Equipment Support > Hardware By Brand > Cisco > [Config] Setup Cisco 877 to work with Bt Infinity

[Config] Setup Cisco 877 to work with Bt Infinity

Re: [Config] Cisco 1921 and HWIC-1VDSL

reply to stoz

Re: [Config] Setup Cisco 877 to work with Bt Infinity

interface ATM0
 no ip address
 shutdown
 no atm ilmi-keepalive
 pvc 0/38 
  encapsulation aal5mux ppp dialer
 
interface FastEthernet3
 switchport access vlan 10
 
interface Vlan10
 description WAN Interface
 no ip address
 no ip redirects
 no ip unreachables
 no ip proxy-arp
 ip virtual-reassembly
 pppoe enable group global
 pppoe-client dial-pool-number 1
 
interface Dialer0
 description BT PPPoE Link
 mtu 1492
 ip address negotiated
 ip virtual-reassembly
 encapsulation ppp
 ip tcp adjust-mss 1452
 dialer pool 1
 dialer-group 1
 ppp chap hostname <username>@<hg x>.btclick.com
 ppp chap password <password>
 ppp ipcp route default
 

Ok thanks for the help I'll give that a go Paul. We weren't using the router for ADSL before hand, we've got it because we need it for security reasons. I imagine it's better for that reason than the 2wire router.

However, we won't get speeds above 30Mb/s if we do get it working? That wouldn't be great as speedtest tells us we currently get about 38Mb/s and BT have informed us that the speed will be increasing in the future. Are we better off with a Cisco VDSL router?

Edit: also we have a static IP from BT. Do I need to make allowance for this in the config, or will it be assigned to us based on our username / password?

No worries Stoz, the 2Wire doesn't do VPN as far as I know so if you need it for that then yes, the 877 is better. Just out of curiosity, why not pick the 871 if it was for Infinity (unless it was one you had laying around)? Firstly, it's cheaper as you don't have the integrated ADSL modem and second it's got a dedicated WAN port which you could run the PPPoE over..

The 877 is designed for ADSL(2+) so didn't need to do anything over 24Mb/s WAN-to-LAN.. We have another one running NAT and that gets about 33 - 34Mb/s on a speed test whereas our 1841s get around 39Mb/s. Obviously, the choice is yours - you have the equipment that will do 30ish Mb/s as it stands or you can get a more expensive model that will handle the extra speed. You only need the VDSL router if you don't want the OpenReach modem as per the 1941 and HWIC-1VDSL thread.

Yeah, I covered the static IP.. It's handled by the "ip address negotiated" command for a single static IP assuming you put in your BT provided username and password rather than a generic "hub" login. If you had "5 static IPs" then you need another VLAN or a Loopback interface with the static IP (and you still need to use the BT username and password I believe) - This is what we have.

Let us know how you get on.

Cheers,

Paul

Hi Paul,

We checked with an IT support company for a router that would do all we required (after first checking that it met EAL4 certification, which we may require in the future). They assured us that 877 would be fine with VDSL so we went ahead and got it hoping to config it ourselves using SDM. So far I massively prefer using telnet to configure it through the console though!

I didn't realise that it'd be so tricky to get it up and running (well, it's probably fairly straight forward if you're familiar with Cisco, but I'm new to it!) It has been tough finding other people who've done it, and re-creating their success.

Actually the only thing I can't seem to do is get any feedback from the router on where I'm going wrong - logging, debugging etc any idea how I can check why it's not working as currently I just plug it in, hope for the best but I'm literally stumbling in the dark with no idea where it's going wrong.

Many thanks for all your help so far I'll let you know how I get on.

Remind me not to use that IT support company then! Yes, I (and I'm sure many others) prefer the command line too. SDM has been superseded by Configuration Professional now I think (see »www.cisco.com/en/US/products/ps9···dex.html) which is a bit better but still can't do everything you can do on the command line.

For logging, look into syslog - very useful if combined with something like splunk. If you're on telnet/SSH, use the "terminal monitor" command to have the logging pumped to your telnet/SSH session ("term no mon" turns it off again).

On the troubleshooting side, there's a lot of debug commands that will help - there's also a lot of useful info on Cisco's website, samples with verification checks that show you that what you just did worked.

Good luck with it, hopefully that config will at least get you up and running - you'll have to set up PAT against the dialer interface too but there's plenty of info on doing that out there.

Cheers,

Paul

reply to stoz

Indeed. It doesn't even support VDSL. If you're going to have to use an external VDSL modem, there are a lot of better options. (a cisco device with native VDSL will not be cheap... 886VA or 887VA approx. $500(US))

reply to stoz
We got the 877 about a month ago! I've just had a look through my email correspondance and I originally enquired about the 871 (after consulting a list of EAL 4 certified routers, this would have been fine at the time because we were on ADSL then). The supplier told us that they didn't have it on their portal, but could supply the 877. Of course they didn't mention that it's EOL (it was announced the time we enquired). Or that it wouldn't work well with VDSL (which we subsequently acquired about 3 months ago).

On another point, I read somewhere that a BT engineer informed somebody that you couldn't use VDSL without using their supplied white modem. I've also read that you have to use a VLAN ID 101 on the WAN interface to work with BT infinity? It's tricky because I'm new to Cisco, I've read a lot about it and seem to have it all jumbled up, and because I'm such a newcomer I struggle to distinguish useful, from misleading, information. Thanks for all feedback so far.

You can use certain VDSL hardware other than the supplied BT Openreach one, it's just up to you to work out how to set it up as your service provider & BT probably won't support such a configuration currently. I've seen configs posted for both Cisco and Draytek VDSL devices.

