Cisco 3750 - two ports stopped passing traffic

I have a WS-C3750V2-24PS-S   switch - two member stack - that has been up for four years.  It runs C3750-ADVIPSERVICESK9-M, Version 12.2(46)SE.  It's run flawlessly until the last few weeks.  Interface Gi1/0/6 stopped sending/receiving traffic although it was in up/up mode.  I tried to admin down/up the int but no good.  So I moved the cable to another interface (say 1/30) and the traffic flowed again.  Over the weekend interface Gi1/0/5 had the same symptom.  The host connected to it - a Cisco UCM stopped responding to ping or anything else although the port was up/up.  There were no errors visible when I tried "show log" and no incrementing errors on the interface, nothing in syslog.  I could even see the bps in and out appear to show some traffic.  But from a ping or TCP standpoint the interface was passing no traffic.  I bounced the UCM and still no traffic flowed.  I moved the cable to interface Gi 1/0/15 and now traffic was flowing again. 

I wanted to get some thoughts on here before opening a TAC case.  Does this sound like a memory leak bug with this version of IOS?  A failing ASIC?  Other thoughts on troubleshooting or possible explanation?

When traffic stops flowing, can you get any other device to communicate on those ports? Is any type of port security, storm control, dot1x, or any other method applied to the ports that could automatically disable a port?

Assuming that no security/error method (or spanning-tree) is blocking traffic, it does sound like an ASIC that is on the fritz. Perhaps a switch reboot is an order, and/or a TAC case. If you have smartnet, I would definitely start a TAC case immediately even if it's just a CYA. Grab a "show tech" when the issue is occurring for TAC  WS-C3750X-24P-S   to review.

Configure HWIC-4ESW with three vlans in a Cisco 2811 router

I would like to setup a VOICE lab at home and has purchased two HWIC-2FE  cards for SiteB(BR1) and SiteC(BR2).I need to configure thre VLANS in each router.Could you please show me how to configure it.....your help is appreciated.......thnx

Configure an Ethernet/Fast Ethernet Interface

Int f0/0

   Ip address [IP] [mask]

   No shut

   Exit

interface FastEthernet [PORT#].10

   encapsulation dot1q 10

   ip address [IP] [mask]

   no shutdown

   exit

interface FastEthernet [PORT#].20

   encapsulation dot1q 20

   ip address [IP] [mask]

   no shutdown

   exit

Vlan 10

     name Voice

     Exit

Vlan 20

     name Voice

     Exit

Interface range ethernet 0/1 - 4

   Switchport mode access

   Switchport access vlan 20

   Switchport voice vlan 10

In my experience, the 2811 router does not allow the "vlan 10" and "vlan 20" sections.  In other words, you cannot configure the VLANs for the 4ESW in global config mode.  You need to configure these from vlan database:

Router#vlan database

Router(vlan)#vlan 10 name Name-Vlan10

Router(vlan)#vlan 20 name Name-Vlan20

Router(vlan)#vlan 30 name Name-Vlan30

Router(vlan)#exit

APPLY completed.

Exiting  EHWIC-1GE-SFP-CU....

Router#

cisco 3560 isolate ports

i have 3 vlans on my catalyst WS-C3560X-24T-L

now vlan 1396 gets the internet connection from fast 0/1

vlan 2 is giving out the connection on fast 0/2 and it connected to the firewall

i want to create vlan3 which get internet from fast 0/3 and works like layer2 switch

because i return from firewall to the vlan 3

If I understand correctly(partly because of my experience in your last question)......VLAN 1396 takes an outside internet connection that routes to another internet address you have on interface VLAN 2 on your router.  Fa0/2 is configured for VLAN 2 and is connected to the WAN port of your firewall.  Fa0/3 is connected to the LAN port of your firewall?  Go ahead and configured vlan 3 on fa0/3 and all of your other interfaces.  from 3560(config)# :

vlan 3

name LAN

exit

int range fa0/3-24

switchport mode access

switchport  WS-C3560X-24T-S    access vlan 3

Cisco Switch 3560 Errdisable disable State

Please see attached my error I get on up link of  trunk port.

How can I find root of problem to solve it.

This could be caused by a network device but I am guessing that would be rather difficult to track down. How many users are connected o the WS-C3560X-24P-S  switch? Are you able to provide me a sanitized configuration of the 3560? Also are you able to test the fiber link for any physical layer issues?

smaller frames are less effective and will cause drainage of the resource(memory/cpu) if it's being received at an alarming rate.

