867VAE Config....?

Forums › Spark New Zealand › 867VAE Config....?

davemc

25 posts

Geek
+1 received by user: 2

Topic # 150895 6-Aug-2014 21:36

One person supports this post

Can anyone share a working, secure, reliable config for a Cisco 867VAE on VDSL on Telecom/Xtra

I've got it sort of working, but it's not secure, and not very polished. A mongrel of bits copied from around the net.

Here's what I have so far.

version 15.2 
no service pad 
service timestamps debug datetime msec 
service timestamps log datetime msec 
no service password-encryption 
! 
hostname cisco860router 
! 
boot-start-marker 
boot-end-marker 
! 
! 
logging buffered 51200 warnings 
! 
no aaa new-model 
wan mode dsl 
clock timezone NZST 12 0 
! 
! 
! 
ip dhcp excluded-address 192.168.1.240 192.168.1.254 
! 
ip dhcp pool dynamic 
 import all 
 ! doesnt seem to import the Dialer0 isp DNS server, maybe pppoe doesnt count as dhcp 
 ! show ip dhcp import 
 network 192.168.1.0 255.255.255.0                                                                                          
 default-router 192.168.1.254                                                                                               
 dns-server 122.56.237.1 210.55.111.1                                                                                       
 ! manually entered 
 lease 0 2                                                                                                                  
!                                                                                                                           
ip dhcp pool staticphone                                                                                                    
 import all                                                                                                                 
 host 192.168.1.246 255.255.255.0                                                                                           
 client-identifier 0156.789c.c32a.29                                                                                        
 default-router 192.168.1.254                                                                                               
 dns-server 122.56.237.1 210.55.111.1                                                                                       
!                                                                                                                           
ip dhcp pool staticfirewall                                                                                                 
 import all                                                                                                                 
 host 192.168.1.252 255.255.255.0                                                                                           
 client-identifier 01d2.21cb.4567.89                                                                                        
 default-router 192.168.1.254                                                                                               
 dns-server 122.56.237.1 210.55.111.1                                                                                       
!                                                                                                                           
!                                                                                                                           
!                                                                                                                           
ip domain name dmz.somecompany.co.nz                                                                                                
ip name-server 122.56.237.1                                                                                                 
ip name-server 210.55.111.1                                                                                                 
ip cef                                                                                                                      
no ipv6 cef                                                                                                                 
!                                                                                                                           
!                                                                                                                           
!                                                                                                                           
!                                                                                                                           
crypto pki trustpoint TP-self-signed-3389330311                                                                             
 enrollment selfsigned                                                                                                      
 subject-name cn=IOS-Self-Signed-Certificate-2379459999 
 revocation-check none 
 rsakeypair TP-self-signed-233333333 
! 
! 
crypto pki certificate chain TP-self-signed-23432352345 
 certificate self-signed 01 
  12456789 etc 
        quit 
! 
! 
username supertrickyadminirator privilege 15 secret 4 2983479213874290837402837408237 
 
