Cisco – How to create a vlan

ciscovlan

First question here. I am very new to Cisco systems – about 3 days worth of knowledge.

I am trying to migrate our configuration from our old router to our new router. Our new router is a Cisco 2900, and our old router is a 877m.

Here is a clip from our old router's running-config:

interface Vlan1
 description --- Office bound to fa0
 ip address 10.2.0.254 255.255.192.0
 ip nat inside
 ip virtual-reassembly

My understanding is that these vlans exist on this configuration simply as an alias to the "real" interfaces, to make it easier to swap them around if need be. I have successfully replicated all of the configuration into the new router except the creation of these vlans and the migration of the interface config to them.

So I've been trying to figure out how to create these vlans. I've been told I can create them with the vlan database command from admin mode. However this gives me a warning about this method being deprecated:

host#vlan database
% Warning: It is recommended to configure VLAN from config mode,
  as VLAN database mode is being deprecated. Please consult user
  documentation for configuring VTP/VLAN in config mode.

host(vlan)#

so then I tried to find out what commands to use in conf mode, and all I could find was posts like these, saying i simply use vlan 1: https://supportforums.cisco.com/discussion/9819021/vlan-database-deprecated But this does not work for me:

host(config)#vlan 1
                  ^
% Invalid input detected at '^' marker.

host(config)#vlan ?
  accounting  VLAN accounting configuration
  ifdescr     VLAN subinterface ifDescr

host(config)#vlan

Is there some module that I still need to install? Some other setting I need to enable? Or should I continue using vlan database even though it's deprecated?

Best Answer

It seems like there is some confusion going on here. While Cisco typically appears to try to avoid re-using product line numbering, there are exceptions (and possibly more recently). The 2900 ISR router series is one of them. It overlaps with an older switching product line, the Catalyst 2900 series.

To muddy the waters more, your current 800 ISR series router is a router with a switch built in, allowing it to support some switch commands in addition to the normal router commands. Specifically, IIRC (been a while since I configured one of these, maybe I can find one to play with later today) all the "LAN" ports are actually part of this switch and as such cannot be configured like a router interface.

The whole ISR series of routers is designed to provide functionality of multiple platforms into one integrated platform. As I understand the 2900 ISR platform, you will only have certain commands/features available if the associated hardware is installed and/or licensed. Specifically, to add VLANs like you are attempting, you would need to have one of the Gigabit EtherSwitch modules.

My best guess is that you don't have one of these modules installed in the router and you only really have router interfaces available. These will need to be configured differently than the configuration in your old router.

To confirm, you would have to provide more details in your question about the specifics of the hardware installed in your router.

Related Solutions

Cisco – Backing up Cisco router configuration – including ssh keys

(Examples performed on ISR 1921 G2)

Before we get into the details, I would suggest that instead of backing up your key, you just pull the new key from the new router and update your scripts. You will need to get onto the router without SSH to load the config/enable SSH anyways. This can be done with a script and console cable... you can even pull the new SSH public key out and update your scripts automatically (router#sh ip ssh). I think this is a more secure option. However to answer the question of backing up SSH keys:

You need to generate exportable keys for use with SSH and then export them to a PEM file with a password. Unfortunately the only two options for encrypting them are des and 3des.

Generate the key:

home-1921(config)#crypto key generate rsa general-keys exportable label example modulus 4096
The name for the keys will be: example                                          

% The key modulus size is 4096 bits                                             
% Generating 4096 bit RSA keys, keys will be exportable...                      
[OK] (elapsed time was 658 seconds)                                             

Jun 15 11:10:05.158: %SSH-5-ENABLED: SSH 1.99 has been enabled                  
home-1921(config)#

Assign to SSH if not already assigned:

home-1921(config)#ip ssh rsa keypair-name example                               
home-1921(config)#                                                              
Jun 15 11:11:22.467: %SSH-5-DISABLED: SSH 1.99 has been disabled                
Jun 15 11:11:22.467: %SSH-5-ENABLED: SSH 1.99 has been enabled

Export the key:

This will export the key to the terminal which can be saved to a file via script or manually.

