Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1187
Views
15
Helpful
5
Replies

Router migration from 3825 to ISR4451

Go to solution
William Hoover
Level 1
Level 1

‎11-28-2017 01:22 PM - edited ‎03-08-2019 12:54 PM

I have been tasked with replacing a failing 3825 with a new ISR4451. The 3825 is running  3800 Software (C3825-ADVSECURITYK9-M), Version 12.3(11)T5, the ISR4451 is running  Cisco IOS Software, ISR Software (X86_64_LINUX_IOSD-UNIVERSALK9-M), Version 15.5(3)S4b

Can I just copy the config from the 3825 right into the 4451 or do I need to convert it somehow. Here is the config:

 

version 12.3
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname xxxxxxxxxxxxxxxxxxx
!
boot-start-marker
boot-end-marker
!
enable secret xxxxxxxxxxxxxxxxxxxxx
enable password xxxxxxxxxxxxxxxxxx

!
no aaa new-model
ip subnet-zero
ip icmp redirect host
ip cef
!
!
!
!
ip ips po max-events 100
ip domain name xxxxxxxxxxxx
ip name-server 10.7.1.3
ip multicast-routing
no ftp-server write-enable
!
!
!
!
!
!
!
!
interface GigabitEthernet0/0
 no ip address
 ip directed-broadcast
 no ip route-cache cef
 no ip route-cache
 duplex auto
 speed auto
 media-type rj45
 no cdp enable
 no mop enabled
!
interface GigabitEthernet0/0.1
 encapsulation dot1Q 1 native
 ip address 10.7.1.1 255.255.0.0
 ip pim sparse-dense-mode
 no ip route-cache
 ip policy route-map xxxxxxxx
!
interface GigabitEthernet0/0.2
 encapsulation dot1Q 2
 ip address 10.11.1.1 255.255.255.0
 ip helper-address 10.7.1.3
 no ip route-cache
!
interface GigabitEthernet0/0.3
 encapsulation dot1Q 3
 ip address 10.11.2.1 255.255.255.0
 ip helper-address 10.7.1.3
 no ip route-cache
!
interface GigabitEthernet0/0.4
 description SecurityCams
 encapsulation dot1Q 4
 ip address 10.11.13.254 255.255.255.0
 ip access-group SecurityCams out
 no ip route-cache
!
interface GigabitEthernet0/0.5
 encapsulation dot1Q 5
 ip address 10.11.14.1 255.255.255.0
 ip pim sparse-dense-mode
 no ip route-cache
!
interface GigabitEthernet0/0.6
 description CSDR Public WLAN
 encapsulation dot1Q 6
 ip address 10.11.15.1 255.255.255.0
 ip access-group 150 in
 ip helper-address 10.7.1.3
 no ip route-cache
!
interface GigabitEthernet0/0.7
 description Staff WLAN
 encapsulation dot1Q 7
 ip address 10.11.16.1 255.255.255.0
 ip helper-address 10.7.1.3
 no ip route-cache
!
interface GigabitEthernet0/0.8
 description Student WLAN
 encapsulation dot1Q 8
 ip address 10.11.18.1 255.255.255.0
 ip access-group 151 in
 ip helper-address 10.7.1.3
 no ip route-cache
!
interface GigabitEthernet0/0.9
 description Classroom WLAN
 encapsulation dot1Q 9
 ip address 10.11.19.1 255.255.255.0
 ip access-group 152 in
 ip helper-address 10.7.1.3
 no ip route-cache
!
interface GigabitEthernet0/0.10
 description Messagenet VLAN
 encapsulation dot1Q 10
 ip address 10.11.20.1 255.255.254.0
 ip access-group 153 in
 ip helper-address 10.7.1.3
 no ip route-cache
!
interface GigabitEthernet0/0.100
 description Management
 encapsulation dot1Q 100
 ip address 10.100.100.1 255.255.255.0
 ip access-group VLAN100 in
 ip helper-address 10.7.1.3
 no ip route-cache
!
interface GigabitEthernet0/0.110
 description VP
 encapsulation dot1Q 110
 ip address 10.100.110.1 255.255.255.0
 ip access-group VLAN110 in
 ip helper-address 10.7.1.3
 no ip route-cache
!
interface GigabitEthernet0/0.121
 description ES_Wifi
 encapsulation dot1Q 121
 ip address 10.100.121.1 255.255.255.0
 ip access-group ESWLAN121 in
 ip helper-address 10.7.1.3
 no ip route-cache
!
interface GigabitEthernet0/0.130
 description MS
 encapsulation dot1Q 130
 ip address 10.100.130.1 255.255.255.0
 ip access-group MSVLAN130 in
