Hi

Here's an example Cisco config for an 800 series router running IOS 15.0+


***
*** An example/reference config file for a Cisco 800 series router with
*** UFB PPPoE dialer authentication, v15.0-v15.4 compatible.
***
*** The Cisco Config Pro GUI tool cannot configure a dot11 Q tagged WAN
*** interface, so use interface FastEthernet4.10 and Dialer0 as a reference
*** for getting your internet connection up and running.***
***
*** Tested and works well on 851/861/871/881 routers. Speed will vary.
***
*** Will not work on 857/877/887 etc ADSL routers as they don't support
*** dialing via FE ports.
*** You need a Cisco router with an RJ45 WAN port (851/861/871/881)
***
*** Do not expect 100mbps internet throughput with an 800 series router!
*** 40MBPS at the most is all you'll get with an 881, 15-20MBPS with
*** an 851. They're not powerful enough to utilise a 100MBPS connection.
***
*** This is provided with ABSOLUTELY NO WARRANTY from its Author or SNAP.
*** I do not work for nor am afiliated with SNAP.
***
*** Instructions:
***
*** Replace 192.168.X.0 with your IP address range choice, e.g. 192.168.1.0
*** You need to fill in your hostname, DHCP pool network domain and SNAP
*** username/password and adjust DHCP pool exclusions.
***
*** Notes:
***
*** Local Network ACL is 105
*** External (dialer) ACL is 106
*** I recommend against using a zone-based firewall. Doing so adds CPU
*** overhead to an already struggling CPU.
*** This assumes FastEthernet4 is your WAN interface plugged into the ONT.
*** Change if your WAN interface is something else. e.g. to GigabitEthernet0
***

