Need Help Splitting Bandwidth

calvinj

[H]ard|Gawd
Joined
Mar 2, 2009
Messages
1,738
Ok. Cisco Guys / Gals / Gods...

I'm wondering if this is even possible, but I have a client that is joing in on a new fiber circuit in their area that will allow them better internet than that current isp (30down / 30 up is what they will end up with). Also with the internet is a couple of private research networks that will go along with the internet.

We have to provide a router for connectivity. We have on order an 1841 with advanced security ios. One port on the 1841 turns into a trunk port for their side of the connections (they have vlanned off all of the appropriate networks) and the other side of the connection is for our lan.

What I want to do through the router (or some other device depending on cost) is to split the bandwidth off in something like 90%/10% between our internal network and our guest access network.

Not sure if this is anything at this point, but the dsl circuit is 4 mb down / 512 up and is currently split with a unamnged 5 port switch going into the wan ports of 2 firewalls (1 firewall for internal and the other for the guest access).

Thoughts?
 
Joined
Oct 12, 2007
Messages
643
You can certainly do this with the 1841 (a great router BTW), but it will probably be easier to put in a M0n0wall computer serving up just your guest access to be up and running as quickly as possible.

On the Cisco, you can shape your out bound traffic (to the internet) but your only option is to police the inbound traffic which is a bit nastier, but for guest traffic, who really cares. If possible you would want a separate global ip for your guest traffic, but a separate internal subnet would work too. With the Cisco router, unless you really know what is going on, it will be hard to provide good rate-limited guest access; where as in comparison, a M0n0wall box will automagically prioritize high priority packets such as small DNS packets, to keep the network usable & responsive even when it is maxed out.

Anyway, I suggest getting an old PC with two NICs and setting up M0n0wall, use the automatic traffic shaper wizard to limit your guest traffic to your 10% limit, and setup a captive portal for guest authentication. It will look professional, work well, and have you up & running in a very short period of time. Lastly, depending on the guest setup, M0n0wall supports VLANs, so you can trunk to one of your switches, and extend the guest VLAN to whichever devices / SSID need it.
 
Top