Geekzone: technology news, blogs, forums
Guest
Welcome Guest.
You haven't logged in yet. If you don't have an account you can register now.


ForumsSpark New Zealand (including Skinny and BigPipe)867VAE Config....?
davemc

38 posts

Geek


#150895 6-Aug-2014 21:36
Send private message

Can anyone share a working, secure, reliable config for a Cisco 867VAE on VDSL on Telecom/Xtra

I've got it sort of working, but it's not secure, and not very polished.  A mongrel of bits copied from around the net.

Here's what I have so far.

 

version 15.2
 
no service pad
 
service timestamps debug datetime msec
 
service timestamps log datetime msec
 
no service password-encryption
 
!
 
hostname cisco860router
 
!
 
boot-start-marker
 
boot-end-marker
 
!
 
!
 
logging buffered 51200 warnings
 
!
 
no aaa new-model
 
wan mode dsl
 
clock timezone NZST 12 0
 
!
 
!
 
!
 
ip dhcp excluded-address 192.168.1.240 192.168.1.254
 
!
 
ip dhcp pool dynamic
 
 import all
 
 ! doesnt seem to import the Dialer0 isp DNS server, maybe pppoe doesnt count as dhcp
 
 ! show ip dhcp import
 
 network 192.168.1.0 255.255.255.0                                                                                         
 
 default-router 192.168.1.254                                                                                              
 
 dns-server 122.56.237.1 210.55.111.1                                                                                      
 
 ! manually entered
 
 lease 0 2                                                                                                                 
 
!                                                                                                                          
 
ip dhcp pool staticphone                                                                                                   
 
 import all                                                                                                                
 
 host 192.168.1.246 255.255.255.0                                                                                          
 
 client-identifier 0156.789c.c32a.29                                                                                       
 
 default-router 192.168.1.254                                                                                              
 
 dns-server 122.56.237.1 210.55.111.1                                                                                      
 
!                                                                                                                          
 
ip dhcp pool staticfirewall                                                                                                
 
 import all                                                                                                                
 
 host 192.168.1.252 255.255.255.0                                                                                          
 
 client-identifier 01d2.21cb.4567.89                                                                                       
 
 default-router 192.168.1.254                                                                                              
 
 dns-server 122.56.237.1 210.55.111.1                                                                                      
 
!                                                                                                                          
 
!                                                                                                                          
 
!                                                                                                                          
 
ip domain name dmz.somecompany.co.nz                                                                                               
 
ip name-server 122.56.237.1                                                                                                
 
ip name-server 210.55.111.1                                                                                                
 
ip cef                                                                                                                     
 
no ipv6 cef                                                                                                                
 
!                                                                                                                          
 
!                                                                                                                          
 
!                                                                                                                          
 
!                                                                                                                          
 
crypto pki trustpoint TP-self-signed-3389330311                                                                            
 
 enrollment selfsigned                                                                                                     
 
 subject-name cn=IOS-Self-Signed-Certificate-2379459999
 
 revocation-check none
 
 rsakeypair TP-self-signed-233333333
 
!
 
!
 
crypto pki certificate chain TP-self-signed-23432352345
 
 certificate self-signed 01
 
  12456789 etc
 
        quit
 
!
 
!
 
username supertrickyadminirator privilege 15 secret 4 2983479213874290837402837408237
 
 
!
 
controller VDSL 0
 
!
 
!
 
interface ATM0
 
 no ip address
 
 shutdown
 
 no atm ilmi-keepalive
 
!
 
interface Ethernet0
 
 description telecom
 
 no ip address
 
!
 
interface Ethernet0.10
 
 encapsulation dot1Q 10
 
 pppoe-client dial-pool-number 1
 
 no cdp enable
 
!
 
interface FastEthernet0
 
 no ip address
 
!
 
interface FastEthernet1
 
 no ip address
 
!
 
interface FastEthernet2
 
 no ip address
 
!
 
interface FastEthernet3
 
 no ip address
 
!
 
interface GigabitEthernet0
 
 description ToFirewall
 
 no ip address
 
!
 
interface GigabitEthernet1
 
 no ip address
 
 ip tcp adjust-mss 1412
 
 shutdown
 
 duplex auto
 
 speed auto
 
!
 