Since this is being received at the trunk port, trailing the diagram/cabling some network device or even a NIC is not working the way it's expected(may be half duplex or faulty) and network/link is congested at that segment and as a result of collision, the smaller frames are making their way in. It will be a tedious job to find that part.

If you can do a WS-C3560X-48P-L   packet capture, the source and destination field might make your life easy.

Catalyst 3750 Stackwise technology

I am new to the WS-C3750X-24T-L  stackwise technology but from that I understand if two 3750s are connected together in the backplane with the stackwise technology, if one fails the stack is still running. But if one of my switch fails, all the users connected to that switch will be down. So what is the benefit of the stackwise technology. May be you can shed some lights on the subject.

Allows multiple switches to be managed as a single unit and gives higher bandwidth between the switches compared to using external switch port connections.

Sort of like have a chassis based switch (Catalyst WS-C3750X-24T-S, 7500, Nexsus 7K) without the expense of a chassis.

Even with a chassis if one blade fails, all of the devices connected to that blade still fails.

Configuring Point to Point T1 on Cisco Router WIC1DSU-T1 to HWIC-4T1/E1

We originally had a point to point T1 on two 2811 routers with HWIC-2T  cards.

I have a new 3925 that has a HWIC-4T1/E1 that I'm attempting to setup for multiple point to multipoint T1cards, but am not sure how to configure the HWIC-4T1 so it can talk to the WIC1DSU-T1.

My router with the WIC1DSU-T1 shows up as S0/0/0

My router with the HWIC-4T1 shows with 4 ports as:

controller T1 0/0/0

 cablelength long 0db

controller T1 0/0/1

 cablelength long 0db

controller T1 0/0/2

 cablelength long 0db

controller T1 0/0/3

 cablelength long 0db

When I plug the original T1 cable from one of the ports on the new HWIC-4T1, the port does not comes up and I am getting errors.

When I originally plugged up the WIC1DSU-T1 to WS-X45-SUP7-E   on my 2811's, the link just came right up.  Am I missing something on the configuration of the HWIC-4T1?

Thanks.  It actually ended up being a bad cable, but I appreciate the link for the configuration page.

Cisco 2801 - Verizon WAN HWIC - Routing/Gateway Question

Looking for some advice on how this will work for us in a disaster recovery scenario.  Right now we are like most businesses on a fiber internet connection, and have fiber between our remote offices.  If in a disaster we lost fiber to our headquarter facility, we want to use the Verizon WAN HWIC-1T  solution to get us by until fiber service is restored.  What would this look like for us when the disaster happens?  How would I route us out through Verizon?

Right now we have everyone with a default gateway of our main switch.  That main switch has its default gateway as our firewall.  When the disaster happens, do I just change the main switches default gateway to my new router with the Verizon HWIC card in it?

I know this will only allow for outbound traffic to the internet, and nothing inbound, but will that work?

My other more pressing concern is, will this be safe?  Since traffic will now be routed through Verizon and a router only, no firewall?

Any thoughts or suggestions would be appreciated!

To put some IP Numbers into this mix to get a clearer picture and explanation, I am going to assume the following layout:

Fiber Internet  (1.X.X.1)           Verizon WWAN (2.X.X.1)

   |    (1.X.X.2)                                    | (2.X.X.2)

Firewall                                        Cisco 2801         

   |    (10.1.0.1, 10.2.0.1, 10.3.0.1 /24s)     |     (10.1.0.2, 10.2.0.2, 10.3.0.2 /24s)

---------------------Main Switch-------------------------

          |                               |

          |           Various Branch Office Uplinks

   HQ Subnets        (10.3.0.X /24)

(10.1.0.X /24)

(10.2.0.X /24)   

From the diagram you can see that you would simply define all of the VLANs on the Cisco 2801 and give them a layer 3 address in each VLAN.  You would also independantly configure the Cisco 2801 for NAT.  As long as the fiber solution is up, all traffic will be routed out of the firewall and nothing should end up in the router.  In the event of a failure of the fiber circuit, there are several options that can be employed depending on the capabilities of the firewall and "main switch".

