Cisco 2811

You can't upload a txt file. you would need to telnet or use a console cable and paste that info in manually

When you log into the router type en then enter that will put you into config mode

Is this a live router? Don't save any configs so that you can reboot incase you mess something up.

Once you verrify everything is working to save the config you type "copy run start" but  only do this after you are sure everything is working as you may override a working config and bring down your network.

how do i copy that over.  By actually highlighting the entire config file then paste under the console window?  also I will be using a console cable

Are you looking to change the entire config or just a part of it?

entire config, their is about 20 updates that needed to be changed so i ran a show run config copied it out and put it in a txt file.  Once I did that I went though and made those changes now I just need to import those changes.

Below is the a copy of the config minus the actual ip address in it but this is what I was trying to import into the 2811.  let me know what I need to do.

HBMC_GATEWAY#show running-config
Building configuration...

Current configuration : 3614 bytes
!
version 12.4
no service pad
service timestamps debug datetime msec
service timestamps log datetime msec
service password-encryption
!
hostname HBMC_GATEWAY
!
boot-start-marker
boot system flash c2800nm-advsecurityk9-mz.124-15.T7.bin
boot-end-marker
!
logging buffered 4096
logging console critical
!
no aaa new-model
dot11 syslog
!
!
ip cef
!
!
no ip domain lookup
ip domain name loo
ip name-server 10.1.1.20
!
multilink bundle-name authenticated
!
!
!
!
!
username sgomez privilege 15 secret 5 $1$re3B$Zu1gprd.3swALO2.SI7Qa.
username admin privilege 15 secret 5 $1$C9F/$sxsCt/cJUDYwXHGuC99RO.
archive
 log config
  hidekeys
!
crypto keyring VZW
  pre-shared-key address 1.1.1.1 key VzWmPn31316
!
crypto isakmp policy 1
 encr 3des
 hash md5
 authentication pre-share
 group 2
crypto isakmp profile VZW
   keyring VZW
   match identity address 1.1.1.1 255.255.255.255
!
!
crypto ipsec transform-set vzw_vpntunnel esp-3des esp-md5-hmac
 mode transport
!
crypto map vpntunnel 50 ipsec-isakmp
 set peer 1.1.1.1
 set transform-set vzw_vpntunnel
 set isakmp-profile VZW
 match address GRE_MATCH
!
!
!
!
!
!
interface Tunnel0
 description Ohio
 ip address 10.2.0.2 255.255.255.252
 ip nat outside
 ip virtual-reassembly
 ip policy route-map VZCARD
 tunnel source 1.1.1.1
 tunnel destination 1.1.1.1
!
interface FastEthernet0/0
 description ROUTED_BLOCK
 ip address 1.1.1.1 255.255.255.248
 ip nat inside
 ip virtual-reassembly
 duplex auto
 speed auto
!
interface FastEthernet0/1
 description VW_SUBNET
 ip address 10.100.0.1 255.255.255.252
 ip nat inside
 ip virtual-reassembly
 duplex full
 speed 100
!
interface Serial0/0/0
 ip address 1.1.1.1 255.255.255.252
 crypto map vpntunnel
!
router bgp 65504
 no synchronization
 bgp log-neighbor-changes
 network 66.174.92.14 mask 255.255.255.255
 network 1.1.1.1 mask 255.255.255.255
 network 1.1.1.1 mask 255.255.255.255
 neighbor 10.2.0.1 remote-as 6167
 neighbor 10.2.0.1 default-originate
 no auto-summary
!
ip forward-protocol nd
ip route 0.0.0.0 0.0.0.0 1.1.1.1
ip route 10.1.1.0 255.255.255.0 10.100.0.2
ip route 10.1.10.0 255.255.255.0 10.100.0.2
ip route 1.1.1.1 255.255.255.255 1.1.1.1
ip route 1.1.1.1 255.255.255.255 Null0
ip route 1.1.1.1 255.255.255.255 Null0
ip route 1.1.1.1 255.255.255.255 Null0
!
!
no ip http server
no ip http secure-server
ip nat inside source static 10.1.1.20 1.1.1.1
ip nat outside source static 1.1.1.1 10.1.1.20
!
ip access-list standard VZINTERNET
 permit 10.2.1.0 0.0.0.255
!
ip access-list extended GRE_MATCH
 permit gre host 1.1.1.1 host 1.1.1.1
ip access-list extended VPN_IN
 permit esp host 1.1.1.1 host 1.1.1.1
 permit udp host 1.1.1.1 host 1.1.1.1 eq isakmp
 permit icmp any host 1.1.1.1
 permit tcp any host 1.1.1.1 eq 22
 permit esp host 1.1.1.1 host 1.1.1.1
 permit udp host 1.1.1.1 host 1.1.1.1 eq isakmp
!
access-list 7 permit 1.1.1.1
access-list 100 permit ip any host 1.1.1.1
access-list 101 deny   ip any any log
snmp-server community hyrule RO 7
no cdp run
!
!
route-map VZCARD permit 10
 match ip address VZINTERNET
 set ip next-hop 10.100.0.2
!
!
!
control-plane
!
alias exec s show ip int brief
alias exec c configure t
!
line con 0
 login local
line aux 0
 access-class 101 in
 no exec
line vty 0 4
 privilege level 15
 login local
 transport input ssh
line vty 5 15
 privilege level 15
 login local
 transport input ssh
line vty 16 988
 login
 transport input ssh
!
scheduler allocate 20000 1000
!
end