interface Vlan1
 
 description Local LAN 
 
 ip address 192.168.1.254 255.255.255.0
 
 ip nat inside
 
 ip virtual-reassembly in
 
 ip tcp adjust-mss 1412
 
!
 
interface Dialer0
 
 description Telecom VDSL
 
 ip address negotiated
 
 no ip redirects
 
 no ip unreachables
 
 no ip proxy-arp
 
 ip mtu 1492
 
 ip nat outside
 
 ip virtual-reassembly in
 
 encapsulation ppp
 
 dialer pool 1
 
 dialer-group 1
 
 ppp pap sent-username user@xtrabb.co.nz password 0 password
 
 ppp ipcp dns request
 
 no cdp enable
 
!
 
ip forward-protocol nd
 
ip http server
 
ip http access-class 23
 
ip http authentication local
 
ip http secure-server
 
ip http timeout-policy idle 60 life 86400 requests 10000
 
!
 
!
 
ip nat pool firewall 192.168.1.252 192.168.1.252 netmask 255.255.255.0 type rotary
 
ip nat pool phone 192.168.1.246 192.168.1.246 netmask 255.255.255.0 type rotary
 
ip nat inside source static tcp 192.168.1.252 25 interface Dialer0 25
 
ip nat inside source static tcp 192.168.1.252 22 interface Dialer0 22
 
ip nat inside source list 199 interface Dialer0 overload
 
ip nat inside destination list 130 pool phone
 
ip nat inside destination list 131 pool firewall
 
ip route 0.0.0.0 0.0.0.0 Dialer0
 
!
 
ip access-list extended outside
 
 permit icmp any any echo-reply
 
 permit ip any any
 
!
 
access-list 101 permit tcp any any eq smtp
 
access-list 101 permit ip any any
 
access-list 130 permit udp any any range 7000 7400
 
access-list 131 permit udp any any range 1194 1196
 
access-list 199 permit ip any any
 
dialer-list 1 protocol ip permit
 
mac-address-table aging-time 15
 
no cdp run
 
!
 
!
 
line con 0
 
 login local
 
 no modem enable
 
line aux 0
 
line vty 0 4
 
 access-class 23 in
 
 privilege level 15
 
 login local
 
 transport input telnet ssh
 
!
 
scheduler allocate 60000 1000
 
ntp update-calendar
 
ntp server nz.pool.ntp.org
 
!
 
end
 
 

Create new topic
PeterReader
6015 posts

Uber Geek

Trusted
Geekzone
Lifetime subscriber

  #1103674 6-Aug-2014 21:36
Send private message

Hello... Our robot found some keywords in your post, so here is an automated reply with some important things to note regarding broadband speeds.

 



 

If you are posting regarding DSL speeds please check that

 



 

- you have reset your modem and router

 


 

- your PC (or other PCs in your LAN) is not downloading large files when you are testing

 

- you are not being throttled by your ISP due to going over the monthly cap

 


 

- your tests are always done on an ethernet connection to the router - do not use wireless for testing

 


 

- you read this topic and follow the instructions there.

 



 

Make sure you provide information for other users to help you. If you have not already done it, please EDIT your post and add this now:

 



 

- Your ISP and plan

 


 

- Type of connection (ADSL, ADSL2, VDSL)

 


 

- Your modem DSL stats (do not worry about posting Speedtest, we need sync rate, attenuation and noise margin)

 


 

- Your general location (or street)

 


 

- If you are rural or urban

 


 

- If you know your connection is to an exchange, cabinet or conklin

 


 

- If your connection is to a ULL or wholesale service

 


 

- If you have done an isolation test as per the link above

 



 

Most of the problems with speed are likely to be related to internal wiring issues. Read this discussion to find out more about this. Your ISP is not intentionally slowing you down today (unless you are on a managed plan). Also if this is the school holidays it's likely you will notice slower than usual speed due to more users online.

 



 

A master splitter is required for VDSL2 and in most cases will improve speeds on DSL connections. Regular disconnections can be a monitored alarm or a set top box trying to connect. If there's an alarm connected to your line even if you don't have an alarm contract it may still try to connect so it's worth checking.

