Traffic Shaping Configuration

Dashboard Location: Security and SD-WAN > Configure > SD-WAN & Traffic Shaping

Network Traffic Management and Optimization

Traffic Shaping configuration in Meraki appliances provides administrators with comprehensive bandwidth management and quality of service capabilities, enabling intelligent traffic prioritization, application-aware bandwidth allocation, uplink optimization, and performance class management. This functionality supports enterprise network optimization, business-critical application prioritization, bandwidth utilization control, and network performance enhancement through granular traffic control policies and dynamic bandwidth allocation based on application requirements and network conditions.

Diagram

Classes

appliance (meraki.domains.organizations.networks)

Name	Type	Constraint	Mandatory	Default Value
traffic_shaping	Class	`[traffic_shaping]`	No

traffic_shaping (meraki.domains.organizations.networks.appliance)

Name	Type	Constraint	Mandatory
global_bandwidth_limits	Class	`[global_bandwidth_limits]`	No
custom_performance_classes	List	`[custom_performance_classes]`	No
rules	Class	`[rules]`	No
uplink_bandwidth_limits	Class	`[uplink_bandwidth_limits]`	No
uplink_selection	Class	`[uplink_selection]`	No
vpn_exclusions	Class	`[vpn_exclusions]`	No

global_bandwidth_limits (meraki.domains.organizations.networks.appliance.traffic_shaping)

Name	Type	Constraint	Mandatory	Default Value
limit_up	Integer	min: `0`, max: `1000000`	No
limit_down	Integer	min: `0`, max: `1000000`	No

custom_performance_classes (meraki.domains.organizations.networks.appliance.traffic_shaping)

Name	Type	Constraint	Mandatory
name	String	min: `1`, max: `127`	No
max_latency	Integer	min: `1`, max: `1000`	No
max_jitter	Integer	min: `1`, max: `1000`	No
max_loss_percentage	Integer	min: `1`, max: `100`	No

rules (meraki.domains.organizations.networks.appliance.traffic_shaping)

Name	Type	Constraint	Mandatory	Default Value
rules	List	`[rules]`	No
default_rules	Boolean	`true`, `false`	No

uplink_bandwidth_limits (meraki.domains.organizations.networks.appliance.traffic_shaping)

Name	Type	Constraint	Mandatory
wan1	Class	`[wan1]`	No
wan2	Class	`[wan2]`	No
cellular	Class	`[cellular]`	No

uplink_selection (meraki.domains.organizations.networks.appliance.traffic_shaping)

Name	Type	Constraint	Mandatory
default_uplink	Choice	`wan1`, `wan2`	No
wan_traffic_uplink_preferences	List	`[wan_traffic_uplink_preferences]`	No
vpn_traffic_uplink_preferences	List	`[vpn_traffic_uplink_preferences]`	No
active_active_auto_vpn	Boolean	`true`, `false`	No
load_balancing	Boolean	`true`, `false`	No
failover_and_failback_immediate	Boolean	`true`, `false`	No

vpn_exclusions (meraki.domains.organizations.networks.appliance.traffic_shaping)

Name	Type	Constraint	Mandatory	Default Value
custom	List	`[custom]`	No
major_applications	List	String[min: `1`, max: `127`]	Yes

rules (meraki.domains.organizations.networks.appliance.traffic_shaping.rules)

Name	Type	Constraint	Mandatory
name	String	min: `1`, max: `127`	Yes
definitions	List	`[definitions]`	Yes
per_client_bandwidth_limits	Class	`[per_client_bandwidth_limits]`	No
dscp_tag_value	Integer	min: `0`, max: `63`	No
priority	Choice	`low`, `normal`, `high`	No

wan1 (meraki.domains.organizations.networks.appliance.traffic_shaping.uplink_bandwidth_limits)

Name	Type	Constraint	Mandatory	Default Value
limit_up	Integer	min: `0`, max: `1000000`	No
limit_down	Integer	min: `0`, max: `1000000`	No

wan2 (meraki.domains.organizations.networks.appliance.traffic_shaping.uplink_bandwidth_limits)

