Netflow on 2960 and 3560 !!

Dear all,
I am trying to configure netflow on cisco catalyst 2960(12.250 SE4) and 3560G(12.250 ) switches for mcafee network security manager.
But netflow command is not supported for this mcafee device. 
I want to know, is there any process to configure netflow on this device?
thanks in advance.

  As far as I know those switches do not support any kind of netflow .

Similar Messages

  • Private vlans and 2960 and 3560 switch

    Hi, I have a 3560 switch that supports private vlans. There are few computers connected to it and private vlans work fine. Now I need to connect a 2960 switch to 3560 switch. 2960 seems to have no private vlan configuration options but it can be private vlan edge? What is private vlan edge? If I put the computers on 2960 to a vlan that is isolated vlan in 3560 will the computers be able to communicate with themselves in layer2 on 2960 switch?

    Example: I have network 10.0.0.0/24. Networks primary vlan is 2001, isolated is 2002 and community is 2003. These settings are on 3560. So if I put computers on 2960 switch to vlan 2002 and make the ports protected ports they will act as isolated ports and they can't communicate with ports that are on isolated vlan 2002 on 3560???
    Can I also use the community vlan on 2960? is this possible because vlans 2002 and 2003 would be on the same network???

  • Sfp interconnect between 2960 and 3560

    Hi,
    Can anyone tell me if the sfp interconnect cable can be used between 2960-48TC-L and a 3560-48PS-E?
    Thanks
    Andy

    in short, YES.
    the 3560-48PS-E has the 4 SFP ports.
    the 2960-48TC-L has two 'dual purpose' uplinks which can support SFP or copper.
    (you can only use one type at a time; not SFP and copper simultaneously)
    please see the following links for more info on those two devices:
    2960 -
    http://www.cisco.com/en/US/products/ps6406/products_data_sheet0900aecd80322c0c.html
    3560 -
    http://www.cisco.com/en/US/products/hw/switches/ps5528/products_data_sheet09186a00801f3d7d.html

  • QoS on 3560, 2960 and 3750 does not work (Policy-map).

