Geekzone: technology news, blogs, forums
Guest
Welcome Guest.
You haven't logged in yet. If you don't have an account you can register now.


ForumsSpark New Zealand867VAE Config....?


21 posts

Geek
+1 received by user: 1


Topic # 150895 6-Aug-2014 21:36
Send private message

Can anyone share a working, secure, reliable config for a Cisco 867VAE on VDSL on Telecom/Xtra

I've got it sort of working, but it's not secure, and not very polished.  A mongrel of bits copied from around the net.

Here's what I have so far.

 

version 15.2
 
no service pad
 
service timestamps debug datetime msec
 
service timestamps log datetime msec
 
no service password-encryption
 
!
 
hostname cisco860router
 
!
 
boot-start-marker
 
boot-end-marker
 
!
 
!
 
logging buffered 51200 warnings
 
!
 
no aaa new-model
 
wan mode dsl
 
clock timezone NZST 12 0
 
!
 
!
 
!
 
ip dhcp excluded-address 192.168.1.240 192.168.1.254
 
!
 
ip dhcp pool dynamic
 
 import all
 
 ! doesnt seem to import the Dialer0 isp DNS server, maybe pppoe doesnt count as dhcp
 
 ! show ip dhcp import
 
 network 192.168.1.0 255.255.255.0                                                                                         
 
 default-router 192.168.1.254                                                                                              
 
 dns-server 122.56.237.1 210.55.111.1                                                                                      
 
 ! manually entered
 
 lease 0 2                                                                                                                 
 
!                                                                                                                          
 
ip dhcp pool staticphone                                                                                                   
 
 import all                                                                                                                
 
 host 192.168.1.246 255.255.255.0                                                                                          
 
 client-identifier 0156.789c.c32a.29                                                                                       
 
 default-router 192.168.1.254                                                                                              
 
 dns-server 122.56.237.1 210.55.111.1                                                                                      
 
!                                                                                                                          
 
ip dhcp pool staticfirewall                                                                                                
 
 import all                                                                                                                
 
 host 192.168.1.252 255.255.255.0                                                                                          
 
 client-identifier 01d2.21cb.4567.89                                                                                       
 
 default-router 192.168.1.254                                                                                              
 
 dns-server 122.56.237.1 210.55.111.1                                                                                      
 
!                                                                                                                          
 
!                                                                                                                          
 
!                                                                                                                          
 
ip domain name dmz.somecompany.co.nz                                                                                               
 
ip name-server 122.56.237.1                                                                                                
 
ip name-server 210.55.111.1                                                                                                
 
ip cef                                                                                                                     
 
no ipv6 cef                                                                                                                
 
!                                                                                                                          
 
!                                                                                                                          
 
!                                                                                                                          
 
!                                                                                                                          
 
crypto pki trustpoint TP-self-signed-3389330311                                                                            
 
 enrollment selfsigned                                                                                                     
 
 subject-name cn=IOS-Self-Signed-Certificate-2379459999
 
 revocation-check none
 
 rsakeypair TP-self-signed-233333333
 
!
 
!
 
crypto pki certificate chain TP-self-signed-23432352345
 
 certificate self-signed 01
 
  12456789 etc
 
        quit
 
!
 
!
 
username supertrickyadminirator privilege 15 secret 4 2983479213874290837402837408237
 
 
!
 
controller VDSL 0
 
!
 
!
 
interface ATM0
 
 no ip address
 
 shutdown
 
 no atm ilmi-keepalive
 
!
 
interface Ethernet0
 
 description telecom
 
 no ip address
 
!
 
interface Ethernet0.10
 
 encapsulation dot1Q 10
 
 pppoe-client dial-pool-number 1
 
 no cdp enable
 
!
 
interface FastEthernet0
 
 no ip address
 
!
 
interface FastEthernet1
 
 no ip address
 
!
 
interface FastEthernet2
 
 no ip address
 
!
 
interface FastEthernet3
 
 no ip address
 
!
 
interface GigabitEthernet0
 
 description ToFirewall
 
 no ip address
 
!
 
