Solved: Cisco 2951 configuration backup restore to 4431

imranbhatti22006 · ‎06-17-2022

Hi,

I've a project, our customer is going to replace his old MPLS running Customer Edge routers to newer version, 2951 to 4431.

i was wondering if this is possible I can take configuration backup from 2951 and restore it to directly on 4431?? I doubt this will not possible cause 4000 routers are running on IOS XE.

Richard Burts · ‎06-22-2022

I am sorry to hear that there have been issues in the transition. I am slightly puzzled that the boot process took 15 minutes. Did you by any chance get a copy of the console output during the boot process?

I am not sure that I understand this statement "then it booted to default image." Can you provide clarification?

If you do a

show version

on the new router, is it running the version of code in your

boot system command (isr4400-universalk9.16.03.05.SPA)?

HTH

Rick

View solution in original post

Richard Burts · ‎06-17-2022

There will be syntax differences between different versions of code on different platforms. So a direct restore of the config will encounter errors. But it should not be difficult to find comparable commands on the new platform for the config from the old platform.

HTH

Rick

imranbhatti22006 · ‎06-18-2022

Thank you Richard,

that's true, and i believe making offline configs manually would be good idea by comparing with

show run

of old 2951. And this isn't gonna take too much time as this CE Router, so not much of hassle is there. Thanks for your participation.

balaji.bandi · ‎06-18-2022

IOS vs IOX XE and Qos config also changed, better prepare new 4K router offline, get the config paste on console and see what errors you getting, the move on fixing the systanx will give good outcome ( do not paste whole config, try few lines) - like

global config
interface config

any additional config.

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

imranbhatti22006 · ‎06-18-2022

HI BB,

that's a great idea. I'd go with this one and I see no complicated configs on CE side. Thanks

imranbhatti22006 · ‎06-18-2022

Another thing I see is something new,

There's BGP neighbor is involved on CE router, that shouldn't be there I think. BGP is only involved in MPLS Core not CE. Pasting below.

interface GigabitEthernet0/0
 
 
 
 ip address 10.189.36.182 255.255.255.252
 no ip proxy-arp
 duplex auto
 speed auto
!
interface GigabitEthernet0/1
 description connected to MC2 Private Jizan
 ip address 192.168.170.1 255.255.254.0
 no ip proxy-arp
 duplex auto
 speed auto
!
interface GigabitEthernet0/2
 no ip address
 --More--          duplex auto
 speed auto
!
interface FastEthernet0/0/0
 no ip address
 shutdown
 duplex auto
 speed auto
!
interface FastEthernet0/0/1
 no ip address
 shutdown
 duplex auto
 speed auto
!
router ospf 1
 network 192.168.96.76 0.0.0.3 area 0
 network 192.168.170.0 0.0.1.255 area 0
!
router bgp 65272
 bgp log-neighbor-changes
 redistribute connected
 neighbor 10.189.36.181 remote-as 65000
 --More--         !
no ip forward-protocol nd
!
no ip http server
ip http authentication local
no ip http secure-server
ip http timeout-policy idle 60 life 86400 requests 10000
!
ip route 192.185.41.249 255.255.255.255 192.168.170.217
!
!
!
snmp-server community mc2jezanbw RO
!
control-plane
!
!

Richard Burts · ‎06-18-2022

This is an interesting development to find that there is a BGP neighbor. We do not know nearly enough to have an opinion about whether it should be there or not. Perhaps the output of these commands might shed some light on the question

show ip bgp neighbor
show ip bgp
show ip route

HTH

Rick

imranbhatti22006 · ‎06-18-2022

Yes Mr. Burts,

This is interesting. My flight to site schedule for 21st june but all i have right now is, complete

show run

of 2951. Which I'm going to paste below. Regarding above commands, i can only execute once I'm on site / or may be customer will give me access to 2951 before that, Surely i'll check for that. I already send email to customer to "check with your ISP why BGP is involved in CE side? Also, acknowledge them for upgrade maintenance window before their NOC team may freak out as CE site goes down"

Georg Pauwen · ‎06-18-2022

Hello,

I know I am a bit late to the discussion, but can post the 'original' running configuration of your 2951 router ?

imranbhatti22006 · ‎06-18-2022

Welcome George,

No you're not too late, i'm pasting complete

show run

below. and Guys, Don't forget to guide me for SNMP, I've less experience on SNMP configs. There's SNMP domain mentioned and customer is using PRTG for NOC Team in Head office to monitor the sites.

