Configure a Cisco router for VDSL2/FTTC

In this guide, I will cover the basic setup to enable a Cisco router to connect to a VDSL2 / FTTC circuit. I will cover the full setup of the router including enabling SSH and enabling DHCP.

If you need to break into the router first because you don’t have the password take a look at this post How to break into a Cisco device

Table of Contents

If you are new to Cisco or just want to improve your skills I recommend this course from Udemy at the time of writing for just $20 for lifetime access! I’m also a really big fan of Pluralsight

Basic setup

When you first power on a new factory defaulted router you will be asked “Would you like to enter initial configuration dialog?” enter no and press enter

Enter the following commands, this will;

  • Set the devices host name as WAN.
  • Sets any passwords we enter into the devices to be stored encrypted rather than plain text.
  • Sets the enable password to be 3n4bl3M3 – Replace the password with ont of your own
  • Sets the DNS servers the device will use to be Googles
configure terminal
hostname WAN
enable secret 3n4bl3M3
ip name-server
ip name-server

Settings the console password

To set a password to be required when connecting via the console port, enter the following

Replace C0ns013 with whatever password you want to use.

configure terminal
line con 0
password C0ns013

Setting the routers management IP

Now we are going to set the management IP. This is the IP address we will be able to use the remotely manage the device. It is also going to be the default gateway for any client devices connected to the router.

Amend the address as required.

int vlan 1
ip address

Setting up remote SSH access

So we can securely remotely manage the device we will need to set up SSH using the following

Replace mydomain.local with your domain name

ip domain-name mydomain.local
crypto key generate rsa

You will be asked “How many bits in the modulus” enter 2048 and press enter.

ip ssh version 2
line vty 0 4
 transport input ssh
 login local

Change the username admin and the password SSHPa55w0rd to be the SSH credentials you wish to use on the username line

username admin password SSHPa55w0rd


Now we are going to set up DHCP so any devices connected to the LAN ports on the router are issued an IP address.

In this example, I am going to use the range but change this as required to meet your needs. I am also going to exclude the first ten IP addresses in the range from being issued by DHCP. You would at the very least want to exclude the router’s management IP in this example

ip dhcp pool CLIENTS

ip dhcp excluded-address

Setting up VDSL / FTTC

Change PPPoE-Username-From-ISP and PPPoE-Password-From-ISP to be your PPPoE username and password provided by your ISP.

wan mode dsl

controller vdsl 0 
 no shut

interface Ethernet0
 no ip address
 ip virtual-reassembly in
 pppoe-client dial-pool-number 1
 no shut

interface Ethernet0.101
 encapsulation dot1Q 101
 pppoe-client dial-pool-number 1
 no shut

interface Dialer1
 description VDSL
 ip address negotiated
 ip mtu 1492
 ip virtual-reassembly in
 encapsulation ppp
 dialer pool 1
 dialer-group 1
 ppp authentication pap chap ms-chap callin
 ppp chap hostname PPPoE-Username-From-ISP
 ppp chap password 0 PPPoE-Password-From-ISP
 ppp ipcp address accept
 no cdp enable
 no shut

Setting up NAT

So our client(s) connected to the router can get to the Internet we will need to configure NAT. In this example, I will be configuring overload or PAT. This is where the client(s) will share the public IP address issued to the router and don’t need their own static IP address.

ip nat inside source list 1 interface Dialer1 overload
access-list 1 permit

interface Dialer1
 ip nat outside

int vlan 1
 ip nat inside


First, we will set up our default route to send any traffic we don’t have a specific route for to the Dialer (VDSL) interface

ip route Dialer1

Potentially you may want to add other routers. For example, if you have a switch behind the router with VLANs. You would want to add routes for those VLANs so you can get to the router’s management IP address from the internal network.

For example, if your internal VLANs are all on the 172 private range you could add.

ip route Vlan1

More on the subject of Cisco

You may also like these posts

Leave a Comment

This site uses Akismet to reduce spam. Learn how your comment data is processed.