Outbound traffic shaping based on MAC?
Posted on 2006-04-27
In a big nutshell, what I'd like to setup here is a software/hardware solution that will allow me to view, shape, or altogether disable inbound and/or outbound network traffic.
Some details about the setup:
-about 100 clients on the LAN, solution should allow for growth to twice that amount.
-vanilla type LAN setup (for the most part) some DHCP clients, some static IP, some allowed, some not.
-bandwidth is limited here, and will become mission critical in the future.
-This is a business environment that has had problems with employees bringing devices from home. Laptops, Ipods, PSP's, etc. They will need to be able to control or disable traffic based on traffic type, and an ACL containing trusted MACs.
-Ideally they would like employees to be able to connect their laptops in a lounge. Limited bandwidth (even to unknown MACs) and VLAN type seclusion to this lounge circuit would be a huge plus. This is the complicated part. Can they maintain a whitelist, a blacklist, and a "grey list" of MAC addresses and assign bandwidth access based on group membership?
I am currently looking at the following types of solutions
1. Managed switches.
What is a good switch for shaping in/out traffic based on MAC AND/OR traffic type? Cisco vs. 3Com? Layer 3? Model #'s you've had luck with?
2. Software firewall? ISA server? Kerio Winroute? Linux w/ squid or Sygate?
3. Your suggestions? (only if you've actually done it please)
I'm looking for suggestions from those who have had success solving this specific problem.
Which solution do you think is most reliable? Why?
Most easy to maintain / Lowest TCO?
Thanks in advance,