Name	Type	Constraint	Mandatory	Default Value
limit_up	Integer	min: `0`, max: `1000000`	No
limit_down	Integer	min: `0`, max: `1000000`	No

cellular (meraki.domains.organizations.networks.appliance.traffic_shaping.uplink_bandwidth_limits)

Name	Type	Constraint	Mandatory	Default Value
limit_up	Integer	min: `0`, max: `1000000`	No
limit_down	Integer	min: `0`, max: `1000000`	No

wan_traffic_uplink_preferences (meraki.domains.organizations.networks.appliance.traffic_shaping.uplink_selection)

Name	Type	Constraint	Mandatory
name	String	min: `1`, max: `127`	Yes
traffic_filters	List	`[traffic_filters]`	Yes
preferred_uplink	Choice	`wan1`, `wan2`	Yes

vpn_traffic_uplink_preferences (meraki.domains.organizations.networks.appliance.traffic_shaping.uplink_selection)

Name	Type	Constraint	Mandatory
name	String	min: `1`, max: `127`	Yes
traffic_filters	List	`[traffic_filters]`	Yes
preferred_uplink	Choice	`bestForVoIP`, `defaultUplink`, `loadBalancing`, `wan1`, `wan2`	Yes
fail_over_criterion	Choice	`poorPerformance`, `uplinkDown`	No
performance_class	Class	`[performance_class]`	No

custom (meraki.domains.organizations.networks.appliance.traffic_shaping.vpn_exclusions)

Name	Type	Constraint	Mandatory	Default Value
protocol	Choice	`any`, `dns`, `icmp`, `tcp`, `udp`	Yes
destination	Any	String[matches: `^(([a-zA-Z0-9][a-zA-Z0-9-]{0,61}[a-zA-Z0-9])\.)+[a-zA-Z]{2,}$`] or IP	No
port	Any	Integer[min: `1`, max: `65535`] or String[matches: `(?:[1-9][0-9]3	[1-5][0-9]4	6[0-4][0-9]3

definitions (meraki.domains.organizations.networks.appliance.traffic_shaping.rules.rules)

Name	Type	Constraint	Mandatory	Default Value
type	Choice	`application`, `applicationCategory`, `host`, `ipRange`, `localNet`, `port`	Yes
value	String	min: `1`, max: `127`	Yes

per_client_bandwidth_limits (meraki.domains.organizations.networks.appliance.traffic_shaping.rules.rules)

Name	Type	Constraint	Mandatory	Default Value
settings	Choice	`network default`, `ignore`, `custom`	No
bandwidth_limits	Class	`[bandwidth_limits]`	No

traffic_filters (meraki.domains.organizations.networks.appliance.traffic_shaping.uplink_selection.wan_traffic_uplink_preferences)

Name	Type	Constraint	Mandatory	Default Value
type	Choice	`custom`	Yes
value	Class	`[value]`	Yes

traffic_filters (meraki.domains.organizations.networks.appliance.traffic_shaping.uplink_selection.vpn_traffic_uplink_preferences)

Name	Type	Constraint	Mandatory	Default Value
type	Choice	`application`, `applicationCategory`, `custom`	Yes
value	Class	`[value]`	Yes

performance_class (meraki.domains.organizations.networks.appliance.traffic_shaping.uplink_selection.vpn_traffic_uplink_preferences)

Name	Type	Constraint	Mandatory
type	Choice	`builtin`, `custom`	Yes
builtin_performance_class_name	Choice	`VoIP`	No
custom_performance_class_name	String		No

bandwidth_limits (meraki.domains.organizations.networks.appliance.traffic_shaping.rules.rules.per_client_bandwidth_limits)

Name	Type	Constraint	Mandatory	Default Value
limit_up	Integer	min: `0`, max: `1000000`	No
limit_down	Integer	min: `0`, max: `1000000`	No

value (meraki.domains.organizations.networks.appliance.traffic_shaping.uplink_selection.wan_traffic_uplink_preferences.traffic_filters)

