Kind of a very specific environment. Imagine a serviced office environment where each office is being provided with a number of CAT6 outlets (probably 5-7 from Meraki switches, but the switches will be in a distribution rack so no local switches per office) and also WiFi (Meraki). Each office will have it's own unique SSID and every office will be on it's own VLAN. Depending on what SLA the office signs up to will dictate the amount of bandwidth that they get.
There will also be a couple of MX450's in the mix too.
I was thinking that the easiest way to restrict the bandwidth available per office and allow the most flexibility would be to apply a Group Policy to each VLAN. So each office would have it's own policy as well as it's own VLAN.
We do something similar to this for a leasing building we manage. We just set up a vlan on the MX with DHCP server, traffic shaping (you can set this up based on the vlan subnet), and firewall rules so their vlan can't talk to other vlans. We also setup a SSID on their vlan for their use. The one limitation you may run into is the SSIDs. I believe each network can only have like 15 SSIDs.
Adam R MS | CISSP, CISM, VCP, MCITP, CCNP, ITILv3, CMNO If this was helpful click the Kudo button below If my reply solved your issue, please mark it as a solution.
TBH I have been pondering on this and I think that I was making life difficult for myself. With regards to the group policies we'll probably only need a handful as there will be a selection of bandwidths on offer and not a custom bandwidth allowance per office. So my guess is that 10 policies would cover it and applied as necessary to each VLAN.
There will still be around 150+ VLAN's though but I think that all the Meraki hardware that we are looking at (MX450, MS410, MS225) will handle that fine. That said, its only going to be the MX450's and MS410's that are going to see all the VLAN's as the MS225's are at the edge and will see roughly a third each.