HB-IT
asked on
Cisco 2811
Hello I have a Cisco configuration I need to upload into our 2811 router and well I am not a router person so I need some help. Here is the name of the file HBMC_GATEWAY.txt that has the configs in it. This file is located on the root of my c:\ drive. When I log into the router I type in my password what do I do next and then once its uploaded how do I run it and save it as the new config.
Thank you.
Thank you.
Once you verrify everything is working to save the config you type "copy run start" but only do this after you are sure everything is working as you may override a working config and bring down your network.
ASKER
how do i copy that over. By actually highlighting the entire config file then paste under the console window? also I will be using a console cable
Are you looking to change the entire config or just a part of it?
ASKER
entire config, their is about 20 updates that needed to be changed so i ran a show run config copied it out and put it in a txt file. Once I did that I went though and made those changes now I just need to import those changes.
ASKER
Below is the a copy of the config minus the actual ip address in it but this is what I was trying to import into the 2811. let me know what I need to do.
HBMC_GATEWAY#show running-config
Building configuration...
Current configuration : 3614 bytes
!
version 12.4
no service pad
service timestamps debug datetime msec
service timestamps log datetime msec
service password-encryption
!
hostname HBMC_GATEWAY
!
boot-start-marker
boot system flash c2800nm-advsecurityk9-mz.1 24-15.T7.b in
boot-end-marker
!
logging buffered 4096
logging console critical
!
no aaa new-model
dot11 syslog
!
!
ip cef
!
!
no ip domain lookup
ip domain name loo
ip name-server 10.1.1.20
!
multilink bundle-name authenticated
!
!
!
!
!
username sgomez privilege 15 secret 5 $1$re3B$Zu1gprd.3swALO2.SI 7Qa.
username admin privilege 15 secret 5 $1$C9F/$sxsCt/cJUDYwXHGuC9 9RO.
archive
log config
hidekeys
!
crypto keyring VZW
pre-shared-key address 1.1.1.1 key VzWmPn31316
!
crypto isakmp policy 1
encr 3des
hash md5
authentication pre-share
group 2
crypto isakmp profile VZW
keyring VZW
match identity address 1.1.1.1 255.255.255.255
!
!
crypto ipsec transform-set vzw_vpntunnel esp-3des esp-md5-hmac
mode transport
!
crypto map vpntunnel 50 ipsec-isakmp
set peer 1.1.1.1
set transform-set vzw_vpntunnel
set isakmp-profile VZW
match address GRE_MATCH
!
!
!
!
!
!
interface Tunnel0
description Ohio
ip address 10.2.0.2 255.255.255.252
ip nat outside
ip virtual-reassembly
ip policy route-map VZCARD
tunnel source 1.1.1.1
tunnel destination 1.1.1.1
!
interface FastEthernet0/0
description ROUTED_BLOCK
ip address 1.1.1.1 255.255.255.248
ip nat inside
ip virtual-reassembly
duplex auto
speed auto
!
interface FastEthernet0/1
description VW_SUBNET
ip address 10.100.0.1 255.255.255.252
ip nat inside
ip virtual-reassembly
duplex full
speed 100
!
interface Serial0/0/0
ip address 1.1.1.1 255.255.255.252
crypto map vpntunnel
!
router bgp 65504
no synchronization
bgp log-neighbor-changes
network 66.174.92.14 mask 255.255.255.255
network 1.1.1.1 mask 255.255.255.255
network 1.1.1.1 mask 255.255.255.255
neighbor 10.2.0.1 remote-as 6167
neighbor 10.2.0.1 default-originate
no auto-summary
!
ip forward-protocol nd
ip route 0.0.0.0 0.0.0.0 1.1.1.1
ip route 10.1.1.0 255.255.255.0 10.100.0.2
ip route 10.1.10.0 255.255.255.0 10.100.0.2
ip route 1.1.1.1 255.255.255.255 1.1.1.1
ip route 1.1.1.1 255.255.255.255 Null0
ip route 1.1.1.1 255.255.255.255 Null0
ip route 1.1.1.1 255.255.255.255 Null0
!