 



 

I recommend you read these two blog posts:

 



 

- Is your premises phone wiring impacting your broadband performance? (very technical)

 


 

- Are you receiving a substandard ULL ADSL2+ connection from your ISP?




I am the Geekzone Robot and I am here to help. I am from the Internet. I do not interact. Do not expect other replies from me.

 

These links are referral codes: Sharesies | Mighty Ape 

 
 
 
 

Send money globally for less with Wise - one free transfer up to NZ$900 (affiliate link).
Virgil
Dangerous Chocolate
206 posts

Master Geek

ID Verified
Lifetime subscriber

  #1103694 6-Aug-2014 22:07
Send private message

Not sure that PeterReader fully understood the question ....




Lurking ...

davemc

38 posts

Geek


  #1103699 6-Aug-2014 22:19
Send private message

Behave robot, speed is not an issue on this connection, max/max

Cabinet is right outside the premises...

 

show controller vdsl 0

Modem Status:            TC Sync (Showtime!) 
 
DSL Config Mode:         AUTO 
 
Trained Mode:            G.993.2 (VDSL2) Profile 17a
 
Line Attenuation:         0.0 dB                  0.0 dB
 
Signal Attenuation:       0.0 dB                  0.0 dB
 
Noise Margin:            20.2 dB                 28.8 dB
 
Attainable Rate:        92292 kbits/s            36776 kbits/s
 
Actual Power:            12.4 dBm                -15.9 dBm
 
 
Modem FW  Version:      23j
 
Modem PHY Version:      A2pv6C035j.d23j
 
Vendor Version:         Ap6v35j.23j 68
 
 
 
                  DS Channel1     DS Channel0   US Channel1       US Channel0
 
Speed (kbps):             0            69993             0             10342
 
 
 

Create new topic





News and reviews »

Māori Artists Launch Design Collection with Cricut ahead of Matariki Day
Posted 15-Jun-2025 11:19

LG Launches Upgraded webOS Hub With Advanced AI
Posted 15-Jun-2025 11:13

One NZ Satellite IoT goes live for customers
Posted 15-Jun-2025 11:10

Bolt Launches in New Zealand
Posted 11-Jun-2025 00:00

Suunto Run Review
Posted 10-Jun-2025 10:44

Freeview Satellite TV Brings HD Viewing to More New Zealanders
Posted 5-Jun-2025 11:50

HP OmniBook Ultra Flip 14-inch Review
Posted 3-Jun-2025 14:40

Flip Phones Are Back as HMD Reimagines an Iconic Style
Posted 30-May-2025 17:06

Hundreds of School Students Receive Laptops Through Spark Partnership With Quadrent's Green Lease
Posted 30-May-2025 16:57

AI Report Reveals Trust Is Key to Unlocking Its Potential in Aotearoa
Posted 30-May-2025 16:55

Galaxy Tab S10 FE Series Brings Intelligent Experiences to the Forefront with Premium, Versatile Design
Posted 30-May-2025 16:14

New OPPO Watch X2 Launches in New Zealand
Posted 29-May-2025 16:08

Synology Premiers a New Lineup of Advanced Data Management Solutions
Posted 29-May-2025 16:04

Dyson Launches Its Slimmest Vaccum Cleaner PencilVac
Posted 29-May-2025 15:50

OPPO Reno13 Pro 5G Review 
Posted 29-May-2025 15:33








Geekzone Live »

Try automatic live updates from Geekzone directly in your browser, without refreshing the page, with Geekzone Live now.


Updates »

Are you subscribed to our RSS feed? You can download the latest headlines and summaries from our stories directly to your computer or smartphone by using a feed reader.

RSS feeds
Main feed
Forums feed
Copyright
©2002-2025 Geekzone®
Site features
Geekzone BI dashboard
Geekzone Badges
Geekzone Status Page

 

Affiliate links
Samsung
AliExpress
Wise
Sharesies
Hatch
GoodSync
Backblaze backup
Site Information
Subscribe to Geekzone
Privacy Statement
Forum Usage Guidelines (FUG)
Advertising
Trademark and copyright