IS there a way in ios to prevent an internet circuit from being saturated by a single user or by a single aggressive application? To give you a deployment scenario, we often create builds for small hotels and wifi hotspots. These builds tend to have limited funds for network equipment(think a 1841, a few 2950/2960 switches, some aironets running in autonomous mode, and usually a cable/dsl connection). Using products such as Pfsense and Nomadix gateway devices, you can use a per-user qos policy. These are usually very basic and simply limit the up/down stream for a specific user(most of the time based on mac address). I know this can be done using some of Cisco's modular Catalyst switches, but due to budget restrictions we need to see if something similar can be implemented in the ISRs as a single-box solution. I'm not so interested in using per-user policies as I am in simply placing “bandwidth hogs” in a scavenger queue when the pipe is stressed. Would something similar to the following work: 1)classify known aggressive applications using nbar signatures(peer-to-peer, etc) 2)classify known encryption traffic(ssl mostly) 3)create a policy map that limits this traffic during contention 4)fair-queue all other traffic giving it right of way
Has anyone been successful in preventing single-user saturation with the above method? I could see how this would be applied to outbound traffic but most of our problems tend to be with the downstream bandwidth. How could we prevent a user from filling up the downstream speeds as well?
Thanks so much for everyones help and please let me know if I could provide anymore details.