    Hi
    I am tryng to configure QoS on 3 switches (2960, 3560 and 3750) with this configuration:
    mls qos
    class-map match-all QOS_DATA_CLASS
      match access-group name QOS-DATA
    class-map match-all QOS_DEFAULT_CLASS
      match access-group name QOS-DEFAULT
    class-map match-all QOS_VOICE_CLASS
      match access-group name QOS-VOICE
    class-map match-all QOS_SIGNALING_CLASS
      match access-group name QOS-SIGNALING
    policy-map QOS-SOFTPHONE-POLICY
     class QOS_DEFAULT_CLASS
       set dscp default
     class QOS_SIGNALING_CLASS
       set dscp cs2
     class QOS_DATA_CLASS
       set dscp cs1
     class QOS_VOICE_CLASS
       set dscp cs3
    interface GigabitEthernet0/34
     no switchport
     ip address 10.10.11.1 255.255.255.252
     ip ospf network point-to-point
     priority-queue out 
     service-policy input QOS-SOFTPHONE-POLICY
    interface GigabitEthernet0/47
     switchport access vlan 150
     spanning-tree portfast
     service-policy input QOS-SOFTPHONE-POLICY
    ip access-list extended QOS-DATA
     permit tcp any any eq 22
     permit tcp any any eq 465
     permit tcp any any eq 143
     permit tcp any any eq 993
     permit tcp any any eq 995
     permit tcp any any eq 1914
     permit tcp any any eq ftp
     permit tcp any any eq ftp-data
     permit tcp any any eq smtp
     permit tcp any any eq pop3
    ip access-list extended QOS-DEFAULT
     permit ip any any
    ip access-list extended QOS-SIGNALING
     permit tcp any any range 2000 2002
     permit tcp any any range 5060 5061
     permit udp any any range 5060 5061
    ip access-list extended QOS-VOICE
     permit udp any any range 16384 32767
    but when I check the show commands I see that QoS is not working.
    CoreA#sh policy-map interface g0/34   
     GigabitEthernet0/34 
      Service-policy input: QOS-SOFTPHONE-POLICY
        Class-map: QOS_DEFAULT_CLASS (match-all)
          3 packets, 198 bytes
          5 minute offered rate 0 bps, drop rate 0 bps
          Match: access-group name QOS-DEFAULT
        Class-map: QOS_SIGNALING_CLASS (match-all)
          0 packets, 0 bytes
          5 minute offered rate 0 bps, drop rate 0 bps
          Match: access-group name QOS-SIGNALING
        Class-map: QOS_DATA_CLASS (match-all)
          0 packets, 0 bytes
          5 minute offered rate 0 bps, drop rate 0 bps
          Match: access-group name QOS-DATA
        Class-map: QOS_VOICE_CLASS (match-all)
          0 packets, 0 bytes
          5 minute offered rate 0 bps, drop rate 0 bps
          Match: access-group name QOS-VOICE
        Class-map: class-default (match-any)
          0 packets, 0 bytes
          5 minute offered rate 0 bps, drop rate 0 bps
          Match: any 
    CoreA#sh policy-map interface g0/47 
     GigabitEthernet0/47 
      Service-policy input: QOS-SOFTPHONE-POLICY
        Class-map: QOS_DEFAULT_CLASS (match-all)
          0 packets, 0 bytes
          5 minute offered rate 0 bps, drop rate 0 bps
          Match: access-group name QOS-DEFAULT
        Class-map: QOS_SIGNALING_CLASS (match-all)
          0 packets, 0 bytes
          5 minute offered rate 0 bps, drop rate 0 bps
          Match: access-group name QOS-SIGNALING
        Class-map: QOS_DATA_CLASS (match-all)
          0 packets, 0 bytes
          5 minute offered rate 0 bps, drop rate 0 bps
          Match: access-group name QOS-DATA
        Class-map: QOS_VOICE_CLASS (match-all)
          0 packets, 0 bytes
          5 minute offered rate 0 bps, drop rate 0 bps
          Match: access-group name QOS-VOICE
        Class-map: class-default (match-any)
          0 packets, 0 bytes
          5 minute offered rate 0 bps, drop rate 0 bps
          Match: any 
    What do I do bad?
    The flow is the next:
    Computer with CIPC --------> Switch 2960 or 3560 or 3750 ------------------> switch core ---------------> CIPC
    I have wireshark in a port mirror on switch 2960, 3560 and 3750. In wireshark I always see the packets marked with default label.
    I hope you can help me.
    Regards.

    Try this config:
    policy-map QOS-SOFTPHONE-POLICY
     class QOS_VOICE_CLASS
       set dscp cs3
     class QOS_SIGNALING_CLASS
       set dscp cs2
     class QOS_DATA_CLASS
       set dscp cs1
     class class-default
       set dscp default
    BR

  • Daisy chain of 3550 and 3560

    Can we use a mixture of 3550 and 3560 in a daisy chain. What i mean is
    1.if i want to connect 4 switches in a daisy chain can two of them be 3550's and the other two be 3560's.
    2. If i ahve 2 3550's in a daisy chian can i add one more 3560 to the same chain

    it may be more beneficial to aggregate 3 of the switches to one via the GB/SFP ports.
    ie:
    switch1-3560 >> switch2
    switch1-3560 >> switch3
    switch1-3560 >> switch4
    having correctly sized ports for aggregated bandwidth will be required.
    you can also perform daisy chaining as you've asked.

  • Catalyst 2960 and SGE500 switches

    Hi,
    Can we  on the same network use Cisco Catalyst 2960 and Cisco SGE500 switches and share the same VLANs ?

    Hi,
    I didn't find VLAN support in key feautures of SGE500 but I'm sure it is there. For VLAN sharing you must configure trunk between switches. The number of VLAN must be the same (exluded some cases).
    For sharing VLAN information (VLAN count, names etc) the switches must support VTP protocol, not sure that SGE500 support it. But VTP is not necessary for trunking between switches.

