Meraki

Community

Traffic Shaping Advice

Solved
dwash
Here to help
‎Oct 20 2021 10:23 AM
‎Oct 20 2021 10:23 AM

Traffic Shaping Advice

Hi there,

 

Here's a little background for context: 

I work in K-12 where I have a high school with around 3000 students and about 175 staff. We are a 1 to 1 district where students get Macbook Airs and staff gets Pros (and several shared laptops, desktops, ipads, etc). MacOS & VPP updates (Office/native apps/any volume license app) are getting larger and larger. We can control when MacOS system updates are pushed, but not VPP. Two days ago an update came out that was almost 4gb. So naturally, 3000+ devices tried to download once next connected to the internet, which is Monday morning on campus. We have been having major (timeouts, etc) slowness issues since then. Do we send notifications for students/staff to leave devices on and online at home?--yes. Do they do that? ---no. 

 

I see in the dashboard that majority of traffic has been coming from our caching servers (we have them on prem so egress isn't tapped out). The past 24 hrs, 2TB+. So, it's our internal network that's being tapped out (I believe on the AP level). I think creating a Traffic Shaping rule that lowers the priority of traffic from these caching servers would be the way to go. What do you think?

 

 

Network Setup: MR42 (avg 30-45 devices connected per AP/classroom)--> MS250--> MS425 --> Egress router

 

Labels:
0 Kudos
1 Accepted Solution
In response to dwash
cmr
Kind of a big deal
Kind of a big deal
‎Oct 20 2021 1:09 PM
‎Oct 20 2021 1:09 PM

@dwash might be worth disabling band steering, you'll get more throughout when heavily loaded as more client should go to 2.4GHz.  That is unless the 2.4 interference is terrible in your area?

If my answer solves your problem please click Accept as Solution so others can benefit from it.

View solution in original post

11 Replies 11
ZeeBoussaid
Getting noticed
‎Oct 20 2021 10:57 AM
‎Oct 20 2021 10:57 AM

@dwash in the Meraki dashboard, go to Wireless-> Configure-> Firewall & Traffic Shaping. I think you can set rules and limit the bandwidth per SSID. under Default Rules you should see an option for Software update.

 

 

ZeeBoussaid_0-1634752634977.png

 

0 Kudos
In response to ZeeBoussaid
cmr
Kind of a big deal
Kind of a big deal
‎Oct 20 2021 1:02 PM
‎Oct 20 2021 1:02 PM

@dwash are your devices spread across both bands as it isn't recommended to have more that 30 devices per radio if you want decent performance?

If my answer solves your problem please click Accept as Solution so others can benefit from it.
In response to cmr
dwash
Here to help
‎Oct 20 2021 1:07 PM
‎Oct 20 2021 1:07 PM

No, we have band steering on so for the most part it's 95% 5ghz.

0 Kudos
In response to dwash
cmr
Kind of a big deal
Kind of a big deal
‎Oct 20 2021 1:09 PM
‎Oct 20 2021 1:09 PM

@dwash might be worth disabling band steering, you'll get more throughout when heavily loaded as more client should go to 2.4GHz.  That is unless the 2.4 interference is terrible in your area?

If my answer solves your problem please click Accept as Solution so others can benefit from it.
In response to cmr
dwash
Here to help
‎Oct 20 2021 1:18 PM
‎Oct 20 2021 1:18 PM

@cmr Yes, 2.4 interference is a concern, but not to the point where I'm not willing to try turning it off and seeing what happens. Can't get any worse than what it has been this week lol. 

@DarrenOC I'm not sure about limiting caching server connected devices, BUT, I will definitely research this and send that over to our MDM person. 

0 Kudos
In response to dwash
DarrenOC
Kind of a big deal
Kind of a big deal
‎Oct 20 2021 1:58 PM
‎Oct 20 2021 1:58 PM

Hi @dwash ,

 

https://support.apple.com/en-gb/guide/mac-help/mchl9b56e1cf/mac

 

Could possibly restrict connections via IP ranges?

Darren OConnor | doconnor@resalire.co.uk
https://www.linkedin.com/in/darrenoconnor/

I'm not an employee of Cisco/Meraki. My posts are based on Meraki best practice and what has worked for me in the field.
0 Kudos
DarrenOC
Kind of a big deal
Kind of a big deal
‎Oct 20 2021 1:12 PM
‎Oct 20 2021 1:12 PM

Bit of a tricky one this as you literally want your users on the wifi/network to download the patch as quickly as possible and then get off again. So if you restrict or rate limit that traffic then the devices are going to be hogging airtime for longer whilst waiting for the patch to download.

Darren OConnor | doconnor@resalire.co.uk
https://www.linkedin.com/in/darrenoconnor/

I'm not an employee of Cisco/Meraki. My posts are based on Meraki best practice and what has worked for me in the field.
In response to DarrenOC
DarrenOC
Kind of a big deal
Kind of a big deal
‎Oct 20 2021 1:16 PM
‎Oct 20 2021 1:16 PM

Are you able to limit the number of devices connecting to your caching server at any given point to conserve bandwidth?

Darren OConnor | doconnor@resalire.co.uk
https://www.linkedin.com/in/darrenoconnor/

I'm not an employee of Cisco/Meraki. My posts are based on Meraki best practice and what has worked for me in the field.
0 Kudos
GIdenJoe
Kind of a big deal
Kind of a big deal
‎Oct 21 2021 1:09 PM
‎Oct 21 2021 1:09 PM

I would start with trying to match that traffic as best as you can do.  If you can match on L3/4 info then great!

Then I'd start with putting that traffic in the background queue by using pcp tag 1 and DSCP marking CS1.

 

Also on your switches make sure CS1 is sent to CoS queue 0 for least bw treatment.  And if you really need you could restrict the bw of that flow on the AP per client but usually I let queuing take care of it instead of limiting bw.

0 Kudos
PhilipDAth
Kind of a big deal
Kind of a big deal
‎Oct 22 2021 1:03 PM
‎Oct 22 2021 1:03 PM

Looking at this article:

https://discussions.apple.com/thread/7441955 

it looks like you can configure a specific port to be used for Apple caching.  If you did this, you could shape this port.

 

I think you would also need to enable "Wireless Client Isolation" on the WiFi network, otherwise, one WiFi attached device might try and get the update from another WiFi attached device (rather than your caching servers).

https://documentation.meraki.com/MR/Firewall_and_Traffic_Shaping/Wireless_Client_Isolation 

0 Kudos
dwash
Here to help
‎Oct 25 2021 6:43 AM
‎Oct 25 2021 6:43 AM

Thank you all for your suggestions! All of this has given me a very solid starting point!

0 Kudos
Back to the top
Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco ID. If you don't yet have a Cisco ID, you can sign up.
Labels
© 2025 Cisco Systems, Inc.