home-1921(config)#$export rsa example pem terminal 3des somepassword            
% Key name: example                                                             
   Usage: General Purpose Key                                                   
   Key data:                                                                    
-----BEGIN PUBLIC KEY-----                                                      
MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAsWwtMdoyj/LKPzXRf53z                
8yhIkRAbODN6DXne8JH53PAwtgQ2FrPARvnjWsqWn2EgkHEMkZl5y5tZ0iLITCPf                
bK8pXC/9kiLC2VDGQLbHD57AN/+6+0CoXxGW4FtV1dW4tVzo0YafL3L0rrNY8Snk                
nPXUu89RxYu0rnJCJGv3VQ5DS/LMx7RcKdB0oKh5NxrzMGR5AXCtK0d5giHIu5o7                
UAO8Q0JHYjHVHTtk8tnK5jhSMT68e4GxtsNSAaf5iA2qXY0E4KSZ+NCQJzM7RKa/                
/Sj8wmSHRhGYwEzfVdh+Cp3SRjiNSF4nVcECSEsEo5XzhM+yMHUJWeXw18pVFfED                
koen7IRw9Sj+uw0pegIwS4D/eniv/SMfPgjVd6RIm2k35GiH59Y73Bufu23+TOoB                
siYsZcbQ3QFohe5ix08pTeyvNXl6d6WlZWsyUfl7B9qIf5dICOfxu22xsFkdd3UX                
URyQum/oQPBLEGAaX01vto+oRW/DYXnIz4GXchTVnZMPxk5NGA3Li6advTWT3Vb8                
rH0aDSdtybrg0wVyOhEPW9Kx5Kx8ycxisZ7dM9iryvxjNtmmhxn9FS2uSI6mnOmR                
aQOG44Jyn/ihzaYuAsfbxHvDnKQKIJtQoJtrbrgjAh93GT/HIyHRLz1iRwGwNwlj                
3GUBV1NsL+HVZN68GPOyHfkCAwEAAQ==                                                
-----END PUBLIC KEY-----                                                        
-----BEGIN RSA PRIVATE KEY-----                                                 
Proc-Type: 4,ENCRYPTED                                                          
DEK-Info: DES-EDE3-CBC,0243F61FBCFF9FFD                                         

