11-28-2017 01:22 PM - edited 03-08-2019 12:54 PM
I have been tasked with replacing a failing 3825 with a new ISR4451. The 3825 is running 3800 Software (C3825-ADVSECURITYK9-M), Version 12.3(11)T5, the ISR4451 is running Cisco IOS Software, ISR Software (X86_64_LINUX_IOSD-UNIVERSALK9-M), Version 15.5(3)S4b
Can I just copy the config from the 3825 right into the 4451 or do I need to convert it somehow. Here is the config:
version 12.3
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname xxxxxxxxxxxxxxxxxxx
!
boot-start-marker
boot-end-marker
!
enable secret xxxxxxxxxxxxxxxxxxxxx
enable password xxxxxxxxxxxxxxxxxx
!
no aaa new-model
ip subnet-zero
ip icmp redirect host
ip cef
!
!
!
!
ip ips po max-events 100
ip domain name xxxxxxxxxxxx
ip name-server 10.7.1.3
ip multicast-routing
no ftp-server write-enable
!
!
!
!
!
!
!
!
interface GigabitEthernet0/0
no ip address
ip directed-broadcast
no ip route-cache cef
no ip route-cache
duplex auto
speed auto
media-type rj45
no cdp enable
no mop enabled
!
interface GigabitEthernet0/0.1
encapsulation dot1Q 1 native
ip address 10.7.1.1 255.255.0.0
ip pim sparse-dense-mode
no ip route-cache
ip policy route-map xxxxxxxx
!
interface GigabitEthernet0/0.2
encapsulation dot1Q 2
ip address 10.11.1.1 255.255.255.0
ip helper-address 10.7.1.3
no ip route-cache
!
interface GigabitEthernet0/0.3
encapsulation dot1Q 3
ip address 10.11.2.1 255.255.255.0
ip helper-address 10.7.1.3
no ip route-cache
!
interface GigabitEthernet0/0.4
description SecurityCams
encapsulation dot1Q 4
ip address 10.11.13.254 255.255.255.0
ip access-group SecurityCams out
no ip route-cache
!
interface GigabitEthernet0/0.5
encapsulation dot1Q 5
ip address 10.11.14.1 255.255.255.0
ip pim sparse-dense-mode
no ip route-cache
!
interface GigabitEthernet0/0.6
description CSDR Public WLAN
encapsulation dot1Q 6
ip address 10.11.15.1 255.255.255.0
ip access-group 150 in
ip helper-address 10.7.1.3
no ip route-cache
!
interface GigabitEthernet0/0.7
description Staff WLAN
encapsulation dot1Q 7
ip address 10.11.16.1 255.255.255.0
ip helper-address 10.7.1.3
no ip route-cache
!
interface GigabitEthernet0/0.8
description Student WLAN
encapsulation dot1Q 8
ip address 10.11.18.1 255.255.255.0
ip access-group 151 in
ip helper-address 10.7.1.3
no ip route-cache
!
interface GigabitEthernet0/0.9
description Classroom WLAN
encapsulation dot1Q 9
ip address 10.11.19.1 255.255.255.0
ip access-group 152 in
ip helper-address 10.7.1.3
no ip route-cache
!
interface GigabitEthernet0/0.10
description Messagenet VLAN
encapsulation dot1Q 10
ip address 10.11.20.1 255.255.254.0
ip access-group 153 in
ip helper-address 10.7.1.3
no ip route-cache
!
interface GigabitEthernet0/0.100
description Management
encapsulation dot1Q 100
ip address 10.100.100.1 255.255.255.0
ip access-group VLAN100 in
ip helper-address 10.7.1.3
no ip route-cache
!
interface GigabitEthernet0/0.110
description VP
encapsulation dot1Q 110
ip address 10.100.110.1 255.255.255.0
ip access-group VLAN110 in
ip helper-address 10.7.1.3
no ip route-cache
!
