Need help configuring 3com switch for websense port mirroring

Posted on 2008-10-31
Last Modified: 2012-05-05

I'm having trouble understanding the documentation for a 3com 4500 g switch when it comes to port mirroring.  I'm trying to install websense security suite on it's own box and connect it to this switch.  I assume at least on of the switch ports the websense box uses will mirror network traffic in and out of our sonic wall.  Is this correct?

My problems are:
The documentation I downloaded refers only to the command line interface not the web interface.

Second problem:
I don't know the IP of the switch I need to use!  I know that sounds bad, but I didn't set up the network and it's not documented.  The switch does not appear to have a console port.  Anyone know a piece of freeware that can detect network devices and give me an ip?

thanks for any help, I really need it!


Question by:maureen99
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 4
  • 4

Expert Comment

ID: 22851666
I can help with the port mirroring, but you probably don't need it.  There are a couple of different ways to set up WebSense.  One is to have it running on a system with 2 NICs.  Traffic comes in one NIC, is filtered, and goes out the other port.  This is the preferred configuration if you are attempting to do bandwidth throttling.

In the configuration which you are probably trying to use, Websense receives the request for URL filtering from the SonicWall and returns an ALLOW or DENY response to the firewall.  In this case, you do not need to set up port mirroring.  You simply configure the firewall to use URL filtering, and tell it what the IP address of your Websense server is.  The firewall takes care of the rest.  

Let me know if you need any additional help with the firewall or Websense server.  Good luck.

Accepted Solution

TNL_Engr earned 500 total points
ID: 22858932
Here's some additional information for you.  The console port on the 4500G is probably on the front of the switch and looks like a standard RJ45 jack.  To program the switch from the console port requires a special cable.  If you do not have one, the pinouts for this cable can be found in the Getting Started Guide.

Getting Started Guide:

This guide also gives you complete information about how to do the initial switch setup.  Below are some additional manuals which might be helpful:

Configuration Guide:
Command Reference:
Quick Reference Guide:

If the switch is getting its IP address dynamically, then you might be able to figure out which address is being used by looking in the lease tables of your DHCP server.  If the switch was statically assigned, you will need to scan for the address.  GFI makes a great tool called LANguard Network Security Scanner.  The product is not free, but GFI does offer a free trial copy for download.

This particular tool is quite comprehensive, and gives you much more than simply IP scanning capabilities.  As I said, it isn't free, but the demo copy should work long enough for you to get an idea about the layout and configuration of your network.

Please let me know if any of this is helpful.

Author Comment

ID: 22889438
Hi TNL_Engr;

I am still going over your far it looks very helpful.  We are a 2 person IT department so my time is very divided.

thanks so very much!

Optimize your web performance

What's in the eBook?
- Full list of reasons for poor performance
- Ultimate measures to speed things up
- Primary web monitoring types
- KPIs you should be monitoring in order to increase your ROI


Expert Comment

ID: 22890148
No problem, I completely understand.  Just let me know if I can be of further assistance.

Author Comment

ID: 22932908
Hi again,

I did the GFI scan but was unable to figure out the IP of the switch so I moved the machine to a switch in the closet next door.  Switch goes to a patch panel and is not directly connected to the sonic wall.  I can move it back if necessary.

the only reason I really needed to get the switch IP was to set up port mirroring, but if I don't need to mirror that's ok.  

A few questions if you have time:

Is bandwidth throttling controlling the amount of bandwidth allowed per PC?  

Can you tell me how to set up port mirroring on the switch step by step?  I referred to the manuals but their still pretty cryptic on what commands to use and it only takes you through it in the command line interface.  It gives you a command requiring parameters, but doesn't give the parameters...

Sorry to be so clueless, but how does one configure the sonic wall to use url filtering?
If I can use the sonic wall configuration w/o port mirroring that's great.  meanwhile, I am also hitting sonic wall support.

What I ultimately want to do is find out what pcs are downloading what, who's streaming video or audio and how much, etc.