i4lMwdfFZpC48ZFF3RnEOpLZzmv+vSgrHH6DGI/Gm1hB4KK+MC/a1TrrNbNzKPzY                
HFs74jLpGvYGb0jL5PbqrCL435F92h+N9SAkp4Tz8x78y4hUnM/2I9X9MhcGXJqE                
5U2r47KSYjUO+L41gWRDwwq7uZPXdJMEOr3JhJ6wv1UJx8BkxatmoZyeKMHIAcfQ                
JcwHnFnVZP3bNRYSwaMGemrfhg8HiT/JT3gUFj5d8r2pAouY8Vs9j4fM7EIn+CHz                
zGdZf9j3wIYOLjOhGLs7zABRmu4Ik7yv7iNqIOpZLMVegC9iQc6RMav8M3ivt+wU                
eNBR7+VLOYAz1J7bKEx1ZMk9XR4zdNTJlw+4UuYtXDDlW3OOsBFq/05mKPvaQWCE                
/NUrxSSEpgqaLJNJS5V4rgPKhSbg51GeIhkig+NkFIS7EtF/VCMXqaWd0lp7kYig                
3arRF0BdZXLsMDhZKmi1JA+rcmCSQIYVaBDc29SMs/Wou99vVazQIs2e1Dkl06Ia                
U7VeIwhEJykIl0MhBw+kwD3pNsiPth1xIg3DsDU+bq3gMNhcsl6Pj8FUP+PXdqaa                
HSGOy2tnYB60xxFv4vfRiW7JaFse9+uaesRiPDOC5YUx47yP65xEhiCmKMXD+9xU                
K/ZFYe9AvbJ4A65JjO/QQm5mg82cw5q4x/YQ1EC9T1w5kdjKJg9MkYoZmhHfttUZ                
2zuGBFm9FUiW5SnRRp4Pil0aTAMgj8uZaxUdq1nGfyJo2p7TTNXKsE8YMkSwu93p                
L914L64/bI2RLVQCciLZtVnVwAMffNpwtOJQzDDeUDI3i1ZItzehcsXXAWCN5xcQ                
+0lF6Q3KlrDNGZCtO8vrbDioaFT25ikdAlF0B+pnadetQkXlLs8xdBxxF9lUZjgw                
NqkbrYoY/c7Jf7dsWfC7fRqo3EjBxEFPwrdJJpvTtzgp4/Zk+dcHg0j4K2pFVMeT                
sZZzDaWlCaRoKw+OSh2KyzWjGKSzh/mm+cdp/4T+bbhUseRF6eGb0Qk0lMyQv3ja                
EE0GnyOYSlcavvIrqpx9v1iLEJLGWi58UiOASnzBlRh33nRqF+uoE5p6k/jgoUWC                
CccW2SfyEfXJDOg6fqGyKw3XjAJQ0/t1qWbiIXxtNjH8haO9OgWUn3pKI6PjZwQk                
6Eb5ow8WABZXb/pXJ/xjmLKjsmlxeqD31I2CaArV6hRCJoTKXkS2TWHCoHGRAPfL                
jrDBiFJ1+KVnCtuGN1kxRG6fyIMMyFBG7qEzNnHmNnLGP19XHvgSJe0QYNdrkFpZ                
iG+Kqz5bHcdEsucB0Efn/N7huu++R5XnSRYJnf6iPOTme6qwul3H1YQoaNNAbuch                
u98JaciIiSGLesBU4P28FEC4kesslKWcM8Z4GfvX//9zqkB6T1E5/jUs+x6YtPhp                
kMg9ZR195mP11E4MbgP9czk7HnK4Xgrns/DmXRdT1/d0dPtfng02jWjvOgNUQ1EJ                
ZvFd9ZN67nV4ZiDtcVi3756m7UEI2p/2431ecpigy2OUA+d8YKYEbAreMDE7W4Iq                
AlUalEiRmjwoerVIgQeB3oa2GElg2IN6llEa1UndI79ma13SJmgpLM+YUW+nS7k6                
COiuKllSbLBSF9s4+ErEXciAAJCGFi7kfFDB59whv1IbmDEGNAamB6oibCewbF0T                
xusyjhb2wA0KDq5C3ThlM5KU0g0ACSEuOl/A4AuubwxD7vvC6jiVFw/bCQrRJLJ6                
UuEcBTp0vEecdF12NtQWPpg/+K2PYBi7Yzzc8DZcF97afFmZAtnF3EFLJltywjjK                
qcGGCNyDj9MSBEnJigK7m0nYKjsOw5myt5LOhwWMr81OC7s6vgMBdf7qFCHiOUUB                
5MwpAzjGgaR85uYqCpCOmW5pjRpRptEocJPxeW6Uy+aFPAEQu92HvFjHk/tvefGX                
ttSsOPU5BC1J5xGZIoUfGPRFPYkjLauwQ34hGdQrbhJ3DrEe1pDAwd8/yIhzNp0o                
N8uZDWKegLPrRg1B6CvmY3+Axiz0ZJZ86LOLa67ZsEkbWpQoy4F8D+z131JFrRcK                
v0glY5b2GESUXtVxO668LqbmcO/eoDgBIhNvbrJT1QVgM/rr3poeeARGgff9OQ0i                
FpsA4yk4uOqS/TS4OfpG6ymneGao1tJfktXmiR37cpGfkKjHPvI5kE8/KTOZSdSk                
5RYjuCaWW363ysn7XA21Y9NiMYZesKCw8XdxVfVDZB6IphawYZ/a4cyvkYfD5HKw                
QeLE7Rv7fGhlUPPWr1WQZOBgnnmAZoxNxkPhC4S62WvdiJNmiIeLrmD50n22zukH                
aCj5S6sqXRuHdLB8FiZdi24s9tISBt0kAzK4bg3bvPoaqj3nSL8eirr1qWED/O+5                
xxjJrR7fgY0BdzbqU5gXK22o6PLGzlOIpgFep12dnoYUVL2igRJfTAGSHyMPeJpv                
e5mmAqxCz8FGgztZVP+v8MEkz/fDd/bIA0zkeA+0ugedbI/IkDkS25RdZkpvUpXH                
2+SNL1RJyoYT/uoShAuVv6y9uyvoojX9XNDVmLX10ip8tSsTVbJx97MPzNSaTABe                
Zbc5rgU4FJnUIIjb4igmccUrdW7ZknKk2cV9xRv7BHFYAl4hsitcsdKe8IPdX+2E                
WOXl2i2+ndUkzoqGlr4q8nOgAcr53Msjnn1ljasWHXDpeXRW+kraX+88UUmv9zEf                
T4gyl7shs/J24IlgHhJbqD5g10thG9esp8KvaxgeHyuBVpPniWWrecwajKFjfVKp                
J9EcxDXRUZH3c4jDIWxpKsGQFFsx9e7p286tcUXwGDBFkYOao9NOcyllltRq+ECH                
93Sc6hLp/Fd7hIAdZFbnjaemp2llA81cNKIVRUpJ4OyoVSOwhMp+j3m5SOmJdAxu                
SWcMKENRU6RSjqZOt15acOktCRRrMbLSxZY+fW+1g5IvA1j6mFiK57F569ouYZeP                
zvMgPgkDN/ATMd/RkHAWq5/EjeNmhey52XnHSqyAPmP4mX9qoaYtRYgBTGrKEFNo                
05V14xLunvGz+FEsqZ/IwSZYbYkGCpfczQWlRLnLkb8X7gbL/esfKfb3tSsbOluZ                
F/bAHniMg51uU2MmpspuWR+SzyWuabWiCkEq7lvXLTwdJGBYduaRH9u14bBCWUuA                
-----END RSA PRIVATE KEY-----                                                   

