HPE Community
Switches, Hubs, and Modems
1752730 Members
5723 Online
108789 Solutions
New Discussion юеВ

How to setup bidirectional port spanning on 5304xl ?

 
SOLVED
Go to solution
patlamhk
Frequent Advisor

тАО06-15-2006 10:44 PM

тАО06-15-2006 10:44 PM

How to setup bidirectional port spanning on 5304xl ?

Hi, help pls.

I am deploying the Websense to my LAN which contain 2 segment of IP address and 2 VLAN.

How can I setup the Procurve 5304xl switch to allow the Websense monitor all traffic across my LAN ?

thanks a lot :)
0 Kudos
5 REPLIES 5
Matt Hobbs
Honored Contributor

тАО06-15-2006 11:22 PM

тАО06-15-2006 11:22 PM

Solution

Re: How to setup bidirectional port spanning on 5304xl ?

What I believe you need to do is set a mirror-port which you attach your Websense machine to, and then set a monitor port which will be the port that connects to your default gateway / firewall.

E.g. Websense machine on a2, gateway uplink on port a1:

ProCurve(config)# mirror-port a2
ProCurve(config)# interface a1 monitor

Sergej Gurenko
Trusted Contributor

тАО06-16-2006 09:40 AM

тАО06-16-2006 09:40 AM

Re: How to setup bidirectional port spanning on 5304xl ?

Usually administrators are only interested in analyzing/blocking traffic going towards the Internet. I recommend you to monitor only one place - the sub-net all the users (vlans) need to traverse towards the Internet.
I'm not sure mentioned earlier procurve switch have rich SPAN (also known as port monitoring) functionality. It is not mentioned in the Management and Configuration Guide that Procurve is supports ingress packets to monitor port. So you you will need second NIC on a websence machine.

Websence need to send TCP resets if you want not only monitoring and analyzing but also restricting Internet usage. Like it mentioned in Quick start guide you either can use same NIC for analysing and sending TCP resets or install additional TCP reset NIC (http://www.websense.com/docs/support/documentation/setup/v62/NA_Quick_Start_62.pdf)
If you will SPAN 2 VLANS it would

P.S. Also read this old websence topic.
http://forums1.itrc.hp.com/service/forums/questionanswer.do?threadId=317326

--
For information on how broadcast, multicast, and unicast packets are tagged inside and outside of the VLAN to which the monitor port is assigned, refer to the section titled ├в VLAN-Related Problems├в in the ├в Troubleshooting├в chapter of the Management and Configuration Guide for your switch.)
--
patlamhk
Frequent Advisor

тАО06-18-2006 02:20 PM

тАО06-18-2006 02:20 PM

Re: How to setup bidirectional port spanning on 5304xl ?

Guys,
thanks for your help.

Once I enabled the mirror-port, and the monitor port / VLAN. My Websense works fine.

Next step is config my Cisco ASA with Websense.
0 Kudos
Sergej Gurenko
Trusted Contributor

тАО06-21-2006 04:25 AM

тАО06-21-2006 04:25 AM

Re: How to setup bidirectional port spanning on 5304xl ?

From the Websence Quick Start guide it is looks like you need either Switch monitoring or Firewall monitoring. Not both at the same time.
0 Kudos
patlamhk
Frequent Advisor

тАО06-21-2006 03:35 PM

тАО06-21-2006 03:35 PM

Re: How to setup bidirectional port spanning on 5304xl ?

Yes, I monitoring my switch only at the moment.
Thanks
0 Kudos
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.