moving a cisco 837 config to an new 877.

Unanswered Question

have a 837 in place that has VPN tunnels setup etc.

have taken a text file copy of the config of the 837 - using hyper terminal

Wanting to move it over to the new 877.

started setting up the 877 with the basics via the SDM.

And am now trying to copy the "missing" bits across by cutting and pasting from the 837 config text file to the IOS of the 877.

The 877 doesn't seem to have an Ethernet0 though. just fast Ethernet interfaces, and vlans.

The VPN tunnels were setup on the 837 as ip unnumbered Ethernet 0.

How do I get around that?


  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 4 (1 ratings)
Loading.
bradlesliect Wed, 05/09/2007 - 04:13
User Badges:

Try this....its worked for me on many a ADSL router.


PART TWO: - DHCP, Interfaces, VLAN

---------

conf t

!

no ip dhcp use vrf connected

ip dhcp excluded-address 172.18.42.1 172.18.42.128

!

ip dhcp pool

import all

network 172.18.42.0 255.255.255.0

domain-name

dns-server

default-router 172.18.42.1

netbios-name-server

!

!

!

bridge irb

!

!

!

interface FastEthernet0

description connected to network inside

!

interface FastEthernet1

description name

switchport access vlan 2

no shut

!

interface FastEthernet2

description name

switchport access vlan 2

no shut

!

interface FastEthernet3

description name

switchport access vlan 2

shutdown

!

interface Dot11Radio0

no ip address

shutdown

speed basic-1.0 2.0 5.5 6.0 9.0 11.0 12.0 18.0 24.0 36.0 48.0 54.0

no preamble-short

station-role root

!

interface Vlan2

no ip address

bridge-group 1

no shut

!

!

interface BVI1

description name

ip address 172.18.42.1 255.255.255.0

ip nat inside

ip virtual-reassembly

ip tcp adjust-mss 1452

!

!

bridge 1 protocol ieee

bridge 1 route ip

!

end



PART TWO: - Access to client Network

----------

conf t

!

interface Vlan1

description connected to network-inside

ip address < IP ADDRESS AND SUBNET>

ip nat outside

ip virtual-reassembly

ip tcp adjust-mss 1452

no shut

!

!


PART THREE: - INTERNET

---------

conf t

!

interface ATM0

no ip address

no atm ilmi-keepalive

dsl operating-mode auto

no shut

!

interface ATM0.1 point-to-point

no snmp trap link-status

pvc 8/35

pppoe-client dial-pool-number 1

no shut

!

!

interface Dialer0

ip ddns update hostname hostname.dyndns.org

ip ddns update sdm_ddns1

ip address negotiated

ip mtu 1452

ip nat outside

ip virtual-reassembly

encapsulation ppp

dialer pool 1

dialer-group 1

ppp authentication chap pap callin

ppp pap sent-username password

no shut

!

!

ip route 0.0.0.0 0.0.0.0 Dialer0

!

!

ip http server

ip http authentication local

ip http secure-server

ip nat inside source route-map SDM_RMAP_5 interface Dialer0 overload

ip nat inside source route-map SDM_RMAP_6 interface Vlan1 overload

!

end



PART FOUR: - DNS

---------

conf t

!

ip domain name domain.com

ip name-server ISP DNS 1

ip name-server ISP DNS 2

ip ddns update method sdm_ddns1

HTTP

add [email protected]/nic/update?system=dyndns&hostname')">http://username:[email protected]/nic/update?system=dyndns&hostname=&myip=

remove [email protected]/nic/update?system=dyndns&hostname')">http://username:[email protected]/nic/update?system=dyndns&hostname=&myip=

!

!

!

!

end




PART FIVE: - VPN

----------

conf t

!

crypto isakmp policy 1

hash md5

authentication pre-share

group 2

crypto isakmp key adsldynvpn address no-xauth

crypto isakmp key adsldynvpn address no-xauth

!