home-1921(config)#

Login test:

demo-mac:~ demo$ ssh demo@<cleared>.205
The authenticity of host '<cleared>.205 (<cleared>.205)' can't be established.
RSA key fingerprint is af:6e:a0:fa:c3:45:ab:2d:a9:60:84:fe:0b:96:de:cc.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added '<cleared>.205' (RSA) to the list of known hosts.
Password: 

home-1921#

Ok so we know it works... time to erase the NVRAM and restart.

home-1921#erase nvram:                                                          
Erasing the nvram filesystem will remove all configuration files! Continue? [co]
[OK]                                                                            
Erase of nvram: complete                                                        
home-1921#                                                                      
Jun 15 11:16:19.268: %SYS-7-NV_BLOCK_INIT: Initialized the geometry of nvram    
home-1921#reload                                                                

System configuration has been modified. Save? [yes/no]: no                      
Proceed with reload? [confirm]

Now we reconfigure the test router to allow SSH again:

Note: I am only generating a brand new key to demo that my terminal rejects the new key but then accepts the restored key. This step is unnecessary unless you're verifying that it works.

router>en                                                                       
router#conf t
Enter configuration commands, one per line.  End with CNTL/Z.
router(config)#int G0/0
router(config-if)#ip add <cleared>.205 255.255.255.0
router(config-if)#no shutdown 
router(config-if)#exit
router(config)#ip domain-name example.com
router(config)#aaa new-model
router(config)#aaa authen log def loc                                           
router(config)#aaa author exe def loc                                           
router(config)#username demo priv 15 sec demo                                   
router(config)#cry key gen rsa mod 4096                                         
The name for the keys will be: router.example.com                               

% The key modulus size is 4096 bits                                             
% Generating 4096 bit RSA keys, keys will be non-exportable...                  
[OK] (elapsed time was 117 seconds)                                             

Jun 15 11:17:55.247: %SSH-5-ENABLED: SSH 1.99 has been enabled                  
router(config)#

Now the rejection of the key:

demo-mac:~ demo$ ssh demo@<cleared>.205
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
@    WARNING: REMOTE HOST IDENTIFICATION HAS CHANGED!     @
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
IT IS POSSIBLE THAT SOMEONE IS DOING SOMETHING NASTY!
Someone could be eavesdropping on you right now (man-in-the-middle attack)!
It is also possible that a host key has just been changed.
The fingerprint for the RSA key sent by the remote host is
8c:62:d4:75:0f:4c:59:a8:81:d2:01:1b:68:9d:08:cb.
Please contact your system administrator.
Add correct host key in /Users/demo/.ssh/known_hosts to get rid of this message.
Offending RSA key in /Users/demo/.ssh/known_hosts:90
RSA host key for <cleared>.205 has changed and you have requested strict checking.
Host key verification failed.
demo-mac:~ demo$

