Optimize your Microsoft Teams traffic with QoS on a UniFi USG

At times like these, when everybody is working from home and the whole family uses the internet as well, the traffic requirements can be tough on your internet connection. When you are using real-time collaboration tools, such as Microsoft Teams, that rely on a good and stable internet connection for voice, video and screen sharing, parallel Netflix/Disney+/Hulu/Amazon Prime traffic can make the experience subpar for everybody involved.

Thankfully it’s possible to optimize your outgoing traffic based on what services are used.

In this example I show you how to setup traffic shaping on a UniFi USG or EdgeRouter using DSCP to optimize your Microsoft Teams meetings. This setup is only an example and you can easily adapt it to your router if it supports DSCP. If it does not, the Ubiquiti EdgeRouter X is about 50 bucks.

Test your setup before you begin

Use or another internet speed test to check your download and upload speed before and after you configure this in your network.
Use the “Show more info” option to also include an upload test results.

Why this is important you will see at the end of this blog post.

Microsoft Teams settings

To differentiate the outgoing Teams traffic and set the correct DSCP values you will have to set the UDP ports used by Microsoft Teams globally for your tenant. If you cant do this, changes are high that Teams still uses the defined UDP port settings because they are the default value.

Switch to Meetings Settings in you Teams Admin Console

Set the values according to this screenshot


Microsoft Teams UDP settings

Teams DSCP reference

Media traffic type Client source port range Protocol DSCP value DSCP class
Audio 50,000–50,019 TCP/UDP 46 Expedited Forwarding (EF)
Video 50,020–50,039 TCP/UDP 34 Assured Forwarding (AF41)
Application/Screen Sharing 50,040–50,059 TCP/UDP 18 Assured Forwarding (AF21)

Windows Settings

If you have setup your Microsoft Teams ports according to those values you still have to do some configuration on your workstation as well.

Test Workstation

If you only have one or two machines you can use PowerShell cmdlets to create the policies you need.

New-NetQosPolicy -Name "Teams Audio" -AppPathNameMatchCondition "teams.exe" -IPSrcPortStartMatchCondition 50000 -IPSrcPortEndMatchCondition 50019 -DSCPAction 46
New-NetQosPolicy -Name "Teams Video" -AppPathNameMatchCondition "teams.exe" -IPSrcPortStartMatchCondition 50020 -IPSrcPortEndMatchCondition 50039 -DSCPAction 34
New-NetQosPolicy -Name "Teams Application-Screen Sharing" -AppPathNameMatchCondition "teams.exe" -IPSrcPortStartMatchCondition 50040 -IPSrcPortEndMatchCondition 50059 -DSCPAction 18

Group Policy based distribution

If you have hundreds or thousands of workstations you most likely already use Group Policies to manage settings centrally. Of course you can apply those settings via GPO as well.

  1. Create a new GPO
  2. Computer Configuration -> Windows Settings -> Right click “Policy-based QoS” -> “Create new policy”
  3. You need to create three QoS policies. Start with “Team Audio” and set DSCP to “46”
  4. Specify the application name “teams.exe”
  5. Do not restrict this on any specific IP ranges…
  6. …but to the UDP source port range “50000:50019”
  7. Repeat the steps 2 - 6 for “Teams Video” and “Teams Application-Screen Sharing”. Lookup the correct values for DSCP and UDP ports in the table above.

Check with Wireshark

Capture UDP packets and check if the DSCP value is added to the IP header

Default behavior


After setting up the policy


Router configuration

Now it’s time to configure your router to restrict the network traffic based on the DSCP values.

In my setup I have a 1 Gbps download and 50 Mbps of upload speed.

The traffic shaping configuration should only apply to the outgoing traffic, on interface eth0 (WAN), which is the internet upload.

Configure mode on USG

Connect via SSH to your UniFi router and enter the “configure” mode


Upload traffic shaping

The following commands setup a traffic shaping policy that distributes the 50 Mbit upload speed between four different traffic classes.

It guarantees the specified percentage of the total upload bandwidth (50Mbps) to those classes but because of the “ceiling” value of 100% is does not restrict the traffic to this percentage. So after you finish work you are not restricted to only 70% of the total upload speed, but can use it all.

set traffic-policy shaper upload description "Microsoft Teams QoS"

set traffic-policy shaper upload bandwidth 50mbit
set traffic-policy shaper upload default bandwidth 70%
set traffic-policy shaper upload default ceiling 100%

set traffic-policy shaper upload class 10 bandwidth 15%
set traffic-policy shaper upload class 10 ceiling 100%
set traffic-policy shaper upload class 10 match rtp ip dscp 46

set traffic-policy shaper upload class 20 bandwidth 8%
set traffic-policy shaper upload class 20 ceiling 100%
set traffic-policy shaper upload class 20 match sip ip dscp 34

set traffic-policy shaper upload class 30 bandwidth 7%
set traffic-policy shaper upload class 30 ceiling 100%
set traffic-policy shaper upload class 30 match sip ip dscp 18

Apply and save configuration

After you have setup the configuration, you will need to activate and safe it.

set interfaces ethernet eth0 traffic-policy out upload
commit ; save ; exit

Export config as JSON

If you are using the USG the configuration would be overwritten the next time you are changing something on the UniFi controller. To avoid this you have to use a file called config.gateway.json. Please refer to the linked articel to setup this file on your UniFi controller.

You can use the following command to dump the complete configuration and extract the parts you need.

mca-ctrl -t dump-cfg

Or you could use this amazing script that Daniil Baturin wrote to only extract the part of the config you really need.

./ "interfaces ethernet eth0 traffic-policy" "traffic-policy"

config.gateway.json and Docker

If your UniFi controller is running as a docker container and your site name is “default” add the following to you docker-compose file.

  - /path/to/persitent/config/unifi/config.gateway.json:/unifi/data/sites/default/config.gateway.json

Test your configuration

Use a internet speed test to see if there is any degradation in your network performance because you activated the traffic shaping feature.

Sadly my download speed was hit with a massive performance degradation and this while the configuration just applies traffic shaping to the outgoing traffic.

[rl_gallery id=“1279”]

As you can see in this results, the configuration nearly halved my download speed. This might be because the USG can’t handle gigabit download while also applying traffic shaping.

So for my this means back to the original configuration. There are some posts in the Unifi forums that say it’s reliable up to 100 Mbps with the EdgeRouter. With the USG based on the results I would say up to 400 Mbps down should be fine.

I’m currently in contact with the Ubiquiti support to get some official answers on this. I will update this post as soon as possible.

Update 04.04.20 20:46

This is the final response from support


Note: These are custom configurations made on the USG through CLI. Custom configurations are not supported over chat or email.

Refer to the KB article below for advanced configurations.

Remove configuration

If you have any trouble with this setup, here are the steps to remove the configuration.

Windows QoS

If you used PowerShell you can use the following to delete all QoS policies. If you used a GPO just un-link it from the workstations affected.

Get-NetQosPolicy | Remove-NetQosPolicy -Confirm:$false


delete traffic-policy shaper upload
delete interfaces ethernet eth0 traffic-policy out upload
commit ; save ; exit


To immediately disable the configuration use the same commands shown for the the EdgeRouter, but don’t forget to remove the configuration from the config.gateway.json as well.


I used the following documentation and sources to setup this configuration.