interface GigabitEthernet1
 
 no ip address
 
 ip tcp adjust-mss 1412
 
 shutdown
 
 duplex auto
 
 speed auto
 
!
 
interface Vlan1
 
 description Local LAN 
 
 ip address 192.168.1.254 255.255.255.0
 
 ip nat inside
 
 ip virtual-reassembly in
 
 ip tcp adjust-mss 1412
 
!
 
interface Dialer0
 
 description Telecom VDSL
 
 ip address negotiated
 
 no ip redirects
 
 no ip unreachables
 
 no ip proxy-arp
 
 ip mtu 1492
 
 ip nat outside
 
 ip virtual-reassembly in
 
 encapsulation ppp
 
 dialer pool 1
 
 dialer-group 1
 
 ppp pap sent-username user@xtrabb.co.nz password 0 password
 
 ppp ipcp dns request
 
 no cdp enable
 
!
 
ip forward-protocol nd
 
ip http server
 
ip http access-class 23
 
ip http authentication local
 
ip http secure-server
 
ip http timeout-policy idle 60 life 86400 requests 10000
 
!
 
!
 
ip nat pool firewall 192.168.1.252 192.168.1.252 netmask 255.255.255.0 type rotary
 
ip nat pool phone 192.168.1.246 192.168.1.246 netmask 255.255.255.0 type rotary
 
ip nat inside source static tcp 192.168.1.252 25 interface Dialer0 25
 
ip nat inside source static tcp 192.168.1.252 22 interface Dialer0 22
 
ip nat inside source list 199 interface Dialer0 overload
 
ip nat inside destination list 130 pool phone
 
ip nat inside destination list 131 pool firewall
 
ip route 0.0.0.0 0.0.0.0 Dialer0
 
!
 
ip access-list extended outside
 
 permit icmp any any echo-reply
 
 permit ip any any
 
!
 
access-list 101 permit tcp any any eq smtp
 
access-list 101 permit ip any any
 
access-list 130 permit udp any any range 7000 7400
 
access-list 131 permit udp any any range 1194 1196
 
access-list 199 permit ip any any
 
dialer-list 1 protocol ip permit
 
mac-address-table aging-time 15
 
no cdp run
 
!
 
!
 
line con 0
 
 login local
 
 no modem enable
 
line aux 0
 
line vty 0 4
 
 access-class 23 in
 
 privilege level 15
 
 login local
 
 transport input telnet ssh
 
!
 
scheduler allocate 60000 1000
 
ntp update-calendar
 
ntp server nz.pool.ntp.org
 
!
 
end
 
 

Create new topic
5461 posts

Uber Geek
+1 received by user: 240

Trusted
Geekzone
Lifetime subscriber

  Reply # 1103674 6-Aug-2014 21:36
Send private message

Hello... Our robot found some keywords in your post, so here is an automated reply with some important things to note regarding broadband speeds.

 



 

If you are posting regarding DSL speeds please check that

 



 

- you have reset your modem and router

 


 

- your PC (or other PCs in your LAN) is not downloading large files when you are testing

 

- you are not being throttled by your ISP due to going over the monthly cap

 


 

- your tests are always done on an ethernet connection to the router - do not use wireless for testing

 


 

- you read this topic and follow the instructions there.

 



 

Make sure you provide information for other users to help you. If you have not already done it, please EDIT your post and add this now:

 



 

- Your ISP and plan

 


 

- Type of connection (ADSL, ADSL2, VDSL)

 


 

- Your modem DSL stats (do not worry about posting Speedtest, we need sync rate, attenuation and noise margin)

 


 

- Your general location (or street)

 


 

- If you are rural or urban

 


 

- If you know your connection is to an exchange, cabinet or conklin

 


 

- If your connection is to a ULL or wholesale service

 


 

- If you have done an isolation test as per the link above

 



 

Most of the problems with speed are likely to be related to internal wiring issues. Read this discussion to find out more about this. Your ISP is not intentionally slowing you down today (unless you are on a managed plan). Also if this is the school holidays it's likely you will notice slower than usual speed due to more users online.

