[Webinar] Learn how to a build a cloud-first strategyRegister Now

x
?
Solved

Traffic shaping on internal network for access to the internet

Posted on 2006-11-29
5
Medium Priority
?
489 Views
Last Modified: 2013-11-16
Hello

I have an internal network with about 100 users. They connect to a bunch of dumb switches that connect to a PIX 506E that does NAT for them, and afterwards the PIX connects to a 3mbit MLPPP line connected to a Cisco 1721 router.

I need to limit users internet access speed. i.e. 64kbits / sec. per user. I also need to be able to limit the traffic on an application / port basis when necessary. i.e. give priority to port 80 applications.
How would I do that? Would the PIX box be able to do all of these if I upgrade the OS? Or do I need a different solution?
0
Comment
Question by:eggster34
5 Comments
 
LVL 1

Expert Comment

by:Sean64
ID: 18039335
It's fairly easy to use Class Based Weighted Fair Queuing to accomplish the priority part.  However most Cisco routers are not capable of the speed limit function you are describing.  It's called User Based Rate Limiting.  You need a much more powerful switch to perform this function.  i.e. 6500 or I believe that 4500s also support this with the proper software revision.
Those devices can cost anywhere from 10k to 100k depending on the features.
0
 
LVL 79

Accepted Solution

by:
lrmoore earned 1500 total points
ID: 18040105
Given what you've described, I'd say your best bet would be a Proxy. Most proxies will allow you to limit bandwidth by user. The dumb switches, nor the PIX by itself can do this in any way. Not even the latest 7.21 PIX OS will do this.
I recommend a simple appliance like the iPrism http://www.stbernard.com/iPrism
Get a demo unit and you'll be impressed. Inexpensive, hardware is included, super easy set up and very fine grain control over users. Excellent reporting, too.
0
 
LVL 7

Expert Comment

by:knightrider2k2
ID: 18040572
ISA and iPrism are great for the job. But if you are looking for something inexpensive, then try MonoWall. It is a linux based firewall and has traffic shaping features.

http://m0n0.ch/wall/
0
 

Author Comment

by:eggster34
ID: 18040974
lrmoore , are you sure this iPrism does traffic shaping  as well?
0
 
LVL 79

Expert Comment

by:lrmoore
ID: 18043044
Yes, it does. 100% sure based on users, IP's, subnets, etc..

0

Featured Post

 The Evil-ution of Network Security Threats

What are the hacks that forever changed the security industry? To answer that question, we created an exciting new eBook that takes you on a trip through hacking history. It explores the top hacks from the 80s to 2010s, why they mattered, and how the security industry responded.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This month, Experts Exchange’s free Course of the Month is focused on CompTIA IT Fundamentals.
This article will show you step-by-step instructions to build your own NTP CentOS server.  The network diagram shows the best practice to setup the NTP server farm for redundancy.  This article also serves as your NTP server documentation.
Monitoring a network: why having a policy is the best policy? Michael Kulchisky, MCSE, MCSA, MCP, VTSP, VSP, CCSP outlines the enormous benefits of having a policy-based approach when monitoring medium and large networks. Software utilized in this v…
Monitoring a network: why having a policy is the best policy? Michael Kulchisky, MCSE, MCSA, MCP, VTSP, VSP, CCSP outlines the enormous benefits of having a policy-based approach when monitoring medium and large networks. Software utilized in this v…

865 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question