[Okta Webinar] Learn how to a build a cloud-first strategyRegister Now


Control/Monitor Bandwidth by IP

Posted on 2005-04-12
Medium Priority
Last Modified: 2008-03-06
I have a network designed as follows:
Line to internet coming into firewall
(firewall running NAT)
Firewall to Switch
Switch to servers

I need to monitor the incoming/outgoing bandwidth on an IP basis (port would be even better). This is mostly for billing purposes. Currently we are using a Layer 2 switch which can obviously not handle any IP information. What do we need to buy to be able to properly monitor this info. Where would it fit in the network? I was looking at L3 Cisco switches (3550), but I was wondering if I would need to put the switch on the outside facing part of the network, since I do not need to monitor internal traffic, only external. All help appreciated
Question by:moruda
LVL 27

Expert Comment

ID: 13768505
If you're mostly concrerned about Internet traffic, then you should get something like Microsoft ISA server.  You could require all machines on the inside to go through the ISA server for Internet.  You could control where people go, how much bandwidth they get and account for it, and what applications get Internet access.  Then you could write a rule that only your ISA server gets access out, so your ISA server couldn't be bypassed.

More info:  http://www.microsoft.com/isaserver/default.mspx

Ps.  A Cisco layer 3 switch will begin to allow some of this, but not without a lot more infrastructure added on - AAA (Authentication and Accounting) servers, etc.
LVL 23

Expert Comment

ID: 13768538
<< L3 Cisco switches (3550)>>
Sure they should be able to do this, but any reasonably capable router should be able to do the same thing.  If the router is delivering DHCP, then you can get a daily or hourly report from the router sent to one of the IP addresses on the network (like you), and those reports will give you which IPs were trafficking for how long.

And yes, this device should be on the external side of the network, the idea being that all the switched data internal to the network is NOT involved in the auditing, only that data and time going to the extrnal WAN (internet).  Make sense?

Author Comment

ID: 13768566
So I should get a router? Which one do you suggest?  What about security on the router since it isnt behind a firewall?
New Tabletop Appliances Blow Competitors Away!

WatchGuard’s new T15, T35 and T55 tabletop UTMs provide the highest-performing security inspection in their class, allowing users at small offices, home offices and distributed enterprises to experience blazing-fast Internet speeds without sacrificing enterprise-grade security.

LVL 23

Expert Comment

ID: 13768615
Even the most basic routers have great firewalling built in -- just turn them on in default mode, and they usually give full stealth mode on all essential ports.  That is one of the best things about a router today, it has firewalling built in that is way better than software firewalls, even windows firewalls.  For example, take a very basic router like a Linksys BEFSVP41 -- this costs only $75, and is not only a router to the internet with full stealth mode firewall protection on all ports, and a DHCP server, but in addition, it is a VPN endpoint router, so now you have the capability that 1-2 people can VPN into your network from their home offices.  The router handles all this, plus it can send logs of usage and traffic to an IP number at any specified time.

Now I am not suggesting that a basic router like this will solve the needs of a big corporation with many users, but they do do all of what you want.  Linksys is now owned by cisco, and Cisco, the router leader, now makes linksys routers too.  So if you want to go up in capabilities, then go from linksys (or similar low-end routers) to the higher priced, more feature rich Cisco PIX routers.  Some of the high end Ciscos can do amazing things, I would go to their website and check them out.  Of course, you pay and they are harder to configure than the simpler Linksys routers, but in answer to the Q, should you get a router instead, I would say "YES".  They can completely protect the network without any need for software firewalls, and they can do what you want.  But check out the specs first, find a router that is compatible with your modem that connects to the internet.  Start from there, and also consider VPN capabilities, if you need it.  Assume great firewalling is built in.

Expert Comment

ID: 13768618

You can put a management ip address on a 3550 it will allow one IP address.. You should do this for management purposes. You don't want to be using your console cable every time you want to make a config change.

You can find more info here about your switch and what it is capable of doing..


Once you have done that telnet in and enable SNMP and use a common tool such as MRTG..


If you want totals (in out MB/GB ect) you can use MRTG Total Traffic Generator.



Expert Comment

ID: 13770672
Depends how "big" you want to get.  Packetteer boxes will let you manage your usage......have a look at:


Expert Comment

ID: 13772272
Moruda: Which traffic do you want to bill? Do you want to bill internal users or you want to check bils from your ISP?

- To bill internal users you need analyze internal traffic - in your LAN before firewall. ISA may help or (check) even firewall can give you statistics. If not - buy 3550 and replace your switch.
- To check ISP - what firewall you use? Check manual, probably it will give statistics on the outside interface to you. If not - buy a router, or if you have ethernet from firewall to provider - put a HUB and plug external interface of firewall, provider's link and put there spare machine to monitor traffic. You will not be able to correlate traffic to users - just the whole traffic for all.


Author Comment

ID: 13775075
My sonicwall does have some type of monitoring, but I have never successfully set it up. Has anyone set this up in a useful configuration?

Accepted Solution

Vladan_MOBTEL earned 2000 total points
ID: 13781428
You could try logging all the traffic which passes through the firewall. You should get the info on how many Bytes were transfered during the connection. THen you can parse the log files, extract the internal-external addressing relation and bill them based on that.

You can get some reporting tools as well.

How many public IP addresses do you have? If you have one or two and many hosts behind the firewall, you will not get any relevant info in front of the firewall.... ALl internal addresses will go in this one.

Basically, the only machine really capable of telling you what happened is te firewall, or some SW solution which could reside on your workstations ( I would not advise this if you do not have your users educated and/or security tightened so they can not do anything without your consent).


Featured Post

What does it mean to be "Always On"?

Is your cloud always on? With an Always On cloud you won't have to worry about downtime for maintenance or software application code updates, ensuring that your bottom line isn't affected.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

If you’re involved with your company’s wide area network (WAN), you’ve probably heard about SD-WANs. They’re the “boy wonder” of networking, ostensibly allowing companies to replace expensive MPLS lines with low-cost Internet access. But, are they …
In this article, WatchGuard's Director of Security Strategy and Research Teri Radichel, takes a look at insider threats, the risk they can pose to your organization, and the best ways to defend against them.
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
NetCrunch network monitor is a highly extensive platform for network monitoring and alert generation. In this video you'll see a live demo of NetCrunch with most notable features explained in a walk-through manner. You'll also get to know the philos…

872 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question