 



 

A master splitter is required for VDSL2 and in most cases will improve speeds on DSL connections. Regular disconnections can be a monitored alarm or a set top box trying to connect. If there's an alarm connected to your line even if you don't have an alarm contract it may still try to connect so it's worth checking.

 



 

I recommend you read these two blog posts:

 



 

- Is your premises phone wiring impacting your broadband performance? (very technical)

 


 

- Are you receiving a substandard ULL ADSL2+ connection from your ISP?




I am the Geekzone Robot and I am here to help. I am from the Internet. I do not interact. Do not expect other replies from me.

Dangerous Chocolate
154 posts

Master Geek
+1 received by user: 36

Subscriber

  Reply # 1103694 6-Aug-2014 22:07
Send private message

Not sure that PeterReader fully understood the question ....

 
 
 
 


Try Wrike: fast, easy, and efficient project collaboration software


21 posts

Geek
+1 received by user: 1


  Reply # 1103699 6-Aug-2014 22:19
Send private message

Behave robot, speed is not an issue on this connection, max/max

Cabinet is right outside the premises...

 

show controller vdsl 0

Modem Status:            TC Sync (Showtime!) 
 
DSL Config Mode:         AUTO 
 
Trained Mode:            G.993.2 (VDSL2) Profile 17a
 
Line Attenuation:         0.0 dB                  0.0 dB
 
Signal Attenuation:       0.0 dB                  0.0 dB
 
Noise Margin:            20.2 dB                 28.8 dB
 
Attainable Rate:        92292 kbits/s            36776 kbits/s
 
Actual Power:            12.4 dBm                -15.9 dBm
 
 
Modem FW  Version:      23j
 
Modem PHY Version:      A2pv6C035j.d23j
 
Vendor Version:         Ap6v35j.23j 68
 
 
 
                  DS Channel1     DS Channel0   US Channel1       US Channel0
 
Speed (kbps):             0            69993             0             10342
 
 
 

Create new topic



Twitter »

Follow us to receive Twitter updates when new discussions are posted in our forums:



Follow us to receive Twitter updates when news items and blogs are posted in our frontpage:



Follow us to receive Twitter updates when tech item prices are listed in our price comparison site:





News »

TCF and Telcos Toughen Up on Scam Callers
Posted 23-Apr-2018 09:39

Amazon launches the International Shopping Experience in the Amazon Shopping App
Posted 19-Apr-2018 08:38

Spark New Zealand and TVNZ to bring coverage of Rugby World Cup 2019
Posted 16-Apr-2018 06:55

How Google can seize Microsoft Office crown
Posted 14-Apr-2018 11:08

How back office transformation drives IRD efficiency
Posted 12-Apr-2018 21:15

iPod laws in a smartphone world: will we ever get copyright right?
Posted 12-Apr-2018 21:13

Lightbox service using big data and analytics to learn more about customers
Posted 9-Apr-2018 12:11

111 mobile caller location extended to iOS
Posted 6-Apr-2018 13:50

Huawei announces the HUAWEI P20 series
Posted 29-Mar-2018 11:41

Symantec Internet Security Threat Report shows increased endpoint technology risks
Posted 26-Mar-2018 18:29

Spark switches on long-range IoT network across New Zealand
Posted 26-Mar-2018 18:22

Stuff Pix enters streaming video market
Posted 21-Mar-2018 09:18

Windows no longer Microsoft’s main focus
Posted 13-Mar-2018 07:47

Why phone makers are obsessed with cameras
Posted 11-Mar-2018 12:25

New Zealand Adopts International Open Data Charter
Posted 3-Mar-2018 12:48


Geekzone Live »

Try automatic live updates from Geekzone directly in your browser, without refreshing the page, with Geekzone Live now.


Updates »

Are you subscribed to our RSS feed? You can download the latest headlines and summaries from our stories directly to your computer or smartphone by using a feed reader.

Alternatively, you can receive a daily email with Geekzone updates.