  • NTP on Nexus5k and 3560

    I have begun moving NTP from our 6500 to 4 Nexus 5k as part of a core upgrade.  The Nexus will act as our internal NTP server for all switches.  Any switches that are on the same vlan as the Nexus have no issues syncing NTP from them.  However any switch that has to have the traffice routed to the Nexus is showing that the time source as insane.
    The configuration on our Nexus is as follows the Nexus are .11,12,13 and 14:
    ntp peer 172.24.1.12
    ntp peer 172.24.1.13
    ntp peer 172.24.1.14
    ntp server 192.43.244.18
    clock timezone CST -6 0
    clock summer-time CDT 2 Sun Mar 2:00 1 Sun Nov 2:00 60
    Here is the configuration on one of our 3560's:
    clock timezone CST -6
    clock summer-time CDT recurring
    ntp server 172.24.1.11
    ntp server 172.24.1.13
    ntp server 172.24.1.12
    ntp server 172.24.1.14
    This same configuration worked when the switches were configured as NTP Peers to our 6500 (172.24.1.1).  The ip for the 6500 has been moved to an HSRP address across the Nexus so I have pointed the switches at the individual IP for each Nexus.
    Here is a debug ntp packet ouput from one of the 3560s:
    .Mar  7 17:21:22: NTP: xmit packet to 172.24.1.11:
    .Mar  7 17:21:22:  leap 3, mode 3, version 3, stratum 0, ppoll 64
    .Mar  7 17:21:22:  rtdel 2445 (141.678), rtdsp C804D (12501.175), refid AC180101
    (172.24.1.1)
    .Mar  7 17:21:22:  ref D2F4A4F5.9CBFA919 (06:32:53.612 CST6 Sun Feb 26 2012)
    .Mar  7 17:21:22:  org 00000000.00000000 (18:00:00.000 CST6 Thu Dec 31 1899)
    .Mar  7 17:21:22:  rec 00000000.00000000 (18:00:00.000 CST6 Thu Dec 31 1899)
    .Mar  7 17:21:22:  xmt D3021792.8D0B8963 (11:21:22.550 CST6 Wed Mar 7 2012)

    Thanks for your reply.
    My issue may be a little different than you encountered. In my configuration I am able to get some, but not all, SVIs on Nexus 5548s to funciton as NTP servers.
    I have two Nexus 5548 vPC peers configured (N5K-1 and N5K-2) for HSRP and as NTP servers. A downstream 2960S switch stack (STK-7) is the NTP client. STK-7 is connected to N5K-1 and N5K-2 with a physical link each bundled into a port channel (multi-chassis Etherchannel on the STK-7 stack and vPC on the 5548 peers).
    When the STK-7 NTP client is configure for NTP server IP addresses on the same network as the switch stack (10.3.0.0 in the diagram below) all possible IP addresses work (IP addresses in green), the “real” IP addresses of each SVI on the 5548s (10.3.0.111 & 10.3.0.112) as well as the HSRP IP address (10.3.0.1).
    When the STK-7 NTP client is configured for NTP server IP addresses on a different network than the switch stack (10.10.0.0 in the diagram below) only the “real” IP address of the SVI on the 5548 to which the Etherchannel load-balancing mechanism directs the client to server NTP traffic (N5K-2) works. In the diagram above the client to server NTP traffic is sent on the link to N5K-2. In the diagram below NTP server 10.10.0.112 is reported as sane but NTP servers 10.10.0.111 and 10.10.0.1 are reported as insane (in red).
    I am concerned that the issue is related to my vPC configuration.
    Cisco TAC has indicated that this behavior is normal.

  • Two 2911 routers and 3560 switches (load balancing and redundancy)

    Good day, Sir !
    I have a model with hierarchical model. Two routers 2911 and two core switches 3560, two providers.
    I want to design redundancy scheme. Can you advice me how is better to do it ? here you can find image with topology, can you say is it good idea to connect with devices in this way ?
    Hope on you help ! Thank you !!!

    Hi,
    If you want to configure redundancy in your network on LAN you can use HSRP and from the WAN side depending on the connection with the provider you can either use BGP or any IGP.
    If you want to have load balancing as well with redundancy you can define differnt  HSRP group for different  vlan and on the wan with BGP you can use multipath option or with IGP you can manipulate the route matric.
    Thanks & Regards
    Sandeep