Name	Type	Constraint	Mandatory
protocol	Choice	`any`, `icmp6`, `tcp`, `udp`	No
source	Class	`[source]`	Yes
destination	Class	`[destination]`	Yes

value (meraki.domains.organizations.networks.appliance.traffic_shaping.uplink_selection.vpn_traffic_uplink_preferences.traffic_filters)

Name	Type	Constraint	Mandatory
id	String	min: `1`, max: `127`	No
protocol	Choice	`any`, `icmp`, `icmp6`, `tcp`, `udp`	No
source	Class	`[source]`	No
destination	Class	`[destination]`	No

source (meraki.domains.organizations.networks.appliance.traffic_shaping.uplink_selection.wan_traffic_uplink_preferences.traffic_filters.value)

Name	Type	Constraint	Mandatory	Default Value
port	Any	Integer[min: `0`, max: `65535`] or String[matches: `(?:[1-9][0-9]3	[1-5][0-9]4	6[0-4][0-9]3
cidr	String	Regex: `^(?i:any\|(\d{1,3}\.){3}\d{1,3}(\/\d{1,2})?)(,(any\|(\d{1,3}\.){3}\d{1,3}(\/\d{1,2})?))*$`	No
vlan	Any	Integer[min: `1`, max: `4094`] or String[matches: `(?:[1-9]	[1-9][0-9]	[1-9][0-9]2
host	Integer	min: `1`, max: `254`	No

destination (meraki.domains.organizations.networks.appliance.traffic_shaping.uplink_selection.wan_traffic_uplink_preferences.traffic_filters.value)

Name	Type	Constraint	Mandatory	Default Value
port	Any	Integer[min: `0`, max: `65535`] or String[matches: `(?:[1-9][0-9]3	[1-5][0-9]4	6[0-4][0-9]3
cidr	String	Regex: `^(?i:any\|(\d{1,3}\.){3}\d{1,3}(\/\d{1,2})?)(,(any\|(\d{1,3}\.){3}\d{1,3}(\/\d{1,2})?))*$`	No

source (meraki.domains.organizations.networks.appliance.traffic_shaping.uplink_selection.vpn_traffic_uplink_preferences.traffic_filters.value)

Name	Type	Constraint	Mandatory	Default Value
port	Any	Integer[min: `0`, max: `65535`] or String[matches: `(?:[1-9][0-9]3	[1-5][0-9]4	6[0-4][0-9]3
cidr	String	Regex: `^(?i:any\|(\d{1,3}\.){3}\d{1,3}(\/\d{1,2})?)(,(any\|(\d{1,3}\.){3}\d{1,3}(\/\d{1,2})?))*$`	No
network	String	min: `1`, max: `127`	No
vlan	Any	Integer[min: `1`, max: `4094`] or String[matches: `(?:[1-9]	[1-9][0-9]	[1-9][0-9]2
host	Integer	min: `1`, max: `254`	No

destination (meraki.domains.organizations.networks.appliance.traffic_shaping.uplink_selection.vpn_traffic_uplink_preferences.traffic_filters.value)

Name	Type	Constraint	Mandatory	Default Value
port	Any	Integer[min: `0`, max: `65535`] or String[matches: `(?:[1-9][0-9]3	[1-5][0-9]4	6[0-4][0-9]3
cidr	String	Regex: `^(?i:any\|(\d{1,3}\.){3}\d{1,3}(\/\d{1,2})?)(,(any\|(\d{1,3}\.){3}\d{1,3}(\/\d{1,2})?))*$`	No
network	String	min: `1`, max: `127`	No
vlan	Any	Integer[min: `1`, max: `4094`] or String[matches: `(?:[1-9]	[1-9][0-9]	[1-9][0-9]2
host	Integer	min: `1`, max: `254`	No
fqdn	String	min: `1`, max: `1024`	No

Example-1: Comprehensive Traffic Shaping with Global Bandwidth Limits and QoS Rules

This configuration implements Quality of Service (QoS) policies for bandwidth management and traffic prioritization. The example includes traffic shaping rules, bandwidth limits, and application-specific controls for optimized network performance.