Ok so lets restore the key and see what happens:

router(config)#$crypto key import rsa example-restored pem terminal somepassword           
% Enter PEM-formatted public General Purpose key or certificate.                
% End with a blank line or "quit" on a line by itself.                          
-----BEGIN PUBLIC KEY-----                                                      
MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAsWwtMdoyj/LKPzXRf53z                
8yhIkRAbODN6DXne8JH53PAwtgQ2FrPARvnjWsqWn2EgkHEMkZl5y5tZ0iLITCPf                
bK8pXC/9kiLC2VDGQLbHD57AN/+6+0CoXxGW4FtV1dW4tVzo0YafL3L0rrNY8Snk                
nPXUu89RxYu0rnJCJGv3VQ5DS/LMx7RcKdB0oKh5NxrzMGR5AXCtK0d5giHIu5o7                
UAO8Q0JHYjHVHTtk8tnK5jhSMT68e4GxtsNSAaf5iA2qXY0E4KSZ+NCQJzM7RKa/                
/Sj8wmSHRhGYwEzfVdh+Cp3SRjiNSF4nVcECSEsEo5XzhM+yMHUJWeXw18pVFfED                
koen7IRw9Sj+uw0pegIwS4D/eniv/SMfPgjVd6RIm2k35GiH59Y73Bufu23+TOoB                
siYsZcbQ3QFohe5ix08pTeyvNXl6d6WlZWsyUfl7B9qIf5dICOfxu22xsFkdd3UX                
URyQum/oQPBLEGAaX01vto+oRW/DYXnIz4GXchTVnZMPxk5NGA3Li6advTWT3Vb8                
rH0aDSdtybrg0wVyOhEPW9Kx5Kx8ycxisZ7dM9iryvxjNtmmhxn9FS2uSI6mnOmR                
aQOG44Jyn/ihzaYuAsfbxHvDnKQKIJtQoJtrbrgjAh93GT/HIyHRLz1iRwGwNwlj                
3GUBV1NsL+HVZN68GPOyHfkCAwEAAQ==                                                
-----END PUBLIC KEY-----                                                        

% Enter PEM-formatted encrypted private General Purpose key.                    
% End with "quit" on a line by itself.                                          
-----BEGIN RSA PRIVATE KEY-----                                                 
Proc-Type: 4,ENCRYPTED                                                          
DEK-Info: DES-EDE3-CBC,0243F61FBCFF9FFD                                         

