05-08-2007 10:56 PM - edited 03-03-2019 04:53 PM
have a 837 in place that has VPN tunnels setup etc.
have taken a text file copy of the config of the 837 - using hyper terminal
Wanting to move it over to the new 877.
started setting up the 877 with the basics via the SDM.
And am now trying to copy the "missing" bits across by cutting and pasting from the 837 config text file to the IOS of the 877.
The 877 doesn't seem to have an Ethernet0 though. just fast Ethernet interfaces, and vlans.
The VPN tunnels were setup on the 837 as ip unnumbered Ethernet 0.
How do I get around that?
05-09-2007 04:13 AM
Try this....its worked for me on many a ADSL router.
PART TWO: - DHCP, Interfaces, VLAN
---------
conf t
!
no ip dhcp use vrf connected
ip dhcp excluded-address 172.18.42.1 172.18.42.128
!
ip dhcp pool
import all
network 172.18.42.0 255.255.255.0
domain-name
dns-server
default-router 172.18.42.1
netbios-name-server
!
!
!
bridge irb
!
!
!
interface FastEthernet0
description connected to network inside
!
interface FastEthernet1
description name
switchport access vlan 2
no shut
!
interface FastEthernet2
description name
switchport access vlan 2
no shut
!
interface FastEthernet3
description name
switchport access vlan 2
shutdown
!
interface Dot11Radio0
no ip address
shutdown
speed basic-1.0 2.0 5.5 6.0 9.0 11.0 12.0 18.0 24.0 36.0 48.0 54.0
no preamble-short
station-role root
!
interface Vlan2
no ip address
bridge-group 1
no shut
!
!
interface BVI1
description name
ip address 172.18.42.1 255.255.255.0
ip nat inside
ip virtual-reassembly
ip tcp adjust-mss 1452
!
!
bridge 1 protocol ieee
bridge 1 route ip
!
end
PART TWO: - Access to client Network
----------
conf t
!
interface Vlan1
description connected to network-inside
ip address < IP ADDRESS AND SUBNET>
ip nat outside
ip virtual-reassembly
ip tcp adjust-mss 1452
no shut
!
!
PART THREE: - INTERNET
---------
conf t
!
interface ATM0
no ip address
no atm ilmi-keepalive
dsl operating-mode auto
no shut
!
interface ATM0.1 point-to-point
no snmp trap link-status
pvc 8/35
pppoe-client dial-pool-number 1
no shut
!
!
interface Dialer0
ip ddns update hostname hostname.dyndns.org
ip ddns update sdm_ddns1
ip address negotiated
ip mtu 1452
ip nat outside
ip virtual-reassembly
encapsulation ppp
dialer pool 1
dialer-group 1
ppp authentication chap pap callin
ppp pap sent-username
no shut
!
!
ip route 0.0.0.0 0.0.0.0 Dialer0
!
!
ip http server
ip http authentication local
ip http secure-server
ip nat inside source route-map SDM_RMAP_5 interface Dialer0 overload
ip nat inside source route-map SDM_RMAP_6 interface Vlan1 overload
!
end
PART FOUR: - DNS
---------
conf t
!
ip domain name domain.com
ip name-server ISP DNS 1
ip name-server ISP DNS 2
ip ddns update method sdm_ddns1
HTTP
add password@members.dyndns.org/nic/update?system=dyndns&hostname')">http://username:password@members.dyndns.org/nic/update?system=dyndns&hostname=
remove password@members.dyndns.org/nic/update?system=dyndns&hostname')">http://username:password@members.dyndns.org/nic/update?system=dyndns&hostname=
!
!
!
!
end
PART FIVE: - VPN
----------
conf t
!
crypto isakmp policy 1
hash md5
authentication pre-share
group 2
crypto isakmp key adsldynvpn address
crypto isakmp key adsldynvpn address
!
