Hey,
I'm wondering what is the best way to exempt local traffic from the limits set in the "Global bandwidth limits".
I want to have a per-client shaping so no one can kill the whole WAN capacity (egg. each clients has maxx 200Mbps out of 300Mbps), but at the same time, I do not want users to be limited internally if there is a 1Gbps network with 10Gbps uplinks so they can access servers at full speed.
Group policies, or a custom shaping rule which would list all local networks.
Thank you.
Solved! Go to solution.
The expression is based on destination IP. If you include ALL subnets from that network in the expression , you will exclude global bandwidth limit to all inter-vlan traffic ( LAN to LAN ) , which I think is your goal.
You can try to enable a Global bandwidth limits Per-client limit, then create a traffic shaping rule for the specific subnets, like this:
Or move svi's to a layer3 switch. But then you lose things like ips between vlans.
Actually this came as the original request, but I said NO. 🙂 Exactly because I'll loose the FW capabilities.
In the example you posted the flow has to match source or destination, or both? Asking because if e.g. only source is good enough to match, then the traffic from 10.0.1.0/24 to the Internet will match as well and the per-client limit will never be enforced.
Technically, I'm saying in this rule that every traffic coming from 10.0.1.0/24, 10.0.2.0/24 and 10.0.3.0/25 will be ignored (unlimited). So if I'm right, It will be valid just for the traffic on LAN.
I'm not a 100% sure, but you can test It.
The expression is based on destination IP. If you include ALL subnets from that network in the expression , you will exclude global bandwidth limit to all inter-vlan traffic ( LAN to LAN ) , which I think is your goal.
Ok, found the right Meraki article....
Global Bandwidth Limit Considerations - Cisco Meraki
"The custom expression that was created is based upon the destination address in the traffic"
Thanks to all of you who relied...