Best Practice for multi tenant site

berza00
Comes here often

Best Practice for multi tenant site

Hi!

I am having a problem configuring a network with multiple tenants in a building, but I want to control the flow of traffic and the speed that the respective tenant can use. 

 

Site info:

  • The site today is getting its Wan connection from a fiber converter from the ISP via a RJ45 connection.
  • The ISP is delivering 5 IPs and a speed of 1 Gbs.
  • There is a Meraki MS-120 8 port acting as a split after the ISP to have the ability to connect multiple tenants in the building from the room where the fiber is delivered to.
  • From that one cable is going to the third floor where my main equipment is located, on cable is going to another customer in the building and a 3 on to a 3rd customer.

My dilemma:

I want to set up the network so that I can control all the customers network speed and so that my equipment is running full speed.

 

My first thinking was to do this with Vlans do to that I can’t set the speed limit on the specific port or set the policy on the client do to that it is technically no connected to on of my Vlans. See image

 

Drawing (1).png

 

 

How can I best solve this problem

 

I want to limit the speed for the customer to 100 Mbs

5 Replies 5
ww
Kind of a big deal
Kind of a big deal

Set your customer facing ports to 100Mbit full duplex 

berza00
Comes here often

That will create other problems.

 

GIdenJoe
Kind of a big deal
Kind of a big deal

Meraki switches alone cannot do what you want.
Your gateway will have to take care of the rate limiting.

Even if you would use an MX you can limit individual flows but you can't set an aggregate limit.  Perhaps if you would try to match on local net traffic and set the bandwidth limit there but I believe it will apply it to an individual flow.
So you'll need some router that can actually police/shape entire queues of traffic.

berza00
Comes here often

that was what i thought. I was hoping i couled solve it by passing the WAN through VLANs with a policy limiting the speed that way, but the MX did not like the loop if i do it as in the picture.

BlakeRichardson
Kind of a big deal
Kind of a big deal

You would be better to run everything off an MX and branch out the various networks from there. 

If you found this post helpful, please give it Kudos. If my answer solves your problem, please click Accept as Solution so others can benefit from it.
Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.
Labels