Wed Feb 01, 2012 12:17 am
I'm glad you found the source. However, I gotta ask... how is this customer routing his internal addresses over your network? He should be doing his own NAT.
On your NAT router, add a filter to only allow those subnets that you've set up for customer access. On my network, I have hundreds of subnets in play, but only 2 can get out through NAT. In this set up, if a customer inadvertently bridges his lan to my network, he won't be able to get out. Every customer has to use the IP I give them (static or dynamic).
For controlling bandwidth, do this where the customer has his L3 connection to your network (wlan, vlan, pppoe, etc...), the tools are there, you just have to use them.
Also consider setting up a queue to dynamically balance your bandwidth. A search on bandwidth sharing should get you started. It will help prevent a few users from dragging your whole network down.