This comprehensive traffic shaping configuration establishes enterprise-grade QoS through multiple interconnected components. The “global_bandwidth_limits” enforces network-wide client restrictions with “limit_up/limit_down: 10000” (10 Mbps) applying to all client devices, providing baseline bandwidth management. The “custom_performance_classes” defines application-specific performance thresholds using “name: Radius” with precise metrics including “max_latency: 30ms”, “max_jitter: 30ms”, and “max_loss_percentage: 5%” for authentication traffic optimization.

The sophisticated “rules” configuration employs “default_rules: false” to override built-in policies, implementing three distinct traffic classification approaches. Rule 01 combines “applicationCategory” (meraki:layer7/category/24) with specific “application” IDs (332, 2249, 351, 2248, 2542) for granular application identification, applying “per_client_bandwidth_limits” with “settings: custom” and 1 Mbps limits, “dscp_tag_value: 18” for QoS marking, and “priority: high” for traffic prioritization. Rule 02 demonstrates selective application filtering using the same category but fewer applications with “settings: ignore” to bypass bandwidth restrictions. Rule 03 showcases versatile traffic matching through “host: google.com”, “ipRange: 158.43.128.0/24”, “localNet: 192.168.0.0/16”, and “port: 161” definitions for comprehensive traffic classification.

The “uplink_bandwidth_limits” section implements WAN interface optimization with symmetrical 700 Mbps limits for both “wan1” and “wan2” interfaces, while “uplink_selection” provides intelligent path selection through “default_uplink: wan1”, “active_active_auto_vpn: true” for dual-tunnel VPN connectivity, “load_balancing: true” for proportional traffic distribution, and “failover_and_failback_immediate: true” for rapid failover response to link failures.

NBAR Application Category and Application IDs can be obtained via {{baseUrl}}/networks/{{networkId}}/trafficShaping/applicationCategories

