Solved

Traffic shaping on internal network for access to the internet

Posted on 2006-11-29
5
475 Views
Last Modified: 2013-11-16
Hello

I have an internal network with about 100 users. They connect to a bunch of dumb switches that connect to a PIX 506E that does NAT for them, and afterwards the PIX connects to a 3mbit MLPPP line connected to a Cisco 1721 router.

I need to limit users internet access speed. i.e. 64kbits / sec. per user. I also need to be able to limit the traffic on an application / port basis when necessary. i.e. give priority to port 80 applications.
How would I do that? Would the PIX box be able to do all of these if I upgrade the OS? Or do I need a different solution?
0
Comment
Question by:eggster34
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
5 Comments
 
LVL 1

Expert Comment

by:Sean64
ID: 18039335
It's fairly easy to use Class Based Weighted Fair Queuing to accomplish the priority part.  However most Cisco routers are not capable of the speed limit function you are describing.  It's called User Based Rate Limiting.  You need a much more powerful switch to perform this function.  i.e. 6500 or I believe that 4500s also support this with the proper software revision.
Those devices can cost anywhere from 10k to 100k depending on the features.
0
 
LVL 79

Accepted Solution

by:
lrmoore earned 500 total points
ID: 18040105
Given what you've described, I'd say your best bet would be a Proxy. Most proxies will allow you to limit bandwidth by user. The dumb switches, nor the PIX by itself can do this in any way. Not even the latest 7.21 PIX OS will do this.
I recommend a simple appliance like the iPrism http://www.stbernard.com/iPrism
Get a demo unit and you'll be impressed. Inexpensive, hardware is included, super easy set up and very fine grain control over users. Excellent reporting, too.
0
 
LVL 7

Expert Comment

by:knightrider2k2
ID: 18040572
ISA and iPrism are great for the job. But if you are looking for something inexpensive, then try MonoWall. It is a linux based firewall and has traffic shaping features.

http://m0n0.ch/wall/
0
 

Author Comment

by:eggster34
ID: 18040974
lrmoore , are you sure this iPrism does traffic shaping  as well?
0
 
LVL 79

Expert Comment

by:lrmoore
ID: 18043044
Yes, it does. 100% sure based on users, IP's, subnets, etc..

0

Featured Post

Online Training Solution

Drastically shorten your training time with WalkMe's advanced online training solution that Guides your trainees to action. Forget about retraining and skyrocket knowledge retention rates.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Most of the applications these days are on Cloud. Cloud is ubiquitous with many service providers in the market. Since it has many benefits such as cost reduction, software updates, remote access, disaster recovery and much more.
During and after that shift to cloud, one area that still poses a struggle for many organizations is what to do with their department file shares.
Viewers will learn how to connect to a wireless network using the network security key. They will also learn how to access the IP address and DNS server for connections that must be done manually. After setting up a router, find the network security…
NetCrunch network monitor is a highly extensive platform for network monitoring and alert generation. In this video you'll see a live demo of NetCrunch with most notable features explained in a walk-through manner. You'll also get to know the philos…

729 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question