Traffic and Bandwidth Shaping
Bandwidth Shaping
Bandwidth shaping ensures that users do not consume more bandwidth than they should. The Meraki cloud includes an integrated bandwidth shaping module that enforces upload and download limits. This setting could be used, for instance, to assign more bandwidth for VOIP handsets on one SSID and less bandwidth for data-only users on another SSID. The bandwidth limits are enforced by the Meraki APs so that they are applied consistently to a wireless client, even if that client roams from one AP to another.
The Meraki dashboard supports separate upload and download limits. Asymmetric upload and download limits are useful, for example, when a user only needs to periodically download large images (e.g., CAD drawings) but not upload them. Specific application requirements and available bandwidth should be considered to determine the optimum bandwidth settings.
Bandwidth limits can be applied per SSID or per user. To configure per SSID bandwidth limits, go to the Firewall and Traffic Shaping page under the Configure tab.
To provide a better user experience when using bandwidth shaping, an administrator can enable SpeedBurst using the checkbox in the Bandwidth Limits section on the Firewall and Traffic Shaping page. SpeedBurst allows each client to exceed their assigned limit in a “burst” for a short period of time, making their experience feel snappier while still preventing any one user from using more than their fair share of bandwidth over the longer term. A user is allowed up to four times their allotted bandwidth limit for a period of up to five seconds.
The Meraki dashboard includes settings to allow support for per-user bandwidth limits when a customer-hosted RADIUS server is used.
Traffic Shaping
Administrators can create shaping policies to apply per user controls on a per-application basis. This allows the throttling of recreational applications such as peer-to-peer file-sharing programs and the prioritization of enterprise applications such as Salesforce.com, ensuring that business-critical application performance is not compromised.
Traffic-shaping rules for applications are applied per-flow, so setting a limit of 5Mbps to three different applications will allow 5Mbps down to each application.
Note: Traffic-shaping rules are applied from top-down and therefore these rules will be applied to the flow which matches first. If enabled, default traffic shaping rules will be affixed to the beginning of the available list of rules configured.
Newly created networks will now have traffic shaping enabled by default for the respective SSIDs. Additionally, there will be a set of predefined traffic-shaping rules configured. These new default rules are shown below:
If the MR is plugged into a Meraki switch, please Verify DSCP Trust is enabled on switch ports to APs and uplinks.
Enabling default traffic shaping rule for any SSID will limit to a maximum of four user-configured QoS rules for that SSID.
To enable the default traffic-shaping rules for an existing network, navigate to Wireless > Firewall & Traffic Shaping, select the appropriate SSID, enable "Shape traffic on this SSID" and select "Enable default traffic shaping rules." Custom-defined traffic-shaping rules may be used with or without the default rules being applied. If a custom-defined rule is created that overlaps with a default rule, then the custom-defined rule will take effect.
Creating Shaping Rules
Traffic-shaping policies consist of a series of rules that are evaluated in the order in which they appear in the policy, similar to custom firewall rules. There are two main components to each rule: rule definitions and rule actions.
- Rule definition
Rules can be defined in two ways. An administrator can select from various predefined application categories such as video and music, peer-to-peer, or email. The second method of defining rules is to use custom rule definitions. Administrators can create rules by specifying HTTP host names (eg. salesforce.com), port number (eg. 80), IP ranges (eg. 192.168.0.0/16), or IP range and port combinations (eg. 192.168.0.0/16:80).
- Rule actions
Traffic matching specified rule sets can be shaped and/or prioritized. Bandwidth limits can be specified to either:
-
Ignore any limits specified for a particular SSID on the Access Control page (allow unlimited bandwidth usage).
-
Obey the specified SSID limits.
-
Apply more restrictive limits that than the SSID limits. To specify asymmetric limits on uploads and downloads, click on the Details link next to the bandwidth slider control.
Quality of Service
For information regarding Meraki's implementation of QoS for MR access points, please read our documentation regarding QoS and Fast Lane.
Splash Page Authentication with Traffic Shaping
When using splash page authentication, captive portal strength settings take precedence over configured traffic-shaping and firewall rules. This means traffic-shaping and firewall rules will only apply after Splash page authentication has occurred successfully. If firewall or traffic-shaping rules are configured on an SSID, use the "Block all access until sign-on is complete" captive portal strength setting to apply the principle of least privilege to the SSID. This captive portal strength will ensure all traffic is blocked until the desired firewall and traffic-shaping rules can be applied.