interface GigabitEthernet0/0.121
description ES_Wifi
encapsulation dot1Q 121
ip address 10.100.121.1 255.255.255.0
ip access-group ESWLAN121 in
ip helper-address 10.7.1.3
no ip route-cache
!
interface GigabitEthernet0/0.130
description MS
encapsulation dot1Q 130
ip address 10.100.130.1 255.255.255.0
ip access-group MSVLAN130 in
ip helper-address 10.7.1.3
no ip route-cache
!
interface GigabitEthernet0/0.131
description MS_WLAN
encapsulation dot1Q 131
ip address 10.100.131.1 255.255.255.0
ip access-group MSWLAN131 in
ip helper-address 10.7.1.3
no ip route-cache
!
interface GigabitEthernet0/0.140
description HS
encapsulation dot1Q 140
ip address 10.100.140.1 255.255.255.0
ip access-group VLAN140 in
ip helper-address 10.7.1.3
no ip route-cache
!
interface GigabitEthernet0/0.141
description HS_WLAN
encapsulation dot1Q 141
ip address 10.100.141.1 255.255.255.0
ip access-group HSWLAN141 in
ip helper-address 10.7.1.3
no ip route-cache
!
interface GigabitEthernet0/0.200
description TSD
encapsulation dot1Q 200
ip address 10.100.200.1 255.255.255.0
ip access-group VLAN200 in
ip helper-address 10.7.1.3
no ip route-cache
!
interface GigabitEthernet0/1
ip address 10.0.0.4 255.255.0.0
ip information-reply
ip directed-broadcast
duplex auto
speed auto
media-type rj45
no cdp enable
!
ip classless
ip route 0.0.0.0 0.0.0.0 10.0.0.1
!
ip http server
no ip http secure-server
!
ip access-list extended ESVLAN120
permit ip any 10.7.1.0 0.0.0.255
permit ip any 10.7.0.0 0.0.0.255
permit tcp 10.11.120.0 0.0.0.255 host 10.7.0.3 eq 49335
deny ip any 10.0.0.0 0.255.255.255
permit ip any any
ip access-list extended ESWLAN121
permit ip any 10.7.1.0 0.0.0.255
permit tcp 10.100.121.0 0.0.0.255 host 10.7.0.3 eq 49335
permit ip any 10.7.0.0 0.0.0.255
deny ip any 10.0.0.0 0.255.255.255
permit ip any any
ip access-list extended HSVLAN140
permit ip any 10.7.1.0 0.0.0.255
permit ip any 10.7.0.0 0.0.0.255
permit tcp any host 10.7.0.3 eq 49335
deny ip any 10.0.0.0 0.255.255.255
permit ip any any
ip access-list extended HSWLAN141
permit ip any 10.7.1.0 0.0.0.255
permit ip any 10.7.0.0 0.0.0.255
permit tcp 10.100.141.0 0.0.0.255 host 10.7.0.3 eq 49335
deny ip any 10.0.0.0 0.255.255.255
permit ip any any
ip access-list extended MSVLAN130
permit ip any 10.7.1.0 0.0.0.255
permit ip any 10.7.0.0 0.0.0.255
permit tcp any host 10.7.0.3 eq 49335
deny ip any 10.0.0.0 0.255.255.255
permit ip any any
ip access-list extended MSWLAN131
permit ip any 10.7.1.0 0.0.0.255
permit ip any 10.7.0.0 0.0.0.255
permit tcp 10.100.131.0 0.0.0.255 host 10.7.0.3 eq 49335
deny ip any 10.0.0.0 0.255.255.255
permit ip any any
ip access-list extended SecurityCams
permit ip 10.7.0.0 0.0.255.255 host 10.11.13.251
ip access-list extended VLAN100
permit ip any any
ip access-list extended VLAN110
permit ip any any
ip access-list extended VLAN112
permit ip any host 10.7.1.13
permit ip any host 10.7.0.3
permit udp any host 10.7.0.3
permit udp any host 10.7.1.13
permit tcp any host 10.7.1.5 eq smtp
permit tcp any host 10.7.0.5 eq smtp
ip access-list extended VLAN200
permit ip any any
!
