Bandwidth Allocation

Unanswered Question
Jun 12th, 2009
User Badges:

Hi,


My Setup is :-


Internet----Internet_RTR----PIX----L3_Switch


Internet Bandwidth = 3MB

We are hosting Servers and LAN Users browse internet using the same link.


I want to dedicate internet Bandwidth as

Web-Server Hosting = 2MB

Internet_Browsing for Lan Users = 1MB


LAN Users are on VLAN#5

Web-Server on VLAN#10

Microsoft_ISA_Server on VLAN #15 ( Internet Proxy Server to share internet for LAN Users )


Lan_Users : 192.168.100/24

Web_server : 10.10.10.1/24

Microsoft ISA_Server : 192.168.1.0/24

Pix Firewall IP : 172.20.17.1/29

L3_Switch IP : 172.20.17.2/29


Can Someone Help based on the information how could i allocate bandwith for services.

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
branfarm1 Fri, 06/26/2009 - 14:58
User Badges:
  • Bronze, 100 points or more

What PIX OS version are you running?

victor_87 Sun, 06/28/2009 - 04:55
User Badges:

You can do tis on either the L3 switch, PIX (v 7.0 +) and Ur Internet router.



On the L3 switch this can be done on the L3 link connecting to the firewall. On the PIX inside interface if ios version is greater than or equal to 7.0, and on the internet router Inside interface if you are no doing NAT on the PIX and doing it on the router.


For doing this u need to write down access-lits differnetiating the server and proxy etc.


then u need to create class-map and match the access-lists into them, create policy-maps and intergrate the classes into them and finally bind it to the interface using a service policy.


I can provide the detail config which i have to spend some time, but i suggest you to do some reading w.r.t "Policing (QOS)" in order to understand what ur are doing so that u can handle any issues that might occur later.



All the best.


BrinksArgentina Fri, 07/10/2009 - 04:54
User Badges:

Please note that inbound and outbound traffic need diferent policies.

I wrote this post some weeks ago for inbound traffic:


http://forums.cisco.com/eforum/servlet/NetProf?page=netprof&forum=Security&topic=Firewalling&topicID=.ee6e1fa&CommCmd=MB%3Fcmd%3Dpass_through%26location%3Doutline%40%5E1%40%40.2cd34c23/3#selected_message


You need one external address for each policy.




Guido.

Please rate all the helpful comments.

Actions

This Discussion