Home > Wireless LAN > Firewall and Traffic Shaping > Traffic and Bandwidth Shaping

Traffic and Bandwidth Shaping

Bandwidth Shaping

Bandwidth shaping ensures that users do not consume more bandwidth than they should. The Meraki cloud includes an integrated bandwidth shaping module that enforces upload and download limits. This setting could be used, for instance, to assign more bandwidth for VOIP handsets on one SSID and less bandwidth for data-only users on another SSID. The bandwidth limits are enforced by the Meraki APs so that they are applied consistently to a wireless client, even if that client roams from one AP to another.

The Meraki dashboard supports separate upload and download limits. Asymmetric upload and download limits are useful, for example, when a user only needs to periodically download large images (e.g., CAD drawings) but not upload them. Specific application requirements and available bandwidth should be considered to determine the optimum bandwidth settings.

Bandwidth limits can be applied per SSID or per user. To configure per SSID bandwidth limits, go to the Firewall and Traffic Shaping page under the Configure tab.



To provide a better user experience when using bandwidth shaping, an administrator can enable SpeedBurst using the checkbox in the Bandwidth Limits section on the "Firewall & Traffic Shaping" page. SpeedBurst allows each client to exceed their assigned limit in a “burst” for a short period of time, making their experience feel snappier while still preventing any one user from using more than their fair share of bandwidth over the longer term. A user is allowed up to four times their allotted bandwidth limit for a period of up to five seconds.

The Meraki dashboard includes settings to allow support for per-user bandwidth limits when a customer-hosted RADIUS server is used.

Traffic Shaping

Administrators can create shaping policies to apply per user controls on a per application basis. This allows the throttling of recreational applications such as peer-to-peer filesharing programs and the prioritization of enterprise applications such as Salesforce.com, ensuring that business-critical application performance is not compromised.

Traffic shaping rules for applications are applied per-flow, so setting a limit of 5Mbps to three different applications will allow 5Mbps down to each application.


Newly created networks will now have Traffic Shaping enabled by default for the respective SSIDs. Additionally, there will be a set of pre-defined traffic shaping rules configured. These new default rules are shown below:

Screen Shot 2018-08-15 at 11.32.50 AM.png

If the MR is plugged into a Meraki switch, please Verify DSCP Trust is enabled on switch ports to APs and uplinks.

Enabling default traffic shaping rule for any SSID will limit to a maximum of 4 user configured QoS rules for that SSID.

To enable the default traffic shaping rules for an existing network, simply navigate to Wireless > Firewall & Traffic Shaping, select the appropriate SSID, enable 'Shape traffic on this SSID' and select 'Enable default traffic shaping rules'. Custom-defined traffic shaping rules may be used with or without the default rules being applied. If a custom-defined rule is created that overlaps with a default rule, then the custom-defined rule will take effect. 

Creating Shaping Rules

Traffic shaping policies consist of a series of rules that are evaluated in the order in which they appear in the policy, similar to custom firewall rules. There are two main components to each rule: rule definitions and rule actions.

  • Rule Definition

Rules can be defined in two ways. An administrator can select from various pre-defined application categories such as Video & Music, Peer- to-Peer or Email. The second method of defining rules is to use custom rule definitions. Administrators can create rules by specifying HTTP hostnames (eg. salesforce.com), port number (eg. 80), IP ranges (eg., or IP range and port combinations (eg.

  • Rule Actions

Traffic matching specified rule sets can be shaped and/or prioritized. Bandwidth limits can be specified to either:

  1. Ignore any limits specified for a particular SSID on the Access Control page (allow unlimited bandwidth usage)

  2. Obey the specified SSID limits

  3. Apply more restrictive limits that than the SSID limits. To specify asymmetric limits on uploads and downloads, click on the Details link next to the bandwidth slider control. 

Quality of Service

For information regarding Meraki's implementation of QoS for MR access points, please read our documentation regarding QoS and Fast Lane.

Splash Page Authentication with Traffic Shaping

When using splash page authentication, captive portal strength settings take precedence over configured traffic shaping and firewall rules. This means traffic shaping and firewall rules will only apply after Splash page authentication has occurred successfully. If firewall or traffic shaping rules are configured on an SSID, use the "Block all access until sign-on is complete" captive portal strength setting to apply the principle of least privilege to the SSID. This captive portal strength will ensure all traffic is blocked until the desired firewall and traffic shaping rules can be applied.

Last modified



This page has no classifications.

Explore the Product

Click to Learn More

Article ID

ID: 3979

Explore Meraki

You can find out more about Cisco Meraki on our main site, including information on products, contacting sales and finding a vendor.

Explore Meraki

Contact Support

Most questions can be answered by reviewing our documentation, but if you need more help, Cisco Meraki Support is ready to work with you.

Open a Case

Ask the Community

In the Meraki Community, you can keep track of the latest announcements, find answers provided by fellow Meraki users and ask questions of your own.

Visit the Community