Traffic Shaping for Guest WiFi Network

Solved
System563456456
Conversationalist

Traffic Shaping for Guest WiFi Network

We are a full stack Meraki site. We have a network bottleneck on our main internet line of 150/150Mbps.

 

We have 2 SSIDs Guest Network and Corporate Network. We also have a Wired Corporate Network Infrastructure.

 

Guest network is in MR NAT Mode while corporate network is VLAN'd

 

I want to enable Traffic Shaping so the Guest network can use as much bandwidth as possible but on a low priority, so it does not affect corporate wireless and wired services.

 

Should Traffic Shaping be applied in the MR SSID Policies or on the MX SDWAN and Traffic Shaping Policy? If MX what rule should I use to target Guest Traffic as it's NAT'd by the MR?

1 Accepted Solution
PhilipDAth
Kind of a big deal
Kind of a big deal

Note that while you can apply traffic priorities to outbound traffic, nothing is applied to inbound traffic (only your ISP can decide the priority here as they are the ones sending it).

 

A guest could send a 100 byte request to download 10GB of data.
You can apply the priority to the 100 bytes.  You can't assign a priority to that 10GB that gets downloaded.

 

As already mentioned, SSID bandwidth limits are often a better option for this case.  A hard limit of how much bandwidth that can be used.

https://documentation.meraki.com/MR/Firewall_and_Traffic_Shaping/Traffic_and_Bandwidth_Shaping 

 

Also note you can apply both a per-user limit and an SSID limit.  Using the per-user limit as well prevents one person from making the performance suck for every other user.

View solution in original post

5 Replies 5
alemabrahao
Kind of a big deal
Kind of a big deal

When you use NAT, a 10.0.0.0/8 network is delivered, I believe that what you want to do using this network will not work, but it should work if you use the IP of the APs, since it is the IP that the client uses to communicate when in NAT mode.

I am not a Cisco Meraki employee. My suggestions are based on documentation of Meraki best practices and day-to-day experience.

Please, if this post was useful, leave your kudos and mark it as solved.
System563456456
Conversationalist

Thank you that's what I was thinking. Follow up questions, since I am targeting MR IPs would Meraki be smart enough not to throttle it's own Cloud Traffic or would I need to make an exception for Meraki Cloud Communications.

alemabrahao
Kind of a big deal
Kind of a big deal

In my understanding you would have to create an exception.

I am not a Cisco Meraki employee. My suggestions are based on documentation of Meraki best practices and day-to-day experience.

Please, if this post was useful, leave your kudos and mark it as solved.
GreenMan
Meraki Employee
Meraki Employee

Any reason why you wouldn't prefer a per-SSID bandwidth limit on the Wireless setup?   While it would be applied by each AP separately, you wouldn't have to think about how it targets specific source IPs.

https://documentation.meraki.com/MR/Firewall_and_Traffic_Shaping/Traffic_and_Bandwidth_Shaping#Creat...

PhilipDAth
Kind of a big deal
Kind of a big deal

Note that while you can apply traffic priorities to outbound traffic, nothing is applied to inbound traffic (only your ISP can decide the priority here as they are the ones sending it).

 

A guest could send a 100 byte request to download 10GB of data.
You can apply the priority to the 100 bytes.  You can't assign a priority to that 10GB that gets downloaded.

 

As already mentioned, SSID bandwidth limits are often a better option for this case.  A hard limit of how much bandwidth that can be used.

https://documentation.meraki.com/MR/Firewall_and_Traffic_Shaping/Traffic_and_Bandwidth_Shaping 

 

Also note you can apply both a per-user limit and an SSID limit.  Using the per-user limit as well prevents one person from making the performance suck for every other user.

Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.