Cisco 887 Config for FTTP

[oldmate800]

Hi everyone,
Wondering if anyone has connected a Cisco 887 or similar to a FTTP service? I'm trying to connect to an Exetel service which terminates as copper (so I'm using Fe0 port on the 887) with PPPoE for authentication. I'll post my existing config below which I cant get to work, so if anyone can help me with any changes i need to make that would be awesome. Any input would be appreciated as I'm fairly fresh on Cisco, even tips on how to test connection from the 887 itself. I'm running latest IOS on the Cisco and the FTTP service itself is definitely operational (tested with usual Exetel issue modem).

Thanks

hostname RTR01

clock timezone AEST 10
clock summer-time AEDT recurring 1 Sun Oct 2:00 1 Sun Apr 3:00

no ip source-route
ip cef

username admin privilege 15 secret xxxpassxxx

archive
log config
hidekeys
exit
exit

interface Ethernet0
shut
exit

Controller VDSL 0
shut
exit

interface ATM0
no ip address
shutdown
no atm ilmi-keepalive
exit

interface FastEthernet0
description --- Ethernet WAN ---
no shut
pppoe enable
pppoe-client dial-pool-number 1
exit
interface FastEthernet1
no shut
exit
interface FastEthernet2
shut
exit
interface FastEthernet3
shut
exit

interface Vlan1
description --- Ethernet LAN ---
no shut
ip address 192.168.5.1 255.255.255.0
ip nat inside
ip virtual-reassembly
ip tcp adjust-mss 1452
exit

interface Dialer0
description EXETEL FTTP
mtu 1492
ip address negotiated
no ip redirects
no ip unreachables
no ip proxy-arp
ip nbar protocol-discovery
ip flow ingress
ip nat outside
ip virtual-reassembly in
encapsulation ppp
dialer pool 1
dialer idle-timeout 0
dialer-group 1
no keepalive
ppp authentication chap callin
ppp chap hostname 0123456789@nsw.exetel.com.au
ppp chap password xxxxxxxxx
ppp ipcp dns request accept
ppp ipcp route default
ppp ipcp address accept
no cdp enable
exit

ip route 0.0.0.0 0.0.0.0 Dialer0

ip flow-cache timeout inactive 10
ip flow-cache timeout active 5
ip flow-export version 5
ip flow-export destination 192.168.2.248 9999

no ip http server
ip http access-class 2
ip http authentication local
ip http secure-server
ip nat inside source list Outbound_NAT interface Dialer0 overload

ip access-list extended Outbound_NAT
permit ip 192.168.5.0 0.0.0.255 any
exit

no cdp run

ntp clock-period 17180370
ntp server 129.143.2.23

webvpn cef

crypto key generate rsa usage-keys label router-key

1024

1024

line vty 0 4
access-class 1 in
no exec-timeout
privilege level 15
password xxxpassxxx
login local
transport preferred ssh
transport input ssh
exit

enable secret xxxpassxxx

exit
clock set 17:08:30 May 21 2016

wr mem

[KavindaS]

Hi everyone,
Wondering if anyone has connected a Cisco 887 or similar to a FTTP service? I'm trying to connect to an Exetel service which terminates as copper (so I'm using Fe0 port on the 887) with PPPoE for authentication. I'll post my existing config below which I cant get to work, so if anyone can help me with any changes i need to make that would be awesome. Any input would be appreciated as I'm fairly fresh on Cisco, even tips on how to test connection from the 887 itself. I'm running latest IOS on the Cisco and the FTTP service itself is definitely operational (tested with usual Exetel issue modem).

Thanks

By looking at the radius logs, I can see the connection is properly online and it appears to be accurately configured.