=~=~=~=~=~=~=~=~=~=~=~= PuTTY log 2022.06.16 15:48:09 =~=~=~=~=~=~=~=~=~=~=~=

CESite#
CESite#show ipint    int brie
Interface                  IP-Address      OK? Method Status                Protocol
Embedded-Service-Engine0/0 unassigned      YES NVRAM  administratively down down    
GigabitEthernet0/0         10.189.36.182   YES NVRAM  up                    up      
GigabitEthernet0/1         192.168.170.1   YES NVRAM  up                    up      
GigabitEthernet0/2         unassigned      YES NVRAM  down                  down    
FastEthernet0/0/0          unassigned      YES NVRAM  administratively down down    
FastEthernet0/0/1          unassigned      YES NVRAM  administratively down down    
Loopback0                  192.168.174.1   YES NVRAM  up                    up      
CESite#show gig0/0
                 ^
% Invalid input detected at '^' marker.

CESite#show int gig0/0
GigabitEthernet0/0 is up, line protocol is up 
  Hardware is PQ3_TSEC, address is a46c.2a8e.dc60 (bia a46c.2a8e.dc60)
  Description: Connection to MC2 IP-VPN Cloud
  Internet address is 10.189.36.182/30
  MTU 1500 bytes, BW 100000 Kbit/sec, DLY 100 usec, 
     reliability 255/255, txload 12/255, rxload 1/255
  Encapsulation ARPA, loopback not set
  Keepalive set (10 sec)
  Full Duplex, 100Mbps, media type is RJ45
  output flow-control is unsupported, input flow-control is unsupported
  ARP type: ARPA, ARP Timeout 04:00:00
  Last input 00:00:00, output 00:00:00, output hang never
  Last clearing of "show interface" counters never
  Input queue: 0/75/0/0 (size/max/drops/flushes); Total output drops: 94
  Queueing strategy: fifo
  Output queue: 0/40 (size/max)
  5 minute input rate 651000 bits/sec, 387 packets/sec
  5 minute output rate 4793000 bits/sec, 518 packets/sec
     1648801192 packets input, 611372626131 bytes, 0 no buffer
     Received 1910482 broadcasts (0 IP multicasts)
     0 runts, 0 giants, 0 throttles 
     0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored
 --More--              0 watchdog, 0 multicast, 0 pause input
     2123209854 packets output, 2401886727886 bytes, 0 underruns
     0 output errors, 0 collisions, 1 interface resets
     1910480 unknown protocol drops
     0 babbles, 0 late collision, 0 deferred
     19 lost carrier, 0 no carrier, 0 pause output
     0 output buffer failures, 0 output buffers swapped out
CESite#
CESite#
CESite#shwo ip mpl
CESite#shwo ip mpl           shwo i  p mpl
CESite#shwo ip mpl           show ip mpl
CESite#show ip mpls
CESite#show ip mpls ?
% Unrecognized command
CESite#show ip mpls              show run
Building configuration...

