Meraki

Community

Max rate between vlans for Meraki MX85

EricZ
Here to help
3 weeks ago
3 weeks ago

Max rate between vlans for Meraki MX85

Dear All,

 

We are using MX85 as firewall and down link is an Catalyst C4500 , our vlan routing is setup in MX85 .Now we find the traffic in the same vlan is up to 1Gbps as normal ,but the trafffic rate between Vlans is limited at 400Mbps . this rate is tested by copying file . So what is the maxrate between vlans for Meraki MX85 as expected ?

 

MX85

Current version: MX 18.211.2

0 Kudos
5 Replies 5
PhilipDAth
Kind of a big deal
Kind of a big deal
3 weeks ago
3 weeks ago

IPS is used for traffic between VLANs.  Let's confirm if this is the issue.  Try turning it off temporarily.

PhilipDAth_0-1750130326762.png

 

If this resolves it, try using a ruleset that includes less rules.

https://documentation.meraki.com/MX/Content_Filtering_and_Threat_Protection/Threat_Protection#Intrus...

 

In response to PhilipDAth
EricZ
Here to help
3 weeks ago
3 weeks ago

Thanks ,it is the reason .When i disabled it ,the bandwidth goes up to 600 m. If i enable it ,whatever ruleset i choose ,the bandwidth goes down to round 300m. It is strange why this funnction will affect vlan traffic.

 

disable Intrusion detection and prevention.png

In response to EricZ
PhilipDAth
Kind of a big deal
Kind of a big deal
3 weeks ago
3 weeks ago

I think you might be able to get more. I would try 18.211.6 or 19.1.8.1.

In response to EricZ
JonoM
Meraki Employee
Meraki Employee
3 weeks ago
3 weeks ago

Hi @Eric,

 

One important thing to note is that IDS/IPS naturally increases the overall CPU load on the MX85. This is expected to lower overall throughput to 500Mbps max as per our sizing guide.

Updating the firmware of your appliance is definitely the way to go at this stage, as the newest releases are designed to optimize the MX CPU utilization. 

If you found this post helpful, please give it kudos. If my answer solved your problem, click "accept as solution" so that others can benefit from it.
GIdenJoe
Kind of a big deal
Kind of a big deal
3 weeks ago
3 weeks ago

The MX85 has a max rate of 1 Gbps without advanced security features.  This is the TOTAL amount of traffic it can pass per second.  This includes traffic going to and coming from the ISP's, VPN tunnels and your interVLAN routing.  Add IPS in the mix and this will drop to 500 Mbps maximum.

You could of course start playing with the IPS  trusted traffic exclusions but I haven't tested the behavior in internal traffic going to internal.

If you have alot of east west traffic you need to consider in your design if you can have a firewall that can handle the load within budget or if you will have to move your heaving routing to the switches instead.  This negates DPI and makes policies a bit harder but that needs to be designed properly.

Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco ID. If you don't yet have a Cisco ID, you can sign up.
Labels
© 2025 Cisco Systems, Inc.