! 
controller VDSL 0 
! 
! 
interface ATM0 
 no ip address 
 shutdown 
 no atm ilmi-keepalive 
! 
interface Ethernet0 
 description telecom 
 no ip address 
! 
interface Ethernet0.10 
 encapsulation dot1Q 10 
 pppoe-client dial-pool-number 1 
 no cdp enable 
! 
interface FastEthernet0 
 no ip address 
! 
interface FastEthernet1 
 no ip address 
! 
interface FastEthernet2 
 no ip address 
! 
interface FastEthernet3 
 no ip address 
! 
interface GigabitEthernet0 
 description ToFirewall 
 no ip address 
! 
interface GigabitEthernet1 
 no ip address 
 ip tcp adjust-mss 1412 
 shutdown 
 duplex auto 
 speed auto 
! 
interface Vlan1 
 description Local LAN  
 ip address 192.168.1.254 255.255.255.0 
 ip nat inside 
 ip virtual-reassembly in 
 ip tcp adjust-mss 1412 
! 
interface Dialer0 
 description Telecom VDSL 
 ip address negotiated 
 no ip redirects 
 no ip unreachables 
 no ip proxy-arp 
 ip mtu 1492 
 ip nat outside 
 ip virtual-reassembly in 
 encapsulation ppp 
 dialer pool 1 
 dialer-group 1 
 ppp pap sent-username user@xtrabb.co.nz password 0 password 
 ppp ipcp dns request 
 no cdp enable 
! 
ip forward-protocol nd 
ip http server 
ip http access-class 23 
ip http authentication local 
ip http secure-server 
ip http timeout-policy idle 60 life 86400 requests 10000 
! 
! 
ip nat pool firewall 192.168.1.252 192.168.1.252 netmask 255.255.255.0 type rotary 
ip nat pool phone 192.168.1.246 192.168.1.246 netmask 255.255.255.0 type rotary 
ip nat inside source static tcp 192.168.1.252 25 interface Dialer0 25 
ip nat inside source static tcp 192.168.1.252 22 interface Dialer0 22 
ip nat inside source list 199 interface Dialer0 overload 
ip nat inside destination list 130 pool phone 
ip nat inside destination list 131 pool firewall 
ip route 0.0.0.0 0.0.0.0 Dialer0 
! 
ip access-list extended outside 
 permit icmp any any echo-reply 
 permit ip any any 
! 
access-list 101 permit tcp any any eq smtp 
access-list 101 permit ip any any 
access-list 130 permit udp any any range 7000 7400 
access-list 131 permit udp any any range 1194 1196 
access-list 199 permit ip any any 
dialer-list 1 protocol ip permit 
mac-address-table aging-time 15 
no cdp run 
! 
! 
line con 0 
 login local 
 no modem enable 
line aux 0 
line vty 0 4 
 access-class 23 in 
 privilege level 15 
 login local 
 transport input telnet ssh 
! 
scheduler allocate 60000 1000 
ntp update-calendar 
ntp server nz.pool.ntp.org 
! 
end

PeterReader

5544 posts

Uber Geek
+1 received by user: 249

Trusted

Geekzone

Lifetime subscriber

Reply # 1103674 6-Aug-2014 21:36

Hello... Our robot found some keywords in your post, so here is an automated reply with some important things to note regarding broadband speeds.

If you are posting regarding DSL speeds please check that

- you have reset your modem and router

- your PC (or other PCs in your LAN) is not downloading large files when you are testing

- you are not being throttled by your ISP due to going over the monthly cap

- your tests are always done on an ethernet connection to the router - do not use wireless for testing

- you read this topic and follow the instructions there.

Make sure you provide information for other users to help you. If you have not already done it, please EDIT your post and add this now:

- Your ISP and plan

- Type of connection (ADSL, ADSL2, VDSL)

- Your modem DSL stats (do not worry about posting Speedtest, we need sync rate, attenuation and noise margin)

- Your general location (or street)

- If you are rural or urban

- If you know your connection is to an exchange, cabinet or conklin

- If your connection is to a ULL or wholesale service

- If you have done an isolation test as per the link above

Most of the problems with speed are likely to be related to internal wiring issues. Read this discussion to find out more about this. Your ISP is not intentionally slowing you down today (unless you are on a managed plan). Also if this is the school holidays it's likely you will notice slower than usual speed due to more users online.

A master splitter is required for VDSL2 and in most cases will improve speeds on DSL connections. Regular disconnections can be a monitored alarm or a set top box trying to connect. If there's an alarm connected to your line even if you don't have an alarm contract it may still try to connect so it's worth checking.

I recommend you read these two blog posts:

- Is your premises phone wiring impacting your broadband performance? (very technical)

- Are you receiving a substandard ULL ADSL2+ connection from your ISP?

I am the Geekzone Robot and I am here to help. I am from the Internet. I do not interact. Do not expect other replies from me.