unlimited local lan under global bandwidth limits

CharlesIsWorkin
Building a reputation

unlimited local lan under global bandwidth limits

Global Bandwidth Limit Considerations - Cisco Meraki

Hi guys,

In that link, under the Considerations section, above the Per SSID Bandwidth Limits section, there is an example of how to make a rule denoting which local traffic you want to have unlimited, such as traffic between vlans. They use vlan examples of 192.168.2.0/24 and 192.168.3.0/24. 

I am looking at simplifying this expression to include all my local vlans, so could I simply have 1 rule with one "net" entry of 192.168.0.0/16 and that be the end of it? Would that be ok with the rule processing lingo? Or should I go vlan by vlan on this rule?

 

Excerpt from the link above.

This rule will allow unlimited bandwidth between the two VLANs because we have selected Ignore network limit (unlimited).  The custom expression that was created is based upon the destination address in the traffic (in this example either a destination IP of 192.168.2.0/24 or 192.168.3.0/24).

 

Note: When creating a custom expression, make note of the difference between ‘localnet’ and net. ‘Localnet’ matches traffic based upon the source IP address.  ‘Net’ matches traffic based upon the destination IP address.  In our traffic shaping rule example, we would not use ‘localnet’ because this would ignore the global bandwidth limit for any traffic with a source IP address in VLAN 2 or VLAN 3.

 

As new VLANs are defined on the MX the new subnets will need to be added to the traffic shaping rule. Traffic shaping rules can be configured to be more granular than just a destination IP address.  An example would be allowing unlimited RDP bandwidth between the VLANs, but force the global bandwidth limit on all other inter VLAN traffic.  This can be done by specifying the port number at the end of the custom expression (ie. net 192.168.2.0/24:3389 for RDP traffic destined to VLAN 2).

 

 

 

 

TLDR:

Using Global Bandwidth Limits applies all traffic, even local lan, according to the article. Need to make sure my local vlan is unlimited with the correct exceptions in Traffic Shaping Rules.

5 REPLIES 5
Bruce
Kind of a big deal

Yep, I agree with your logic. If you’ve got multiple VLANs in the 192.168.x.x private IP range and you want to create a shaping rule that covers traffic between them all (i.e. the destination is any of them), then you could just use 192.168.0.0/16 as your rule, since all of them fit in that supernet.

CharlesIsWorkin
Building a reputation

Thanks Bruce! Any examples from your real world? What are you using?

I haven’t used the shaping rules to limit traffic between VLANs, never been something I’ve needed (or wanted) to do. That said, exactly the same principle applies to any destination - for instance I’ve configured /8 and /16 networks for identifying traffic heading to known Microsoft Teams, or Cisco Webex subnets to modify the shaping behaviour.

CharlesIsWorkin
Building a reputation

Ok thanks! 

Hehe, I'm not interested in limiting local vlan traffic either, but apparently it is an effect of setting a Global Bandwidth Limit as the article stated. So I need to make an exception to the Global Bandwidth Limit for all my vlans. 🙂 The same with you too I would imagine. 🙂

Anyone else want to chime in?

Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.
Labels