[oldmate800]

Thanks for checking its online. I got lucky and tried out a new config using a switchport (with the wan service) to a separate VLAN and it worked. I'll post my config for anyone else out there with a weird Cisco obsession like myself.

hostname RTR01

clock timezone AEST 10
clock summer-time AEDT recurring 1 Sun Oct 2:00 1 Sun Apr 3:00

no ip source-route
ip cef

username admin privilege 15 secret xxxpassxxx

archive
log config
hidekeys
exit
exit

interface Ethernet0
shut
exit

Controller VDSL 0
shut
exit

interface ATM0
no ip address
shutdown
no atm ilmi-keepalive
exit

interface Vlan1
description --- LAN ---
no shut
ip address 192.168.5.1 255.255.255.0
ip nat inside
ip virtual-reassembly in
ip tcp adjust-mss 1452
exit

interface Vlan2
description --- WAN ---
no ip address
ip nat outside
ip tcp adjust-mss 1452
ip virtual-reassembly in
pppoe enable group global
pppoe-client dial-pool-number 1
exit

interface FastEthernet0
description --- Ethernet WAN ---
switchport access vlan 2
no ip address
exit

interface FastEthernet1
description --- Ethernet LAN ---
no ip address
exit

interface FastEthernet2
no ip address
shut
exit

interface FastEthernet3
no ip address
shut
exit

interface Dialer0
description --- EXETEL FTTP ---
mtu 1492
ip nat outside
ip virtual-reassembly in
ip address negotiated
encapsulation ppp
dialer pool 1
dialer-group 1
ppp authentication chap callin
ppp chap hostname 13246798@nsw.exetel.com.au
ppp chap password xxxxxxxxxxxxx
ppp ipcp dns request accept
no cdp enable
ip forward-protocol nd
no ip http server
ip http access-class 2
ip http authentication local
ip http secure-server

ip route 0.0.0.0 0.0.0.0 Dialer0

ip nat inside source list Outbound_NAT interface Dialer0 overload

ip access-list extended Outbound_NAT
permit ip 192.168.5.0 0.0.0.255 any
exit

no cdp run

ntp clock-period 17180370
ntp server 129.143.2.23

webvpn cef

crypto key generate rsa usage-keys label router-key

1024

1024

line vty 0 4
access-class 1 in
no exec-timeout
privilege level 15
password xxxpassxxx
login local
transport preferred ssh
transport input ssh
exit

enable secret xxxpassxxx

exit
clock set 19:30:30 aug 03 2016

wr mem

[KavindaS]

Thanks for checking its online. I got lucky and tried out a new config using a switchport (with the wan service) to a separate VLAN and it worked. I'll post my config for anyone else out there with a weird Cisco obsession like myself.

That is great. Thanks for sharing valuable information to the other customers.

[darylp]

Thanks oldmate800,
I have a Cisco 877W, (yes 877W not 887), however your config I think will be an excellent start to configuring my 877W, so thanks!
The key thing is configuring fe0 as a WAN PPPoE port.
I noticed you used a MTU of 1492, Exetel support told me 1300, do you have any information on what is best?

I will let you know how I go configuring my Cisco 877W.

[KavindaS]

Thanks oldmate800,
I noticed you used a MTU of 1492, Exetel support told me 1300, do you have any information on what is best?

Leave the MTU with the default value 1492 if there is no issue with the service when working. We recommend to lower the MTU when there is an issue only, for testing purpose during the troubleshooting process.

[Raghav]

Can anyone help with the config for Cisco ISR C1111

[NajikaM]

Can anyone help with the config for Cisco ISR C1111

Hi,

Unfortunately we are not trained to configure 3rd party devices. Therefore we strongly suggest you to contact the relevant device manufacturer in order to have a better assistance.

[Raghav]

thank you, i know exetel does not provide support. I am looking for someone in the forum who can help me to configure Cisco ISR C1100

[Raghav]

CISCO ISR - C1111-8PLTELA

Router#show run
Building configuration...

Current configuration : 4300 bytes
!

! Last configuration change at 05:21:57 UTC Tue Aug 4 2020
!

version 16.9
service timestamps debug datetime msec
service timestamps log datetime msec
platform qfp utilization monitor load 80
no platform punt-keepalive disable-kernel-core
!

hostname Router
!

boot-start-marker
boot-end-marker
!