!
no ip http server
no ip http secure-server
ip nat inside source static 10.1.1.20 1.1.1.1
ip nat outside source static 1.1.1.1 10.1.1.20
!
ip access-list standard VZINTERNET
permit 10.2.1.0 0.0.0.255
!
ip access-list extended GRE_MATCH
permit gre host 1.1.1.1 host 1.1.1.1
ip access-list extended VPN_IN
permit esp host 1.1.1.1 host 1.1.1.1
permit udp host 1.1.1.1 host 1.1.1.1 eq isakmp
permit icmp any host 1.1.1.1
permit tcp any host 1.1.1.1 eq 22
permit esp host 1.1.1.1 host 1.1.1.1
permit udp host 1.1.1.1 host 1.1.1.1 eq isakmp
!
access-list 7 permit 1.1.1.1
access-list 100 permit ip any host 1.1.1.1
access-list 101 deny ip any any log
snmp-server community hyrule RO 7
no cdp run
!
!
route-map VZCARD permit 10
match ip address VZINTERNET
set ip next-hop 10.100.0.2
!
!
!
control-plane
!
alias exec s show ip int brief
alias exec c configure t
!
line con 0
login local
line aux 0
access-class 101 in
no exec
line vty 0 4
privilege level 15
login local
transport input ssh
line vty 5 15
privilege level 15
login local
transport input ssh
line vty 16 988
login
transport input ssh
!
scheduler allocate 20000 1000
!
end
HBMC_GATEWAY#
HBMC_GATEWAY#show running-config
Building configuration...
Current configuration : 3614 bytes
!
version 12.4
no service pad
service timestamps debug datetime msec
service timestamps log datetime msec
service password-encryption
!
hostname HBMC_GATEWAY
!
boot-start-marker
boot system flash c2800nm-advsecurityk9-mz.1
boot-end-marker
!
logging buffered 4096
logging console critical
!
no aaa new-model
dot11 syslog
!
!
ip cef
!
!
no ip domain lookup
ip domain name loo
ip name-server 10.1.1.20
!
multilink bundle-name authenticated
!
!
!
!
!
username sgomez privilege 15 secret 5 $1$re3B$Zu1gprd.3swALO2.SI
username admin privilege 15 secret 5 $1$C9F/$sxsCt/cJUDYwXHGuC9
archive
log config
hidekeys
!
crypto keyring VZW
pre-shared-key address 1.1.1.1 key VzWmPn31316
!
crypto isakmp policy 1
encr 3des
hash md5
authentication pre-share
group 2
crypto isakmp profile VZW
keyring VZW
match identity address 1.1.1.1 255.255.255.255
!
!
crypto ipsec transform-set vzw_vpntunnel esp-3des esp-md5-hmac
mode transport
!
crypto map vpntunnel 50 ipsec-isakmp
set peer 1.1.1.1
set transform-set vzw_vpntunnel
set isakmp-profile VZW
match address GRE_MATCH
!
!
!
!
!
!
interface Tunnel0
description Ohio
ip address 10.2.0.2 255.255.255.252
ip nat outside
ip virtual-reassembly
ip policy route-map VZCARD
tunnel source 1.1.1.1
tunnel destination 1.1.1.1
!
interface FastEthernet0/0
description ROUTED_BLOCK
ip address 1.1.1.1 255.255.255.248
ip nat inside
ip virtual-reassembly
duplex auto
speed auto
!
interface FastEthernet0/1
description VW_SUBNET
ip address 10.100.0.1 255.255.255.252
ip nat inside
ip virtual-reassembly
duplex full
speed 100
!
interface Serial0/0/0
ip address 1.1.1.1 255.255.255.252
crypto map vpntunnel
!
router bgp 65504
no synchronization
bgp log-neighbor-changes
network 66.174.92.14 mask 255.255.255.255
network 1.1.1.1 mask 255.255.255.255
network 1.1.1.1 mask 255.255.255.255
neighbor 10.2.0.1 remote-as 6167
neighbor 10.2.0.1 default-originate
no auto-summary
!
ip forward-protocol nd
ip route 0.0.0.0 0.0.0.0 1.1.1.1
ip route 10.1.1.0 255.255.255.0 10.100.0.2
ip route 10.1.10.0 255.255.255.0 10.100.0.2
ip route 1.1.1.1 255.255.255.255 1.1.1.1
ip route 1.1.1.1 255.255.255.255 Null0
ip route 1.1.1.1 255.255.255.255 Null0
ip route 1.1.1.1 255.255.255.255 Null0
!