meraki:
  domains:
    - name: !env domain
      administrator:
        name: !env org_admin
      organizations:
        - name: !env org
          networks:
            - name: !env network_name
              product_types:
                - appliance
                - camera
                - switch
                - wireless
                - cellularGateway
              appliance:
                traffic_shaping:
                  global_bandwidth_limits:
                    limit_up: 10000
                    limit_down: 10000
                  custom_performance_classes:
                    - name: Radius
                      max_latency: 30
                      max_jitter: 30
                      max_loss_percentage: 5
                  rules:
                    default_rules: false
                    rules:
                      - name: Rule 01
                        definitions:
                          - type: applicationCategory
                            value: "meraki:layer7/category/24"
                          - type: application
                            value: meraki:layer7/application/332
                          - type: application
                            value: meraki:layer7/application/2249
                          - type: application
                            value: meraki:layer7/application/351
                          - type: application
                            value: meraki:layer7/application/2248
                          - type: application
                            value: meraki:layer7/application/2542
                        per_client_bandwidth_limits:
                          settings: custom
                          bandwidth_limits:
                            limit_up: 1000
                            limit_down: 1000
                        dscp_tag_value: 18
                        priority: high
                      - name: Rule 02
                        definitions:
                          - type: applicationCategory
                            value: "meraki:layer7/category/24"
                          - type: application
                            value: meraki:layer7/application/332
                        per_client_bandwidth_limits:
                          settings: ignore
                        dscp_tag_value: 18
                        priority: high
                      - name: Rule 03
                        definitions:
                          - type: host
                            value: google.com
                          - type: ipRange
                            value: 158.43.128.0/24
                          - type: localNet
                            value: 192.168.0.0/16
                          - type: port
                            value: "161"
                        per_client_bandwidth_limits:
                          settings: custom
                          bandwidth_limits:
                            limit_up: 1000
                            limit_down: 1000
                        dscp_tag_value: 18
                        priority: high
                  uplink_bandwidth_limits:
                    wan1:
                      limit_up: 700000
                      limit_down: 700000
                    wan2:
                      limit_up: 700000
                      limit_down: 700000
                    # cellular:
                    #   limit_up: 0
                    #   limit_down: 0
                  uplink_selection:
                    default_uplink: wan1
                    active_active_auto_vpn: true
                    load_balancing: true
                    failover_and_failback_immediate: true
                    # Don't use wan_traffic_uplink_preferences together with networks[].appliance.sdwan_internet_policies:
                    # the latter is a strictly better version of the former, though it requires a license.
                    # The 2 resources share the same set of data in the API,
                    # and preferences/policies with e.g. matching source get overridden by the resource created last.
                    # Also, deletion of any of the resources deletes the data from the other resource as well.
                    # wan_traffic_uplink_preferences:
                    #   - name: policy 1
                    #     preferred_uplink: "wan1"
                    #     traffic_filters:
                    #       - type: custom
                    #         value:
                    #           protocol: tcp
                    #           source:
                    #             port: "1-1024"
                    #             cidr: any
                    #           destination:
                    #             cidr: any
                    #             port: any
                    #   - name: policy 2
                    #     preferred_uplink: "wan1"
                    #     traffic_filters:
                    #       - type: custom
                    #         value:
                    #           protocol: tcp
                    #           source:
                    #             port: any
                    #             cidr: 192.168.20.0/24
                    #           destination:
                    #             cidr: any
                    #             port: "443"
                    vpn_traffic_uplink_preferences:
                      - name: policy 1
                        preferred_uplink: wan1
                        traffic_filters:
                          - type: application
                            value:
                              id: meraki:layer7/application/375
                          - type: "custom"
                            value:
                              protocol: any
                              source:
                                port: any
                                cidr: any
                              destination:
                                port: any
                                cidr: any
                        fail_over_criterion: poorPerformance
                        performance_class:
                          type: builtin
                          builtin_performance_class_name: VoIP
                      - name: policy 2
                        preferred_uplink: wan1
                        traffic_filters:
                          - type: application
                            value:
                              id: meraki:layer7/application/4
                          - type: "custom"
                            value:
                              protocol: any
                              source:
                                port: any
                                cidr: any
                              destination:
                                port: any
                                cidr: any
                        fail_over_criterion: poorPerformance
                        performance_class:
                          type: builtin
                          builtin_performance_class_name: VoIP
                      - name: policy 3
                        preferred_uplink: wan2
                        traffic_filters:
                          - type: applicationCategory
                            value:
                              id: meraki:layer7/category/3
                          - type: "custom"
                            value:
                              protocol: any
                              source:
                                port: any
                                cidr: any
                              destination:
                                port: any
                                cidr: any
                        fail_over_criterion: poorPerformance
                        performance_class:
                          type: custom
                          custom_performance_class_name: Radius

Example-2: Spoke VPN exclusions configuration for hub-and-spoke topologies. This allows specific applications to bypass the VPN tunnel and go directly to the internet, reducing latency for cloud services while maintaining security for internal traffic. Please note this can only be utilised with spoke networks.

meraki:
  domains:
    - name: !env domain
      administrator:
        name: !env org_admin
      organizations:
        - name: !env org
          networks:
            - name: !env network_name
              product_types:
                - appliance
                - camera
                - switch
                - wireless
                - cellularGateway
              appliance:
                traffic_shaping:
                  global_bandwidth_limits:
                    limit_up: 0
                    limit_down: 0
                  vpn_exclusions:
                    custom:
                      - protocol: tcp
                        destination: "192.168.1.0/24"
                        port: 443
                      - protocol: tcp
                        destination: "192.168.2.0/24"
                        port: 443
                    major_applications:
                      - "meraki:vpnExclusions/application/2"