i4lMwdfFZpC48ZFF3RnEOpLZzmv+vSgrHH6DGI/Gm1hB4KK+MC/a1TrrNbNzKPzY                
HFs74jLpGvYGb0jL5PbqrCL435F92h+N9SAkp4Tz8x78y4hUnM/2I9X9MhcGXJqE                
5U2r47KSYjUO+L41gWRDwwq7uZPXdJMEOr3JhJ6wv1UJx8BkxatmoZyeKMHIAcfQ                
JcwHnFnVZP3bNRYSwaMGemrfhg8HiT/JT3gUFj5d8r2pAouY8Vs9j4fM7EIn+CHz                
zGdZf9j3wIYOLjOhGLs7zABRmu4Ik7yv7iNqIOpZLMVegC9iQc6RMav8M3ivt+wU                
eNBR7+VLOYAz1J7bKEx1ZMk9XR4zdNTJlw+4UuYtXDDlW3OOsBFq/05mKPvaQWCE                
/NUrxSSEpgqaLJNJS5V4rgPKhSbg51GeIhkig+NkFIS7EtF/VCMXqaWd0lp7kYig                
3arRF0BdZXLsMDhZKmi1JA+rcmCSQIYVaBDc29SMs/Wou99vVazQIs2e1Dkl06Ia                
U7VeIwhEJykIl0MhBw+kwD3pNsiPth1xIg3DsDU+bq3gMNhcsl6Pj8FUP+PXdqaa                
HSGOy2tnYB60xxFv4vfRiW7JaFse9+uaesRiPDOC5YUx47yP65xEhiCmKMXD+9xU                
K/ZFYe9AvbJ4A65JjO/QQm5mg82cw5q4x/YQ1EC9T1w5kdjKJg9MkYoZmhHfttUZ                
2zuGBFm9FUiW5SnRRp4Pil0aTAMgj8uZaxUdq1nGfyJo2p7TTNXKsE8YMkSwu93p                
L914L64/bI2RLVQCciLZtVnVwAMffNpwtOJQzDDeUDI3i1ZItzehcsXXAWCN5xcQ                
+0lF6Q3KlrDNGZCtO8vrbDioaFT25ikdAlF0B+pnadetQkXlLs8xdBxxF9lUZjgw                
NqkbrYoY/c7Jf7dsWfC7fRqo3EjBxEFPwrdJJpvTtzgp4/Zk+dcHg0j4K2pFVMeT                
sZZzDaWlCaRoKw+OSh2KyzWjGKSzh/mm+cdp/4T+bbhUseRF6eGb0Qk0lMyQv3ja                
EE0GnyOYSlcavvIrqpx9v1iLEJLGWi58UiOASnzBlRh33nRqF+uoE5p6k/jgoUWC                
CccW2SfyEfXJDOg6fqGyKw3XjAJQ0/t1qWbiIXxtNjH8haO9OgWUn3pKI6PjZwQk                
6Eb5ow8WABZXb/pXJ/xjmLKjsmlxeqD31I2CaArV6hRCJoTKXkS2TWHCoHGRAPfL                
jrDBiFJ1+KVnCtuGN1kxRG6fyIMMyFBG7qEzNnHmNnLGP19XHvgSJe0QYNdrkFpZ                
iG+Kqz5bHcdEsucB0Efn/N7huu++R5XnSRYJnf6iPOTme6qwul3H1YQoaNNAbuch                
u98JaciIiSGLesBU4P28FEC4kesslKWcM8Z4GfvX//9zqkB6T1E5/jUs+x6YtPhp                
kMg9ZR195mP11E4MbgP9czk7HnK4Xgrns/DmXRdT1/d0dPtfng02jWjvOgNUQ1EJ                
ZvFd9ZN67nV4ZiDtcVi3756m7UEI2p/2431ecpigy2OUA+d8YKYEbAreMDE7W4Iq                
AlUalEiRmjwoerVIgQeB3oa2GElg2IN6llEa1UndI79ma13SJmgpLM+YUW+nS7k6                
COiuKllSbLBSF9s4+ErEXciAAJCGFi7kfFDB59whv1IbmDEGNAamB6oibCewbF0T                
xusyjhb2wA0KDq5C3ThlM5KU0g0ACSEuOl/A4AuubwxD7vvC6jiVFw/bCQrRJLJ6                
UuEcBTp0vEecdF12NtQWPpg/+K2PYBi7Yzzc8DZcF97afFmZAtnF3EFLJltywjjK                
qcGGCNyDj9MSBEnJigK7m0nYKjsOw5myt5LOhwWMr81OC7s6vgMBdf7qFCHiOUUB                
5MwpAzjGgaR85uYqCpCOmW5pjRpRptEocJPxeW6Uy+aFPAEQu92HvFjHk/tvefGX                
ttSsOPU5BC1J5xGZIoUfGPRFPYkjLauwQ34hGdQrbhJ3DrEe1pDAwd8/yIhzNp0o                
N8uZDWKegLPrRg1B6CvmY3+Axiz0ZJZ86LOLa67ZsEkbWpQoy4F8D+z131JFrRcK                
v0glY5b2GESUXtVxO668LqbmcO/eoDgBIhNvbrJT1QVgM/rr3poeeARGgff9OQ0i                
FpsA4yk4uOqS/TS4OfpG6ymneGao1tJfktXmiR37cpGfkKjHPvI5kE8/KTOZSdSk                
5RYjuCaWW363ysn7XA21Y9NiMYZesKCw8XdxVfVDZB6IphawYZ/a4cyvkYfD5HKw                
QeLE7Rv7fGhlUPPWr1WQZOBgnnmAZoxNxkPhC4S62WvdiJNmiIeLrmD50n22zukH                
aCj5S6sqXRuHdLB8FiZdi24s9tISBt0kAzK4bg3bvPoaqj3nSL8eirr1qWED/O+5                
xxjJrR7fgY0BdzbqU5gXK22o6PLGzlOIpgFep12dnoYUVL2igRJfTAGSHyMPeJpv                
e5mmAqxCz8FGgztZVP+v8MEkz/fDd/bIA0zkeA+0ugedbI/IkDkS25RdZkpvUpXH                
2+SNL1RJyoYT/uoShAuVv6y9uyvoojX9XNDVmLX10ip8tSsTVbJx97MPzNSaTABe                
Zbc5rgU4FJnUIIjb4igmccUrdW7ZknKk2cV9xRv7BHFYAl4hsitcsdKe8IPdX+2E                
WOXl2i2+ndUkzoqGlr4q8nOgAcr53Msjnn1ljasWHXDpeXRW+kraX+88UUmv9zEf                
T4gyl7shs/J24IlgHhJbqD5g10thG9esp8KvaxgeHyuBVpPniWWrecwajKFjfVKp                
J9EcxDXRUZH3c4jDIWxpKsGQFFsx9e7p286tcUXwGDBFkYOao9NOcyllltRq+ECH                
93Sc6hLp/Fd7hIAdZFbnjaemp2llA81cNKIVRUpJ4OyoVSOwhMp+j3m5SOmJdAxu                
SWcMKENRU6RSjqZOt15acOktCRRrMbLSxZY+fW+1g5IvA1j6mFiK57F569ouYZeP                
zvMgPgkDN/ATMd/RkHAWq5/EjeNmhey52XnHSqyAPmP4mX9qoaYtRYgBTGrKEFNo                
05V14xLunvGz+FEsqZ/IwSZYbYkGCpfczQWlRLnLkb8X7gbL/esfKfb3tSsbOluZ                
F/bAHniMg51uU2MmpspuWR+SzyWuabWiCkEq7lvXLTwdJGBYduaRH9u14bBCWUuA                
-----END RSA PRIVATE KEY-----                                                   
quit                                                                            
% Key pair import succeeded.                                                    