Current configuration : 4434 bytes
!
version 15.4
service tcp-keepalives-in
service timestamps debug datetime msec
service timestamps log datetime msec
service password-encryption
!
hostname CESite
!
boot-start-marker
boot system flash:c2900-universalk9-mz.SPA.150-1.M2.bin
boot-end-marker
!
!
no logging buffered
enable secret 5 $1$Lxb.$ztT/JAXcb7IwnZPYkJ0cH.
!
no aaa new-model
!
!
!
 --More--         !
!
!
no ip source-route
!
!
!
!
!
ip dhcp bootp ignore
!
!
!
no ip bootp server
no ip domain lookup
ip domain name mc2ryd.com
ip cef
no ipv6 cef
!
multilink bundle-name authenticated
!
!
cts logging verbose
 --More--         !
crypto pki trustpoint TP-self-signed-2577235882
 enrollment selfsigned
 subject-name cn=IOS-Self-Signed-Certificate-2577235882
 revocation-check none
 rsakeypair TP-self-signed-2577235882
!
!
crypto pki certificate chain TP-self-signed-2577235882
 certificate self-signed 01
  3082022B 30820194 A0030201 02020101 300D0609 2A864886 F70D0101 05050030 
  31312F30 2D060355 04031326 494F532D 53656C66 2D536967 6E65642D 43657274 
  69666963 6174652D 32353737 32333538 3832301E 170D3135 30373034 30323231 
  35325A17 0D323030 31303130 30303030 305A3031 312F302D 06035504 03132649 
  4F532D53 656C662D 5369676E 65642D43 65727469 66696361 74652D32 35373732 
  33353838 3230819F 300D0609 2A864886 F70D0101 01050003 818D0030 81890281 
  8100B55D 30F0E537 2BA21101 232FF6A7 E01AFE64 19FA883B 9986DF15 73460879 
  B9376EF4 CE9377EA BD6D1988 54259FB8 E599AFAF 7888CBC1 5EC569CF E66608A5 
  9E605BE2 8ACC2E85 A612293A 6F8F81F3 17E1D6DD 72EA4C23 89E1169A 0B9F8671 
  5893ABBD 3B5C4C31 699C3806 046FD0A3 F140CFAF 48AD9433 CBF1AE2D 6C397C56 
  738F0203 010001A3 53305130 0F060355 1D130101 FF040530 030101FF 301F0603 
  551D2304 18301680 147F57A4 5C5AED69 3CE2EF25 E7FA6808 CD5BFD5A CE301D06 
  03551D0E 04160414 7F57A45C 5AED693C E2EF25E7 FA6808CD 5BFD5ACE 300D0609 
 --More--           2A864886 F70D0101 05050003 81810047 6C296BF7 F51023C2 9212AD48 919D204A 
  D29DC2BC 06066B49 04E0C16E 696D1860 3D8F9053 01A270DD C134B277 CB71C846 
  7A8227D0 97D5FB8B 98752866 0B5633DC 4289D643 8E4090B0 3E5379E6 2DD220F8 
  02F2FF54 C1C060F6 89376785 2C71F2FF 36037592 6F671D4A A1E1FF3C F221D834 
  DEC7D5B3 A0A67EA2 853DDD14 0AA291
  	quit
license udi pid CISCO2951/K9 sn FCZ192761K1
!
!
archive
 log config
  hidekeys
username admin privilege 15 secret 5 $1$2Ex1$oPumaM8ls2R/l7G/.VG1a.
username mc2admin privilege 15 secret 5 $1$B50U$iXMdy.QAjfxq1suWbC84r.
username user-name secret 5 $1$JQNH$SXg6xh/tWxWSMBPOgJg8x.
!
redundancy
!
!
!
!
!
!
 --More--         interface Loopback0
 ip address 192.168.174.1 255.255.255.252
!
interface Embedded-Service-Engine0/0
 no ip address
 shutdown
!
interface GigabitEthernet0/0
 
 
 
 ip address 10.189.36.182 255.255.255.252
 no ip proxy-arp
 duplex auto
 speed auto
!
interface GigabitEthernet0/1
 description connected to MC2 Private Jizan
 ip address 192.168.170.1 255.255.254.0
 no ip proxy-arp
 duplex auto
 speed auto
!
interface GigabitEthernet0/2
 no ip address
 --More--          duplex auto
 speed auto
!
interface FastEthernet0/0/0
 no ip address
 shutdown
 duplex auto
 speed auto
!
interface FastEthernet0/0/1
 no ip address
 shutdown
 duplex auto
 speed auto
!
router ospf 1
 network 192.168.96.76 0.0.0.3 area 0
 network 192.168.170.0 0.0.1.255 area 0
!
router bgp 65272
 bgp log-neighbor-changes
 redistribute connected
 neighbor 10.189.36.181 remote-as 65000
 --More--         !
no ip forward-protocol nd
!
no ip http server
ip http authentication local
no ip http secure-server
ip http timeout-policy idle 60 life 86400 requests 10000
!
ip route 192.185.41.249 255.255.255.255 192.168.170.217
!
!
!
snmp-server community CESitebw RO
!
control-plane
!
!
banner motd ^C

