Traffic Shaping Configuration

Dashboard Location: Security and SD-WAN > Configure > SD-WAN & Traffic Shaping

Network Traffic Management and Optimization

Traffic Shaping configuration in Meraki appliances provides administrators with comprehensive bandwidth management and quality of service capabilities, enabling intelligent traffic prioritization, application-aware bandwidth allocation, uplink optimization, and performance class management. This functionality supports enterprise network optimization, business-critical application prioritization, bandwidth utilization control, and network performance enhancement through granular traffic control policies and dynamic bandwidth allocation based on application requirements and network conditions.

Diagram

Classes

appliance (meraki.domains.organizations.networks)

Name	Type	Constraint	Mandatory	Default Value
traffic_shaping	Class	`[traffic_shaping]`	No

traffic_shaping (meraki.domains.organizations.networks.appliance)

Name	Type	Constraint	Mandatory
global_bandwidth_limits	Class	`[global_bandwidth_limits]`	No
custom_performance_classes	List	`[custom_performance_classes]`	No
rules	Class	`[rules]`	No
uplink_bandwidth_limits	Class	`[uplink_bandwidth_limits]`	No
uplink_selection	Class	`[uplink_selection]`	No
vpn_exclusions	Class	`[vpn_exclusions]`	No

global_bandwidth_limits (meraki.domains.organizations.networks.appliance.traffic_shaping)

Name	Type	Constraint	Mandatory	Default Value
limit_up	Integer	min: `0`, max: `1000000`	No
limit_down	Integer	min: `0`, max: `1000000`	No

custom_performance_classes (meraki.domains.organizations.networks.appliance.traffic_shaping)

Name	Type	Constraint	Mandatory
name	String	min: `1`, max: `127`	No
max_latency	Integer	min: `1`, max: `1000`	No
max_jitter	Integer	min: `1`, max: `1000`	No
max_loss_percentage	Integer	min: `1`, max: `100`	No

rules (meraki.domains.organizations.networks.appliance.traffic_shaping)

Name	Type	Constraint	Mandatory	Default Value
rules	List	`[rules]`	No
default_rules	Boolean	`true`, `false`	No

uplink_bandwidth_limits (meraki.domains.organizations.networks.appliance.traffic_shaping)

Name	Type	Constraint	Mandatory
wan1	Class	`[wan1]`	No
wan2	Class	`[wan2]`	No
cellular	Class	`[cellular]`	No

uplink_selection (meraki.domains.organizations.networks.appliance.traffic_shaping)

Name	Type	Constraint	Mandatory
default_uplink	Choice	`wan1`, `wan2`	No
wan_traffic_uplink_preferences	List	`[wan_traffic_uplink_preferences]`	No
vpn_traffic_uplink_preferences	List	`[vpn_traffic_uplink_preferences]`	No
active_active_auto_vpn	Boolean	`true`, `false`	No
load_balancing	Boolean	`true`, `false`	No
failover_and_failback_immediate	Boolean	`true`, `false`	No

vpn_exclusions (meraki.domains.organizations.networks.appliance.traffic_shaping)

Name	Type	Constraint	Mandatory	Default Value
custom	List	`[custom]`	No
major_applications	List	String[min: `1`, max: `127`]	Yes

rules (meraki.domains.organizations.networks.appliance.traffic_shaping.rules)

Name	Type	Constraint	Mandatory
name	String	min: `1`, max: `127`	Yes
definitions	List	`[definitions]`	Yes
per_client_bandwidth_limits	Class	`[per_client_bandwidth_limits]`	No
dscp_tag_value	Integer	min: `0`, max: `63`	No
priority	Choice	`low`, `normal`, `high`	No

wan1 (meraki.domains.organizations.networks.appliance.traffic_shaping.uplink_bandwidth_limits)

Name	Type	Constraint	Mandatory	Default Value
limit_up	Integer	min: `0`, max: `1000000`	No
limit_down	Integer	min: `0`, max: `1000000`	No

wan2 (meraki.domains.organizations.networks.appliance.traffic_shaping.uplink_bandwidth_limits)

Name	Type	Constraint	Mandatory	Default Value
limit_up	Integer	min: `0`, max: `1000000`	No
limit_down	Integer	min: `0`, max: `1000000`	No

cellular (meraki.domains.organizations.networks.appliance.traffic_shaping.uplink_bandwidth_limits)

