Use backup uplink only for streaming media

SOLVED
Griz
Conversationalist

Use backup uplink only for streaming media

I have a site with a 10-mb fiber Internet/VPN uplink, and kept the old Uverse uplink for a backup uplink (not using for load-balancing). I would like to allow users at that site to continue streaming music (distant, rural location), but only over the backup Uverse uplink, so as to not bog down the primary uplink. Does anybody know how I can direct all streaming media requests over that uplink? The Flow Preferences option on the Traffic Shaping page of the MX only accepts specific IP's and ports as criteria.

 

Thanks.

1 ACCEPTED SOLUTION
jdsilva
Kind of a big deal

I don't think there's any easy way to do this. To control Internet traffic you have to use the Internet Flow Preferences, but those are limited to the old src/dst IP/port fields. You can't use L7 application classification there 😞

 

image.png

 

It certainly would be nice if Meraki would add L7 classification to this feature...

View solution in original post

7 REPLIES 7
jdsilva
Kind of a big deal

I don't think there's any easy way to do this. To control Internet traffic you have to use the Internet Flow Preferences, but those are limited to the old src/dst IP/port fields. You can't use L7 application classification there 😞

 

image.png

 

It certainly would be nice if Meraki would add L7 classification to this feature...

Adam
Kind of a big deal

I agree with @jdsilva assessment. 

 

One thing you could do on the Security Appliance>Traffic Shaping page is to set the prefered uplink to the WAN port you want the majority of the internet and streaming stuff to go out of and then you could set some Internet Flow preferences for hopefully the smaller list of specific stuff you want to use the other WAN port. 

 

Adam R MS | CISSP, CISM, VCP, MCITP, CCNP, ITILv3, CMNO
If this was helpful click the Kudo button below
If my reply solved your issue, please mark it as a solution.
MMoss
Building a reputation

It's an interesting issue, we've been hoping for something like this for some time but the routing capabilities are not there yet. I wish I had time to dig out my notes and if this isn't answered when I get back to the office I'll look them up, but in the mean time you might be able to use something like a walled garden or separate SSID if you use Meraki Wi-Fi AP. Setting up a separate VLAN, SSID, and assigning it to the 2nd WAN possibly. You might need to use a Static Route to force the traffic over the second WAN though. 

 

Like I said I'll look up my note, I know posting a incomplete post may not be all that helpful, but it might be enough to get you working towards the right way.

PhilipDAth
Kind of a big deal
Kind of a big deal

I agree with the prior posts.

 

The closest you could do would be to lookup the ASN used by specific streaming providers (if they have one), get all the IP address blocks allocated to them, and then load them all in.

 

To look up the ASN you use the "whois" service.  There is usually a whois service for each "RIR".  So you need to locate the RIR that your streaming provider is in, and then look them up.  If they are in multiple regions you might need to use multiple whois services.  Painful.

https://en.wikipedia.org/wiki/Regional_Internet_registry

 

Hi MMos,

 

Please, how can you use static route to force the traffic over the second WAN? I have exact issue right now and have been trying to figure out how to block access to the guest network on guestwiff SSID  when the LTE circuit is active which is WAN1.  The primary link is DSL which is WAN2

Hi Spence

Have you solved your issue? You can do this by removing NAT on the interface.

Networks and Rants


Found this helpful? Give me some Kudos! (click on the little up-arrow below)
Griz
Conversationalist

Thanks for the responses. I was afraid what I was asking for wasn't currently doable, and I guess it's not.
Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.
Labels