HBMC_GATEWAY#

Yea it doesn't work that way. You need to identify each change and make a output to run b/c the  some lines in a router you need to delete first before you update with new info.

For Example:

say I want to change this access list:

access-list 125 permit ip any 10.14.122.0 0.0.0.255
access-list 125 permit ip any 10.14.132.0 0.0.0.255

I would have to do a

no access-l 125

then post my changes:

access-list 125 deny ip any 10.14.122.0 0.0.0.255
access-list 125 deny ip any 10.14.133.0 0.0.0.255

ok well then here is the actual config file that shows what I needed to change.  So what you are saying is their is commands I need to type to change each area to make the changes in the actual config.

HBMC_GATEWAY#show running-config
Building configuration...

Current configuration : 3614 bytes
!
version 12.4
no service pad
service timestamps debug datetime msec
service timestamps log datetime msec
service password-encryption
!
hostname HBMC_GATEWAY
!
boot-start-marker
boot system flash c2800nm-advsecurityk9-mz.124-15.T7.bin
boot-end-marker
!
logging buffered 4096
logging console critical
!
no aaa new-model
dot11 syslog
!
!
ip cef
!
!
no ip domain lookup
ip domain name loo
ip name-server 10.1.1.20
!
multilink bundle-name authenticated
!
!
!
!
!

