Still celebrating National IT Professionals Day with 3 months of free Premium Membership. Use Code ITDAY17

x
?
Solved

Need help configuring 3com switch for websense port mirroring

Posted on 2008-10-31
8
Medium Priority
?
2,611 Views
Last Modified: 2012-05-05
Hi,

I'm having trouble understanding the documentation for a 3com 4500 g switch when it comes to port mirroring.  I'm trying to install websense security suite on it's own box and connect it to this switch.  I assume at least on of the switch ports the websense box uses will mirror network traffic in and out of our sonic wall.  Is this correct?

My problems are:
The documentation I downloaded refers only to the command line interface not the web interface.

Second problem:
I don't know the IP of the switch I need to use!  I know that sounds bad, but I didn't set up the network and it's not documented.  The switch does not appear to have a console port.  Anyone know a piece of freeware that can detect network devices and give me an ip?

thanks for any help, I really need it!

Maureen


0
Comment
Question by:maureen99
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 4
  • 4
8 Comments
 
LVL 4

Expert Comment

by:TNL_Engr
ID: 22851666
I can help with the port mirroring, but you probably don't need it.  There are a couple of different ways to set up WebSense.  One is to have it running on a system with 2 NICs.  Traffic comes in one NIC, is filtered, and goes out the other port.  This is the preferred configuration if you are attempting to do bandwidth throttling.

In the configuration which you are probably trying to use, Websense receives the request for URL filtering from the SonicWall and returns an ALLOW or DENY response to the firewall.  In this case, you do not need to set up port mirroring.  You simply configure the firewall to use URL filtering, and tell it what the IP address of your Websense server is.  The firewall takes care of the rest.  

Let me know if you need any additional help with the firewall or Websense server.  Good luck.
0
 
LVL 4

Accepted Solution

by:
TNL_Engr earned 2000 total points
ID: 22858932
Here's some additional information for you.  The console port on the 4500G is probably on the front of the switch and looks like a standard RJ45 jack.  To program the switch from the console port requires a special cable.  If you do not have one, the pinouts for this cable can be found in the Getting Started Guide.

Getting Started Guide:  http://support.3com.com/documents/switches/4500G/Switch4500G_Getting_Started2.pdf

This guide also gives you complete information about how to do the initial switch setup.  Below are some additional manuals which might be helpful:

Configuration Guide:  http://support.3com.com/documents/switches/4500G/3Com_10014900-AC_4500G_Config-Guide.pdf
Command Reference:  http://support.3com.com/documents/switches/4500G/3Com_10014901-AB_4500G_Com-Ref.pdf
Quick Reference Guide:  http://support.3com.com/documents/switches/4500G/3Com_Switch4500G_QuickRefGuide.pdf

If the switch is getting its IP address dynamically, then you might be able to figure out which address is being used by looking in the lease tables of your DHCP server.  If the switch was statically assigned, you will need to scan for the address.  GFI makes a great tool called LANguard Network Security Scanner.  The product is not free, but GFI does offer a free trial copy for download.

http://www.gfi.com/lannetscan/

This particular tool is quite comprehensive, and gives you much more than simply IP scanning capabilities.  As I said, it isn't free, but the demo copy should work long enough for you to get an idea about the layout and configuration of your network.

Please let me know if any of this is helpful.
0
 

Author Comment

by:maureen99
ID: 22889438
Hi TNL_Engr;

I am still going over your info...so far it looks very helpful.  We are a 2 person IT department so my time is very divided.

thanks so very much!

Maureen
0
Are You Ready for GDPR?

With the GDPR deadline set for May 25, 2018, many organizations are ill-prepared due to uncertainty about the criteria for compliance. According to a recent WatchGuard survey, a staggering 37% of respondents don't even know if their organization needs to comply with GDPR. Do you?

 
LVL 4

Expert Comment

by:TNL_Engr
ID: 22890148
No problem, I completely understand.  Just let me know if I can be of further assistance.
0
 

Author Comment

by:maureen99
ID: 22932908
Hi again,

I did the GFI scan but was unable to figure out the IP of the switch so I moved the machine to a switch in the closet next door.  Switch goes to a patch panel and is not directly connected to the sonic wall.  I can move it back if necessary.

the only reason I really needed to get the switch IP was to set up port mirroring, but if I don't need to mirror that's ok.  

A few questions if you have time:

Is bandwidth throttling controlling the amount of bandwidth allowed per PC?  

Can you tell me how to set up port mirroring on the switch step by step?  I referred to the manuals but their still pretty cryptic on what commands to use and it only takes you through it in the command line interface.  It gives you a command requiring parameters, but doesn't give the parameters...

Sorry to be so clueless, but how does one configure the sonic wall to use url filtering?
If I can use the sonic wall configuration w/o port mirroring that's great.  meanwhile, I am also hitting sonic wall support.

What I ultimately want to do is find out what pcs are downloading what, who's streaming video or audio and how much, etc.

As always, I greatly appreciate any help because right now I am rather stuck but I'm determined to get this set up.

thanks again,  

Maureen

0
 
LVL 4

Expert Comment

by:TNL_Engr
ID: 22946221
Hi Maureen,
Wow!  Lot of questions. :-)  Here goes:
1. You will eventually need to know the IP address of the 3Com switch if you want to make any configuration changes.  You may not have found it in a scan if it does not have an IP address assigned, or if the address is in another range.  In either case, you will probably need to use the console interface to set the new address.

2. What device are you using for bandwidth control?  WebSense will support this if (a) you have the appropriate license, and (b) you set the WebSense server up in line like this:  InsideNet--->WEBSENSE SVR --->SONICWALL --->Internet  As you can see, all of the traffic to the Internet has to go through the WebSense server (in one interface, and out another interface).  In this configuration the server can limit traffic by protocol.  The other way to set up WebSense has the server somewhere on the inside of your network, and the firewall simply sends requests back to the server.  In either case, WebSense reporting provides complete information on where everyone is going.  So, either way you set it up you will get good information about the surfing habits of your users.  Also, in either configuration you can limit which categories of sites your users are accessing.

3. If you need to configure port mirroring, here's all you need to enter from the command prompt:
  <3Com> system-view
  [3Com] mirroring-group 1 local
  [3Com] mirroring-group 1 mirroring-port GigabitEthernet 1/0/1 both
  [3Com] mirroring-group 1 monitor-port GigabitEthernet 1/0/3
In the example above, GigabitEthernet 1/0/1 is the port that you want to collect the traffic from and "both" indicates that you want to collect traffic going in and out of the port.  GigabitEthernet 1/0/3 is the port that the traffic will be transmitted back out of.  I've included this info simply so you know how to do it.  You will not need to do this to configure WebSense.  Be careful if you attempt to mirror traffic.  You need to really understand the process before attempting it.

4. URL filtering on the SonicWall - Exactly how to set this up depends upon which model of SonicWall you have.  I believe that WebSense can be configured on all of their models except the TZ150.  Here's how it's done on a TZ170...Navigate to "Security Services", "Content Filtering".  In the "Content Filter Type" drop down box select "Websense" and click configure.  In the configuration section you will need to enter the IP address of the WebSense server, and maybe enter the type (not sure about that part, but there are only a couple of types that it could be.  You should probably pick the highest number).

Lastly, your best support will come from WebSense.  They have great documentation, and really customer support.  They can help you with any configuration, and any firewall.  SonicWall supports WebSense on most of their firewalls, but since they have a competing product, they may not be quite as knowledgeable (or forthcoming) about configuring third party add-ons.
0
 

Author Comment

by:maureen99
ID: 22989125
Thanks for answering all my questions.  I have gotten the port mirroring working, however I have been sidetracked by a virus/trojan spambot:
http://www.experts-exchange.com/Networking/Protocols/Application_Protocols/Email/SMTP/Q_23911594.html#a22989067

0
 

Author Closing Comment

by:maureen99
ID: 31512105
Sorry to be so late with this, just too many things on the plate atm but thanks so much again TNL_Engr for your very awesome help!!
0

Featured Post

Concerto Cloud for Software Providers & ISVs

Can Concerto Cloud Services help you focus on evolving your application offerings, while delivering the best cloud experience to your customers? From DevOps to revenue models and customer support, the answer is yes!

Learn how Concerto can help you.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This article is in regards to the Cisco QSFP-4SFP10G-CU1M cables, which are designed to uplink/downlink 40GB ports to 10GB SFP ports. I recently experienced this and found very little configuration documentation on how these are supposed to be confi…
This month, Experts Exchange’s free Course of the Month is focused on CompTIA IT Fundamentals.
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
In this brief tutorial Pawel from AdRem Software explains how you can quickly find out which services are running on your network, or what are the IP addresses of servers responsible for each service. Software used is freeware NetCrunch Tools (https…

721 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question