1. If the switch supports basic static layer 3 routes, I would still define both routes on the device, however, I would not make them equal cost.  Instead I would make the 3G network, say 100 compared to 10 for the fiber circuit.  This will ensure that traffic never "automatically" goes to the 3G circuit.  As mentioned, with static routing failover is not automatic unless the interface goes down.  So in the event the firewall fails and brings the interface down, it would act as an automatic failover.  However, if the circuit goes down and the interface remains up, having the route in place allows you to failover the path much quicker and easier by simply shutting down the interface going to the firewall.  This prevents the need to define a more complex route statement while you are in the middle of an outage.

2. If the main switch supports ip slas of some type, you can automate the failover of the static route.

3.  If the firewall supports ip slas of some type AS WELL AS hairpinning, you may be able to use the firewall to failover to the 3G network if the fiber circuit fails.  This would be a bit of a complex configuration.

One additional point I would like to make is that you can make to further subnet your network and place "important" users into their own WS-X45-SUP7L-E   Since your failover circuit will be a 3G circuit, speeds will not be that stellar and can probably only reliably support maybe 10 simultaneous users at one time.  I would consider essentially allowing the network to be down when the fiber circuit is down for everyone except these "VIPS".  Otherwise, if internet access is granted company wide over the 3G network, the speeds will be some horrendous that everyone might as well be down.

Configure VLANs on Cisco 3560 for SonicPoints on NSA240

We just purchased some SonicPoints and a NSA240 firewall for our network, and are having issues getting the existing Cisco equipment to allow the traffic...our core switch is a Cisco WS-C3560X-24T-L   (10.0.0.2) and we also have a 2821 ISR at 10.0.0.1.  These addresses are on the management VLAN.  The 3560 has a default route to 10.0.0.1, and the 2821 has a default route to 192.168.10.2 (the NSA 240)

Our default LAN (VLAN 100) is 192.168.10.x/24, and we created two new VLANs on the SonicWALL for the second and third virtual APs on the SonicPoints (192.168.40.x/24, VLAN 125 and 192.168.50.x/24, VLAN 150).

The first virtual AP is configured with no VLAN and works like a champ.  The second and third ones are configured on VLANs 125 and 150 respectively and will authenticate clients but don't get a DHCP address and can't pass traffic when given a static IP in the range.

Here's show vlan on the 3560:

1    default                          active    Gi0/3, Gi0/4

100  DATA                             active    Fa0/1, Fa0/2, Fa0/3, Fa0/4

                                                Fa0/5, Fa0/6, Fa0/7, Fa0/8

                                                Fa0/9, Fa0/10, Fa0/11, Fa0/12

                                                Fa0/13, Fa0/14, Fa0/15, Fa0/16

                                                Fa0/17, Fa0/18, Fa0/19, Fa0/20

                                                Fa0/21, Fa0/22, Fa0/23, Fa0/24

                                                Fa0/25, Fa0/27, Fa0/28, Fa0/29

                                                Fa0/30, Fa0/31, Fa0/32, Fa0/33

                                                Fa0/34, Fa0/35, Fa0/36, Fa0/37

                                                Fa0/38, Fa0/40, Fa0/41, Fa0/42

                                                Fa0/43, Fa0/44, Fa0/45, Fa0/46

                                                Fa0/47, Fa0/48

125  Wireless1                        active

150  Wireless2                        active

200  VOICE                            active    Fa0/1, Fa0/2, Fa0/3, Fa0/4

VLAN Name                             Status    Ports

---- -------------------------------- --------- -------------------------------

                                                Fa0/5, Fa0/6, Fa0/7, Fa0/8

                                                Fa0/9, Fa0/10, Fa0/11, Fa0/12

                                                Fa0/13, Fa0/14, Fa0/15, Fa0/16

                                                Fa0/17, Fa0/18, Fa0/19, Fa0/20

                                                Fa0/21, Fa0/22, Fa0/23, Fa0/24

                                                Fa0/25, Fa0/26, Fa0/27, Fa0/28

                                                Fa0/29, Fa0/30, Fa0/31, Fa0/32

                                                Fa0/33, Fa0/34, Fa0/35, Fa0/36

                                                Fa0/37, Fa0/38, Fa0/39, Fa0/40

                                                Fa0/41, Fa0/42, Fa0/43, Fa0/44

                                                Fa0/45, Fa0/46, Fa0/47, Fa0/48

No, for the AP that you want to use vlan 125, configure switch access vlan 125. For the port that has the AP that will use 150 configure switchport access vlan WS-C3560X-24T-S   not both.