This Device Belongs to Second Milling Company (MC2)

UNAUTHORIZED ACCESS TO THIS DEVICE IS PROHIBITED
             STOP IMMEDIATELY
 --More--         You must have explicit, authorized permission to access or configur
this device, Unauthorized attempts and actions to access or use this
device may result in civil and/or criminal penalties.

All activities performed on this device are logged and monitored
             Contact IT Security Officer (540).^C
!
line con 0
 password 7 030A5206020E701D
 login
line aux 0
 no exec
line 2
 no activation-character
 no exec
 transport preferred none
 transport output pad telnet rlogin lapb-ta mop udptn v120 ssh
 stopbits 1
line vty 0 4
 login local
 transport input ssh
line vty 5 15
 login local
 --More--          transport input ssh
!
scheduler allocate 20000 1000
ntp authenticate
!
end

CESite#
CESite#
CESite#show cd
CESite#show cdp
CESite#show cdp ne
Capability Codes: R - Router, T - Trans Bridge, B - Source Route Bridge
                  S - Switch, H - Host, I - IGMP, r - Repeater, P - Phone, 
                  D - Remote, C - CVTA, M - Two-port Mac Relay 

Device ID        Local Intrfce     Holdtme    Capability  Platform  Port ID

Total cdp entries displayed : 0
CESite#show rouer os
CESite#show rouer osp
CESite#show rouer osp      t
CESite#show route-er
CESite#show route-er     r os
CESite#show router os         
% Type "show ?" for a list of subcommands
CESite#show mpl
CESite#show mpls
CESite#show mpls inter
CESite#show mpls inter               show ver
Cisco IOS Software, C2951 Software (C2951-UNIVERSALK9-M), Version 15.4(3)M2, RELEASE SOFTWARE (fc2)
Technical Support: http://www.cisco.com/techsupport
Copyright (c) 1986-2015 by Cisco Systems, Inc.
Compiled Fri 06-Feb-15 17:54 by prod_rel_team

ROM: System Bootstrap, Version 15.0(1r)M16, RELEASE SOFTWARE (fc1)

CESite uptime is 23 weeks, 5 days, 2 hours, 46 minutes
System returned to ROM by power-on
System image file is "flash0:c2951-universalk9-mz.SPA.154-3.M2.bin"
Last reload type: Normal Reload
Last reload reason: power-on



This product contains cryptographic features and is subject to United
States and local country laws governing import, export, transfer and
use. Delivery of Cisco cryptographic products does not imply
third-party authority to import, export, distribute or use encryption.
Importers, exporters, distributors and users are responsible for
compliance with U.S. and local country laws. By using this product you
agree to comply with applicable laws and regulations. If you are unable
 --More--         to comply with U.S. and local laws, return this product immediately.

A summary of U.S. laws governing Cisco cryptographic products may be found at:
http://www.cisco.com/wwl/export/crypto/tool/stqrg.html

If you require further assistance please contact us by sending email to
export@cisco.com.

Cisco CISCO2951/K9 (revision 1.1) with 485376K/38912K bytes of memory.
Processor board ID FCZ192761K1
2 FastEthernet interfaces
3 Gigabit Ethernet interfaces
1 terminal line
DRAM configuration is 72 bits wide with parity enabled.
255K bytes of non-volatile configuration memory.
255488K bytes of ATA System CompactFlash 0 (Read/Write)


License Info:

License UDI:

-------------------------------------------------
 --More--         Device#	  PID			SN
-------------------------------------------------
*1  	  CISCO2951/K9          FCZ192761K1     



Technology Package License Information for Module:'c2951' 