 ip helper-address 10.7.1.3
 no ip route-cache
!
interface GigabitEthernet0/0.131
 description MS_WLAN
 encapsulation dot1Q 131
 ip address 10.100.131.1 255.255.255.0
 ip access-group MSWLAN131 in
 ip helper-address 10.7.1.3
 no ip route-cache
!
interface GigabitEthernet0/0.140
 description HS
 encapsulation dot1Q 140
 ip address 10.100.140.1 255.255.255.0
 ip access-group VLAN140 in
 ip helper-address 10.7.1.3
 no ip route-cache
!
interface GigabitEthernet0/0.141
 description HS_WLAN
 encapsulation dot1Q 141
 ip address 10.100.141.1 255.255.255.0
 ip access-group HSWLAN141 in
 ip helper-address 10.7.1.3
 no ip route-cache
!
interface GigabitEthernet0/0.200
 description TSD
 encapsulation dot1Q 200
 ip address 10.100.200.1 255.255.255.0
 ip access-group VLAN200 in
 ip helper-address 10.7.1.3
 no ip route-cache
!
interface GigabitEthernet0/1
 ip address 10.0.0.4 255.255.0.0
 ip information-reply
 ip directed-broadcast
 duplex auto
 speed auto
 media-type rj45
 no cdp enable
!
ip classless
ip route 0.0.0.0 0.0.0.0 10.0.0.1
!
ip http server
no ip http secure-server
!
ip access-list extended ESVLAN120
 permit ip any 10.7.1.0 0.0.0.255
 permit ip any 10.7.0.0 0.0.0.255
 permit tcp 10.11.120.0 0.0.0.255 host 10.7.0.3 eq 49335
 deny   ip any 10.0.0.0 0.255.255.255
 permit ip any any
ip access-list extended ESWLAN121
 permit ip any 10.7.1.0 0.0.0.255
 permit tcp 10.100.121.0 0.0.0.255 host 10.7.0.3 eq 49335
 permit ip any 10.7.0.0 0.0.0.255
 deny   ip any 10.0.0.0 0.255.255.255
 permit ip any any
ip access-list extended HSVLAN140
 permit ip any 10.7.1.0 0.0.0.255
 permit ip any 10.7.0.0 0.0.0.255
 permit tcp any host 10.7.0.3 eq 49335
 deny   ip any 10.0.0.0 0.255.255.255
 permit ip any any
ip access-list extended HSWLAN141
 permit ip any 10.7.1.0 0.0.0.255
 permit ip any 10.7.0.0 0.0.0.255
 permit tcp 10.100.141.0 0.0.0.255 host 10.7.0.3 eq 49335
 deny   ip any 10.0.0.0 0.255.255.255
 permit ip any any
ip access-list extended MSVLAN130
 permit ip any 10.7.1.0 0.0.0.255
 permit ip any 10.7.0.0 0.0.0.255
 permit tcp any host 10.7.0.3 eq 49335
 deny   ip any 10.0.0.0 0.255.255.255
 permit ip any any
ip access-list extended MSWLAN131
 permit ip any 10.7.1.0 0.0.0.255
 permit ip any 10.7.0.0 0.0.0.255
 permit tcp 10.100.131.0 0.0.0.255 host 10.7.0.3 eq 49335
 deny   ip any 10.0.0.0 0.255.255.255
 permit ip any any
ip access-list extended SecurityCams
 permit ip 10.7.0.0 0.0.255.255 host 10.11.13.251
ip access-list extended VLAN100
 permit ip any any
ip access-list extended VLAN110
 permit ip any any
ip access-list extended VLAN112
 permit ip any host 10.7.1.13
 permit ip any host 10.7.0.3
 permit udp any host 10.7.0.3
 permit udp any host 10.7.1.13
 permit tcp any host 10.7.1.5 eq smtp
 permit tcp any host 10.7.0.5 eq smtp
ip access-list extended VLAN200
 permit ip any any
!
access-list 104 permit tcp any host 192.168.1.3
access-list 104 permit tcp any host 192.168.1.3 eq 8080
access-list 104 permit tcp any host 192.168.1.8
access-list 104 permit tcp any host 192.168.1.8 eq 8080
access-list 105 permit tcp any host 10.4.1.2 eq www
access-list 106 permit tcp any host 10.3.0.11 eq www
access-list 107 permit tcp any host 10.2.1.10 eq www
access-list 108 permit tcp any host 10.1.5.71 eq www
access-list 110 permit tcp any host 165.74.12.24 eq 554
access-list 110 permit tcp any host 165.74.12.24 eq www
access-list 110 permit tcp any host 165.74.12.24 eq 1755
access-list 110 permit tcp any host 165.74.12.10 eq www
access-list 110 permit tcp any host 165.74.12.10
access-list 111 permit tcp any any eq www
access-list 120 permit tcp any host 158.96.172.71 eq telnet