access-list 104 permit tcp any host 192.168.1.3
access-list 104 permit tcp any host 192.168.1.3 eq 8080
access-list 104 permit tcp any host 192.168.1.8
access-list 104 permit tcp any host 192.168.1.8 eq 8080
access-list 105 permit tcp any host 10.4.1.2 eq www
access-list 106 permit tcp any host 10.3.0.11 eq www
access-list 107 permit tcp any host 10.2.1.10 eq www
access-list 108 permit tcp any host 10.1.5.71 eq www
access-list 110 permit tcp any host 165.74.12.24 eq 554
access-list 110 permit tcp any host 165.74.12.24 eq www
access-list 110 permit tcp any host 165.74.12.24 eq 1755
access-list 110 permit tcp any host 165.74.12.10 eq www
access-list 110 permit tcp any host 165.74.12.10
access-list 111 permit tcp any any eq www
access-list 120 permit tcp any host 158.96.172.71 eq telnet
access-list 120 permit tcp any host 158.96.3.195 eq telnet
access-list 120 permit tcp any host 158.96.133.131 eq telnet
access-list 120 permit tcp any host 165.235.213.46 eq www
access-list 120 permit tcp any host 165.235.213.46 eq 443
access-list 120 permit tcp any host 165.235.213.46
access-list 120 permit tcp any host 165.235.65.80
access-list 120 permit tcp any host 134.187.32.5 eq telnet
access-list 120 permit tcp any host 158.96.134.130 eq ftp
access-list 120 permit tcp any host 158.96.1.194 eq ftp
access-list 120 permit tcp any host 158.96.1.194
access-list 120 permit tcp any host 158.96.134.130
access-list 125 permit tcp host 10.7.7.78 any
access-list 125 permit tcp host 10.7.7.79 any
access-list 125 permit tcp host 10.7.7.80 any
access-list 131 permit gre any any
access-list 131 permit tcp any any eq 1723
access-list 150 permit tcp 10.11.15.0 0.0.0.255 host 10.7.1.11 eq 8080
access-list 150 permit tcp 10.11.15.0 0.0.0.255 host 10.7.1.11 eq www
access-list 150 permit tcp 10.11.15.0 0.0.0.255 host 10.7.1.19 eq www
access-list 150 permit ip 10.11.15.0 0.0.0.255 host 10.7.1.3
access-list 150 deny ip 10.11.15.0 0.0.0.255 10.7.0.0 0.0.255.255
access-list 150 deny ip 10.11.15.0 0.0.0.255 10.11.2.0 0.0.0.255
access-list 150 deny ip 10.11.15.0 0.0.0.255 10.11.18.0 0.0.0.255
access-list 150 deny ip 10.11.15.0 0.0.0.255 10.11.16.0 0.0.0.255
access-list 150 deny ip 10.11.15.0 0.0.0.255 10.11.17.0 0.0.0.255
access-list 150 permit ip any any
access-list 151 permit tcp 10.11.18.0 0.0.0.255 host 10.7.1.11 eq 8080
access-list 151 permit tcp 10.11.18.0 0.0.0.255 host 10.7.1.11 eq www
access-list 151 permit tcp 10.11.18.0 0.0.0.255 host 10.7.1.19 eq www
access-list 151 permit ip 10.11.18.0 0.0.0.255 host 10.7.1.3
access-list 151 deny ip 10.11.18.0 0.0.0.255 10.7.0.0 0.0.255.255
access-list 151 deny ip 10.11.18.0 0.0.0.255 10.11.2.0 0.0.0.255
access-list 151 deny ip 10.11.18.0 0.0.0.255 10.11.15.0 0.0.0.255
access-list 151 deny ip 10.11.18.0 0.0.0.255 10.11.16.0 0.0.0.255
access-list 151 deny ip 10.11.18.0 0.0.0.255 10.11.17.0 0.0.0.255
access-list 151 permit ip any any
access-list 152 permit tcp 10.11.19.0 0.0.0.255 host 10.7.1.101 eq www