router(config)#

Now assign it to SSH again:

router(config)#ip ssh rsa keypair-name example-restored                         
router(config)#                                                                 
Jun 15 11:25:36.619: %SSH-5-DISABLED: SSH 1.99 has been disabled                
Jun 15 11:25:36.623: %SSH-5-ENABLED: SSH 1.99 has been enabled                  
router(config)#

And try logging in again:

demo-mac:~ demo$ ssh demo@<cleared>.205
Password: 

router#

All set!

EDIT: Note: When importing the key, make sure there are no extra spaces around the key info. If you copy and paste from a console, this may put trailing spaces on every line and you need to remove those before importing.

Cisco – Configure Cisco ASA in Transparent mode: Layer2 DMZ w/ Vlan translation

I don't have SUP7 to test, but it works on SUP6 and SUP32, I would presume SUP7 retains this functionality.

I've tested between JNPR M320 <-> SUP32, and 'vlan mapping JNPR SUP32' works just fine.

There is no need for QinQ, what the QinQ option does is it adds top tag to one particularly tag. So switchport vlan mapping 1042 dot1q-tunnel 42 would map incoming [1042] stack to [42 1042] stack. As opposed to switchport vlan mapping 1042 42 which maps incoming dot1q Vlan [1042] to dot1q Vlan [42].

JNPR M320 config:

{master}[edit interfaces ge-0/1/0 unit 1042]
user@m320# show 
vlan-id 1042;
family inet {
    address 10.42.42.1/24;
}
{master}[edit interfaces ge-0/1/0 unit 1042]
user@m320# run show interfaces ge-0/1/0               
Physical interface: ge-0/1/0, Enabled, Physical link is Up
  Interface index: 135, SNMP ifIndex: 506
  Description: B: SUP32 ge5/1
  Link-level type: Flexible-Ethernet, MTU: 9192, Speed: 1000mbps, BPDU Error: None,
  MAC-REWRITE Error: None, Loopback: Disabled, Source filtering: Disabled, Flow control: Disabled,
  Auto-negotiation: Enabled, Remote fault: Online
  Device flags   : Present Running
  Interface flags: SNMP-Traps Internal: 0x4000
  CoS queues     : 8 supported, 8 maximum usable queues
  Current address: 00:12:1e:d5:90:7f, Hardware address: 00:12:1e:d5:90:7f
  Last flapped   : 2013-02-19 09:14:29 UTC (19w6d 21:12 ago)
  Input rate     : 4560 bps (5 pps)
  Output rate    : 6968 bps (4 pps)
  Active alarms  : None
  Active defects : None
  Interface transmit statistics: Disabled

SUP32 config:

SUP32#show run int giga5/1
Building configuration...