------------------------------------------------------------------------
Technology    Technology-package                  Technology-package
              Current              Type           Next reboot  
------------------------------------------------------------------------
ipbase        ipbasek9             Permanent      ipbasek9
security      None                 None           None
uc            None                 None           None
data          None                 None           None
NtwkEss       None                 None           None
CollabPro     None                 None           None

Configuration register is 0x2102

CESite# show lice
CESite# show license 
Index 1 Feature: ipbasek9                       
	Period left: Life time
	License Type: Permanent
	License State: Active, In Use
	License Count: Non-Counted
	License Priority: Medium
Index 2 Feature: securityk9                     
	Period left: Not Activated
	Period Used: 0  minute  0  second  
	License Type: EvalRightToUse
	License State: Active, Not in Use, EULA not accepted
	License Count: Non-Counted
	License Priority: None
Index 3 Feature: uck9                           
	Period left: Not Activated
	Period Used: 0  minute  0  second  
	License Type: EvalRightToUse
	License State: Active, Not in Use, EULA not accepted
	License Count: Non-Counted
	License Priority: None
Index 4 Feature: datak9                         
	Period left: Not Activated
	Period Used: 0  minute  0  second  
 --More--         	License Type: EvalRightToUse
	License State: Active, Not in Use, EULA not accepted
	License Count: Non-Counted
	License Priority: None
Index 5 Feature: NtwkEssSuitek9                 
	Period left: Not Activated
	Period Used: 0  minute  0  second  
	License Type: EvalRightToUse
	License State: Active, Not in Use, EULA not accepted
	License Count: Non-Counted
	License Priority: None
Index 6 Feature: CollabProSuitek9               
	Period left: Not Activated
	Period Used: 0  minute  0  second  
	License Type: EvalRightToUse
	License State: Active, Not in Use, EULA not accepted
	License Count: Non-Counted
	License Priority: None
Index 7 Feature: LI                             
Index 8 Feature: ios-ips-update                 
	Period left: Not Activated
	Period Used: 0  minute  0  second  
	License Type: EvalRightToUse
 --More--         	License State: Active, Not in Use, EULA not accepted
	License Count: Non-Counted
	License Priority: None
Index 9 Feature: SNASw                          
	Period left: Not Activated
	Period Used: 0  minute  0  second  
	License Type: EvalRightToUse
	License State: Active, Not in Use, EULA not accepted
	License Count: Non-Counted
	License Priority: None
Index 10 Feature: hseck9                         
Index 11 Feature: cme-srst                       
	Period left: Not Activated
	Period Used: 0  minute  0  second  
	License Type: EvalRightToUse
	License State: Active, Not in Use, EULA not accepted
	License Count: 0/0  (In-use/Violation)
	License Priority: None
Index 12 Feature: mgmt-plug-and-play             
Index 13 Feature: mgmt-lifecycle                 
Index 14 Feature: mgmt-assurance                 
Index 15 Feature: mgmt-onplus                    
Index 16 Feature: mgmt-compliance                
 --More--         
CESite#
CESite#

y

Georg Pauwen · ‎06-18-2022

Hello,

to be honest, I do not see much of a difference in what the ISR4431 config should look like, so I am not sure if posting what I have come up with helps you in any way. The only real difference is the interface numbering and the address family configuration under BGP (although the question remains what the BGP is used for, as no networks are actually announced; it could indeed be just a redundant remnant of a previous topology):

Building configuration...

