Home > Security Appliances > Firewall and Traffic Shaping > Traffic Shaping a Local Subnet or Host

Traffic Shaping a Local Subnet or Host

In order to shape the traffic of a local subnet (an RFC 1918 address range) on the LAN side of the MX Security Appliance or MR Access Point, it is necessary to use a Custom expression in the traffic shaping rule definition. It may be necessary or desired to have one subnet or host's bandwidth capped or unfettered. If this is the case, follow the instructions below to achieve this.

MX Security Appliance

  1. Go to Security appliance > Configure > Traffic shaping, click Create a new rule or Add a new shaping rule if rules already exist.
  2. In the Definition field click Add +.
  3. The Custom expressions field should appear first. In the text field, enter localnet:172.16.0.0/16 where 172.16.0.0/16 is your private subnet range. If it is only desired to shape one particular host, use the IP address of the host followed by a /32 for the subnet mask in CIDR notation. Click the Add + button again when finished.
  4. Choose the Bandwidth limit, Priority, and DSCP tagging value then click Save changes.



MR Access Points

  1. Go to Wireless > Configure > Firewall & traffic shaping and choose your SSID from the SSID drop down menu at the top of the screen.
  2. Click the drop down menu next to Shape traffic and choose Shape traffic on this SSID, then click Create a new rule.
  3. In the Definition field click Add +.
  4. The Custom expressions field should appear first. In the text field, enter localnet:172.16.0.0/16 where 172.16.0.0/16 is your private subnet range. If it is only desired to shape one particular host, use the IP address of the host followed by a /32 for the subnet mask in CIDR notation. Click the Add + button again when finished.
  5. Choose the Per-device bandwidth limit and PCP / DSCP tagging values then click Save changes.


You must to post a comment.
Last modified
11:21, 3 Feb 2015

Tags

This page has no custom tags.

Classifications

This page has no classifications.

Article ID

ID: 2353

Contact Support

Most questions can be answered by reviewing our documentation, but if you need more help, Cisco Meraki Support is ready to work with you.

Open a Case