Name	Type	Constraint	Mandatory	Default Value
limit_up	Integer	min: `0`, max: `1000000`	No
limit_down	Integer	min: `0`, max: `1000000`	No

wan_traffic_uplink_preferences (meraki.domains.organizations.networks.appliance.traffic_shaping.uplink_selection)

Name	Type	Constraint	Mandatory
name	String	min: `1`, max: `127`	Yes
traffic_filters	List	`[traffic_filters]`	Yes
preferred_uplink	Choice	`wan1`, `wan2`	Yes

vpn_traffic_uplink_preferences (meraki.domains.organizations.networks.appliance.traffic_shaping.uplink_selection)

Name	Type	Constraint	Mandatory
name	String	min: `1`, max: `127`	Yes
traffic_filters	List	`[traffic_filters]`	Yes
preferred_uplink	Choice	`bestForVoIP`, `defaultUplink`, `loadBalancing`, `wan1`, `wan2`	Yes
fail_over_criterion	Choice	`poorPerformance`, `uplinkDown`	No
performance_class	Class	`[performance_class]`	No

custom (meraki.domains.organizations.networks.appliance.traffic_shaping.vpn_exclusions)

Name	Type	Constraint	Mandatory	Default Value
protocol	Choice	`any`, `dns`, `icmp`, `tcp`, `udp`	Yes
destination	Any	String[matches: `^(([a-zA-Z0-9][a-zA-Z0-9-]{0,61}[a-zA-Z0-9])\.)+[a-zA-Z]{2,}$`] or IP	No
port	Any	Integer[min: `1`, max: `65535`] or String[matches: `(?:[1-9][0-9]3	[1-5][0-9]4	6[0-4][0-9]3

definitions (meraki.domains.organizations.networks.appliance.traffic_shaping.rules.rules)

Name	Type	Constraint	Mandatory	Default Value
type	Choice	`application`, `applicationCategory`, `host`, `ipRange`, `localNet`, `port`	Yes
value	String	min: `1`, max: `127`	Yes

per_client_bandwidth_limits (meraki.domains.organizations.networks.appliance.traffic_shaping.rules.rules)

Name	Type	Constraint	Mandatory	Default Value
settings	Choice	`network default`, `ignore`, `custom`	No
bandwidth_limits	Class	`[bandwidth_limits]`	No

traffic_filters (meraki.domains.organizations.networks.appliance.traffic_shaping.uplink_selection.wan_traffic_uplink_preferences)

Name	Type	Constraint	Mandatory	Default Value
type	Choice	`custom`	Yes
value	Class	`[value]`	Yes

traffic_filters (meraki.domains.organizations.networks.appliance.traffic_shaping.uplink_selection.vpn_traffic_uplink_preferences)

Name	Type	Constraint	Mandatory	Default Value
type	Choice	`application`, `applicationCategory`, `custom`	Yes
value	Class	`[value]`	Yes

performance_class (meraki.domains.organizations.networks.appliance.traffic_shaping.uplink_selection.vpn_traffic_uplink_preferences)

Name	Type	Constraint	Mandatory
type	Choice	`builtin`, `custom`	Yes
builtin_performance_class_name	Choice	`VoIP`	No
custom_performance_class_name	String		No

bandwidth_limits (meraki.domains.organizations.networks.appliance.traffic_shaping.rules.rules.per_client_bandwidth_limits)

Name	Type	Constraint	Mandatory	Default Value
limit_up	Integer	min: `0`, max: `1000000`	No
limit_down	Integer	min: `0`, max: `1000000`	No

value (meraki.domains.organizations.networks.appliance.traffic_shaping.uplink_selection.wan_traffic_uplink_preferences.traffic_filters)

Name	Type	Constraint	Mandatory
protocol	Choice	`any`, `icmp6`, `tcp`, `udp`	No
source	Class	`[source]`	Yes
destination	Class	`[destination]`	Yes

value (meraki.domains.organizations.networks.appliance.traffic_shaping.uplink_selection.vpn_traffic_uplink_preferences.traffic_filters)

Name	Type	Constraint	Mandatory
id	String	min: `1`, max: `127`	No
protocol	Choice	`any`, `icmp`, `icmp6`, `tcp`, `udp`	No
source	Class	`[source]`	No
destination	Class	`[destination]`	No

source (meraki.domains.organizations.networks.appliance.traffic_shaping.uplink_selection.wan_traffic_uplink_preferences.traffic_filters.value)