access-list 152 permit tcp 10.11.19.0 0.0.0.255 host 10.7.1.101 eq 443
access-list 152 permit tcp 10.11.19.0 0.0.0.255 host 10.7.1.11 eq 8080
access-list 152 permit tcp 10.11.19.0 0.0.0.255 host 10.7.1.11 eq www
access-list 152 permit tcp 10.11.19.0 0.0.0.255 host 10.7.1.19 eq www
access-list 152 permit tcp 10.11.19.0 0.0.0.255 host 10.7.0.7 eq www
access-list 152 permit tcp 10.11.19.0 0.0.0.255 host 10.7.0.7 eq 8080
access-list 152 permit udp 10.11.19.0 0.0.0.255 host 10.7.1.3 eq domain
access-list 152 permit tcp 10.11.19.0 0.0.0.255 host 10.7.1.3 eq domain
access-list 152 permit tcp 10.11.19.0 0.0.0.255 host 10.7.0.3 eq 49335
access-list 152 permit tcp 10.11.19.0 0.0.0.255 10.7.7.0 0.0.0.255
access-list 152 permit udp 10.11.19.0 0.0.0.255 10.7.7.0 0.0.0.255
access-list 152 deny ip 10.11.19.0 0.0.0.255 10.7.0.0 0.0.255.255
access-list 152 deny ip 10.11.19.0 0.0.0.255 10.11.2.0 0.0.0.255
access-list 152 deny ip 10.11.19.0 0.0.0.255 10.11.15.0 0.0.0.255
access-list 152 deny ip 10.11.19.0 0.0.0.255 10.11.16.0 0.0.0.255
access-list 152 deny ip 10.11.19.0 0.0.0.255 10.11.17.0 0.0.0.255
access-list 152 deny ip 10.11.19.0 0.0.0.255 10.11.18.0 0.0.0.255
access-list 152 permit ip any any
access-list 153 permit ip 10.11.0.0 0.0.255.255 host 10.7.12.44
access-list 153 deny ip 10.11.0.0 0.0.255.255 10.7.0.0 0.0.255.255
access-list 153 deny ip 10.11.0.0 0.0.255.255 10.11.2.0 0.0.0.255
access-list 153 deny ip 10.11.0.0 0.0.255.255 10.11.13.0 0.0.0.255
access-list 153 deny ip 10.11.0.0 0.0.255.255 10.11.14.0 0.0.0.255
access-list 153 deny ip 10.11.0.0 0.0.255.255 10.11.15.0 0.0.0.255
access-list 153 deny ip 10.11.0.0 0.0.255.255 10.11.16.0 0.0.0.255
access-list 153 deny ip 10.11.0.0 0.0.255.255 10.11.17.0 0.0.0.255
access-list 153 deny ip 10.11.0.0 0.0.255.255 10.11.18.0 0.0.0.255
access-list 153 deny ip 10.11.0.0 0.0.255.255 10.11.19.0 0.0.0.255
access-list 153 permit ip 10.11.20.0 0.0.1.255 host 10.7.12.44
access-list 153 deny ip 10.11.20.0 0.0.1.255 10.7.0.0 0.0.255.255
access-list 153 deny ip 10.11.20.0 0.0.1.255 10.11.2.0 0.0.0.255
access-list 153 deny ip 10.11.20.0 0.0.1.255 10.11.13.0 0.0.0.255
access-list 153 deny ip 10.11.20.0 0.0.1.255 10.11.14.0 0.0.0.255
access-list 153 deny ip 10.11.20.0 0.0.1.255 10.11.15.0 0.0.0.255
access-list 153 deny ip 10.11.20.0 0.0.1.255 10.11.16.0 0.0.0.255
access-list 153 deny ip 10.11.20.0 0.0.1.255 10.11.17.0 0.0.0.255
access-list 153 deny ip 10.11.20.0 0.0.1.255 10.11.18.0 0.0.0.255
access-list 153 deny ip 10.11.20.0 0.0.1.255 10.11.19.0 0.0.0.255
snmp-server community public RO
snmp-server community private RO
snmp-server community csdr5 RW
snmp-server enable traps snmp authentication linkdown linkup coldstart warmstart
snmp-server enable traps vrrp
snmp-server enable traps tty
snmp-server enable traps flash insertion removal
snmp-server enable traps envmon
snmp-server enable traps icsudsu
snmp-server enable traps isdn call-information
snmp-server enable traps isdn layer2