!
no ip http server
no ip http secure-server
ip nat inside source static 10.1.1.20 1.1.1.1
ip nat outside source static 1.1.1.1 10.1.1.20
!
ip access-list standard VZINTERNET
permit 10.2.1.0 0.0.0.255
!
ip access-list extended GRE_MATCH
permit gre host 1.1.1.1 host 1.1.1.1
ip access-list extended VPN_IN
permit esp host 1.1.1.1 host 1.1.1.1
permit udp host 1.1.1.1 host 1.1.1.1 eq isakmp
permit icmp any host 1.1.1.1
permit tcp any host 1.1.1.1 eq 22
permit esp host 1.1.1.1 host 1.1.1.1
permit udp host 1.1.1.1 host 1.1.1.1 eq isakmp
!
access-list 7 permit 1.1.1.1
access-list 100 permit ip any host 1.1.1.1
access-list 101 deny ip any any log
snmp-server community hyrule RO 7
no cdp run
!
!
route-map VZCARD permit 10
match ip address VZINTERNET
set ip next-hop 10.100.0.2
!
!
!
control-plane
!
alias exec s show ip int brief
alias exec c configure t
!
line con 0
login local
line aux 0
access-class 101 in
no exec
line vty 0 4
privilege level 15
login local
transport input ssh
line vty 5 15
privilege level 15
login local
transport input ssh
line vty 16 988
login
transport input ssh
!
scheduler allocate 20000 1000
!
end
HBMC_GATEWAY#
Yea it doesn't work that way. You need to identify each change and make a output to run b/c the some lines in a router you need to delete first before you update with new info.
For Example:
say I want to change this access list:
access-list 125 permit ip any 10.14.122.0 0.0.0.255
access-list 125 permit ip any 10.14.132.0 0.0.0.255
I would have to do a
no access-l 125
then post my changes:
access-list 125 deny ip any 10.14.122.0 0.0.0.255
access-list 125 deny ip any 10.14.133.0 0.0.0.255
For Example:
say I want to change this access list:
access-list 125 permit ip any 10.14.122.0 0.0.0.255
access-list 125 permit ip any 10.14.132.0 0.0.0.255
I would have to do a
no access-l 125
then post my changes:
access-list 125 deny ip any 10.14.122.0 0.0.0.255
access-list 125 deny ip any 10.14.133.0 0.0.0.255
ASKER
ok well then here is the actual config file that shows what I needed to change. So what you are saying is their is commands I need to type to change each area to make the changes in the actual config.
HBMC_GATEWAY#show running-config
Building configuration...
Current configuration : 3614 bytes
!
version 12.4
no service pad
service timestamps debug datetime msec
service timestamps log datetime msec
service password-encryption
!
hostname HBMC_GATEWAY
!
boot-start-marker
boot system flash c2800nm-advsecurityk9-mz.1 24-15.T7.b in
boot-end-marker
!
logging buffered 4096
logging console critical
!
no aaa new-model
dot11 syslog
!
!
ip cef
!
!
no ip domain lookup
ip domain name loo
ip name-server 10.1.1.20
!
multilink bundle-name authenticated
!
!
!
!
!
archive
log config
hidekeys
!
crypto keyring VZW
pre-shared-key address 66.174.161.247 key vzwGREipsecHBmcclure# ---------Change to: 66.216.153.86 key VzWmPn31316
!
crypto isakmp policy 1
encr 3des
hash md5
authentication pre-share
group 2
crypto isakmp profile VZW
keyring VZW
match identity address 66.174.161.247-----------C hange to: 66.174.161.36 255.255.255.255
!
!
crypto ipsec transform-set vzw_vpntunnel esp-3des esp-md5-hmac
mode transport
!
crypto map vpntunnel 50 ipsec-isakmp
set peer 66.174.161.247-----------C hange to: 66.174.161.36
set transform-set vzw_vpntunnel
set isakmp-profile VZW
match address GRE_MATCH
!
!
!
!
!
