• United States

Limiting ‘Net bandwidth usage

Mar 10, 20032 mins
Network SecurityNetworking

I work at a small college and we are faced with the challenge of effectively using the bandwidth we have and not buying more without good justification. We have a Cisco router connecting to the Internet and a firewall to help in the prevention of unwelcome visitors from the Internet. What options do we have to blocking what we don’t want to come through and giving priority to the traffic that we do want to get through?

— via the Internet

You have several options to consider. The first is a feature/function built into the IOS in your Cisco router. Using an option known as Access Lists or Extended Access Lists, you can block certain port numbers from getting through in general or just to or from certain addresses. There are several books available on the subject that can steer you in the right direction.

The disadvantage with this solution is that you will have to find what port numbers are in use by what applications (outside of the standard ones such as HTTP, FTP, etc.) to know what to block and remember why you blocked it.

You might also be able to use your firewall to block unwanted traffic, so check your documentation. By controlling it at this point on the network, you should be able to control access to certain ports down to a particular user if needed. An advantage is that you should be able to do the management via the same interface you are already using to manage the firewall.

If you want to be able to “throttle” protocols to be only able to use a certain amount of bandwidth or be able to “burst” up to a certain level, if at all, you may need to look at a more specialized device. One such company is called Packeteer which produces a product called the Packet Shaper which gives you just that type of control.