CISCO1841 is not recognizing HWIC-1DSU-T1

I have a CISCO1841 with IOS 12.4(15)T4 that is not recognizing the EHWIC-1GE-SFP-CU. It has recognized a WIC-1DSU-T1-V2. From what I've seen on the Cisco site the IOS I currently have should be fine for the HWIC-1DSU-T1.

program load complete, entry point: 0x8000f000, size: 0x2242414

Self decompressing the image : #################################################

################################################################################

############################################### [OK]

Smart Init is enabled

smart init is sizing iomem

  ID            MEMORY_REQ         TYPE

                0X003AA110 public buffer pools

                0X00211000 public particle pools

                0X00020000 Crypto module pools

0X058A          0X00000000 UNKNOWN Card in slot 0

                0X000021B8 Onboard USB

configuration or there is a software problem and

system operation may be compromised.

Allocating additional 3185098 bytes to IO Memory.

PMem allocated: 122683392 bytes; IOMem allocated: 11534336 bytes

              Restricted Rights Legend

Use, duplication, or disclosure by the Government is

subject to restrictions as set forth in subparagraph

(c) of the Commercial Computer Software - Restricted

Rights clause at FAR sec. 52.227-19 and subparagraph

(c) (1) (ii) of the Rights in Technical Data and Computer

Software clause at DFARS sec. 252.227-7013.

           cisco Systems, Inc.

           170 West Tasman Drive

           San Jose, California 95134-1706

Cisco IOS Software, 1841 Software (C1841-ADVENTERPRISEK9-M), Version 12.4(15)T4,

 RELEASE SOFTWARE (fc2)

Technical Support: http://www.cisco.com/techsupport

Copyright (c) 1986-2008 by Cisco Systems, Inc.

Compiled Thu 13-Mar-08 01:23 by prod_rel_team

Image text-base: 0x60080650, data-base: 0x62A0A1E0

Has anyone else come across this problem?

Have you tried a newer IOS, that versions is pretty old already shouldn't be older than the card but just recently I came across something similar with older PVDMs in a 2811.

based on the hardware that you provided, the minimum release for the hardware that you listed VWIC3-1MFT-T1/E1 is:

12.4(2)T3 

with the latest release being 12.4(24)T3.

I would try and see if you can get the 12.4(24)T3

So seeing that you are running T4, go with T3 and you should be all set. This is what I get back from Cisco site. Also, from the error that you are getting, it appears that the software does not recongize the card. To be clear, you are inserting the card while the router is powered down correct?

3750 switch setup as a router

i  have a cisco WS-C3750X-48T-L  switch i need to enable routing. this is a fresh switch no config just need to get it to route to an ip.

switch gateway: 50.200.158.149 255.255.255.252

switch usable ip; 50.200.158.153 255.255.255.248

I need to set vlan 1 to 50.200.158.153 255.255.255.248 and have it route outside packets to

50.200.158.149 255.255.255.252.

this is a standard Comcast business setup but i am having a difficult time getting the switch to route outside packets.

If i put a host on the inside 50.200.158.154 and put it its gateway as 50.200.158.153 i need it to get to outside.

i basically need to set the switch as a router. so a genric config would be fine i can replace the ip's

conf t

ip routing

!

interface GigabitEthernet0/1

 no switchport

 ip address 50.200.158.150 255.255.255.252

 no shutdown

!

interface Vlan1

 ip address 50.200.158.153 255.255.255.248

 no shutdown

end

Plus maybe a static default route to 50.200.158.149?

Good call @TimotiSt

It won't work without that :-)

conf t

 ip WS-C3750X-48T-S   route 0.0.0.0 0.0.0.0 50.200.158.149

end

Cisco 3750 Stack standby switch

I have been working to configure a stack of 3 WS-C3750X-48T-L  so 2 members are active and 1 is in hot standby mode. From the best I can understand reading and rereading the manuals standby switches that would roll in to take the place of a failed switch isn't possible with stacks.

It appears to make this work you must use switch clustering HSRP groups. I am confused about clustering and cluster command switches. Can one of the active 3750's act as a command switch. If so then can a cluster of 3 be configured so 2 are active and upon a failure the standby takes the configuration of the failed switch?

Essentially you have two choices based  on what you're looking for. For the automatic configuration of a replacement stack member, you would actually need to leave your stacks at 2 switches. The automatic reconfiguration comes when a switch fails, and you physically remove and replace it with another switch. The new switch will detect that another switch is already running in the master role and will accept the existing configuration.