Name	Type	Constraint	Mandatory	Default Value
port	Any	Integer[min: `0`, max: `65535`] or String[matches: `(?:[1-9][0-9]3	[1-5][0-9]4	6[0-4][0-9]3
cidr	String	Regex: `^(?i:any\|(\d{1,3}\.){3}\d{1,3}(\/\d{1,2})?)(,(any\|(\d{1,3}\.){3}\d{1,3}(\/\d{1,2})?))*$`	No
vlan	Any	Integer[min: `1`, max: `4094`] or String[matches: `(?:[1-9]	[1-9][0-9]	[1-9][0-9]2
host	Integer	min: `1`, max: `254`	No

destination (meraki.domains.organizations.networks.appliance.traffic_shaping.uplink_selection.wan_traffic_uplink_preferences.traffic_filters.value)

Name	Type	Constraint	Mandatory	Default Value
port	Any	Integer[min: `0`, max: `65535`] or String[matches: `(?:[1-9][0-9]3	[1-5][0-9]4	6[0-4][0-9]3
cidr	String	Regex: `^(?i:any\|(\d{1,3}\.){3}\d{1,3}(\/\d{1,2})?)(,(any\|(\d{1,3}\.){3}\d{1,3}(\/\d{1,2})?))*$`	No

source (meraki.domains.organizations.networks.appliance.traffic_shaping.uplink_selection.vpn_traffic_uplink_preferences.traffic_filters.value)

Name	Type	Constraint	Mandatory	Default Value
port	Any	Integer[min: `0`, max: `65535`] or String[matches: `(?:[1-9][0-9]3	[1-5][0-9]4	6[0-4][0-9]3
cidr	String	Regex: `^(?i:any\|(\d{1,3}\.){3}\d{1,3}(\/\d{1,2})?)(,(any\|(\d{1,3}\.){3}\d{1,3}(\/\d{1,2})?))*$`	No
network	String	min: `1`, max: `127`	No
vlan	Any	Integer[min: `1`, max: `4094`] or String[matches: `(?:[1-9]	[1-9][0-9]	[1-9][0-9]2
host	Integer	min: `1`, max: `254`	No

destination (meraki.domains.organizations.networks.appliance.traffic_shaping.uplink_selection.vpn_traffic_uplink_preferences.traffic_filters.value)

Name	Type	Constraint	Mandatory	Default Value
port	Any	Integer[min: `0`, max: `65535`] or String[matches: `(?:[1-9][0-9]3	[1-5][0-9]4	6[0-4][0-9]3
cidr	String	Regex: `^(?i:any\|(\d{1,3}\.){3}\d{1,3}(\/\d{1,2})?)(,(any\|(\d{1,3}\.){3}\d{1,3}(\/\d{1,2})?))*$`	No
network	String	min: `1`, max: `127`	No
vlan	Any	Integer[min: `1`, max: `4094`] or String[matches: `(?:[1-9]	[1-9][0-9]	[1-9][0-9]2
host	Integer	min: `1`, max: `254`	No
fqdn	String	min: `1`, max: `1024`	No

Examples

Example-1: Basic traffic shaping with bandwidth limits and application-based rules. Note that wan_traffic_uplink_preferences should not be used together with sdwan_internet_policies as they share the same API data and can override each other.

