LAN Routing
cancel
Showing results for 
Search instead for 
Did you mean: 

STP disabled for Websense?

bballlal
Occasional Contributor

STP disabled for Websense?

We use Websense as our webfilter. I'm in the process of installing a new server. Our core routers are 3Com 5500G's. The old server has two NICs but one of them was completely disabled. The other NIC was plugged in to a port that had port mirroring enabled.

 

I plugged the new server into the two ports that the old server was using, this time I'm going to use both NICs (one for the port mirroring and the other to access the server remotely). I left the port that was doing the port mirroring unplugged while I finished doing updates and getting the server ready. After about 30 minutes of downloading on the new server the network started to become sluggish. Knowing that was the only change on the network I powered down the new Websense server. Shortly the network went back to normal.

 

I looked at the configs and and the two ports that the old websense server was using had stp disabled (both the port that was configured for mirroring and the other port that I was going to use for remote access). Is there any reason to have STP disabled on ports for a Websense server? Obviously I'm assuming that STP being disabled on the port I was using to download updates was the cause for the network to become sluggish. Should I enable STP on both ports or just leave it disabled on the port that will be doing the mirroring for Websense? Thanks in advance.

4 REPLIES
Peter_Debruyne
Honored Contributor

Re: STP disabled for Websense?

Hi,

 

I am not sure how the websense actually operates (inline or just inspecting via a port mirror), but it is typically an endpoint device, so there is no need for stp on these ports.

However, it is not best practice to disable stp, rather to configure it to be an stp edge port (so the port will transition to forwarding directly after being UP, as opposed to waiting 30 seconds), this will ensure that you will still send stp packets, so in case there is a loop, it can still be detected.

 

This rule may not be applicable if the websense is internally 'bridging' traffic back to the switch (through 2 bridge vlan interfaces for example). In that case, it is better to actually disable stp, since the websense may be relaying the switch stp packets back to the same switch ...

 

Not sure however what was causing the network slowdown however ...

 

Best regards,Peter

bballlal
Occasional Contributor

Re: STP disabled for Websense?

Websense uses a port that is set to mirroring to see all the http/s and protocol traffic. One NIC will be set to promiscuous mode with no IP and connected to the port that is set to mirror. The other port in question will be connected to the other NIC that will be used to access and manage the server. Looks like STP should never have been disabled on latter port. And it also looks like on my 3Com 5500G that STP can NOT be enabled on a port that is set to mirror/monitor.

 

Regarding ports being set as edge ports....neither port was set to an edge port. I've enabled that on both ports now...or should that not be enabled on a port that is set to mirror with STP off? Thanks.

Peter_Debruyne
Honored Contributor

Re: STP disabled for Websense?

well, if STP is off, then the edge port function has no effect ... (since port is just forwarding anyway without stp)

Anoopshenoi
Frequent Advisor

Re: STP disabled for Websense?

http://learningmynetworks.blogspot.in/

 

Please configure the port as  both ports

 

 

stp edged-port :- Use the stp edged-port command to configure the current Ethernet port as either an edge port or a
non-edge port.

 

 

 

Anoop.p | Technical Assistant Manager
Office: +91-9538888834
anoopp3com@gmail.com
http://learningmynetworks.blogspot.in/