Your other choice is to have a stack of 3, with one of the switches running empty. Upon a failure, use the current running configuration to copy, replace interface numbering, and paste in to place. Then move the cables.

There is no way to have a stack member automatically take on the config of a failed member... At least none that I know of. The better answer to this is to get your customers to do, well, what they currently aren't doing which is dual connecting their equipment.

(Caveat to my opinions - I've never done clustering myself, we've always used either stacks, 6500's in pairs, redundant SUPs, or other means of providing HA capabilities)

I don't believe that clustering would solve your problem from my reading of Cisco's docs...    The two WS-C3750X-24P-S switch cluster that rauenpc suggests looks like your best bet.  If you're really worried about swap out time, you could rack three switches in and simply leave one disconnected.  The amount of time it takes to replug the network cables and stack cables shouldn't be that significant especially if you leave the middle of the three as the cold standby unit that way you'll only ever remove the top or the bottom switch rather than pulling out the middle switch (if your top switch dies and the bottom of the three is the standby, your re-cabling gets messy real quickly). 

Honestly, I have to agree with rauenpc's recommendation on driving your customers to "do the right thing".  And, unless your SLAs are written to require this kind of failover, you're probably costing yourself more money trying to compensate for a customer trying to do it on the cheap.

ASA - 3750 Trunk not able to ping gateway

I have the following configs on the ASA and WS-C3750X-24P-S switch: The issue is that I added the vlan

1533 (i.e switchport trunk allowed vlan add 1533) to the trunkport and cant ping the ip

address of the ASA for that vlan (i.e. ping 172.15.33.1). I have icmp enabled on the firewall and can also ping the 172.16.33.1 address. What am i overlooking to allow me to ping the

ASA gateway address from the switch. I tried an extended ping as well but unsuccessful.

Cisco ASA 5510 CONFIG

interface e0/1

decription Trunks to Inside Network

no nameif

no security level

no ip address

!

interface e0/1.1533

vlan 1533

ip address 172.15.33.1 255.255.255.0

nameif Tester-Valn

security-level 100

!

interface e0/1.1633

vlan 1633

ip address 172.16.33.1 255.255.255.0

nameif Development Vlan

security-level 100

!!!!!!Other vlans omitted for simplicity!!!!!

SWITCH CONFIG

interface GigabitEthernet1/0/47

 description Trunk to Firewall Port E0/1 INSIDE

 switchport trunk encapsulation dot1q

 switchport trunk allowed vlan 1, 200-210,1533,1633

 switchport mode trunk

!

interface vlan 1533

 ip address 172.15.33.3 255.255.255.0

 no ip route-cache cef

 no ip route-cache

!

interface vlan 1633

 ip address 172.16.33.3 255.255.255.0

 no ip route-cache cef

 no ip route-cache

If your switch has the proper gateway, then 1 possibility is eliminated.

It looks though that you may have WS-C3750X-24P-L  issues. Just so you know, routes may exist in your configuration in the Asa that may not show in the table when you show route

1st, let's trace the path from the switch to see where it is going

traceroute 172.15.33.1

Also on the switch, do

show route

Show ip protocols

If no routing protocols exist, make sure to turn "ip routing" on and configure static route

On the firewall

Show route

Show run route

Do these above for now and we'll go from there

multicast on cisco 3750 and cisco rv180 - only receiving unicast

I've been struggling with multicast for some bit now.  I receive video through unicast.

The following is true:

A WS-C3750X-24P-S  is configured as such:

interface GigabitEthernet1/0/11

 description Uplink to CiscoRV180

 no switchport

 ip flow ingress

 ip flow egress

 ip address 172.27.255.33 255.255.255.252

 ip pim sparse-mode

 ip igmp query-interval 125

 flowcontrol receive desired

 spanning-tree portfast disable

 spanning-tree bpdufilter disable

 spanning-tree bpduguard disable

end

ip pim rp-address 10.10.254.32

no ip pim dm-fallback

ip mroute 172.27.91.192 255.255.255.240 172.27.255.23

ip route 172.27.91.192 255.255.255.240 GigabitEthernet1/0/11 172.27.255.34

router eigrp 64512

 network 172.27.90.0 0.0.0.127

 network 172.27.90.128 0.0.0.63

 network 172.27.90.192 0.0.0.63

 network 172.27.91.0 0.0.0.127

 network 172.27.91.192 0.0.0.15

 network 172.27.255.20 0.0.0.3

 redistribute connected

 redistribute static

 passive-interface default

 no passive-interface TenGigabitEthernet1/1/1

 eigrp router-id 172.27.90.1

 nsf

connected to WAN port on the RV180 switch:

WAN Information-

IP Address: 172.27.255.34

Subnet Mask: 255.255.255.252

Gateway: 172.27.255.33

Routing Mode: Gateway (NAT)

Access Rules:

Default Outbound: Allow

One-to-One NAT

Private Range: 192.168.2.151

Public Range: 172.27.91.193- 196

Service: ANY

IGMP Proxy: Enable

Upstream: WAN

Allowed Networks: 192.168.2.151 - 154 Length - 32

I can see the video in unicast but can't see it in multicast.  Do I have the routes right? 

multicast debug is on. I see no traffic concerning 172.27.91.x.

None of the WS-C3750X-24P-L  solutions worked.  Had to take Router out of the mix for broadcast to work.

policy routing on cisco 3560

this is my scenario on my cisco WS-C3560X-48P-S

Vlan 3 connects to internet router.

Vlan 4 Users, range 192.168.4.0/24

Vlan 5 Users, range 192.168.5.0/24

Vlan 7 Servers, range 192.168.7.0/24

Can i apply a policy route on Vlan 3 so traffic from end users goes to the internet through another route?

Basically I want to filter and limit users access to the internet. 

I would apply in on the inbound interface. By applying it on the outbound interface I would imagine the Router would already have done a routing table lookup bypassing PBR.

ip access-list extended ACL-PBR

permit ip 10.10.10.0 0.0.0.255 any

!

route-map RM-PBR permit 10

match ip address ACL-PBR

Next I wanted to apply the route-map to the correct interface, but that resultant in the following syslog message.

%PLATFORM_PBR-4-SDM_MISMATCH: PBR requires sdm template routing

Looking at the internet for a PBR example on a Cisco Catalyst 3560, I found that I had to change the SDM (Switch Database Management) template. The SDM manages the layer 2 and layer 3 switching information that is maintained in the Ternary Content Addressable Memory (TCAM). The TCAM is used for forwarding lookups.

Looking at the default configuration the switch had the following SDM configuration.

SW01-L3(config)#do sh sdm prefer

The current template is “desktop default” template.

The selected template optimizes the resources in

the switch to support this level of features for

8 routed interfaces and 1024 VLANs.

number of unicast mac addresses:                  6K

number of IPv4 IGMP groups + multicast routes:    1K

number of IPv4 unicast routes:                    8K

number of directly-connected IPv4 hosts:        6K

number of indirect IPv4 routes:                 2K

number of IPv4 policy based routing aces:         0

number of IPv4/MAC qos aces:                      0.75K

number of IPv4/MAC security aces:                 1K

Looking at the output, there is no memory configured for IPv4 policy based routing aces. This means that I have to change the SDM template to routing. This is achieved be entering the global configuration command:

sdm prefer routing

The execution of the command requires a switch reboot. After the reboot I checked the SDM configuration and noticed that memory is allocated for PBR, like displayed below:

SW01-L3(config)#do sh sdm prefer

The current template is “desktop routing” template.

The selected template optimizes the resources in

the switch to support this level of features for

8 routed interfaces and 1024 VLANs.

number of unicast mac addresses:                  3K

number of IPv4 IGMP groups + multicast routes:    1K

number of IPv4 unicast routes:                    11K

number of directly-connected IPv4 hosts:        3K

number of indirect IPv4 routes:                 8K

number of IPv4 policy based routing aces:         0.5K

number of IPv4/MAC qos aces:                      0.75K

number of IPv4/MAC security aces:                 1K

So I try to apply the route-map to the specific interface, but this resulted in another syslog message.

%PLATFORM_PBR-3-UNSUPPORTED_RMAP: Route-map RM-PBR not supported for Policy-Based Routing

Seems that the PBR configuration is not supported on the switch. At least some commands are not supported. Checking the internet again, I found a document with Unsupported Route Map Commands for a Catalyst WS-C3560X-48T-L

I had to change the next-hop configuration. I replaced the route-map with the following commands.

route-map RM-PBR permit 10

match ip address ACL-PBR

set ip next-hop 10.10.10.253