access-list 120 permit tcp any host 158.96.3.195 eq telnet
access-list 120 permit tcp any host 158.96.133.131 eq telnet
access-list 120 permit tcp any host 165.235.213.46 eq www
access-list 120 permit tcp any host 165.235.213.46 eq 443
access-list 120 permit tcp any host 165.235.213.46
access-list 120 permit tcp any host 165.235.65.80
access-list 120 permit tcp any host 134.187.32.5 eq telnet
access-list 120 permit tcp any host 158.96.134.130 eq ftp
access-list 120 permit tcp any host 158.96.1.194 eq ftp
access-list 120 permit tcp any host 158.96.1.194
access-list 120 permit tcp any host 158.96.134.130
access-list 125 permit tcp host 10.7.7.78 any
access-list 125 permit tcp host 10.7.7.79 any
access-list 125 permit tcp host 10.7.7.80 any
access-list 131 permit gre any any
access-list 131 permit tcp any any eq 1723
access-list 150 permit tcp 10.11.15.0 0.0.0.255 host 10.7.1.11 eq 8080
access-list 150 permit tcp 10.11.15.0 0.0.0.255 host 10.7.1.11 eq www
access-list 150 permit tcp 10.11.15.0 0.0.0.255 host 10.7.1.19 eq www
access-list 150 permit ip 10.11.15.0 0.0.0.255 host 10.7.1.3
access-list 150 deny   ip 10.11.15.0 0.0.0.255 10.7.0.0 0.0.255.255
access-list 150 deny   ip 10.11.15.0 0.0.0.255 10.11.2.0 0.0.0.255
access-list 150 deny   ip 10.11.15.0 0.0.0.255 10.11.18.0 0.0.0.255
access-list 150 deny   ip 10.11.15.0 0.0.0.255 10.11.16.0 0.0.0.255
access-list 150 deny   ip 10.11.15.0 0.0.0.255 10.11.17.0 0.0.0.255
access-list 150 permit ip any any
access-list 151 permit tcp 10.11.18.0 0.0.0.255 host 10.7.1.11 eq 8080
access-list 151 permit tcp 10.11.18.0 0.0.0.255 host 10.7.1.11 eq www
access-list 151 permit tcp 10.11.18.0 0.0.0.255 host 10.7.1.19 eq www
access-list 151 permit ip 10.11.18.0 0.0.0.255 host 10.7.1.3
access-list 151 deny   ip 10.11.18.0 0.0.0.255 10.7.0.0 0.0.255.255
access-list 151 deny   ip 10.11.18.0 0.0.0.255 10.11.2.0 0.0.0.255
access-list 151 deny   ip 10.11.18.0 0.0.0.255 10.11.15.0 0.0.0.255
access-list 151 deny   ip 10.11.18.0 0.0.0.255 10.11.16.0 0.0.0.255
access-list 151 deny   ip 10.11.18.0 0.0.0.255 10.11.17.0 0.0.0.255
access-list 151 permit ip any any
access-list 152 permit tcp 10.11.19.0 0.0.0.255 host 10.7.1.101 eq www
access-list 152 permit tcp 10.11.19.0 0.0.0.255 host 10.7.1.101 eq 443
access-list 152 permit tcp 10.11.19.0 0.0.0.255 host 10.7.1.11 eq 8080
access-list 152 permit tcp 10.11.19.0 0.0.0.255 host 10.7.1.11 eq www
access-list 152 permit tcp 10.11.19.0 0.0.0.255 host 10.7.1.19 eq www
access-list 152 permit tcp 10.11.19.0 0.0.0.255 host 10.7.0.7 eq www
access-list 152 permit tcp 10.11.19.0 0.0.0.255 host 10.7.0.7 eq 8080
access-list 152 permit udp 10.11.19.0 0.0.0.255 host 10.7.1.3 eq domain
access-list 152 permit tcp 10.11.19.0 0.0.0.255 host 10.7.1.3 eq domain
access-list 152 permit tcp 10.11.19.0 0.0.0.255 host 10.7.0.3 eq 49335
access-list 152 permit tcp 10.11.19.0 0.0.0.255 10.7.7.0 0.0.0.255
access-list 152 permit udp 10.11.19.0 0.0.0.255 10.7.7.0 0.0.0.255
access-list 152 deny   ip 10.11.19.0 0.0.0.255 10.7.0.0 0.0.255.255
access-list 152 deny   ip 10.11.19.0 0.0.0.255 10.11.2.0 0.0.0.255
access-list 152 deny   ip 10.11.19.0 0.0.0.255 10.11.15.0 0.0.0.255
access-list 152 deny   ip 10.11.19.0 0.0.0.255 10.11.16.0 0.0.0.255
access-list 152 deny   ip 10.11.19.0 0.0.0.255 10.11.17.0 0.0.0.255
access-list 152 deny   ip 10.11.19.0 0.0.0.255 10.11.18.0 0.0.0.255
access-list 152 permit ip any any
access-list 153 permit ip 10.11.0.0 0.0.255.255 host 10.7.12.44
access-list 153 deny   ip 10.11.0.0 0.0.255.255 10.7.0.0 0.0.255.255
access-list 153 deny   ip 10.11.0.0 0.0.255.255 10.11.2.0 0.0.0.255
