How to Limit Bandwidth

[jason985]

Is there any way I could limit bandwidth for a group of computers? We have pix firewall and Cisco 2600 router connect to T1 going out to the net. We are having problem with patrons on our public computers killing our bandwidth. I would like to limit the amount of bandwidth they can use. Is there a simple but efficient way to do this?

TIA

 

[Minue]

Hello
You will have to get into QoS (quality of service)it's an advance topic.Try to search the web and cisco website for some configurations or I can recommend you a good training video.
regards

 

[helpdeskdan]

Here's an easy idea - get a cheap connection to the Internet via a cable modem or something. Assign your public computers to a different subnet, then use a route map to map all their traffic to the cable modem, while you use the T1. ;-) Of course, you can also go with the Qos solution, but that will require a bit of knowledge and perhaps a better router. Speaking of which, what do you have to work with?

 

[lerdalt]

I think the 2600 could handle the QoS for what you are trying to do...just might want to make certain the IOS version will support it.

Assuming you have a point to point T1 to the internet, the QoS might not be so bad, but you will want to do some additional research just to be certain. There is an AutoQoS feature that may help get you started minimally.

Have you identified what the traffic is that is killing your bandwidth? Might want to enable netflow as well.

 

[firecodex]

We use a product called Websense to throttle bandwidth and control access to specific sites and types of sites based on A-D groups. Its a great product but it's not cheap. It integrates with our Pix and actually uses the Pix to control the bandwidth & web access.


------------------
Firecodex
CCNA/MCSA/MCP/A+/Net+

 

[jason985]

Thanks everyone for the reply. I will look into QoS.

 

[voltron1011]

I'm with Helpdeskdan... Let these public PC's go out there own dedicated Cable modem... More for security than anything... You have no idea what kind of stuff will end up on them and in turn affect the rest of your network.

 

[jason985]

Well we are a public library and the state pays for our T1s. So a cable connection is not an option, as much as i would love to do that we can't.

 

[Minue]

Hello
Then you should go with QoS.Google for config file on cisco website or you can buy good training video's on ebay!
Regards

 

[lerdalt]

Here is a link that might be of some help:

http://www.cisco.com/en/US/products/sw/iosswrel/ps5207/products_feature_guide09186a00802b7721.html

 

[Jsteve]

Here is the direction I woould go in

Quick example to limit PCs to 300K

step 1 create an ACL for each PC that you want to limit
--------------
access-list 100 permit tcp host 1.1.1.1 any eq 80
access-list 100 permit tcp host 1.1.1.2 any eq 80
access-list 100 permit tcp host 1.1.1.3 any eq 80

step 2 create a class map to match ACL
-------------
class-map HTTP
match access-group 100

step 3 creat a policy
---------------
policy-map POLICE
class HTTP
police 300000 8000 8000 conform-action transmit exceed-action drop

step 4 apply to interface
----------------
int s0/1
service-policy output POLICE


I would suggest you read up and understand basic QOS and test on a switch that is not live in your network before you config on your live environment.