Something's gone wrong!An error ocurred performing that action. Please try refreshing the page.

FTTC VDSL on a Cisco 897VA

By Katy Nicholson, posted on 9 December, 2020

I've recently changed broadband to Fibre-to-the-cab (FTTC) VDSL connection. As I have a small data cab in the house I wanted a rack mount router instead of the ISP provided one, and I had a spare Cisco 897VA hanging around which is perfect for the job.

Unfortunately there isn't a web based config on this router so I've had to configure via terminal/SSH but it's not too difficult to get running on your VDSL connection.

Configuring the LAN

If you've already got your LAN configuration up and running and want to keep it then skip ahead.

First of all I did a factory reset on the router, to make sure there's nothing left from its previous use getting in the way.

Once reset you'll need to connect to the console - so you'll need a device with a serial port, or a USB to Serial converter. I use PuTTY to connect over serial console. The settings you need for this are:

  • 9600 baud
  • 8 data bits, no parity
  • 1 stop bit
  • No flow control

Once the router has booted, if it asks you about entering a configuration screen, say No. Now to start configuring, type enable and then conf, then hit enter to default to "terminal". You should now get a prompt that looks a little like Hostname(config)# - at this point you can type/paste in the configuration.

Once you've finished entering commands, you'll need to type exit to leave configuration mode, then write mem to commit the config to flash.

hostname cisco-router enable secret passwordhere username admin privilege 15 secret passwordhere ip domain-name interface Vlan1 ip address ip virtual-reassembly in exit ip access-list standard LAN permit exit

This will set up the host and domain name for the router, along with creating the admin user and also setting the enable mode password. We also create an interface for Vlan1 with as the IP address.

If you also want your router to provide DHCP, you'll need to do this to set up a scope, using Quad9 as the DNS server (you can set a different DNS server here if you wish).

ip dhcp pool LAN network dns-server default-router exit ip dhcp exluded-address

Configuring SSH

This step is optional but highly recommended so you don't have to use the serial console cable to do any configuration or monitoring tasks.

Again in configuration mode enter the following:

crypto key generate rsa modulus 2048 ip ssh version 2 ip access-list standard SSH permit exit line vty 0 4 access-class SSH in logging synchronous login local transport input ssh exit

If everything's worked you should be able to disconnect the serial console and connect using SSH to the router with the credentials set in the first step (admin/passwordhere)

Configuring the WAN

Again in configuration mode, you'll need to set up the VDSL interface, PPP settings and VLAN101 required. The detail provided by my ISP for this is that we need to use PPPoE and VLAN101, this appears to be standard across the FTTC product but I've only looked at a couple of different ISPs.

interface Ethernet0 no shutdown exit interface Ethernet0.101 description PPPoE VLAN101 encapsulation dot1Q 101 no ip redirects no ip proxy-arp ip virtual-reassembly in pppoe enable group global pppoe-client dial-pool-number 1 exit interface Dialer0 mtu 1500 ip address negotiated no ip redirects no ip unreachables no ip proxy-arp ip virtual-reassembly in encapsulation ppp ip tcp adjust-mss 1452 dialer pool 1 dialer-group 1 ppp authentication pap chap ms-chap callin ppp chap hostname [email protected] ppp chap password passwordhere ppp ipcp address accept exit ip forward-protocol nd ip route Dialer0

I initially used an MTU of 1492 and this was giving me about 55Mbps downstream, 20Mbps upstream, but as I can see the FTTC cabinet from the front of the house it's obviously capable of more. Putting this up to 1500 I'm getting 75Mbps downstream, 20Mbps upstream which is much better. I've set up two connections with this method but only one of the routers would accept an MTU greater than 1492 - I'm not sure why although it was running a slightly newer version of IOS, or whether this is limited by the software on the router or by whether the other end of the connection will accept it - the two connections I set up were in different towns and off different exchanges and cabs.

You'll need the username and password to authenticate the PPP session with your ISP - in my case the username is the phone number, then "@" followed by the ISP's domain name. You may need to contact your ISP if you don't have these handy.

Now with any luck your router will establish a connection. You can check this by running sh ip int brief at the standard (not configuration mode) prompt. If you've got it right it will look like the below, showing whatever public IP address has been assigned by your ISP:

You can also run sh controller vdsl 0 to view the VDSL modem stats - sync rate etc:

Try pinging to check the connection is working - at the prompt just type ping

Configuring NAT

Our last step is to configure Network Address Translation - NAT - so that you can access the Internet from devices on the network. Again in configuration mode:

interface Dialer0 ip nat outside exit interface Vlan1 ip nat inside exit ip nat pool LAN netmask ip nat inside source list LAN interface Dialer0 overload

Now from a device on the network try to browse the Internet. Hopefully it will work, and if you run sh ip nat translations it will show a list of address mappings.

If it doesn't work you may need to try changing the NAT to apply to Ethernet0.101 rather than Dialer0 - back in config mode just run:

no ip nat inside source list LAN interface Dialer0 overload ip nat inside source list LAN interface Ethernet0.101 overload

When you've got it working how you want, don't forget to write the configuration to the flash memory by running write mem at the prompt.

Further reading and Credits

In this post

Support My Work

I hope you find my content useful. Please consider tipping to support the running costs of hosting, licensing etc on my Ko-fi page.

Support me on Ko-fi