Per user traffic policing

JoeBirdsJoeBirds Member Posts: 49 ■■□□□□□□□□
Hey guys,

On a 2900 series router, is it possible to perform internet traffic policing PER TCP session (single user) on 80 or 443? In other words, I'm wanting to take a user's port 80/443 internet traffic and police it down to a certain speed.

Any ideas are greatly appreciated.

Comments

  • networker050184networker050184 Mod Posts: 11,962 Mod
    Sure, you can match on protocol traffic, ACL, etc. Just have to figure out what works best for you. Look into policing with MQC and it should get you in the right direction.
    An expert is a man who has made all the mistakes which can be made.
  • JoeBirdsJoeBirds Member Posts: 49 ■■□□□□□□□□
    You can't define any internal IP addresses in an ACL that will be used to match internet traffic as it hits the public interface of the router. All addresses are still public at that point.
  • networker050184networker050184 Mod Posts: 11,962 Mod
    Depends at what point in the network you are matching.
    An expert is a man who has made all the mistakes which can be made.
  • JoeBirdsJoeBirds Member Posts: 49 ■■□□□□□□□□
    I think an example will help me better explain:

    Say that I have a LAN of users - two of which love to stream videos and download crap. Is there a way to implement a service policy to police traffic on port 80 and 443 for those two users only?

    The only area I can think to put the service policy would be inward (input) on the public interface, but that leaves me with an issue. I cannot match traffic to those user's private IP addresses from what is still technically public traffic. Sure I could match all of the traffic coming from port 80 and 443 in my ACL match, but that would throttle the entire LAN.

    I really do not think there is an easy way of doing it, if at all.
  • networker050184networker050184 Mod Posts: 11,962 Mod
    Ok I gotcha. Yeah not likely something a router is ging to be good at. You might be able to find a way to match and drop, but as you say not a ver elegant solution. Unfortunately just not what the router is designed for.
    An expert is a man who has made all the mistakes which can be made.
Sign In or Register to comment.