Traffic shaping and workstation isolation

[Soybomb]

Okay I need some advice for something I've never had to do before. I'm going to have a lan with like 20 workstations, no administrative control over the workstations. The lan will be fed by a 1.5/256 or something like that. I need to first do some traffic shaping to prevent 1 person with a p2p program from killing the entire lan. I'd also like to segregate each computer from the others (no passing of worms on my lan please) on the lan since they will have need to interact with anything but the gateway.

Any suggestions for things to look at for the traffic shaping, I've never had to worry about that before and have no clue where to look. For the isolation is this something I could use vlan's for?

 

[nweaver]

it would be a MAJOR pain to do 20 seperate VLAN's, but it would get the job done, except you need either a) a router that supports trunking for your gateway or b) a router on a stick setup that supports trunking, to get traffic routed to your gateway.

I think there are a few linux distros that will do traffic shaping, such as ipcop, smoothwall. I haven't ever used them myself.

 

[Soybomb]

And I may well ditch the isolation thing, honestly with bandwidth control in place for outbound traffic, and no traffic necessary between the internal machines aside from the gateway I don't see 20 workstations really slowing down the network with internal traffic enough to impact internet access. Right now I'm trying to investigate a little about cisco's nbar feature, supposedly it works quite well, a 2600 dropped in might be low upkeep and effective. Anyone with any experience or advice?