Need help configuring 3com switch for websense port mirroring


I'm having trouble understanding the documentation for a 3com 4500 g switch when it comes to port mirroring.  I'm trying to install websense security suite on it's own box and connect it to this switch.  I assume at least on of the switch ports the websense box uses will mirror network traffic in and out of our sonic wall.  Is this correct?

My problems are:
The documentation I downloaded refers only to the command line interface not the web interface.

Second problem:
I don't know the IP of the switch I need to use!  I know that sounds bad, but I didn't set up the network and it's not documented.  The switch does not appear to have a console port.  Anyone know a piece of freeware that can detect network devices and give me an ip?

thanks for any help, I really need it!


Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

I can help with the port mirroring, but you probably don't need it.  There are a couple of different ways to set up WebSense.  One is to have it running on a system with 2 NICs.  Traffic comes in one NIC, is filtered, and goes out the other port.  This is the preferred configuration if you are attempting to do bandwidth throttling.

In the configuration which you are probably trying to use, Websense receives the request for URL filtering from the SonicWall and returns an ALLOW or DENY response to the firewall.  In this case, you do not need to set up port mirroring.  You simply configure the firewall to use URL filtering, and tell it what the IP address of your Websense server is.  The firewall takes care of the rest.  

Let me know if you need any additional help with the firewall or Websense server.  Good luck.
Here's some additional information for you.  The console port on the 4500G is probably on the front of the switch and looks like a standard RJ45 jack.  To program the switch from the console port requires a special cable.  If you do not have one, the pinouts for this cable can be found in the Getting Started Guide.

Getting Started Guide:

This guide also gives you complete information about how to do the initial switch setup.  Below are some additional manuals which might be helpful:

Configuration Guide:
Command Reference:
Quick Reference Guide:

If the switch is getting its IP address dynamically, then you might be able to figure out which address is being used by looking in the lease tables of your DHCP server.  If the switch was statically assigned, you will need to scan for the address.  GFI makes a great tool called LANguard Network Security Scanner.  The product is not free, but GFI does offer a free trial copy for download.

This particular tool is quite comprehensive, and gives you much more than simply IP scanning capabilities.  As I said, it isn't free, but the demo copy should work long enough for you to get an idea about the layout and configuration of your network.

Please let me know if any of this is helpful.

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
maureen99Author Commented:
Hi TNL_Engr;

I am still going over your far it looks very helpful.  We are a 2 person IT department so my time is very divided.

thanks so very much!

Ultimate Tool Kit for Technology Solution Provider

Broken down into practical pointers and step-by-step instructions, the IT Service Excellence Tool Kit delivers expert advice for technology solution providers. Get your free copy now.

No problem, I completely understand.  Just let me know if I can be of further assistance.
maureen99Author Commented:
Hi again,

I did the GFI scan but was unable to figure out the IP of the switch so I moved the machine to a switch in the closet next door.  Switch goes to a patch panel and is not directly connected to the sonic wall.  I can move it back if necessary.

the only reason I really needed to get the switch IP was to set up port mirroring, but if I don't need to mirror that's ok.  

A few questions if you have time:

Is bandwidth throttling controlling the amount of bandwidth allowed per PC?  

Can you tell me how to set up port mirroring on the switch step by step?  I referred to the manuals but their still pretty cryptic on what commands to use and it only takes you through it in the command line interface.  It gives you a command requiring parameters, but doesn't give the parameters...

Sorry to be so clueless, but how does one configure the sonic wall to use url filtering?
If I can use the sonic wall configuration w/o port mirroring that's great.  meanwhile, I am also hitting sonic wall support.

What I ultimately want to do is find out what pcs are downloading what, who's streaming video or audio and how much, etc.

As always, I greatly appreciate any help because right now I am rather stuck but I'm determined to get this set up.

thanks again,  


Hi Maureen,
Wow!  Lot of questions. :-)  Here goes:
1. You will eventually need to know the IP address of the 3Com switch if you want to make any configuration changes.  You may not have found it in a scan if it does not have an IP address assigned, or if the address is in another range.  In either case, you will probably need to use the console interface to set the new address.

2. What device are you using for bandwidth control?  WebSense will support this if (a) you have the appropriate license, and (b) you set the WebSense server up in line like this:  InsideNet--->WEBSENSE SVR --->SONICWALL --->Internet  As you can see, all of the traffic to the Internet has to go through the WebSense server (in one interface, and out another interface).  In this configuration the server can limit traffic by protocol.  The other way to set up WebSense has the server somewhere on the inside of your network, and the firewall simply sends requests back to the server.  In either case, WebSense reporting provides complete information on where everyone is going.  So, either way you set it up you will get good information about the surfing habits of your users.  Also, in either configuration you can limit which categories of sites your users are accessing.

3. If you need to configure port mirroring, here's all you need to enter from the command prompt:
  <3Com> system-view
  [3Com] mirroring-group 1 local
  [3Com] mirroring-group 1 mirroring-port GigabitEthernet 1/0/1 both
  [3Com] mirroring-group 1 monitor-port GigabitEthernet 1/0/3
In the example above, GigabitEthernet 1/0/1 is the port that you want to collect the traffic from and "both" indicates that you want to collect traffic going in and out of the port.  GigabitEthernet 1/0/3 is the port that the traffic will be transmitted back out of.  I've included this info simply so you know how to do it.  You will not need to do this to configure WebSense.  Be careful if you attempt to mirror traffic.  You need to really understand the process before attempting it.

4. URL filtering on the SonicWall - Exactly how to set this up depends upon which model of SonicWall you have.  I believe that WebSense can be configured on all of their models except the TZ150.  Here's how it's done on a TZ170...Navigate to "Security Services", "Content Filtering".  In the "Content Filter Type" drop down box select "Websense" and click configure.  In the configuration section you will need to enter the IP address of the WebSense server, and maybe enter the type (not sure about that part, but there are only a couple of types that it could be.  You should probably pick the highest number).

Lastly, your best support will come from WebSense.  They have great documentation, and really customer support.  They can help you with any configuration, and any firewall.  SonicWall supports WebSense on most of their firewalls, but since they have a competing product, they may not be quite as knowledgeable (or forthcoming) about configuring third party add-ons.
maureen99Author Commented:
Thanks for answering all my questions.  I have gotten the port mirroring working, however I have been sidetracked by a virus/trojan spambot:

maureen99Author Commented:
Sorry to be so late with this, just too many things on the plate atm but thanks so much again TNL_Engr for your very awesome help!!
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Switches / Hubs

From novice to tech pro — start learning today.