Hi All and thanks for your responses. 1. I have updated to 15.2(6)E2 and I still get the same options, no IP Policy. 2. Although I don't get the option for IP Policy on the interface, I do get it on the SVI. 3. I think I have found a solution using the IP Access-group command but im not sure that is doing what I think its doing. Here is a cut down copy of the config. What I am trying to achieve is; traffic coming into the switch on interfaces G1/0/47 and 48 from our firewall is checked for source address. If it matches the address in access-list 102 it is send down interface G1/0/25. If it doesn't match it sends it out interface G1/0/49 version 15.2 no service pad service timestamps debug datetime service timestamps log datetime service password-encryption ! boot-start-marker boot-end-marker ! aaa session-id common switch 1 provision ws-c2960xr-48fpd-i system mtu routing 1500 ! ip routing ! no setup express ! spanning-tree mode pvst spanning-tree extend system-id ! vlan 20 name FW_N3_Uplink ! vlan 30 name HSCN_Uplink ! interface FastEthernet0 no ip address no ip route-cache ! interface GigabitEthernet1/0/1 shutdown ! interface GigabitEthernet1/0/25 description "Link to HSCN" switchport access vlan 30 switchport mode access ! ! interface GigabitEthernet1/0/47 description "Link to FW01 Cab 10" switchport access vlan 20 switchport mode access ip access-group 102 in ! interface GigabitEthernet1/0/48 description "Link to FW01 Cab 11" switchport access vlan 20 switchport mode access ip access-group 102 in ! interface GigabitEthernet1/0/49 description "Link to BT" switchport access vlan 20 switchport mode trunk srr-queue bandwidth share 10 10 60 20 queue-set 2 priority-queue out mls qos trust dscp auto qos voip trust ! ! ! interface Vlan20 ip address 10.1.1.2 255.255.255.240 ! interface Vlan30 ip address 10.2.2.2 255.255.255.252 ! ip forward-protocol nd ip http server ip http secure-server ! ip route 0.0.0.0 0.0.0.0 10.1.1.1 ip ssh version 2 ! ! access-list 102 permit ip 10.3.3.0 0.0.0.127 any ! ! route-map HSCN-Traffic permit 10 match ip address 102 set ip next-hop 10.2.2.1 ! Thanks.
... View more
I am trying to set up policy based routing on a Cisco 2960XR. IoS version 152.2.E5. This will be used to route depending on source IP address. I have added an ACL and created the route-map however when I try to apply it to the interface, the option in the example is not available. The example state switch(config)#interface gigabitethernet 1/0/1 switch(config-if)#ip policy route-map pbr-map When I try to add my route-map to an interface, there is no option for 'policy' after entering ip ? all I am offered is access-group admission arp device dhcp flow igmp verify Is this down to IoS version or am I missing something, e.g a service or something I need to enable.
... View more
WS-C3750X-48P 15.0(2)SE11 C3750E-UNIVERSALK9-M
License Level: ipbase License Type: Permanent Next reload license Level: ipbase
It's operating as a layer 3 switch so I assume it is equipped with the network services module.
... View more
I am trying to configure netflow on a Cisco 3750X switch. I accepts the flow record, flow exporter, flow monitor and sampler but wont accept the flow monitor on an interface.
Config is below
flow record COLLECT-1 description Record to monitor network traffic match ipv4 destination address collect counter bytes collect counter packets ! flow exporter SOLARWINDS-1 description To Solarwinds destination 10.1.1.1 (not the actual address) source Vlan2 transport udp 2055 ! flow monitor MONITOR-1 record COLLECT-1 exporter SOLARWINDS-1 cache timeout active 300 ! sampler SAMPLER-1 mode random 1 out-of 32 !
I get the following response when I try to add the config to an interface
SW01(config)#int g1/0/48 SW01(config-if)#ip flow monitor MONITOR-1 sampler SAMPLER-1 input % Flow Monitor: 'MONITOR-1' could not be added. SW01(config-if)#
I have kept it simple as per the cisco config guide, am I missing something really obvious ?
... View more