Solved

Traffic shaping on internal network for access to the internet

Posted on 2006-11-29
5
460 Views
Last Modified: 2013-11-16
Hello

I have an internal network with about 100 users. They connect to a bunch of dumb switches that connect to a PIX 506E that does NAT for them, and afterwards the PIX connects to a 3mbit MLPPP line connected to a Cisco 1721 router.

I need to limit users internet access speed. i.e. 64kbits / sec. per user. I also need to be able to limit the traffic on an application / port basis when necessary. i.e. give priority to port 80 applications.
How would I do that? Would the PIX box be able to do all of these if I upgrade the OS? Or do I need a different solution?
0
Comment
Question by:eggster34
5 Comments
 
LVL 1

Expert Comment

by:Sean64
ID: 18039335
It's fairly easy to use Class Based Weighted Fair Queuing to accomplish the priority part.  However most Cisco routers are not capable of the speed limit function you are describing.  It's called User Based Rate Limiting.  You need a much more powerful switch to perform this function.  i.e. 6500 or I believe that 4500s also support this with the proper software revision.
Those devices can cost anywhere from 10k to 100k depending on the features.
0
 
LVL 79

Accepted Solution

by:
lrmoore earned 500 total points
ID: 18040105
Given what you've described, I'd say your best bet would be a Proxy. Most proxies will allow you to limit bandwidth by user. The dumb switches, nor the PIX by itself can do this in any way. Not even the latest 7.21 PIX OS will do this.
I recommend a simple appliance like the iPrism http://www.stbernard.com/iPrism
Get a demo unit and you'll be impressed. Inexpensive, hardware is included, super easy set up and very fine grain control over users. Excellent reporting, too.
0
 
LVL 7

Expert Comment

by:knightrider2k2
ID: 18040572
ISA and iPrism are great for the job. But if you are looking for something inexpensive, then try MonoWall. It is a linux based firewall and has traffic shaping features.

http://m0n0.ch/wall/
0
 

Author Comment

by:eggster34
ID: 18040974
lrmoore , are you sure this iPrism does traffic shaping  as well?
0
 
LVL 79

Expert Comment

by:lrmoore
ID: 18043044
Yes, it does. 100% sure based on users, IP's, subnets, etc..

0

Featured Post

Efficient way to get backups off site to Azure

This user guide provides instructions on how to deploy and configure both a StoneFly Scale Out NAS Enterprise Cloud Drive virtual machine and Veeam Cloud Connect in the Microsoft Azure Cloud.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Join Greg Farro and Ethan Banks from Packet Pushers (http://packetpushers.net/podcast/podcasts/pq-show-93-smart-network-monitoring-paessler-sponsored/) and Greg Ross from Paessler (https://www.paessler.com/prtg) for a discussion about smart network …
If you're not part of the solution, you're part of the problem.   Tips on how to secure IoT devices, even the dumbest ones, so they can't be used as part of a DDoS botnet.  Use PRTG Network Monitor as one of the building blocks, to detect unusual…
Viewers will learn how to connect to a wireless network using the network security key. They will also learn how to access the IP address and DNS server for connections that must be done manually. After setting up a router, find the network security…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…

786 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question