access-list 153 deny   ip 10.11.0.0 0.0.255.255 10.11.13.0 0.0.0.255
access-list 153 deny   ip 10.11.0.0 0.0.255.255 10.11.14.0 0.0.0.255
access-list 153 deny   ip 10.11.0.0 0.0.255.255 10.11.15.0 0.0.0.255
access-list 153 deny   ip 10.11.0.0 0.0.255.255 10.11.16.0 0.0.0.255
access-list 153 deny   ip 10.11.0.0 0.0.255.255 10.11.17.0 0.0.0.255
access-list 153 deny   ip 10.11.0.0 0.0.255.255 10.11.18.0 0.0.0.255
access-list 153 deny   ip 10.11.0.0 0.0.255.255 10.11.19.0 0.0.0.255
access-list 153 permit ip 10.11.20.0 0.0.1.255 host 10.7.12.44
access-list 153 deny   ip 10.11.20.0 0.0.1.255 10.7.0.0 0.0.255.255
access-list 153 deny   ip 10.11.20.0 0.0.1.255 10.11.2.0 0.0.0.255
access-list 153 deny   ip 10.11.20.0 0.0.1.255 10.11.13.0 0.0.0.255
access-list 153 deny   ip 10.11.20.0 0.0.1.255 10.11.14.0 0.0.0.255
access-list 153 deny   ip 10.11.20.0 0.0.1.255 10.11.15.0 0.0.0.255
access-list 153 deny   ip 10.11.20.0 0.0.1.255 10.11.16.0 0.0.0.255
access-list 153 deny   ip 10.11.20.0 0.0.1.255 10.11.17.0 0.0.0.255
access-list 153 deny   ip 10.11.20.0 0.0.1.255 10.11.18.0 0.0.0.255
access-list 153 deny   ip 10.11.20.0 0.0.1.255 10.11.19.0 0.0.0.255
snmp-server community public RO
snmp-server community private RO
snmp-server community csdr5 RW
snmp-server enable traps snmp authentication linkdown linkup coldstart warmstart
snmp-server enable traps vrrp
snmp-server enable traps tty
snmp-server enable traps flash insertion removal
snmp-server enable traps envmon
snmp-server enable traps icsudsu
snmp-server enable traps isdn call-information
snmp-server enable traps isdn layer2
snmp-server enable traps isdn chan-not-avail
snmp-server enable traps isdn ietf
snmp-server enable traps ds0-busyout
snmp-server enable traps ds1-loopback
snmp-server enable traps cnpd
snmp-server enable traps config-copy
snmp-server enable traps config
snmp-server enable traps entity
snmp-server enable traps frame-relay
snmp-server enable traps frame-relay subif
snmp-server enable traps hsrp
snmp-server enable traps ipmobile
snmp-server enable traps ipmulticast
snmp-server enable traps ospf state-change
snmp-server enable traps ospf errors
snmp-server enable traps ospf retransmit
snmp-server enable traps ospf lsa
snmp-server enable traps ospf cisco-specific state-change
snmp-server enable traps ospf cisco-specific errors
snmp-server enable traps ospf cisco-specific retransmit
snmp-server enable traps ospf cisco-specific lsa
snmp-server enable traps pim neighbor-change rp-mapping-change invalid-pim-messa
ge
snmp-server enable traps pppoe
snmp-server enable traps cpu threshold
snmp-server enable traps rsvp
snmp-server enable traps syslog
snmp-server enable traps l2tun session
snmp-server enable traps vtp
snmp-server enable traps atm subif
snmp-server enable traps isakmp policy add
snmp-server enable traps isakmp policy delete
snmp-server enable traps isakmp tunnel start
snmp-server enable traps isakmp tunnel stop
snmp-server enable traps ipsec cryptomap add
snmp-server enable traps ipsec cryptomap delete
snmp-server enable traps ipsec cryptomap attach
snmp-server enable traps ipsec cryptomap detach
snmp-server enable traps ipsec tunnel start
snmp-server enable traps ipsec tunnel stop
snmp-server enable traps ipsec too-many-sas
snmp-server enable traps rtr
snmp-server enable traps rf
snmp-server host 10.7.1.38 public
snmp-server host 10.7.1.38 v2c
route-map xxxxxxxxxx permit 10
 match ip address 120 125
 set ip next-hop 10.0.0.3
!
!
!
control-plane
!
!
!
line con 0
 exec-timeout 0 0
 stopbits 1
line aux 0
 stopbits 1
line vty 0 4
 password xxxxxx
 login
!
scheduler allocate 20000 1000
!
end