Current configuration : 4434 bytes
!
version 15.4
service tcp-keepalives-in
service timestamps debug datetime msec
service timestamps log datetime msec
service password-encryption
!
hostname CESite
!
boot-start-marker
boot-end-marker
!
vrf definition Mgmt-intf
!
address-family ipv4
exit-address-family
!
address-family ipv6
exit-address-familyd-marker
!
enable secret 5 $1$Lxb.$ztT/JAXcb7IwnZPYkJ0cH.
!
no aaa new-model
!
no ip source-route
!
ip dhcp bootp ignore
!
no ip bootp server
no ip domain lookup
ip domain name mc2ryd.com
ip cef
no ipv6 cef
!
multilink bundle-name authenticated
!
cts logging verbose!
crypto pki trustpoint TP-self-signed-2577235882
enrollment selfsigned
subject-name cn=IOS-Self-Signed-Certificate-2577235882
revocation-check none
rsakeypair TP-self-signed-2577235882
!
crypto pki certificate chain TP-self-signed-2577235882
certificate self-signed 01
3082022B 30820194 A0030201 02020101 300D0609 2A864886 F70D0101 05050030 
31312F30 2D060355 04031326 494F532D 53656C66 2D536967 6E65642D 43657274 
69666963 6174652D 32353737 32333538 3832301E 170D3135 30373034 30323231 
35325A17 0D323030 31303130 30303030 305A3031 312F302D 06035504 03132649 
4F532D53 656C662D 5369676E 65642D43 65727469 66696361 74652D32 35373732 
33353838 3230819F 300D0609 2A864886 F70D0101 01050003 818D0030 81890281 
8100B55D 30F0E537 2BA21101 232FF6A7 E01AFE64 19FA883B 9986DF15 73460879 
B9376EF4 CE9377EA BD6D1988 54259FB8 E599AFAF 7888CBC1 5EC569CF E66608A5 
9E605BE2 8ACC2E85 A612293A 6F8F81F3 17E1D6DD 72EA4C23 89E1169A 0B9F8671 
5893ABBD 3B5C4C31 699C3806 046FD0A3 F140CFAF 48AD9433 CBF1AE2D 6C397C56 
738F0203 010001A3 53305130 0F060355 1D130101 FF040530 030101FF 301F0603 
551D2304 18301680 147F57A4 5C5AED69 3CE2EF25 E7FA6808 CD5BFD5A CE301D06 
03551D0E 04160414 7F57A45C 5AED693C E2EF25E7 FA6808CD 5BFD5ACE 300D0609 
--More--   2A864886 F70D0101 05050003 81810047 6C296BF7 F51023C2 9212AD48 919D204A 
D29DC2BC 06066B49 04E0C16E 696D1860 3D8F9053 01A270DD C134B277 CB71C846 
7A8227D0 97D5FB8B 98752866 0B5633DC 4289D643 8E4090B0 3E5379E6 2DD220F8 
02F2FF54 C1C060F6 89376785 2C71F2FF 36037592 6F671D4A A1E1FF3C F221D834 
DEC7D5B3 A0A67EA2 853DDD14 0AA291
quit
license udi pid CISCO2951/K9 sn FCZ192761K1
!
archive
log config
hidekeys
username admin privilege 15 secret 5 $1$2Ex1$oPumaM8ls2R/l7G/.VG1a.
username mc2admin privilege 15 secret 5 $1$B50U$iXMdy.QAjfxq1suWbC84r.
username user-name secret 5 $1$JQNH$SXg6xh/tWxWSMBPOgJg8x.
!
redundancy
!
interface Loopback0
ip address 192.168.174.1 255.255.255.252
!
interface Embedded-Service-Engine0/0
no ip address
shutdown
!
interface GigabitEthernet0/0/0
ip address 10.189.36.182 255.255.255.252
no ip proxy-arp
duplex auto
speed auto
!
interface GigabitEthernet0/0/1
description connected to MC2 Private Jizan
ip address 192.168.170.1 255.255.254.0
no ip proxy-arp
duplex auto
speed auto
!
interface GigabitEthernet0/2
no ip address
duplex auto
speed auto
!
interface FastEthernet0/0/0
no ip address
shutdown
duplex auto
speed auto
!
interface FastEthernet0/0/1
no ip address
shutdown
duplex auto
speed auto
!
router ospf 1
network 192.168.96.76 0.0.0.3 area 0
network 192.168.170.0 0.0.1.255 area 0
!
router bgp 65272
bgp log-neighbor-changes
redistribute connected
neighbor 10.189.36.181 remote-as 65000
address-family ipv4 unicast
neighbor 10.189.36.181 activate
exit-address-family
!
no ip forward-protocol nd
!
no ip http server
ip http authentication local
no ip http secure-server
ip http timeout-policy idle 60 life 86400 requests 10000
!
ip route 192.185.41.249 255.255.255.255 192.168.170.217
!
snmp-server community CESitebw RO
!
control-plane
!
banner motd ^C

This Device Belongs to Second Milling Company (MC2)

UNAUTHORIZED ACCESS TO THIS DEVICE IS PROHIBITED
STOP IMMEDIATELY
You must have explicit, authorized permission to access or configur
this device, Unauthorized attempts and actions to access or use this
device may result in civil and/or criminal penalties.