!
crypto ipsec transform-set ESP-3DES-MD5 esp-3des esp-md5-hmac
crypto ipsec transform-set ESP-DES-MD5 esp-des esp-md5-hmac
!
crypto map SDM_CMAP_1 1 ipsec-isakmp
description Tunnel toVPN SERVER1
set peer VPN SERVER1 IP
set transform-set ESP-3DES-MD5
match address 100
crypto map SDM_CMAP_1 2 ipsec-isakmp
description Tunnel toVPN SERVER2
set peer VPN SERVER2 IP
set transform-set ESP-3DES-MD5
match address 103
!
interface dialer 0
crypto map SDM_CMAP_1
!
Create access-list for VPN connection
!
PART SIX: - Additional Access Lists
---------
conf t
!
create access 106 and 107 list for nat, internetaccess
!
!
route-map SDM_RMAP_5 permit 1
match ip address 106
!
route-map SDM_RMAP_6 permit 1
match ip address 107
!
!
PART SEVEN: - SNMP
--------
conf t
!
SNMP config
!
PART EIGHT: - vty access
-----------
!
ip access-list extended vty-in
permit ip host
!
line vty 0 4
access-class vty-in in
!
05-09-2007 05:10 AM
Hi,
Just rename the interface an you are set. The vlan is where you connect the PC to the switchports.
05-09-2007 04:54 PM
Just rename the interface to FastEthernet0?
05-09-2007 05:10 PM
Actually, on the 877, you configure interface vlan1 for the 4 switched ports, instead of the fastethernet interfaces directly.
That is, replace ethernet0 as vlan1 in config, the rest should be the same.
As a courtesy to those providing answers, please rate useful posts using the scrollbox below1
05-09-2007 06:14 PM
Ok, so here is the full story....
I have a Cisco 837 in service that has 2 VPN tunnels setup etc.
I have taken a text file copy of the config of the 837 - using hyper terminal and show running etc.
Wanting to replace the 837 with a shiny new 877, that has the latest advanced security IOS etc.
I started setting up the 877 with the basics via the SDM. Setup the ATM interface, hostname, etc.
And am now trying to copy the "missing" bits across by cutting and pasting from the 837 config text file I created to the IOS of the 877, using hyper terminal
The 877 doesn't seem to have an Ethernet0 though. just fast Ethernet interfaces, and vlans.
The VPN tunnels were setup on the 837 as ?IP unnumbered Ethernet 0?
So when I go to copy across that part of the config, it fails.
How do I get around that?
Looks like a VLAN was setup when I first used SDM. Why does the 877 need / use VLANs?
This router will be connected to the local LAN via a single Ethernet connection, and then to the net via a garden variety ADSL over copper connection.
It will not be used as a gateway out, only as the termination point for 2 router to router VPNs coming in. The LAN has another router attached that connects to the Internet that is the default gateway.
So, what you are saying is configure the VLAN1 to with the local lan IP I want, and use it in place to the ethernet0 in the config of the 837?
05-09-2007 09:36 PM
The plot thickens.
Looks like there are a few differences.
The new config, started by SDM has the following:
service timestamps debug datetime msec
service timestamps log datetime msec
And the original from the 837 has:
service timestamps debug datetime localtime show-timezone year
service timestamps log datetime localtime show-timezone year
What is the difference?
Does that matter? Why?
05-10-2007 03:53 AM
Hi,
first of all, if the 837 was working satisfactorily, I would have not replaced it. The way you use it, the 877 does not add anything, on the other hand, having a different IOS version and few hardware differences, it can generate problem that can be hard to solve if you are not of the trade.
Second, the 877 use vlan because the 4 port switch is a managed one, with vlan support, hence no other alternative. To port your configuration, just replace each and every occurence of ethernet0 with vlan1, and you are set.
Third, service timestamps is just one of the many, many, many commands that you can have set one way or another and won't change anything. The SDM you have been using is also specialized in setting configuring certain things differently from what most humans would have. Either not worry about, or read the documention to learn about what they do.
Thanks for the nice rating and good luck!
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide