FTTC VDSL on a Cisco 897VA

I’ve recently changed broadband to Fibre-to-the-cab (FTTC) VDSL connection. As I have a small data cab in the house I wanted a rack mount router instead of the ISP provided one, and I had a spare Cisco 897VA hanging around which is perfect for the job.

Unfortunately there isn’t a web based config on this router so I’ve had to configure via terminal/SSH but it’s not too difficult to get running on your VDSL connection.

Step 1: Configuring the LAN

If you’ve already got your LAN configuration up and running and want to keep it then skip ahead.

First of all I did a factory reset on the router, to make sure there’s nothing left from its previous use getting in the way.

Once reset you’ll need to connect to the console – so you’ll need a device with a serial port, or a USB to Serial converter. I use PuTTY to connect over serial console. The settings you need for this are:

  • 9600 baud
  • 8 data bits, no parity
  • 1 stop bit
  • No flow control

Once the router has booted, if it asks you about entering a configuration screen, say No.
Now to start configuring, type enable and then conf, then hit enter to default to “terminal”. You should now get a prompt that looks a little like Hostname(config)# – at this point you can type/paste in the configuration.

Once you’ve finished entering commands, you’ll need to type exit to leave configuration mode, then write mem to commit the config to flash.

hostname cisco-router
enable secret passwordhere
username admin privilege 15 secret passwordhere
ip domain-name lan.katystech.blog
interface Vlan1
ip address
ip virtual-reassembly in
ip access-list standard LAN

This will set up the host and domain name for the router, along with creating the admin user and also setting the enable mode password. We also create an interface for Vlan1 with as the IP address.

If you also want your router to provide DHCP, you’ll need to do this to set up a scope, using Quad9 as the DNS server (you can set a different DNS server here if you wish).

ip dhcp pool LAN
ip dhcp exluded-address

Step 2: Configuring SSH

This step is optional but highly recommended so you don’t have to use the serial console cable to do any configuration or monitoring tasks.

Again in configuration mode enter the following:

crypto key generate rsa modulus 2048
ip ssh version 2
ip access-list standard SSH
line vty 0 4
access-class SSH in
logging synchronous
login local
transport input ssh

If everything’s worked you should be able to disconnect the serial console and connect using SSH to the router with the credentials set in the first step (admin/passwordhere)

Step 3: Configuring the WAN

Again in configuration mode, you’ll need to set up the VDSL interface, PPP settings and VLAN101 required. The detail provided by my ISP for this is that we need to use PPPoE and VLAN101, this appears to be standard across the FTTC product but I’ve only looked at a couple of different ISPs.

interface Ethernet0.101
description PPPoE VLAN101
encapsulation dot1Q 101
no ip redirects
no ip proxy-arp
ip virtual-reassembly in
pppoe enable groupd global
pppoe-client dial-pool-number 1
interface Dialer0
mtu 1492
ip address negotiated
no ip redirects
no ip unreachables
no ip proxy-arp
ip virtual-reassembly in
encapsulation ppp
ip tcp adjust-mss 1452
dialer pool 1
dialer-group 1
ppp authentication pap chap ms-chap callin
ppp chap hostname 01234567890@isp.net
ppp chap password passwordhere
ppp ipcp address accept
ip forward-protocol nd
ip route Dialer0

You’ll need the username and password to authenticate the PPP session with your ISP – in my case the username is the phone number, then “@” followed by the ISP’s domain name. You may need to contact your ISP if you don’t have these handy.

Now with any luck your router will establish a connection. You can check this by running sh ip int brief at the standard (not configuration mode) prompt. If you’ve got it right it will look like the below, showing whatever public IP address has been assigned by your ISP:
You can also run sh controller vdsl 0 to view the VDSL modem stats – sync rate etc:

Try pinging to check the connection is working – at the prompt just type ping

Step 4: Configuring NAT

Our last step is to configure Network Address Translation – NAT – so that you can access the Internet from devices on the network. Again in configuration mode:

interface Dialer0
ip nat outside
interface Vlan1
ip nat inside
ip nat pool LAN netmask
ip nat inside source list LAN interface Dialer0 overload

Now from a device on the network try to browse the Internet. Hopefully it will work, and if you run sh ip nat translations it will show a list of address mappings.

If it doesn’t work you may need to try changing the NAT to apply to Ethernet0.101 rather than Dialer0 – back in config mode just run:

no ip nat inside source list LAN interface Dialer0 overload
ip nat inside source list LAN interface Ethernet0.101 overload

When you’ve got it working how you want, don’t forget to write the configuration to the flash memory by running write mem at the prompt.

I’ve used a blog post I found on PlusNet for getting the PPPoE details working properly.

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.