I manage a network where I wish to limit bandwidth usage from workstations for all traffic that travels outside the internal network. Here's what I have between the workstations and the outside world:
1. Cisco 2811 router (routes all traffic into network - including servers)
2. Dell 5212 Switch
3. Extreme Networks 200-48 switch
4. All workstations
We have ACLs set up on the router to control traffic in a macro state (one ACL for inbound, another for outbound). I have no ACLs or traffic shaping on the internal switches currently.
I've been frustrated trying to come up with the best way to ensure I only perform rate-limiting for bandwidth to/from workstations that travel external to the network. I thought the router would be a good place to perform this, but it appears I can only do this if I set up interface specific ACLs, which complicates management and it would still be macro (would be difficult to set this up so that it only affects the workstations).
My hope is that I would be able to configure one of the internal switches to perform the rate-limiting, but I'd need to have some way of ensuring it is only doing this to external traffic and not internal (don't want to rate limit people making copies to/from servers).