Group Policies

AndyHolland
Comes here often

Group Policies

Hi,

 

Anyone know how many Group Policies can be configured within a certain network?

 

I've searched everywhere but cannot find an answer.

 

Cheers

 

Andy

5 REPLIES 5
Adam
Kind of a big deal

I haven't seen a documented limit.  How many are you wanting to make and why so many?

Adam R MS | CISSP, CISM, VCP, MCITP, CCNP, ITILv3, CMNO
If this was helpful click the Kudo button below
If my reply solved your issue, please mark it as a solution.
AndyHolland
Comes here often

Maybe 150.

 

Kind of a very specific environment. Imagine a serviced office environment where each office is being provided with a number of CAT6 outlets (probably 5-7 from Meraki switches, but the switches will be in a distribution rack so no local switches per office) and also WiFi (Meraki). Each office will have it's own unique SSID and every office will be on it's own VLAN. Depending on what SLA the office signs up to will dictate the amount of bandwidth that they get.

 

There will also be a couple of MX450's in the mix too.

 

I was thinking that the easiest way to restrict the bandwidth available per office and allow the most flexibility would be to apply a Group Policy to each VLAN. So each office would have it's own policy as well as it's own VLAN. 

 

Make sense?

 

Adam
Kind of a big deal

We do something similar to this for a leasing building we manage.  We just set up a vlan on the MX with DHCP server, traffic shaping (you can set this up based on the vlan subnet), and firewall rules so their vlan can't talk to other vlans.  We also setup a SSID on their vlan for their use.  The one limitation you may run into is the SSIDs.  I believe each network can only have like 15 SSIDs.  

Adam R MS | CISSP, CISM, VCP, MCITP, CCNP, ITILv3, CMNO
If this was helpful click the Kudo button below
If my reply solved your issue, please mark it as a solution.
PhilipDAth
Kind of a big deal
Kind of a big deal

I would be tempted to write a little script to create, say 256 group policies, and then delete them.  That will give you a quick taste of weather it can be accepted.

I would then try writing a script to create say 256 VLANs (and then delete them).  This will give you a taste of weather the chipset can actually support that many.

 

I think at 150 you would be pretty safe.

 

I'm guessing the scaling issues would come from:

* Being able to manage that many group policies in the dashboard

* The additional CPU load on the MX to compile and process that many rules.  I would think applying them only based on VLAN would make things much easier.

* The chipset inside of the respective MX being able to support a large number of VLANs.

Thanks for the replies guys.

 

TBH I have been pondering on this and I think that I was making life difficult for myself. With regards to the group policies we'll probably only need a handful as there will be a selection of bandwidths on offer and not a custom bandwidth allowance per office. So my guess is that 10 policies would cover it and applied as necessary to each VLAN.

 

There will still be around 150+ VLAN's though but I think that all the Meraki hardware that we are looking at (MX450, MS410, MS225) will handle that fine. That said, its only going to be the MX450's and MS410's that are going to see all the VLAN's as the MS225's are at the edge and will see roughly a third each.

Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.