2

We're going to have an ISP turn up a 100 mbit circuit at our office building (multiple floors, multiple offices). We need to control how much bandwidth is allocated to/used devices on the LAN. For example office 01 is connected to switchport 01 and we need to provide them with the ability to browse the internet at 1 mbit speed (out of a 100 mbit that we have available).

How can we accomplish this?

We currently own a couple of ASA 5510's and 3560 switches. Can we use this equipment or are there other devices that should be purchased that would allow us to do what we need to do more efficiently?

Thanks!

Marvin
  • 31
  • 1
  • 5

2 Answers2

1

The small ISP where I work uses a packet shaper from these guys (http://netequalizer.com/) to manage bandwidth allocation among our clients. If you have the ability to keep different offices/floors on different subnets (can be classless), very granular bandwidth control should be very easy - down to limits on a single host, if you want.

If you don't want an off the shelf solution, you can create a packet shaper yourself from a Linux server with dual NICs using tc. I've experimented with this, but decided that given limited admin time, an off-the-shelf solution was the better buy. This article should get you started:

http://www.topwebhosts.org/tools/traffic-control.php

shiftycow
  • 91
  • 5
0

This might get you started in the direct direction:

http://www.techrepublic.com/blog/networking/limit-bandwidth-on-a-cisco-catalyst-switch-port/404

user48838
  • 7,393
  • 2
  • 17
  • 14
  • But that limits LAN bandwidth as well - I don't think you'd want to limit, for example, the bandwidth between a workstation and the local fileserver, just the external bandwidth to the outside (internet, WAN, whatever.) – mfinni Sep 01 '11 at 18:15
  • Good catch! Per VLAN - https://supportforums.cisco.com/thread/1002299 – user48838 Sep 01 '11 at 18:33
  • Also, the article describes how to limit traffic in the inbound direction (to the switch). That's traffic coming from workstations - "upload". Can the same technique be used to limit traffic leaving the switchport, going towards the workstations - "download"? – Marvin Sep 01 '11 at 18:41
  • Maybe if the VLAN membership tagging/identification can take place on each of the individual workstation NICs. – user48838 Sep 01 '11 at 19:05
  • 1
    As shiftycow has identified, the more flexible approach at the logical level will be to use an additional traffic shaper. We briefly looked at the NetEqualizer, but went with http://www.proceranetworks.com/plr-packetlogic-real-time-enforcement.html for their flexibility in management and reporting. You can "slice-n-dice" per IP, net-range and even application asymmetrically in both directions. – user48838 Sep 01 '11 at 19:11