!
interface Tunnel0
description Ohio
ip address 10.2.0.2 255.255.255.252
ip nat outside
ip virtual-reassembly
ip policy route-map VZCARD
tunnel source 66.216.153.86
tunnel destination 66.174.161.247-----------C hange to: 66.174.161.36
!
interface FastEthernet0/0
description ROUTED_BLOCK
ip address 66.216.163.145 255.255.255.248
ip nat inside
ip virtual-reassembly
duplex auto
speed auto
!
interface FastEthernet0/1
description VW_SUBNET
ip address 10.100.0.1 255.255.255.252
ip nat inside
ip virtual-reassembly
duplex full
speed 100
!
interface Serial0/0/0
ip address 66.216.153.86 255.255.255.252
crypto map vpntunnel
!
router bgp 65504
no synchronization
bgp log-neighbor-changes
network 66.174.92.14 mask 255.255.255.255
network 66.174.95.44 mask 255.255.255.255
network 69.78.96.14 mask 255.255.255.255
neighbor 10.2.0.1 remote-as 22394------------Change to: 6167
neighbor 10.2.0.1 default-originate
no auto-summary
!
ip forward-protocol nd
ip route 0.0.0.0 0.0.0.0 66.216.153.85
ip route 10.1.1.0 255.255.255.0 10.100.0.2
ip route 10.1.10.0 255.255.255.0 10.100.0.2
ip route 66.109.238.254 255.255.255.255 66.216.153.85
ip route 66.174.92.14 255.255.255.255 Null0
ip route 66.174.95.44 255.255.255.255 Null0
ip route 69.78.96.14 255.255.255.255 Null0
!
!
no ip http server
no ip http secure-server
ip nat inside source static 10.1.1.20 66.174.95.44
ip nat outside source static 66.174.95.44 10.1.1.20
!
ip access-list standard VZINTERNET
permit 10.2.1.0 0.0.0.255
!
ip access-list extended GRE_MATCH
permit gre host 66.216.153.86 host 66.174.161.247 -----------Change to: 66.174.161.36
ip access-list extended VPN_IN
permit esp host 66.174.161.247-----------C hange to: 66.174.161.36 host 66.216.153.86
permit udp host 66.174.161.247-----------C hange to: 66.174.161.36 host 66.216.153.86 eq isakmp
permit icmp any host 66.216.153.86
permit tcp any host 66.216.153.86 eq 22
permit esp host 66.174.160.247-----------C hange to: 66.174.161.36 host 66.216.153.86
permit udp host 66.174.160.247-----------C hange to: 66.174.161.36 host 66.216.153.86 eq isakmp
!
access-list 7 permit 72.25.6.228
access-list 100 permit ip any host 66.174.161.247-----------C hange to: 66.174.161.36
access-list 101 deny ip any any log
snmp-server community hyrule RO 7
no cdp run
!
!
route-map VZCARD permit 10
match ip address VZINTERNET
set ip next-hop 10.100.0.2
!
!
!
control-plane
!
alias exec s show ip int brief
alias exec c configure t
!
line con 0
login local
line aux 0
access-class 101 in
no exec
line vty 0 4
privilege level 15
login local
transport input ssh
line vty 5 15
privilege level 15
login local
transport input ssh
line vty 16 988
login
transport input ssh
!
scheduler allocate 20000 1000
!
end
HBMC_GATEWAY#
HBMC_GATEWAY#show running-config
Building configuration...
Current configuration : 3614 bytes
!
version 12.4
no service pad
service timestamps debug datetime msec
service timestamps log datetime msec
service password-encryption
!
hostname HBMC_GATEWAY
!
boot-start-marker
boot system flash c2800nm-advsecurityk9-mz.1
boot-end-marker
!
logging buffered 4096
logging console critical
!
no aaa new-model
dot11 syslog
!
!
ip cef
!
!
no ip domain lookup
ip domain name loo
ip name-server 10.1.1.20
!
multilink bundle-name authenticated
!
!
!
!
!
archive
log config
hidekeys
!
crypto keyring VZW
pre-shared-key address 66.174.161.247 key vzwGREipsecHBmcclure# ---------Change to: 66.216.153.86 key VzWmPn31316
!
crypto isakmp policy 1
encr 3des
hash md5
authentication pre-share
group 2
crypto isakmp profile VZW
keyring VZW
match identity address 66.174.161.247-----------C
!
!
crypto ipsec transform-set vzw_vpntunnel esp-3des esp-md5-hmac
mode transport
!
crypto map vpntunnel 50 ipsec-isakmp
set peer 66.174.161.247-----------C
set transform-set vzw_vpntunnel
set isakmp-profile VZW
match address GRE_MATCH
!
!
!
!
!
