Cisco 800 Series VDSL2 configuration
Cisco 800 Series VDSL2 configuration

Cisco 800 Series VDSL2 configuration

This guide covers getting a Cisco 800 series router up and running on a VDSL2 internet connection. In this guide, an 887-VA router running IOS 15.7 is used.
Before starting, the following should have already been configured on the device:
  • Hostname
  • User accounts/passwords
  • SSH v2
  • Clock/Timezone/NTP
  • SNMP and Logging
  • Login Banners

Local VLAN

Create a local VLAN interface and assign an IP address.
interface Vlan100
 description SITE_DATA
 ip address 192.168.1.1 255.255.255.0
 ip nat inside
 ip virtual-reassembly in
Setup DHCP if using the router as DHCP server for the site
ip dhcp excluded-address 192.168.1.1
!
ip dhcp pool SITE
 network 192.168.1.0 255.255.255.0
 dns-server 208.67.220.220
 default-router 192.168.1.1
Add the four fast ethernet ports to the VLAN
interface FastEthernet0-3
 description SITE_DATA_VLAN
 switchport access vlan 100
 no ip address
 spanning-tree portfast

Access Control Lists

We will need two access control lists. The first is used to allow inbound connections (for example, remote management or site-to-site VPN)
ip access-list extended OUTSIDE_IN
 permit tcp host 1.1.1.1 any eq 22
The second is needed for applying NAT when connecting to public IP’s
ip access-list extended NAT
 deny   ip 192.168.1.0 0.0.0.255 192.168.0.0 0.0.255.255
 deny   ip 192.168.1.0 0.0.0.255 10.0.0.0 0.255.255.255
 permit ip 192.168.1.0 0.0.0.255 any
We also need to inspect outbound traffic to build a dynamic ACL that will act as a stateful firewall.
ip inspect name FW http
ip inspect name FW https
ip inspect name FW udp
ip inspect name FW tcp

Dialer Interface

Create the dialer interface
interface Dialer1
 description VDSL_LINE
 bandwidth 20000
 ip address negotiated
 ip access-group OUTSIDE_IN in
 ip mtu 1478
 ip nat outside
 ip inspect FW out
 ip virtual-reassembly in
 encapsulation ppp
 dialer pool 1
 dialer-group 1
 ppp authentication chap callin
 ppp chap hostnameusername@ISP.com
 ppp chap password  PASSWORD
 ppp ipcp route default
 no cdp enable
!
dialer-list 1 protocol ip permit

NAT

We will NAT any traffic that matches the ACL we created earlier with the public IP on the Dialer1 interface.
ip nat inside source list NAT interface Dialer1 overload

VDSL Controller

By default, the VDSL controller will be in auto mode. If it tries to sync in ADSL2+ mode, you can force it to use VDSL2 mode.
controller VDSL 0
 operating mode vdsl2
VDSL2 mode doesn’t support PPPoA, so we will need to shut down the ATM interface. You will need to get the ISP to change the service to PPPoE if they have provided PPPoA connection details.
interface ATM0
 shutdown
Then we can configure the ethernet interface on the VDSL controller to use the dialer interface to connect.
interface Ethernet0
 no ip address
 ip tcp adjust-mss 1412
 pppoe enable group global
 pppoe-client dial-pool-number 1
You should now have an internet connection. If you have issues syncing then you may need to try installing a different firmware version on the controller.