As always, I greatly appreciate any help because right now I am rather stuck but I'm determined to get this set up.

thanks again,  



Expert Comment

ID: 22946221
Hi Maureen,
Wow!  Lot of questions. :-)  Here goes:
1. You will eventually need to know the IP address of the 3Com switch if you want to make any configuration changes.  You may not have found it in a scan if it does not have an IP address assigned, or if the address is in another range.  In either case, you will probably need to use the console interface to set the new address.

2. What device are you using for bandwidth control?  WebSense will support this if (a) you have the appropriate license, and (b) you set the WebSense server up in line like this:  InsideNet--->WEBSENSE SVR --->SONICWALL --->Internet  As you can see, all of the traffic to the Internet has to go through the WebSense server (in one interface, and out another interface).  In this configuration the server can limit traffic by protocol.  The other way to set up WebSense has the server somewhere on the inside of your network, and the firewall simply sends requests back to the server.  In either case, WebSense reporting provides complete information on where everyone is going.  So, either way you set it up you will get good information about the surfing habits of your users.  Also, in either configuration you can limit which categories of sites your users are accessing.

3. If you need to configure port mirroring, here's all you need to enter from the command prompt:
  <3Com> system-view
  [3Com] mirroring-group 1 local
  [3Com] mirroring-group 1 mirroring-port GigabitEthernet 1/0/1 both
  [3Com] mirroring-group 1 monitor-port GigabitEthernet 1/0/3
In the example above, GigabitEthernet 1/0/1 is the port that you want to collect the traffic from and "both" indicates that you want to collect traffic going in and out of the port.  GigabitEthernet 1/0/3 is the port that the traffic will be transmitted back out of.  I've included this info simply so you know how to do it.  You will not need to do this to configure WebSense.  Be careful if you attempt to mirror traffic.  You need to really understand the process before attempting it.

4. URL filtering on the SonicWall - Exactly how to set this up depends upon which model of SonicWall you have.  I believe that WebSense can be configured on all of their models except the TZ150.  Here's how it's done on a TZ170...Navigate to "Security Services", "Content Filtering".  In the "Content Filter Type" drop down box select "Websense" and click configure.  In the configuration section you will need to enter the IP address of the WebSense server, and maybe enter the type (not sure about that part, but there are only a couple of types that it could be.  You should probably pick the highest number).

Lastly, your best support will come from WebSense.  They have great documentation, and really customer support.  They can help you with any configuration, and any firewall.  SonicWall supports WebSense on most of their firewalls, but since they have a competing product, they may not be quite as knowledgeable (or forthcoming) about configuring third party add-ons.

Author Comment

ID: 22989125
Thanks for answering all my questions.  I have gotten the port mirroring working, however I have been sidetracked by a virus/trojan spambot:


Author Closing Comment

ID: 31512105
Sorry to be so late with this, just too many things on the plate atm but thanks so much again TNL_Engr for your very awesome help!!

Featured Post

Get free NFR key for Veeam Availability Suite 9.5

Veeam is happy to provide a free NFR license (1 year, 2 sockets) to all certified IT Pros. The license allows for the non-production use of Veeam Availability Suite v9.5 in your home lab, without any feature limitations. It works for both VMware and Hyper-V environments

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Most of the applications these days are on Cloud. Cloud is ubiquitous with many service providers in the market. Since it has many benefits such as cost reduction, software updates, remote access, disaster recovery and much more.
This article will inform Clients about common and important expectations from the freelancers (Experts) who are looking at your Gig.
If you're a developer or IT admin, you’re probably tasked with managing multiple websites, servers, applications, and levels of security on a daily basis. While this can be extremely time consuming, it can also be frustrating when systems aren't wor…
There's a multitude of different network monitoring solutions out there, and you're probably wondering what makes NetCrunch so special. It's completely agentless, but does let you create an agent, if you desire. It offers powerful scalability …
Suggested Courses

615 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question