  • AAA and 3560 Switch + CNA

    Hi
    Has anyone got this to work?
    CNA. (Cisco Networks Assistants) and AAA (Tacacs+) on a 3560 switch.
    I can’t get the CNA to work in this setup but it works fine on together with 3500XL and 3550 serie switch. With the same parameter.
    this is the aaa conf.
    aaa authentication login default group tacacs+ local
    aaa authentication login no_tacacs enable
    aaa authentication enable default enable group tacacs+ none
    aaa authorization exec default group tacacs+ local
    aaa authorization exec no_tacacs none
    aaa authorization commands 15 default group tacacs+ if-authenticated local
    aaa authorization commands 15 no_tacacs none
    aaa accounting exec default start-stop group tacacs+
    aaa accounting commands 15 default start-stop group tacacs+
    aaa accounting network default start-stop group tacacs+
    ip http server
    ip http authentication aaa

    Hi
    No. I get the prompt for username and password.
    and hit enter. Then nothing happens. It looks like it's trying to build the network but it never get fines. I know it works without the aaa statement. But I can’t live with that.

  • 2960 and WLC

    Hi Folks,
    We have a 2960-8TC-L and a WLC 4402 (configured as L3).
    On Gi0/1 we have an LAP1131, on Gi0/6 we have WLC's Management Interface (Port1) and on Gi0/7 we have the AP-Manager (Port2).
    Both the Mgmt interface and the ap-manager have valid Ip addresses.
    We have the AP getting the IP (private address) from a dhcp pool configured on the 2960 (options 60 and 43 properly configured).
    Problem: the AP never get to find the controller in order to join to.
    Question: Would this problem be because we have a L2 switch trying to associate AP on a L3 controller?
    Thanks,
    AL

    When you set the WLC to L3, that means the ap needs to have an ip address. Management and ap-manager needs to be on the same subnet and the time has to be set on wlc. Place the ap on the same subnet as the wlc management and ap-manager's interface. Make sure there is a dhcp scope on that subnet... no need for the options on the scope. The ap will get an ip address and find the wlc. Then you can move the ap to the correct vlan and see if the ap finds the controller. Doing it this way, tha ap will know of the wlc and should have no issues finding the controller again.

  • 2960 and fail over

    I am going to hook a 2960 to a wireless antenna and have a backup T-1 to use for fail-over. Can a 2960 do this function?
    Shannon

    It could if any of the 2960 have a WAN interface such as T1 but it does not and since it's a switch.

  • Cat 4500 NetFlow Services Card and 4516-10GE Sup

    Is this not a supported configuration? the configurator doesn't like this.

    SupV-10GE comes with built in Netflow feature card. It is not an option and hence the configurator does not let you add it.

  • 2960 and configuring with a browser

    I am thinking about buying a 2960. I am not good with command line can I do advanced configuring such as traffic policing and Qos with some type of Cisco admin software?

    As a matter of fact, you can use Cisco Network Assistant (CNA) with the 2960. CNA is a free GUI-based tool that allows you to perform fairly advanced configuration including QoS.
    Here's a link with more info on it:
    http://www.cisco.com/en/US/products/ps5931/products_data_sheet0900aecd8034fbf1.html
    Hope that helps - pls rate the post if it does.
    Paresh

  • 2960s and 2960X stacking

    Gents we have used couple of 3750G in past and rule of thumb was that IOS and model should be same inorder to stack them
    Is it different for 2960 series swicthes
    We have 2 WS-C2960X-48FPS-L and one 2960S swicth can we stack them will it work ??? what about the IOS??? i know the with X its stack-plus (which is faster) but mu question is unlike 3750G will they can be stackable with different IOS???

    All the possibilities and restrictions are very good explained in the 2960-X-FAQ:
    http://www.cisco.com/c/en/us/products/collateral/switches/catalyst-2960-x-series-switches/qa_c67-728348.html#_Toc393235522

  • Cable interconnecting Cat. 3550 and 3560

    What would be an appropiate cable connecting the 3550 catalyst and the 3560?
    3550 has 2 gbic ports, while the 3560 has 4 spf module slots.

    . Can the Cisco Catalyst 3560 Series switches support the GigaStack® or StackWise™ technology?
    A. The Cisco Catalyst 3560 switches do not support the Cisco GigaStack Technology on the Catalyst 3550, 2950G, and 3500 XLs or the Cisco StackWise technology available on the Catalyst 3750. However, a cluster of any combination of these platforms can be managed via a single IP address using the Cisco Network Assistant (CAN) software. There are more details on CNA later in this document.

Maybe you are looking for