I’ve recently changed broadband to Fibre-to-the-cab (FTTC) VDSL connection. As I have a small data cab in the house I wanted a rack mount router instead of the ISP provided one, and I had a spare Cisco 897VA hanging around which is perfect for the job.
Unfortunately there isn’t a web based config on this router so I’ve had to configure via terminal/SSH but it’s not too difficult to get running on your VDSL connection.
Step 1: Configuring the LAN
If you’ve already got your LAN configuration up and running and want to keep it then skip ahead.
First of all I did a factory reset on the router, to make sure there’s nothing left from its previous use getting in the way.
Once reset you’ll need to connect to the console – so you’ll need a device with a serial port, or a USB to Serial converter. I use PuTTY to connect over serial console. The settings you need for this are:
- 9600 baud
- 8 data bits, no parity
- 1 stop bit
- No flow control
Once the router has booted, if it asks you about entering a configuration screen, say No.
Now to start configuring, type enable and then conf, then hit enter to default to “terminal”. You should now get a prompt that looks a little like Hostname(config)# – at this point you can type/paste in the configuration.
Once you’ve finished entering commands, you’ll need to type exit to leave configuration mode, then write mem to commit the config to flash.
hostname cisco-router enable secret passwordhere username admin privilege 15 secret passwordhere ip domain-name lan.katystech.blog interface Vlan1 ip address 192.168.0.253 255.255.255.0 ip virtual-reassembly in exit ip access-list standard LAN permit 192.168.0.0 0.0.0.255 exit
This will set up the host and domain name for the router, along with creating the admin user and also setting the enable mode password. We also create an interface for Vlan1 with 192.168.0.253 as the IP address.
If you also want your router to provide DHCP, you’ll need to do this to set up a scope 192.168.0.0/24, using Quad9 as the DNS server (you can set a different DNS server here if you wish).
ip dhcp pool LAN network 192.168.0.0 255.255.255.0 dns-server 188.8.131.52 default-router 192.168.0.253 exit ip dhcp exluded-address 192.168.0.253
Step 2: Configuring SSH
This step is optional but highly recommended so you don’t have to use the serial console cable to do any configuration or monitoring tasks.
Again in configuration mode enter the following:
crypto key generate rsa modulus 2048 ip ssh version 2 ip access-list standard SSH permit 192.168.0.0 0.0.0.255 exit line vty 0 4 access-class SSH in logging synchronous login local transport input ssh exit
If everything’s worked you should be able to disconnect the serial console and connect using SSH to the router with the credentials set in the first step (admin/passwordhere)
Step 3: Configuring the WAN
Again in configuration mode, you’ll need to set up the VDSL interface, PPP settings and VLAN101 required. The detail provided by my ISP for this is that we need to use PPPoE and VLAN101, this appears to be standard across the FTTC product but I’ve only looked at a couple of different ISPs.
interface Ethernet0.101 description PPPoE VLAN101 encapsulation dot1Q 101 no ip redirects no ip proxy-arp ip virtual-reassembly in pppoe enable groupd global pppoe-client dial-pool-number 1 exit interface Dialer0 mtu 1492 ip address negotiated no ip redirects no ip unreachables no ip proxy-arp ip virtual-reassembly in encapsulation ppp ip tcp adjust-mss 1452 dialer pool 1 dialer-group 1 ppp authentication pap chap ms-chap callin ppp chap hostname email@example.com ppp chap password passwordhere ppp ipcp address accept exit ip forward-protocol nd ip route 0.0.0.0 0.0.0.0 Dialer0
You’ll need the username and password to authenticate the PPP session with your ISP – in my case the username is the phone number, then “@” followed by the ISP’s domain name. You may need to contact your ISP if you don’t have these handy.
Now with any luck your router will establish a connection. You can check this by running sh ip int brief at the standard (not configuration mode) prompt. If you’ve got it right it will look like the below, showing whatever public IP address has been assigned by your ISP:
You can also run sh controller vdsl 0 to view the VDSL modem stats – sync rate etc:
Try pinging to check the connection is working – at the prompt just type ping 184.108.40.206.
Step 4: Configuring NAT
Our last step is to configure Network Address Translation – NAT – so that you can access the Internet from devices on the network. Again in configuration mode:
interface Dialer0 ip nat outside exit interface Vlan1 ip nat inside exit ip nat pool LAN 192.168.0.0 192.168.0.254 netmask 255.255.255.0 ip nat inside source list LAN interface Dialer0 overload
Now from a device on the network try to browse the Internet. Hopefully it will work, and if you run sh ip nat translations it will show a list of address mappings.
If it doesn’t work you may need to try changing the NAT to apply to Ethernet0.101 rather than Dialer0 – back in config mode just run:
no ip nat inside source list LAN interface Dialer0 overload ip nat inside source list LAN interface Ethernet0.101 overload
When you’ve got it working how you want, don’t forget to write the configuration to the flash memory by running write mem at the prompt.
I’ve used a blog post I found on PlusNet for getting the PPPoE details working properly.