meraki:
  domains:
    - name: !env domain
      administrator:
        name: !env org_admin
      organizations:
        - name: !env org
          networks:
            - name: !env network_name
              product_types:
                - appliance
                - camera
                - switch
                - wireless
                - cellularGateway
              appliance:
                traffic_shaping:
                  global_bandwidth_limits:
                    limit_up: 10000
                    limit_down: 10000
                  custom_performance_classes:
                    - name: Radius
                      max_latency: 30
                      max_jitter: 30
                      max_loss_percentage: 5
                  rules:
                    default_rules: false
                    rules:
                      - name: Rule 01
                        definitions:
                          - type: applicationCategory
                            value: "meraki:layer7/category/24"
                          - type: application
                            value: meraki:layer7/application/332
                          - type: application
                            value: meraki:layer7/application/2249
                          - type: application
                            value: meraki:layer7/application/351
                          - type: application
                            value: meraki:layer7/application/2248
                          - type: application
                            value: meraki:layer7/application/2542
                        per_client_bandwidth_limits:
                          settings: custom
                          bandwidth_limits:
                            limit_up: 1000
                            limit_down: 1000
                        dscp_tag_value: 18
                        priority: high
                      - name: Rule 02
                        definitions:
                          - type: applicationCategory
                            value: "meraki:layer7/category/24"
                          - type: application
                            value: meraki:layer7/application/332
                        per_client_bandwidth_limits:
                          settings: ignore
                        dscp_tag_value: 18
                        priority: high
                      - name: Rule 03
                        definitions:
                          - type: host
                            value: google.com
                          - type: ipRange
                            value: 158.43.128.0/24
                          - type: localNet
                            value: 192.168.0.0/16
                          - type: port
                            value: "161"
                        per_client_bandwidth_limits:
                          settings: custom
                          bandwidth_limits:
                            limit_up: 1000
                            limit_down: 1000
                        dscp_tag_value: 18
                        priority: high
                  uplink_bandwidth_limits:
                    wan1:
                      limit_up: 700000
                      limit_down: 700000
                    wan2:
                      limit_up: 700000
                      limit_down: 700000
                  uplink_selection:
                    default_uplink: wan1
                    active_active_auto_vpn: true
                    load_balancing: true
                    failover_and_failback_immediate: true

Example-2: VPN traffic steering configuration with application-aware routing and performance classes for optimizing VPN traffic flow across different uplinks.

meraki:
  domains:
    - name: !env domain
      administrator:
        name: !env org_admin
      organizations:
        - name: !env org
          networks:
            - name: !env network_name
              product_types:
                - appliance
                - camera
                - switch
                - wireless
                - cellularGateway
              appliance:
                traffic_shaping:
                  custom_performance_classes:
                    - name: Radius
                      max_latency: 30
                      max_jitter: 30
                      max_loss_percentage: 5
                  uplink_selection:
                    default_uplink: wan1
                    vpn_traffic_uplink_preferences:
                      - name: policy 1
                        preferred_uplink: wan1
                        traffic_filters:
                          - type: application
                            value:
                              id: meraki:layer7/application/375
                          - type: "custom"
                            value:
                              protocol: any
                              source:
                                port: any
                                cidr: any
                              destination:
                                port: any
                                cidr: any
                        fail_over_criterion: poorPerformance
                        performance_class:
                          type: builtin
                          builtin_performance_class_name: VoIP
                      - name: policy 2
                        preferred_uplink: wan1
                        traffic_filters:
                          - type: application
                            value:
                              id: meraki:layer7/application/4
                          - type: "custom"
                            value:
                              protocol: any
                              source:
                                port: any
                                cidr: any
                              destination:
                                port: any
                                cidr: any
                        fail_over_criterion: poorPerformance
                        performance_class:
                          type: builtin
                          builtin_performance_class_name: VoIP
                      - name: policy 3
                        preferred_uplink: wan2
                        traffic_filters:
                          - type: applicationCategory
                            value:
                              id: meraki:layer7/category/3
                          - type: "custom"
                            value:
                              protocol: any
                              source:
                                port: any
                                cidr: any
                              destination:
                                port: any
                                cidr: any
                        fail_over_criterion: poorPerformance
                        performance_class:
                          type: custom
                          custom_performance_class_name: Radius

Example-3: Spoke VPN exclusions configuration for hub-and-spoke topologies. This allows specific applications to bypass the VPN tunnel and go directly to the internet, reducing latency for cloud services while maintaining security for internal traffic. Please note this can only be utilised with spoke networks.

meraki:
  domains:
    - name: !env domain
      administrator:
        name: !env org_admin
      organizations:
        - name: !env org
          networks:
            - name: !env network_name
              product_types:
                - appliance
                - camera
                - switch
                - wireless
                - cellularGateway
              appliance:
                traffic_shaping:
                  vpn_exclusions:
                    custom:
                      - name: VPN Exclusion 01
                        protocol: tcp
                        destination: zoom.us
                        port: 443
                      - name: VPN Exclusion 02
                        protocol: tcp
                        destination: office365.com
                        port: 443
                    major_applications:
                      - Zoom
                      - Webex