In this guide, I will cover the basic setup to enable a Cisco router to connect to a VDSL2 / FTTC circuit. I will cover the full setup of the router including enabling SSH and enabling DHCP.
If you need to break into the router first because you don’t have the password take a look at this post How to break into a Cisco device
Table of Contents
- Basic setup
- Settings the console password
- Setting the routers management IP
- Setting up remote SSH access
- Setting up VDSL / FTTC
- Setting up NAT
When you first power on a new factory defaulted router you will be asked “Would you like to enter initial configuration dialog?” enter no and press enter
Enter the following commands, this will;
- Set the devices host name as WAN.
- Sets any passwords we enter into the devices to be stored encrypted rather than plain text.
- Sets the enable password to be 3n4bl3M3 – Replace the password with ont of your own
- Sets the DNS servers the device will use to be Googles
enable configure terminal hostname WAN enable secret 3n4bl3M3 ip name-server 126.96.36.199 ip name-server 188.8.131.52 exit
Settings the console password
To set a password to be required when connecting via the console port, enter the following
Replace C0ns013 with whatever password you want to use.
enable configure terminal line con 0 password C0ns013 login exit
Setting the routers management IP
Now we are going to set the management IP. This is the IP address we will be able to use the remotely manage the device. It is also going to be the default gateway for any client devices connected to the router.
Amend the address as required.
int vlan 1 ip address 192.168.222.1 255.255.255.0
Setting up remote SSH access
So we can securely remotely manage the device we will need to set up SSH using the following
Replace mydomain.local with your domain name
ip domain-name mydomain.local crypto key generate rsa
You will be asked “How many bits in the modulus” enter 2048 and press enter.
ip ssh version 2 line vty 0 4 transport input ssh login local exit
Change the username admin and the password SSHPa55w0rd to be the SSH credentials you wish to use on the username line
username admin password SSHPa55w0rd
Now we are going to set up DHCP so any devices connected to the LAN ports on the router are issued an IP address.
In this example, I am going to use the range 192.168.222.0 255.255.255.0 but change this as required to meet your needs. I am also going to exclude the first ten IP addresses in the range from being issued by DHCP. You would at the very least want to exclude the router’s management IP 192.168.222.1 in this example
ip dhcp pool CLIENTS network 192.168.222.0 255.255.255.0 default-router 192.168.222.1 dns-server 184.108.40.206 220.127.116.11 exit ip dhcp excluded-address 192.168.222.1 192.168.222.10
Setting up VDSL / FTTC
Change PPPoE-Username-From-ISP and PPPoE-Password-From-ISP to be your PPPoE username and password provided by your ISP.
wan mode dsl controller vdsl 0 no shut interface Ethernet0 no ip address ip virtual-reassembly in pppoe-client dial-pool-number 1 no shut interface Ethernet0.101 encapsulation dot1Q 101 pppoe-client dial-pool-number 1 no shut exit interface Dialer1 description VDSL ip address negotiated ip mtu 1492 ip virtual-reassembly in encapsulation ppp dialer pool 1 dialer-group 1 ppp authentication pap chap ms-chap callin ppp chap hostname PPPoE-Username-From-ISP ppp chap password 0 PPPoE-Password-From-ISP ppp ipcp address accept no cdp enable no shut
Setting up NAT
So our client(s) connected to the router can get to the Internet we will need to configure NAT. In this example, I will be configuring overload or PAT. This is where the client(s) will share the public IP address issued to the router and don’t need their own static IP address.
ip nat inside source list 1 interface Dialer1 overload access-list 1 permit 192.168.222.0 0.0.0.255 interface Dialer1 ip nat outside int vlan 1 ip nat inside
First, we will set up our default route to send any traffic we don’t have a specific route for to the Dialer (VDSL) interface
ip route 0.0.0.0 0.0.0.0 Dialer1
Potentially you may want to add other routers. For example, if you have a switch behind the router with VLANs. You would want to add routes for those VLANs so you can get to the router’s management IP address from the internal network.
For example, if your internal VLANs are all on the 172 private range you could add.
ip route 172.16.0.0 255.240.0.0 Vlan1