The VLAN ID 101 applies to the VDSL modem WAN interface, not the setup that you're attempting to achieve which is behind the modem. »[Config] Cisco 1921 and HWIC-1VDSL, the thread where you originally posted your query, was mainly concerned with setting up the VDSL interface. Maybe that's where the confusion arises?

Yeah I understand that using anything other than the supplied router is not supported. In our case we don't need to do away with the white modem (and couldn't anyway). I've read a lot of configs online, for a lot of cisco kit, but can't get it working, and as mentioned I'm new to Cisco, so easily confused.

I'll include the relevant bits of my config here, I've made changes as per Paul's suggestions in this thread but don't have chance to try it out tonight, if anything eye-pokingly obvious jumps out please let me know.

version 12.4
no service pad
service tcp-keepalives-in
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
no service dhcp
!
!
boot-start-marker
boot-end-marker
!
logging message-counter syslog
logging buffered 4096
logging console critical
!
no aaa new-model
!
 
dot11 syslog
ip source-route
!
!
ip cef
no ip domain lookup
ip domain name yourdomain.com
!
!
vpdn enable
!
archive
 log config
  hidekeys
!
interface ATM0
 no ip address
 shutdown
 no atm ilmi-keepalive
 pvc 0/38 
  encapsulation aal5mux ppp dialer
!
interface FastEthernet0
!
interface FastEthernet1
!
interface FastEthernet2
 switchport access vlan 101
!
interface FastEthernet3
 description **WAN Interface - PPPoE BT Infinity** 
 switchport access vlan 101
 pppoe enable group global
 pppoe-client dial-pool-number 1
 no cdp enable
 no routing dynamic
!
interface Vlan1
 description $ETH-SW-LAUNCH$$INTF-INFO-HWIC 4ESW$$FW_INSIDE$
 ip address 10.193.125.250 255.255.255.0
 ip virtual-reassembly
!
interface Vlan101
 no ip address
 no ip redirects
 no ip unreachables
 no ip proxy-arp
 ip virtual-reassembly
 pppoe enable group global
 pppoe-client dial-pool-number 1
!
interface Dialer1
 mtu 1492
 ip address negotiated
 no ip unreachables
 ip virtual-reassembly
 encapsulation ppp
 dialer pool 1
 dialer-group 1
 no cdp enable
 ppp chap hostname host@bt
 ppp chap password 0 pw
 ppp ipcp route default
!
ip forward-protocol nd
ip route 0.0.0.0 0.0.0.0 Dialer1
ip http server
ip http authentication local
ip http secure-server
ip http timeout-policy idle 60 life 86400 requests 10000
!
ip nat inside source list 1 interface Dialer1 overload
!
ip access-list extended NAT
 permit ip 10.193.125.0 0.0.0.255 any
!
logging trap debugging
logging 10.193.125.250
access-list 1 remark INSIDE_IF=Vlan1
access-list 1 remark SDM_ACL Category=2
access-list 1 permit 10.193.125.0 0.0.0.255
access-list 1 permit any
access-list 23 permit 10.193.125.0 0.0.0.255
no cdp run
!
control-plane
!
line con 0
 login local
 no modem enable
line aux 0
line vty 0 4
 access-class 23 in
 exec-timeout 60 0
 login local
 transport input telnet
!
scheduler max-task-time 5000
end
 

Hi Stoz,

One thing I can see.. You shouldn't need the

ip route 0.0.0.0 0.0.0.0 dialer1
 

ip http access-class 23
 

reply to stoz
Is Dialer1 supposed to be getting a non-1918 IP address? If so, you forgot to specify which
interface is NAT inside and which is NAT outside.

Regards

Yup, Hellfire's right.. My config came from a router not doing NAT so didn't have them specified.. Totally missed that on your config, I blame lack of coffee..

Paul

I wondered about NAT actually. Should I set internal FastEthernet port to NAT inside and external FastEthernet port to NAT outside then? I can worry about allowing the various ports later on?

Yeah I've got a fairly good grasp of NAT, i think, and at the console would quickly realise I've got to set NAT inside/outside to the interfaces with IP addresses, not the fastEthernet ports!

I'll configure the NAT port forwarding rules for anything coming in using the SDM I reckon - that's one place where I preferred using the SDM, and I've already done it once with no problems.

reply to phardacre
It's working! I've done the NAT setup to open the ports to ensure we get email etc. However, when I enabled the firewall (in SDM) and told it not to change the existing NAT settings suddenly no communication would leave the network. Guess that's the next thing I have to configure.

Massive thanks for all your help Paul, as well as anyone else who's helped with this. It's taken a few weeks of me staying late to work on this outside office hours to get it working, I'm so glad it finally is! Just need to configure the firewall now!

Edit: Only thing I can't get working is PPTP. I've told NAT to allow 1723, in the same way that SMTP is allowed, but I cannot connect over that port from an external location. It even seems as if there is a firewall rule allowing PPTP, from what sense I can make of the rules!

Hi Stoz,

Glad to hear you got it working, can you post up your sanitize config (without passwords) and we can see why your PPTP isn't working. You should just need to forward port 1723 with something like: ip nat inside source static tcp 192.168.50.2 1723 interface Dialer1 1723 where 192.168.50.2 is the internal IP of your PPTP server.

What errors do you get when you try and connect to the VPN? You're not trying to connect to the VPN from the LAN are you? Cisco doesn't support NAT loopback so you can't connect to the external IP from the LAN.

Cheers,

Paul