!

crypto ipsec transform-set ESP-3DES-MD5 esp-3des esp-md5-hmac

crypto ipsec transform-set ESP-DES-MD5 esp-des esp-md5-hmac

!

crypto map SDM_CMAP_1 1 ipsec-isakmp

description Tunnel toVPN SERVER1

set peer VPN SERVER1 IP

set transform-set ESP-3DES-MD5

match address 100

crypto map SDM_CMAP_1 2 ipsec-isakmp

description Tunnel toVPN SERVER2

set peer VPN SERVER2 IP

set transform-set ESP-3DES-MD5

match address 103

!

interface dialer 0

crypto map SDM_CMAP_1

!

Create access-list for VPN connection

!



PART SIX: - Additional Access Lists

---------

conf t

!

create access 106 and 107 list for nat, internetaccess

!

!

route-map SDM_RMAP_5 permit 1

match ip address 106

!

route-map SDM_RMAP_6 permit 1

match ip address 107

!

!




PART SEVEN: - SNMP

--------

conf t

!

SNMP config

!



PART EIGHT: - vty access

-----------

!

ip access-list extended vty-in

permit ip host any

!

line vty 0 4

access-class vty-in in

!

Paolo Bevilacqua Wed, 05/09/2007 - 05:10
User Badges:
  • Super Gold, 25000 points or more
  • Hall of Fame,

    Founding Member

Hi,


Just rename the interface an you are set. The vlan is where you connect the PC to the switchports.

Paolo Bevilacqua Wed, 05/09/2007 - 17:10
User Badges:
  • Super Gold, 25000 points or more
  • Hall of Fame,

    Founding Member

Actually, on the 877, you configure interface vlan1 for the 4 switched ports, instead of the fastethernet interfaces directly.


That is, replace ethernet0 as vlan1 in config, the rest should be the same.


As a courtesy to those providing answers, please rate useful posts using the scrollbox below1

Ok, so here is the full story....


I have a Cisco 837 in service that has 2 VPN tunnels setup etc.

I have taken a text file copy of the config of the 837 - using hyper terminal and show running etc.


Wanting to replace the 837 with a shiny new 877, that has the latest advanced security IOS etc.

I started setting up the 877 with the basics via the SDM. Setup the ATM interface, hostname, etc.


And am now trying to copy the "missing" bits across by cutting and pasting from the 837 config text file I created to the IOS of the 877, using hyper terminal

The 877 doesn't seem to have an Ethernet0 though. just fast Ethernet interfaces, and vlans.

The VPN tunnels were setup on the 837 as ?IP unnumbered Ethernet 0?

So when I go to copy across that part of the config, it fails.


How do I get around that?


Looks like a VLAN was setup when I first used SDM. Why does the 877 need / use VLANs?


This router will be connected to the local LAN via a single Ethernet connection, and then to the net via a garden variety ADSL over copper connection.


It will not be used as a gateway out, only as the termination point for 2 router to router VPNs coming in. The LAN has another router attached that connects to the Internet that is the default gateway.


So, what you are saying is configure the VLAN1 to with the local lan IP I want, and use it in place to the ethernet0 in the config of the 837?


The plot thickens.

Looks like there are a few differences.



The new config, started by SDM has the following:

service timestamps debug datetime msec

service timestamps log datetime msec


And the original from the 837 has:

service timestamps debug datetime localtime show-timezone year

service timestamps log datetime localtime show-timezone year


What is the difference?

Does that matter? Why?



Paolo Bevilacqua Thu, 05/10/2007 - 03:53
User Badges:
  • Super Gold, 25000 points or more
  • Hall of Fame,

    Founding Member

Hi,


first of all, if the 837 was working satisfactorily, I would have not replaced it. The way you use it, the 877 does not add anything, on the other hand, having a different IOS version and few hardware differences, it can generate problem that can be hard to solve if you are not of the trade.


Second, the 877 use vlan because the 4 port switch is a managed one, with vlan support, hence no other alternative. To port your configuration, just replace each and every occurence of ethernet0 with vlan1, and you are set.


Third, service timestamps is just one of the many, many, many commands that you can have set one way or another and won't change anything. The SDM you have been using is also specialized in setting configuring certain things differently from what most humans would have. Either not worry about, or read the documention to learn about what they do.


Thanks for the nice rating and good luck!

Actions

This Discussion