snmp-server enable traps isdn chan-not-avail
snmp-server enable traps isdn ietf
snmp-server enable traps ds0-busyout
snmp-server enable traps ds1-loopback
snmp-server enable traps cnpd
snmp-server enable traps config-copy
snmp-server enable traps config
snmp-server enable traps entity
snmp-server enable traps frame-relay
snmp-server enable traps frame-relay subif
snmp-server enable traps hsrp
snmp-server enable traps ipmobile
snmp-server enable traps ipmulticast
snmp-server enable traps ospf state-change
snmp-server enable traps ospf errors
snmp-server enable traps ospf retransmit
snmp-server enable traps ospf lsa
snmp-server enable traps ospf cisco-specific state-change
snmp-server enable traps ospf cisco-specific errors
snmp-server enable traps ospf cisco-specific retransmit
snmp-server enable traps ospf cisco-specific lsa
snmp-server enable traps pim neighbor-change rp-mapping-change invalid-pim-messa
ge
snmp-server enable traps pppoe
snmp-server enable traps cpu threshold
snmp-server enable traps rsvp
snmp-server enable traps syslog
snmp-server enable traps l2tun session
snmp-server enable traps vtp
snmp-server enable traps atm subif
snmp-server enable traps isakmp policy add
snmp-server enable traps isakmp policy delete
snmp-server enable traps isakmp tunnel start
snmp-server enable traps isakmp tunnel stop
snmp-server enable traps ipsec cryptomap add
snmp-server enable traps ipsec cryptomap delete
snmp-server enable traps ipsec cryptomap attach
snmp-server enable traps ipsec cryptomap detach
snmp-server enable traps ipsec tunnel start
snmp-server enable traps ipsec tunnel stop
snmp-server enable traps ipsec too-many-sas
snmp-server enable traps rtr
snmp-server enable traps rf
snmp-server host 10.7.1.38 public
snmp-server host 10.7.1.38 v2c
route-map xxxxxxxxxx permit 10
match ip address 120 125
set ip next-hop 10.0.0.3
!
!
!
control-plane
!
!
!
line con 0
exec-timeout 0 0
stopbits 1
line aux 0
stopbits 1
line vty 0 4
password xxxxxx
login
!
scheduler allocate 20000 1000
!
end
Thank you for any input
Solved! Go to Solution.
11-28-2017 02:13 PM
Hello,
I have used Cisco Active Advisor to convert your configuration, the result is almost identical. The converted configuration is attached (open in WordPad if possible):
11-28-2017 02:13 PM
11-29-2017 07:02 AM
Hey,
You should be fine, just be sure service DHCP is enabled on the ISR. If disabled it will disable the ip-helper feature as well.
Good luck.
11-29-2017 07:23 AM
Do I have to have it actually serving addresses? I have another device that does DHCP for the network.
Thanks!
11-29-2017 07:27 AM
I assume 10.7.1.3 is your dhcp server.
The router is only forwarding the requests to 10.7.1.3 - if you're using it, leave it there.
11-29-2017 07:34 AM
OK so enable DHCP and as long as I don't set up any scopes and set the other DHCP server via ip helper it will be fine.
Thanks again!
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide