Cisco 887VA-M – vDSL2 PPPoE Example Configuration

Overview

After spending quite a bit of time getting my Cisco VDSL router working with PPPoE I though others might benefit from an example configuration, please read through and tune the configuration to match your requirements.

 
Basically this will setup the vDSL connection and obtain an IP address from your ISP using PPPoE CHAP authentication, the 192.168.0.0/24 range will be used on the inside network and DHCP will handout IP’s within the range 192.168.0.6-99/24, the router will take the address 192.168.0.1 and perform PAT based NAT on any outbound traffic.

Configuration

no service pad
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
service internal
!
hostname HOME-GW-1
!
boot-start-marker
boot-end-marker
!
!
logging buffered 4096
enable secret {PASSWORD-GOES-HERE}
enable password {PASSWORD-GOES-HERE}
!
aaa new-model
!
!
aaa authentication login default local
!
!
!
!
!
aaa session-id common
memory-size iomem 10
clock timezone gmt 0 0
clock summer-time BST recurring last Sun Mar 2:00 last Sun Oct 3:00
crypto pki token default removal timeout 0
!
!
no ip source-route
!
!
!
ip dhcp excluded-address 192.168.0.0 192.168.0.5
ip dhcp excluded-address 192.168.0.100 192.168.0.255
!
ip dhcp pool 10
 import all
 network 192.168.0.0 255.255.255.0
 ! Change to your ISP DNS
 dns-server 8.8.8.8 4.2.2.2 
 default-router 192.168.0.1 
!
!
ip cef
! Change to your ISP DNS
ip name-server 8.8.8.8
ip name-server 4.2.2.2
ip inspect WAAS flush-timeout 10
ipv6 cef
!
!
!
archive
 log config
  logging enable
  logging size 500
  hidekeys
username {username} secret {password}
!
!
!
!
controller VDSL 0
 operating mode vdsl2
 modem customUKAnnexM
 modem customUKAnnexA
 modem UKfeature
!
ip ssh version 2
! 
!
!
!
!
!
bba-group pppoe global
!
!
interface Ethernet0
 no ip address
 pppoe-client dial-pool-number 1
!
interface ATM0
 no ip address
 shutdown
 no atm ilmi-keepalive
!
interface FastEthernet0
 description Link-to-Dist-Switch
 no ip address
 duplex full
 speed 100
!
interface FastEthernet1
 no ip address
!
interface FastEthernet2
 no ip address
!
interface FastEthernet3
 no ip address
!
interface Vlan1
 ip address 192.168.0.1 255.255.255.0
 ip nat inside
 no ip virtual-reassembly in
 ip tcp adjust-mss 1452
!
interface Dialer1
 description vDSL
 mtu 1492
 ip address negotiated
 no ip redirects
 no ip unreachables
 no ip proxy-arp
 ip nat outside
 no ip virtual-reassembly in
 encapsulation ppp
 dialer pool 1
 dialer idle-timeout 0
 dialer-group 1
 ppp authentication chap pap callin
 ppp chap hostname {ISP-USERNAME-HERE}
 ppp chap password 0 {ISP-PASSWORD-HERE}
 ppp pap sent-username {ISP-USERNAME-HERE} password 0 {ISP-PASSWORD-HERE}
 ppp ipcp dns request accept
 ppp ipcp route default
 ppp ipcp address accept
 no cdp enable
!
no ip forward-protocol nd
no ip http server
no ip http secure-server
!
ip dns server
ip nat inside source list 10 interface Dialer1 overload
!
access-list 10 permit 192.168.0.0 0.0.0.255
access-list 10 remark nat-pool
access-list 23 permit 192.168.0.0 0.0.0.255
access-list 23 remark vty
access-list 23 deny   any log
dialer-list 1 protocol ip permit
!
!
!
!
!
!
!
ipv6 access-list ipv6_deny
 deny ipv6 any any
!
ipv6 access-list V6-FILTER
 permit icmp any any
 deny ipv6 any any log
banner login ^CC
THIS IS A PRIVATE SYSTEM. UNAUTHORISED ACCESS IS NOT
PERMITTED AND OFFENDERS ARE LIABLE TO PROSECUTION.

YOUR IP HAS BEEN LOGGED AND AN ALERT GENERATED
^C
!
line con 0
 logging synchronous
line aux 0
line vty 0 4
 access-class 23 in
 ipv6 access-class ipv6_deny in
 transport input telnet
 escape-character 3
!
scheduler max-task-time 5000
ntp server {YOUR-NTP-Server}
end

Technology enthusiastic with many ongoing online projects one of which is this personal blog PingBin. While also working full time within a data center designing and maintaining the network infrastructure.

2 comments On Cisco 887VA-M – vDSL2 PPPoE Example Configuration

  • i have configured my router according to that example given but im still not receiving packets just sending getting none in return

  • I have copied this into word pad and put in my details but my router is now asking for a username and password that I don’t have.

    I have since found out that this is for TACACS. Why did you put that into the config??!

    I am not permanently locked out of my router, unless you can advise how to delete the config. Going into Rommon mode doesn’t delete.

Leave a reply:

Your email address will not be published.