Current configuration : 365 bytes
!
interface GigabitEthernet5/1
 description F: M320 ge-0/1/0
 switchport
 switchport trunk encapsulation dot1q
 switchport mode trunk
 switchport nonegotiate
 switchport vlan mapping enable
 switchport vlan mapping 1042 42
 mtu 9216
 bandwidth 1000000
 speed nonegotiate
 no cdp enable
 spanning-tree portfast edge trunk
 spanning-tree bpdufilter enable
end

SUP32#show ru int vlan42
Building configuration...

Current configuration : 61 bytes
!
interface Vlan42
 ip address 10.42.42.2 255.255.255.0
end

SUP32#sh int GigabitEthernet5/1 vlan mapping  
State: enabled
Original VLAN Translated VLAN
------------- ---------------
  1042           42  

SUP32#sh int vlan42                           
Vlan42 is up, line protocol is up 
  Hardware is EtherSVI, address is 0005.ddee.6000 (bia 0005.ddee.6000)
  Internet address is 10.42.42.2/24
  MTU 1500 bytes, BW 1000000 Kbit, DLY 10 usec, 
     reliability 255/255, txload 1/255, rxload 1/255
  Encapsulation ARPA, loopback not set
  Keepalive not supported
  ARP type: ARPA, ARP Timeout 04:00:00
  Last input 00:00:09, output 00:01:27, output hang never
  Last clearing of "show interface" counters never
  Input queue: 0/75/0/0 (size/max/drops/flushes); Total output drops: 0
  Queueing strategy: fifo
  Output queue: 0/40 (size/max)
  5 minute input rate 0 bits/sec, 0 packets/sec
  5 minute output rate 0 bits/sec, 0 packets/sec
  L2 Switched: ucast: 17 pkt, 1920 bytes - mcast: 0 pkt, 0 bytes
  L3 in Switched: ucast: 0 pkt, 0 bytes - mcast: 0 pkt, 0 bytes mcast
  L3 out Switched: ucast: 0 pkt, 0 bytes mcast: 0 pkt, 0 bytes
     38 packets input, 3432 bytes, 0 no buffer
     Received 21 broadcasts (0 IP multicasts)
     0 runts, 0 giants, 0 throttles 
     0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored
     26 packets output, 2420 bytes, 0 underruns
     0 output errors, 0 interface resets
     0 output buffer failures, 0 output buffers swapped out

And

SUP32#ping 10.42.42.1

Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 10.42.42.1, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 1/1/1 ms
SUP32#sh arp | i 10.42.42.1
Internet  10.42.42.1             12   0012.1ed5.907f  ARPA   Vlan42
SUP32#show mac address-table dynamic address 0012.1ed5.907f
Legend: * - primary entry
        age - seconds since last seen
        n/a - not available

  vlan   mac address     type    learn     age              ports
------+----------------+--------+-----+----------+--------------------------
Active Supervisor:
*  450  0012.1ed5.907f   dynamic  Yes          0   Gi5/1
*   50  0012.1ed5.907f   dynamic  Yes          0   Gi5/1
*   40  0012.1ed5.907f   dynamic  Yes          0   Gi5/1
*   42  0012.1ed5.907f   dynamic  Yes          5   Gi5/1


user@m320# run ping 10.42.42.2 count 2 
PING 10.42.42.2 (10.42.42.2): 56 data bytes
64 bytes from 10.42.42.2: icmp_seq=0 ttl=255 time=0.495 ms
64 bytes from 10.42.42.2: icmp_seq=1 ttl=255 time=0.651 ms

--- 10.42.42.2 ping statistics ---
2 packets transmitted, 2 packets received, 0% packet loss
round-trip min/avg/max/stddev = 0.495/0.573/0.651/0.078 ms

{master}[edit interfaces ge-0/1/0 unit 1042]
user@m320# run show arp no-resolve |match 10.42.42.2 
00:05:dd:ee:60:00 10.42.42.2      ge-0/1/0.1042        none

Best Answer

Related Solutions

Cisco – Backing up Cisco router configuration – including ssh keys

Cisco – Configure Cisco ASA in Transparent mode: Layer2 DMZ w/ Vlan translation

Related Topic