!
interface Tunnel0
description Ohio
ip address 10.2.0.2 255.255.255.252
ip nat outside
ip virtual-reassembly
ip policy route-map VZCARD
tunnel source 66.216.153.86
tunnel destination 66.174.161.247-----------C
!
interface FastEthernet0/0
description ROUTED_BLOCK
ip address 66.216.163.145 255.255.255.248
ip nat inside
ip virtual-reassembly
duplex auto
speed auto
!
interface FastEthernet0/1
description VW_SUBNET
ip address 10.100.0.1 255.255.255.252
ip nat inside
ip virtual-reassembly
duplex full
speed 100
!
interface Serial0/0/0
ip address 66.216.153.86 255.255.255.252
crypto map vpntunnel
!
router bgp 65504
no synchronization
bgp log-neighbor-changes
network 66.174.92.14 mask 255.255.255.255
network 66.174.95.44 mask 255.255.255.255
network 69.78.96.14 mask 255.255.255.255
neighbor 10.2.0.1 remote-as 22394------------Change to: 6167
neighbor 10.2.0.1 default-originate
no auto-summary
!
ip forward-protocol nd
ip route 0.0.0.0 0.0.0.0 66.216.153.85
ip route 10.1.1.0 255.255.255.0 10.100.0.2
ip route 10.1.10.0 255.255.255.0 10.100.0.2
ip route 66.109.238.254 255.255.255.255 66.216.153.85
ip route 66.174.92.14 255.255.255.255 Null0
ip route 66.174.95.44 255.255.255.255 Null0
ip route 69.78.96.14 255.255.255.255 Null0
!
!
no ip http server
no ip http secure-server
ip nat inside source static 10.1.1.20 66.174.95.44
ip nat outside source static 66.174.95.44 10.1.1.20
!
ip access-list standard VZINTERNET
permit 10.2.1.0 0.0.0.255
!
ip access-list extended GRE_MATCH
permit gre host 66.216.153.86 host 66.174.161.247 -----------Change to: 66.174.161.36
ip access-list extended VPN_IN
permit esp host 66.174.161.247-----------C
permit udp host 66.174.161.247-----------C
permit icmp any host 66.216.153.86
permit tcp any host 66.216.153.86 eq 22
permit esp host 66.174.160.247-----------C
permit udp host 66.174.160.247-----------C
!
access-list 7 permit 72.25.6.228
access-list 100 permit ip any host 66.174.161.247-----------C
access-list 101 deny ip any any log
snmp-server community hyrule RO 7
no cdp run
!
!
route-map VZCARD permit 10
match ip address VZINTERNET
set ip next-hop 10.100.0.2
!
!
!
control-plane
!
alias exec s show ip int brief
alias exec c configure t
!
line con 0
login local
line aux 0
access-class 101 in
no exec
line vty 0 4
privilege level 15
login local
transport input ssh
line vty 5 15
privilege level 15
login local
transport input ssh
line vty 16 988
login
transport input ssh
!
scheduler allocate 20000 1000
!
end
HBMC_GATEWAY#
I will be more that happy to help you if someone doesn't get to you by tonight, I am running out right now but I will check on this when I get back.
ASKER
great thank you!
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Looks pretty good to me. I'd give it a go. The only thing is the access-list 100 that I do not see what you are using it for. But that's no problem, it's just there doing nothing.
Be attentive for error messages while copy/pasting the config. In case of uncertainty copy/paste them to the forum and we'll have a look at them.
Be attentive for error messages while copy/pasting the config. In case of uncertainty copy/paste them to the forum and we'll have a look at them.
ASKER
Great this will help out dramatically, I will be doing this Tuesday this coming week at midnight. I will keep you guys posted on these changes and how it goes. once i make these changes do i need to exit enable mode or anything for the routes to take affect?
just type end and you should be back at the HBMC_GATEWAY# prompt. The changes should be imediate. If something doesn't work just power cycle the router and the original config will load
Like I said make sure everything is working over the the next day or two, when you are sure everything is working you will want to save the changes by typing
copy run start
Like I said make sure everything is working over the the next day or two, when you are sure everything is working you will want to save the changes by typing
copy run start
ASKER
when I actually type in config t and it goes to the next line i paste 1 line at a time and hit enter correct?
You can copy and paste all at the same time or line by line it is up to you.
you can mark all the config and copy/paste it all at once. it works like you would type it on the keyboard and hit enter after each line (there is a hidden CRLF at the end of each line). But you can do it line by line as well which gives you more control over possible error messages.
ASKER
I will keep you posted I am doing the changes tonight at midnight est.
When you log into the router type en then enter that will put you into config mode
Is this a live router? Don't save any configs so that you can reboot incase you mess something up.