version 15.2
no service pad
service tcp-keepalives-in
service tcp-keepalives-out
service timestamps debug datetime msec localtime show-timezone
service timestamps log datetime msec localtime show-timezone
service password-encryption
service sequence-numbers
!
hostname **********
!
!
security authentication failure rate 3 log
security passwords min-length 6
logging buffered 51200
logging console critical
no logging monitor
!
aaa new-model
!
!
aaa group server radius rad_eap
!
aaa group server radius rad_mac
!
aaa group server radius rad_acct
!
aaa group server radius rad_admin
!
aaa group server tacacs+ tac_admin
!
aaa group server radius rad_pmip
!
aaa group server radius dummy
!
aaa authentication login eap_methods group rad_eap
aaa authentication login mac_methods local
aaa authentication ppp default local
aaa authorization exec default local
aaa authorization network default if-authenticated
aaa accounting network acct_methods
action-type start-stop
group rad_acct
!
!
!
!
!
!
aaa session-id common
memory-size iomem 10
clock timezone NZST 12 0
clock summer-time NZDT recurring last Sun Sep 2:00 1 Sun Apr 3:00
crypto pki token default removal timeout 0
!
!
no ip source-route
!
!
!
no ip dhcp use class
ip dhcp excluded-address 192.168.X.1 192.168.X.19
ip dhcp excluded-address 192.168.X.250 192.168.X.254
!
ip dhcp pool adhcppool
import all
network 192.168.X.0 255.255.255.0
domain-name ***network name***.local
default-router 192.168.X.254
dns-server 192.168.X.254
!
!
no ip bootp server
ip domain name mountst.local
ip name-server 202.37.101.1
ip name-server 202.37.101.2
ip inspect udp idle-time 90
ip inspect name appfw_100 user-pms-tcp
ip inspect name CCP_LOW dns
ip inspect name CCP_LOW ftp
ip inspect name CCP_LOW h323
ip inspect name CCP_LOW sip
ip inspect name CCP_LOW https
ip inspect name CCP_LOW icmp
ip inspect name CCP_LOW imap
ip inspect name CCP_LOW pop3
ip inspect name CCP_LOW netshow
ip inspect name CCP_LOW rcmd
ip inspect name CCP_LOW realaudio
ip inspect name CCP_LOW rtsp
ip inspect name CCP_LOW esmtp
ip inspect name CCP_LOW sqlnet
ip inspect name CCP_LOW streamworks
ip inspect name CCP_LOW tftp
ip inspect name CCP_LOW tcp
ip inspect name CCP_LOW udp
ip inspect name CCP_LOW vdolive
ip cef
login block-for 60 attempts 3 within 30
login on-failure log
login on-success log
no ipv6 cef
!
!
license udi pid CISCO***-K9 sn *******
!
!
username ***** privilege 15 secret 5 **********!
!
!
!
ip tcp synwait-time 10
no ip ftp passive
ip ssh time-out 60
ip ssh authentication-retries 2
ip ssh version 2
!
!
!
!
!
bridge irb
!
!
!
!
interface Null0
no ip unreachables
!
interface FastEthernet0
switchport mode trunk
no ip address
!
interface FastEthernet1
switchport mode trunk
no ip address
!
interface FastEthernet2
switchport mode trunk
no ip address
!
interface FastEthernet3
no ip address
!
interface FastEthernet4
no ip address
duplex auto
speed auto
!
interface FastEthernet4.10
description $ETH-WAN$
encapsulation dot1Q 10
ip virtual-reassembly in
pppoe enable
pppoe-client dial-pool-number 1
!
interface Vlan1
description $ES_LAN$$FW_INSIDE$
no ip address
ip access-group 105 in
no ip redirects
no ip unreachables
no ip proxy-arp
ip virtual-reassembly in
no ip route-cache
ip tcp adjust-mss 1452
bridge-group 1
!
interface Dialer0
description $FW_OUTSIDE$
mtu 1492
ip address negotiated
ip access-group 106 in
no ip redirects
no ip unreachables
no ip proxy-arp
ip flow ingress
ip nat outside
ip inspect CCP_LOW out
ip virtual-reassembly in
encapsulation ppp
ip tcp adjust-mss 1452
dialer pool 1
dialer-group 1
ppp authentication chap pap callin
ppp pap sent-username ***snap username***@snap.net.nz password 7 ***your snap
password***
ppp ipcp dns request
ppp ipcp wins reject
ppp ipcp route default
ppp ipcp address accept
!
interface BVI1
description $FW_INSIDE$
ip address 192.168.X.254 255.255.255.0
ip access-group 105 in
no ip redirects
no ip unreachables
ip nat inside
ip virtual-reassembly in
ip tcp adjust-mss 1452
!
ip forward-protocol nd
ip http server
ip http access-class 2
ip http authentication local
ip http secure-server
ip http timeout-policy idle 60 life 86400 requests 10000
!
ip dns server
ip nat inside source list 1 interface Dialer0 overload
ip route 0.0.0.0 0.0.0.0 Dialer0
!
!
ip sla logging traps
logging trap debugging
access-list 1 remark CCP_ACL Category=2
access-list 1 permit 192.168.X.0 0.0.0.255
access-list 105 remark auto generated by CCP firewall configuration
access-list 105 remark CCP_ACL Category=1
access-list 105 deny ip host 255.255.255.255 any
access-list 105 deny ip 127.0.0.0 0.255.255.255 any
access-list 105 permit gre any any
access-list 105 permit ip any any
access-list 106 remark auto generated by CCP firewall configuration
access-list 106 remark CCP_ACL Category=1
access-list 106 remark Auto generated by CCP for NTP (123) nz.pool.ntp.org
access-list 106 permit udp host 119.47.118.129 eq ntp any eq ntp
access-list 106 remark Auto generated by CCP for NTP (123) nz.pool.ntp.org
access-list 106 permit udp host 202.89.49.65 eq ntp any eq ntp
access-list 106 remark Auto generated by CCP for NTP (123) nz.pool.ntp.org
access-list 106 permit udp host 202.6.116.123 eq ntp any eq ntp
access-list 106 permit udp host 202.37.101.2 eq domain any
access-list 106 permit udp host 202.37.101.1 eq domain any
access-list 106 permit tcp any any eq 1723 log
access-list 106 permit gre any any
access-list 106 permit icmp any any echo-reply
access-list 106 permit icmp any any echo
access-list 106 permit icmp any any time-exceeded
access-list 106 permit icmp any any unreachable
access-list 106 permit udp any eq ntp any eq ntp
access-list 106 deny ip 10.0.0.0 0.255.255.255 any
access-list 106 deny ip 172.16.0.0 0.15.255.255 any
access-list 106 deny ip 192.168.0.0 0.0.255.255 any
access-list 106 deny ip 127.0.0.0 0.255.255.255 any
access-list 106 deny ip host 255.255.255.255 any
access-list 106 deny ip host 0.0.0.0 any
access-list 106 deny ip any any log
dialer-list 1 protocol ip permit
no cdp run
!
!
!
!
radius-server attribute 32 include-in-access-req format %h
radius-server vsa send accounting
!
!
bridge 1 protocol ieee
bridge 1 route ip
!
line con 0
transport output telnet
line aux 0
transport output telnet
line vty 0 4
transport input telnet ssh
!
scheduler max-task-time 5000 4000 1000
scheduler interval 500
ntp update-calendar
end