Cisco 800 Series VDSL2 basic configuration

 

This guide covers setting up a Cisco 800 series router on a VDSL2 internet connection. In this guide, an 887-VA router running IOS 15.7 is used.

Local VLAN

Create a local VLAN interface and assign an IP address.

interface Vlan100

    description SITE_DATA

    ip address 192.168.1.1 255.255.255.0

    ip nat inside

    ip virtual-reassembly in

Set up a DHCP pool if you are using the router as the DHCP server for the site

ip dhcp excluded-address 192.168.1.1

!

ip dhcp pool SITE

    network 192.168.1.0 255.255.255.0

    dns-server 208.67.220.220 

    default-router 192.168.1.1

Add the four Fast Ethernet ports to the VLAN

interface FastEthernet0-3

    description SITE_DATA_VLAN

    switchport access vlan 100

    no ip address

    spanning-tree portfast

Access Control Lists

We will need two access control lists. The first is used to allow inbound connections (for example, remote management or site-to-site VPN)

ip access-list extended OUTSIDE_IN

    permit tcp host 1.1.1.1 any eq 22

The second is needed for applying NAT when connecting to public IPs

ip access-list extended NAT

    deny ip 192.168.1.0 0.0.0.255 192.168.0.0 0.0.255.255

    deny ip 192.168.1.0 0.0.0.255 10.0.0.0 0.255.255.255

    permit ip 192.168.1.0 0.0.0.255 any

We also need to inspect outbound traffic to build a dynamic ACL that will act as a stateful firewall.

ip inspect name FW http

ip inspect name FW https

ip inspect name FW udp

ip inspect name FW tcp

Dialer Interface

Create the dialer interface.

interface Dialer1

    description VDSL_LINE

    bandwidth 20000

    ip address negotiated

    ip access-group OUTSIDE_IN in

    ip mtu 1478

    ip nat outside

    ip inspect FW out

    ip virtual-reassembly in

    encapsulation ppp

    dialer pool 1

    dialer-group 1

    ppp authentication chap callin

    ppp chap hostname username@ISP.com

    ppp chap password  PASSWORD

    ppp ipcp route default

    no cdp enable

!

dialer-list 1 protocol ip permit

NAT

We will NAT any traffic that matches the ACL we created earlier, using a public IP address on the Dialer1 interface.

ip nat inside source list NAT interface Dialer1 overload

VDSL Controller

By default, the VDSL controller will be in auto mode. If it tries to sync in ADSL2+ mode, you can force it to use VDSL2 mode.

controller VDSL 0

    operating mode vdsl2

VDSL2 mode doesn’t support PPPoA, so we will need to shut down the ATM interface.

interface ATM0

    shutdown

Then, we can configure the Ethernet interface on the VDSL controller to use the dialer interface for connection.

interface Ethernet0

    no ip address

    ip tcp adjust-mss 1412

    pppoe enable group global

    pppoe-client dial-pool-number 1

You should now have an internet connection. If you experience issues syncing, try installing a different firmware version on the controller.