!
!

no aaa new-model
!

!
ip dhcp pool webuidhcp
!

!
!

!
!

!
!

!
!

!
subscriber templating
multilink bundle-name authenticated
!

!
!

crypto pki trustpoint TP-self-signed-611806773
enrollment selfsigned
subject-name cn=IOS-Self-Signed-Certificate-611806773
revocation-check none
rsakeypair TP-self-signed-611806773
!

!
crypto pki certificate chain TP-self-signed-611806773
certificate self-signed 01
3082032E 30820216 A0030201 02020101 300D0609 2A864886 F70D0101 05050030

quit
!

license udi pid C1111-8PLTELA sn FGL2xxxxxxx
no license smart enable
!

diagnostic bootup level minimal
!

spanning-tree extend system-id
!

!
!

redundancy
mode none
!

controller Cellular 0/2/0
lte modem link-recovery rssi onset-threshold -110
lte modem link-recovery monitor-timer 20
lte modem link-recovery wait-timer 10
lte modem link-recovery debounce-count 6
!

--More--

vlan internal allocation policy ascending
!

!
!

!
!

!
interface GigabitEthernet0/0/0
description NBN
no ip address
negotiation auto
pppoe enable group global
pppoe-client dial-pool-number 1
!

interface GigabitEthernet0/0/1
no ip address
shutdown
negotiation auto
!

interface GigabitEthernet0/1/0
!

interface GigabitEthernet0/1/1
!
interface GigabitEthernet0/1/2
!

interface GigabitEthernet0/1/3
!

interface GigabitEthernet0/1/4
!

interface GigabitEthernet0/1/5
!

interface GigabitEthernet0/1/6
!

interface GigabitEthernet0/1/7
!

interface Cellular0/2/0
ip address negotiated
shutdown
ipv6 enable
!

interface Cellular0/2/1
no ip address
shutdown
!

interface Vlan1
ip address 192.168.1.1 255.255.255.0
ip nat inside
!

interface Dialer1
ip address negotiated
no ip redirects
no ip proxy-arp
ip nat outside
encapsulation ppp
dialer pool 1
dialer-group 1
ppp chap hostname xxxxxxxxxx@nsw.exetel.com.au
ppp chap password 0 xxxxxxxxxxxx
!

ip nat inside source list 100 interface Dialer1 overload
ip forward-protocol nd
no ip http server
ip http authentication local
no ip http secure-server
ip route 0.0.0.0 0.0.0.0 Dialer1
!

!
access-list 100 permit ip 192.168.1.0 0.0.0.255 any
--More--

!
!

!
control-plane
!

!
line con 0
transport input none
stopbits 1
line vty 0 4
login
!

!
!

!
!

!
end

i am repeatedly getting the below messages.

*Aug 4 05:32:47.217: %DIALER-6-BIND: Interface Vi2 bound to profile Di1
*Aug 4 05:32:47.221: %LINK-3-UPDOWN: Interface Virtual-Access2, changed state to up
*Aug 4 05:32:48.300: %DIALER-6-UNBIND: Interface Vi2 unbound from profile Di1
*Aug 4 05:32:48.301: %LINK-3-UPDOWN: Interface Virtual-Access2, changed state to down

i have also added the dhcp config as below:

ip dhcp excluded-address 192.168.1.1
!

ip dhcp pool LAN
network 192.168.1.0 255.255.255.0
default-router 192.168.1.1
dns-server 208.67.222.222 208.67.220.220

i am getting the Ip address from the router but unable to reach internet.

[Raghav]

Its working now, it was the password that was incorrect.

Thank you

[Raghav]

The only problem now is that i can access youtube & some websites but Netflix, amazon prime, speedtest and few other websites is not accessible, can you throw any light on this issue.

And i also noticed that UNID1 port on the NBN box has amber light, contacted exetel support & they said it is pretty normal.

[ymo]

Amber - The device connected to your UNI-D port uses 1Gbps Ethernet

Green - The device connected to your UNI-D port uses 10 or 100Mbps Ethernet