 

 

Thank you for any input

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Georg Pauwen
VIP
VIP

‎11-28-2017 02:13 PM

Hello,

 

I have used Cisco Active Advisor to convert your configuration, the result is almost identical. The converted configuration is attached (open in WordPad if possible):

 

View solution in original post

Preview file
13 KB
5 Replies 5

Go to solution
Georg Pauwen
VIP
VIP

‎11-28-2017 02:13 PM

Hello,

 

I have used Cisco Active Advisor to convert your configuration, the result is almost identical. The converted configuration is attached (open in WordPad if possible):

 

Preview file
13 KB

Go to solution
neofit.solovan
Level 1
Level 1

‎11-29-2017 07:02 AM

Hey,

 

You should be fine, just be sure service DHCP is enabled on the ISR. If disabled it will disable the ip-helper feature as well.

 

Good luck.

Go to solution
William Hoover
Level 1
Level 1
In response to neofit.solovan

‎11-29-2017 07:23 AM

Do I have to have it actually serving addresses? I have another device that does DHCP for the network.

 

Thanks!

 

0 Helpful

Go to solution
neofit.solovan
Level 1
Level 1
In response to William Hoover

‎11-29-2017 07:27 AM

I assume 10.7.1.3 is your dhcp server.

The router is only forwarding the requests to 10.7.1.3 - if you're using it, leave it there.

 

Go to solution
William Hoover
Level 1
Level 1
In response to neofit.solovan

‎11-29-2017 07:34 AM

OK so enable DHCP and as long as I don't set up any scopes and set the other DHCP server via ip helper it will be fine.

 

Thanks again!

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card