All activities performed on this device are logged and monitored
Contact IT Security Officer (540).^C
!
line con 0
password 7 030A5206020E701D
login
line aux 0
no exec
line 2
no activation-character
no exec
transport preferred none
transport output pad telnet rlogin lapb-ta mop udptn v120 ssh
stopbits 1
line vty 0 4
login local
transport input ssh
line vty 5 15
login local
transport input ssh
!
scheduler allocate 20000 1000
ntp authenticate
!
end

Richard Burts · ‎06-18-2022

I agree that there is not a lot of complexity in the config of the old router and that transferring the config should be relatively straightforward.

As I look further into the config there are some things that puzzle me.

For example there is this route

ip route 192.185.41.249 255.255.255.255 192.168.170.217

What is this public network that is reached using G0/0/1? what else is reached through this interface?

Another example is in the ospf config

network 192.168.96.76 0.0.0.3 area 0

I do not find any other reference to 192.168.96. What is this? Where is this?

I really would like to see the outputs of the commands that I mentioned. And I am not sure that it is unusual to find BGP configured on CE routers.

HTH

Rick

imranbhatti22006 · ‎06-20-2022

Hi Guys,

Yes all of the above concerns raised to my mind also, The scenario is, MPLS is managed by ISP provider, and ask the customer to contact them to get explanation for this BGP Route inejected. I've received a response from them. I'm attaching that file below. For OSPF network, 192.168.96.76 0.0.0.3 I also couldn't figure it out yet. So being on a safe side, as we're system integrators and our job is to just smoothly remove 2951 and replace with 4431, I'm looking for an option we don't opt for any complications that actually they blame on us after upgrade / migration. So given that, do you guys recommend we shall restore config backup from 2951 to ISR 4431, of course after EDITING Interface numbering??

Attached ISP reply for BGP

imranbhatti22006 · ‎06-20-2022

Pasting, txt file content also for your ease to read along.

BGP neighbor is 10.189.36.181,  remote AS 65000, external link
  BGP version 4, remote router ID 192.168.111.85
  BGP state = Established, up for 8w4d
  Last read 00:00:08, last write 00:00:34, hold time is 180, keepalive interval is 60 seconds
  Neighbor sessions:
    1 active, is not multisession capable (disabled)
  Neighbor capabilities:
    Route refresh: advertised and received(new)
    Four-octets ASN Capability: advertised and received
    Address family IPv4 Unicast: advertised and received
    Graceful Restart Capability: received
      Remote Restart timer is 120 seconds
      Address families advertised by peer:
        IPv4 Unicast (was preserved
    Enhanced Refresh Capability: advertised
    Multisession Capability:
    Stateful switchover support enabled: NO for session 1
  Message statistics:
    InQ depth is 0
    OutQ depth is 0

                         Sent       Rcvd
    Opens:                  1          1
    Notifications:          0          0
    Updates:             1735         15
    Keepalives:         94244      97027
    Route Refresh:          0          0
    Total:              95980      97043
  Default minimum time between advertisement runs is 30 seconds

 For address family: IPv4 Unicast
  Session: 10.189.36.181
  BGP table version 14870, neighbor version 14870/0
  Output queue size : 0
  Index 7, Advertise bit 0
  7 update-group member
  Slow-peer detection is disabled
  Slow-peer split-update-group dynamic is disabled
  Interface associated: GigabitEthernet0/0
                                 Sent       Rcvd
  Prefix activity:               ----       ----
    Prefixes Current:               3          6 (Consumes 480 bytes)
    Prefixes Total:              5191         16
    Implicit Withdraw:           5186          0
    Explicit Withdraw:              2         10
    Used as bestpath:             n/a          6
    Used as multipath:            n/a          0