archive
 log config
  hidekeys
!
crypto keyring VZW
  pre-shared-key address 66.174.161.247 key vzwGREipsecHBmcclure# ---------Change to:  66.216.153.86 key VzWmPn31316
!
crypto isakmp policy 1
 encr 3des
 hash md5
 authentication pre-share
 group 2
crypto isakmp profile VZW
   keyring VZW
   match identity address 66.174.161.247-----------Change to:  66.174.161.36 255.255.255.255
!
!
crypto ipsec transform-set vzw_vpntunnel esp-3des esp-md5-hmac
 mode transport
!
crypto map vpntunnel 50 ipsec-isakmp
 set peer 66.174.161.247-----------Change to:  66.174.161.36
 set transform-set vzw_vpntunnel
 set isakmp-profile VZW
 match address GRE_MATCH
!
!
!
!
!
!
interface Tunnel0
 description Ohio
 ip address 10.2.0.2 255.255.255.252
 ip nat outside
 ip virtual-reassembly
 ip policy route-map VZCARD
 tunnel source 66.216.153.86
 tunnel destination 66.174.161.247-----------Change to:  66.174.161.36
!
interface FastEthernet0/0
 description ROUTED_BLOCK
 ip address 66.216.163.145 255.255.255.248
 ip nat inside
 ip virtual-reassembly
 duplex auto
 speed auto
!
interface FastEthernet0/1
 description VW_SUBNET
 ip address 10.100.0.1 255.255.255.252
 ip nat inside
 ip virtual-reassembly
 duplex full
 speed 100
!
interface Serial0/0/0
 ip address 66.216.153.86 255.255.255.252
 crypto map vpntunnel
!
router bgp 65504
 no synchronization
 bgp log-neighbor-changes
 network 66.174.92.14 mask 255.255.255.255
 network 66.174.95.44 mask 255.255.255.255
 network 69.78.96.14 mask 255.255.255.255
 neighbor 10.2.0.1 remote-as 22394------------Change to:  6167
 neighbor 10.2.0.1 default-originate
 no auto-summary
!
ip forward-protocol nd
ip route 0.0.0.0 0.0.0.0 66.216.153.85
ip route 10.1.1.0 255.255.255.0 10.100.0.2
ip route 10.1.10.0 255.255.255.0 10.100.0.2
ip route 66.109.238.254 255.255.255.255 66.216.153.85
ip route 66.174.92.14 255.255.255.255 Null0
ip route 66.174.95.44 255.255.255.255 Null0
ip route 69.78.96.14 255.255.255.255 Null0
!
!
no ip http server
no ip http secure-server
ip nat inside source static 10.1.1.20 66.174.95.44
ip nat outside source static 66.174.95.44 10.1.1.20
!
ip access-list standard VZINTERNET
 permit 10.2.1.0 0.0.0.255
!
ip access-list extended GRE_MATCH
 permit gre host 66.216.153.86 host 66.174.161.247 -----------Change to:  66.174.161.36
ip access-list extended VPN_IN
 permit esp host 66.174.161.247-----------Change to:  66.174.161.36 host 66.216.153.86
 permit udp host 66.174.161.247-----------Change to:  66.174.161.36 host 66.216.153.86 eq isakmp
 permit icmp any host 66.216.153.86
 permit tcp any host 66.216.153.86 eq 22
 permit esp host 66.174.160.247-----------Change to:  66.174.161.36 host 66.216.153.86
 permit udp host 66.174.160.247-----------Change to:  66.174.161.36 host 66.216.153.86 eq isakmp
!
access-list 7 permit 72.25.6.228
access-list 100 permit ip any host 66.174.161.247-----------Change to:  66.174.161.36
access-list 101 deny   ip any any log
snmp-server community hyrule RO 7
no cdp run
!
!
route-map VZCARD permit 10
 match ip address VZINTERNET
 set ip next-hop 10.100.0.2
!
!
!
control-plane
!
alias exec s show ip int brief
alias exec c configure t
!
line con 0
 login local
line aux 0
 access-class 101 in
 no exec
line vty 0 4
 privilege level 15
 login local
 transport input ssh
line vty 5 15
 privilege level 15
 login local
 transport input ssh
line vty 16 988
 login
 transport input ssh
!
scheduler allocate 20000 1000
!
end

HBMC_GATEWAY#

I will be more that happy to help you if someone doesn't get to you by tonight, I am running out right now but I will check on this when I get back.

great thank you!

Looks pretty good to me. I'd give it a go. The only thing is the access-list 100 that I do not see what you are using it for. But that's no problem, it's just there doing nothing.

Be attentive for error messages while copy/pasting the config. In case of uncertainty copy/paste them to the forum and we'll have a look at them.

Great this will help out dramatically, I will be doing this Tuesday this coming week at midnight.  I will keep you guys posted on these changes and how it goes.  once i make these changes do i need to exit enable mode or anything for the routes to take affect?

just type end and you should be back at the HBMC_GATEWAY# prompt. The changes should be imediate. If something doesn't work just power cycle the router and the original config will load

Like I said make sure everything is working over the the next day or two, when you are sure everything is working you will want to save the changes by typing

copy run start

when I actually type in config t and it goes to the next line i paste 1 line at a time and hit enter correct?

You can copy and paste all at the same time or line by line it is up to you.

you can mark all the config and copy/paste it all at once. it works like you would type it on the keyboard and hit enter after each line (there is a hidden CRLF at the end of each line). But you can do it line by line as well which gives you more control over possible error messages.

I will keep you posted I am doing the changes tonight at midnight est.