Cisco 800 Series VDSL2 configuration
This guide covers getting a Cisco 800 series router up and running on a VDSL2 internet connection. In this guide, an 887-VA router running IOS 15.7 is used.
Before starting, the following should have already been configured on the device:
- Hostname
- User accounts/passwords
- SSH v2
- Clock/Timezone/NTP
- SNMP and Logging
- Login Banners
Local VLAN
Create a local VLAN interface and assign an IP address.
interface Vlan100
description SITE_DATA
ip address 192.168.1.1 255.255.255.0
ip nat inside
ip virtual-reassembly inSetup DHCP if using the router as DHCP server for the site
ip dhcp excluded-address 192.168.1.1
!
ip dhcp pool SITE
network 192.168.1.0 255.255.255.0
dns-server 208.67.220.220
default-router 192.168.1.1Add the four fast ethernet ports to the VLAN
interface FastEthernet0-3
description SITE_DATA_VLAN
switchport access vlan 100
no ip address
spanning-tree portfastAccess Control Lists
We will need two access control lists. The first is used to allow inbound connections (for example, remote management or site-to-site VPN)
ip access-list extended OUTSIDE_IN
permit tcp host 1.1.1.1 any eq 22The second is needed for applying NAT when connecting to public IP’s
ip access-list extended NAT
deny ip 192.168.1.0 0.0.0.255 192.168.0.0 0.0.255.255
deny ip 192.168.1.0 0.0.0.255 10.0.0.0 0.255.255.255
permit ip 192.168.1.0 0.0.0.255 anyWe also need to inspect outbound traffic to build a dynamic ACL that will act as a stateful firewall.
ip inspect name FW http
ip inspect name FW https
ip inspect name FW udp
ip inspect name FW tcpDialer Interface
Create the dialer interface
interface Dialer1
description VDSL_LINE
bandwidth 20000
ip address negotiated
ip access-group OUTSIDE_IN in
ip mtu 1478
ip nat outside
ip inspect FW out
ip virtual-reassembly in
encapsulation ppp
dialer pool 1
dialer-group 1
ppp authentication chap callin
ppp chap hostname username@ISP.com
ppp chap password PASSWORD
ppp ipcp route default
no cdp enable
!
dialer-list 1 protocol ip permitNAT
We will NAT any traffic that matches the ACL we created earlier with the public IP on the Dialer1 interface.
ip nat inside source list NAT interface Dialer1 overloadVDSL Controller
By default, the VDSL controller will be in auto mode. If it tries to sync in ADSL2+ mode, you can force it to use VDSL2 mode.
controller VDSL 0
operating mode vdsl2VDSL2 mode doesn’t support PPPoA, so we will need to shut down the ATM interface. You will need to get the ISP to change the service to PPPoE if they have provided PPPoA connection details.
interface ATM0
shutdownThen we can configure the ethernet interface on the VDSL controller to use the dialer interface to connect.
interface Ethernet0
no ip address
ip tcp adjust-mss 1412
pppoe enable group global
pppoe-client dial-pool-number 1You should now have an internet connection. If you have issues syncing then you may need to try installing a different firmware version on the controller.
