidth limits can be applied per SSID or per user. To configure per SSID bandwidth limits, go to the Firewall and Traffic Shaping page under the Configure tab.

 

 

To provide a better user experience when using bandwidth shaping, an administrator can enable SpeedBurst using the checkbox in the Bandwidth Limits section on the "Firewall & Traffic Shaping" page. SpeedBurst allows each client to exceed their assigned limit in a “burst” for a short period of time, making their experience feel snappier while still preventing any one user from using more than their fair share of bandwidth over the longer term. A user is allowed up to four times their allotted bandwidth limit for a period of up to five seconds.

The Meraki dashboard includes settings to allow support for per-user bandwidth limits when a customer-hosted RADIUS server is used.

Traffic Shaping

Administrators can create shaping policies to apply per user controls on a per application basis. This allows the throttling of recreational applications such as peer-to-peer filesharing programs and the prioritization of enterprise applications such as Salesforce.com, ensuring that business-critical application performance is not compromised.

Traffic shaping rules for applications are applied per-flow, so setting a limit of 5Mbps to three different applications will allow 5Mbps down to each application.

Note: Traffic shaping rules are applied from top-down and therefore these rules will be applied to the flow which matches first. If enabled, default traffic shaping rules will be affixed to the beginning of the available list of rules configured.

Newly created networks will now have Traffic Shaping enabled by default for the respective SSIDs. Additionally, there will be a set of pre-defined traffic shaping rules configured. These new default rules are shown below:

Screen Shot 2018-08-15 at 11.32.50 AM.png

If the MR is plugged into a Meraki switch, please Verify DSCP Trust is enabled on switch ports to APs and uplinks.

Enabling default traffic shaping rule for any SSID will limit to a maximum of 4 user configured QoS rules for that SSID.

To enable the default traffic shaping rules for an existing network, simply navigate to Wireless > Firewall & Traffic Shaping, select the appropriate SSID, enable 'Shape traffic on this SSID' and select 'Enable default traffic shaping rules'. Custom-defined traffic shaping rules may be used with or without the default rules being applied. If a custom-defined rule is created that overlaps with a default rule, then the custom-defined rule will take effect. 

Creating Shaping Rules

Traffic shaping policies consist of a series of rules that are evaluated in the order in which they appear in the policy, similar to custom firewall rules. There are two main components to each rule: rule definitions and rule actions.

  • Rule Definition

Rules can be defined in two ways. An administrator can select from various pre-defined application categories such as Video & Music, Peer- to-Peer or Email. The second method of defining rules is to use custom rule definitions. Administrators can create rules by specifying HTTP hostnames (eg. salesforce.com), port number (eg. 80), IP ranges (eg. 192.168.0.0/16), or IP range and port combinations (eg. 192.168.0.0/16:80).

  • Rule Actions

Traffic matching specified rule sets can be shaped and/or prioritized. Bandwidth limits can be specified to either:

  1. Ignore any limits specified for a particular SSID on the Access Control page (allow unlimited bandwidth usage)

  2. Obey the specified SSID limits

  3. Apply more restrictive limits that than the SSID limits. To specify asymmetric limits on uploads and downloads, click on the Details link next to the bandwidth slider control. 

Quality of Service

For information regarding Meraki's implementation of QoS for MR access points, please read our documentation regarding QoS and Fast Lane.

Splash Page Authentication with Traffic Shaping

When using splash page authentication, captive portal strength settings take precedence over configured traffic shaping and firewall rules. This means traffic shaping and firewall rules will only apply after Splash page authentication has occurred successfully. If firewall or traffic shaping rules are configured on an SSID, use the "Block all access until sign-on is complete" captive portal strength setting to apply the principle of least privilege to the SSID. This captive portal strength will ensure all traffic is blocked until the desired firewall and traffic shaping rules can be applied.