                                   Outbound    Inbound
  Local Policy Denied Prefixes:    --------    -------
    Bestpath from this peer:             16        n/a
    Total:                               16          0
  Number of NLRIs in the update sent: max 3, min 0
  Last detected as dynamic slow peer: never
  Dynamic slow peer recovered: never
  Refresh Epoch: 1
  Last Sent Refresh Start-of-rib: never
  Last Sent Refresh End-of-rib: never
  Last Received Refresh Start-of-rib: never
  Last Received Refresh End-of-rib: never
                                       Sent       Rcvd
        Refresh activity:              ----       ----
          Refresh Start-of-RIB          0          0
          Refresh End-of-RIB            0          0

  Address tracking is enabled, the RIB does have a route to 10.189.36.181
  Connections established 7; dropped 6
  Last reset 8w4d, due to Active open failed
  Transport(tcp) path-mtu-discovery is enabled
  Graceful-Restart is disabled
Connection state is ESTAB, I/O status: 1, unread input bytes: 0
Connection is ECN Disabled, Mininum incoming TTL 0, Outgoing TTL 1
Local host: 10.189.36.182, Local port: 64845
Foreign host: 10.189.36.181, Foreign port: 179
Connection tableid (VRF): 0
Maximum output segment queue size: 50

Enqueued packets for retransmit: 0, input: 0  mis-ordered: 0 (0 bytes)

Event Timers (current time is 0x36AA1BA48):
Timer          Starts    Wakeups            Next
Retrans         95977          1             0x0
TimeWait            0          0             0x0
AckHold         97041      95447             0x0
SendWnd             0          0             0x0
KeepAlive           0          0             0x0
GiveUp              0          0             0x0
PmtuAger      5163258    5163257     0x36AA1BC53
DeadWait            0          0             0x0
Linger              0          0             0x0
ProcessQ            0          0             0x0

iss: 1127989187  snduna: 1129890782  sndnxt: 1129890782
irs: 1881978814  rcvnxt: 1883823052

sndwnd:  33600  scale:      0  maxrcvwnd:  16384
rcvwnd:  15567  scale:      0  delrcvwnd:    817

SRTT: 1000 ms, RTTO: 1003 ms, RTV: 3 ms, KRTT: 0 ms
minRTT: 0 ms, maxRTT: 1000 ms, ACK hold: 200 ms
uptime: -1 ms, Sent idletime: 8232 ms, Receive idletime: 8432 ms
Status Flags: active open
Option Flags: nagle, path mtu capable
IP Precedence value : 6

Datagrams (max data segment is 1460 bytes):
Rcvd: 192902 (out of order: 0), with data: 97041, total data bytes: 1844237
Sent: 192689 (retransmit: 1, fastretransmit: 0, partialack: 0, Second Congestion: 0), with data: 95979, total data bytes: 1901594

 Packets received in fast path: 0, fast processed: 0, slow path: 0
 fast lock acquisition failures: 0, slow path: 0
TCP Semaphore      0x0205CAAC  FREE

Richard Burts · ‎06-20-2022

Thanks for the additional information. When you said that this was from ISP I expected that it would have information from the ISP side. But this is information from your router. It provides a little bit of what I requested. There is lots of detail in their output, only a little of it seems significant for our purpose. I am particularly interested in this output

Sent Rcvd
Prefix activity: ---- ----
Prefixes Current: 3 6 (Consumes 480 bytes)

This indicates that you are advertising 3 prefixes to the ISP. This is correct because your config of BGP has redistribute connected and you have 3 interfaces with IP addresses. So that is what is advertised. And you are receiving 6 prefixes. It would be very nice to know what those 6 prefixes are. Most edge routers will have a default route. There is not any static default route in your config. So if there is a default route it would be learned by either OSPF or by BGP. My guess is that it is learned by BGP. And in that case the BGP configuration is an important part of the old router config and it needs to be carried over to the new router config.

HTH

Rick