Hello,

do you have the config (sh run) ?

!
version 15.6
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname AussieBB
!
boot-start-marker
boot-end-marker
!
!
!
no aaa new-model
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
ip dhcp excluded-address 192.168.1.1
!
ip dhcp pool LAN
network 192.168.1.0 255.255.255.0
default-router 192.168.1.1
dns-server 8.8.8.8
!
interface GigabitEthernet8
ip address dhcp
ip nat outside
!
interface Vlan1
ip address 192.168.1.1 255.255.255.0
ip nat inside
!
ip nat inside source list 1 interface GigabitEthernet8
!
ip route 0.0.0.0 0.0.0.0 GigabitEthernet8 dhcp
!
access-list 1 permit 192.168.1.0 0.0.0.255
!
!
!
!
ip cef
no ipv6 cef
!
!
!
!
!
multilink bundle-name authenticated
!
!
chat-script lte "" "AT!CALL" TIMEOUT 20 "OK"
!
!
!
!
!
license udi pid C897VAG-LTE-LA-K9 sn
!
!
!
redundancy
!
!
!
!
!
controller VDSL 0
!
controller Cellular 0
lte modem link-recovery rssi onset-threshold -110
lte modem link-recovery monitor-timer 20
lte modem link-recovery wait-timer 10
lte modem link-recovery debounce-count 6
!
!
!
!
!
!
!
!
!
!
!
interface ATM0
no ip address
shutdown
no atm ilmi-keepalive
!
interface Cellular0
description 4G Backup
ip address negotiated
ip mtu 1358
encapsulation slip
ip tcp adjust-mss 1318
dialer in-band
dialer string lte
dialer-group 1
async mode interactive
!
interface Cellular1
no ip address
encapsulation slip
!
interface Ethernet0
description TBB NXXXXXXXR – XXX.XXX.XXX.XXX
ip address dhcp
no ip redirects
no ip unreachables
no ip proxy-arp
ip nat outside
ip virtual-reassembly in
ip tcp adjust-mss 1460
!
interface GigabitEthernet0
no ip address
!
interface GigabitEthernet1
no ip address
!
interface GigabitEthernet2
no ip address
!
interface GigabitEthernet3
no ip address
!
interface GigabitEthernet4
no ip address
!
interface GigabitEthernet5
no ip address
!
interface GigabitEthernet6
no ip address
!
interface GigabitEthernet7
no ip address
!
interface GigabitEthernet8
no ip address
shutdown
duplex auto
speed auto
!
interface Vlan1
no ip address
!
ip forward-protocol nd
no ip http server
no ip http secure-server
!
!
ip ssh server algorithm encryption aes128-ctr aes192-ctr aes256-ctr
ip ssh client algorithm encryption aes128-ctr aes192-ctr aes256-ctr
!
ipv6 ioam timestamp
!
!
control-plane
!
!
!
mgcp behavior rsip-range tgcp-only
mgcp behavior comedia-role none
mgcp behavior comedia-check-media-src disable
mgcp behavior comedia-sdp-force disable
!
mgcp profile default
!
!
!
!
!
!
vstack
!
line con 0
no modem enable
line aux 0
line 2
no activation-character
no exec
transport preferred none
stopbits 1
line 3
script dialer lte
no exec
line 8
no exec
line vty 0 4
login
transport input none
!
scheduler allocate 20000 1000
!
end

AussieBB is different to what OP has, in that case you just want DHCP on the WAN ie IPoE. That should a bit like my NAT example for the C1117. See the ATM interface and Ethernet0/2/0 configuration. That works with IPv6 and includes an ACL to block incoming ports.

Their ISP is iiNet they use a PPPoE interface on VLAN 2 , same as Internode which is also owned by TPG. I am thinking an example such as this one, is what you might want. (Except not VLAN 100).

This particular modem does work on the NBN but you need to update the VDSL firmware. You want to make sure you upgrade your firmware so that it supports SOS/ROC etc.

sh ip interface brief

AussieBB#sh ip interface brief
Interface IP-Address OK? Method Status Protocol
ATM0 unassigned YES NVRAM administratively down down
Cellular0 unassigned YES NVRAM up up
Cellular1 unassigned YES unset down down
Ethernet0 unassigned YES NVRAM administratively down down
GigabitEthernet0 unassigned YES unset down down
GigabitEthernet1 unassigned YES unset down down
GigabitEthernet2 unassigned YES unset down down
GigabitEthernet3 unassigned YES unset down down
GigabitEthernet4 unassigned YES unset down down
GigabitEthernet5 unassigned YES unset down down
GigabitEthernet6 unassigned YES unset down down
GigabitEthernet7 unassigned YES unset down down
GigabitEthernet8 192.168.0.181 YES DHCP up up
NVI0 21.21.21.1 YES unset up up
Vlan1 unassigned YES unset down down

AussieBB#sh ip route
Codes: L - local, C - connected, S - static, R - RIP, M - mobile, B - BGP
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2
i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
ia - IS-IS inter area, * - candidate default, U - per-user static route
o - ODR, P - periodic downloaded static route, H - NHRP, l - LISP
a - application route
+ - replicated route, % - next hop override, p - overrides from PfR

Gateway of last resort is 192.168.0.1 to network 0.0.0.0

S* 0.0.0.0/0 [1/0] via 192.168.0.1, GigabitEthernet8
[1/0] via 10.0.0.1, GigabitEthernet8
192.168.0.0/24 is variably subnetted, 2 subnets, 2 masks
C 192.168.0.0/24 is directly connected, GigabitEthernet8
L 192.168.0.181/32 is directly connected, GigabitEthernet8

I'm able to plug any vdsl modem in and it connects so no issues there.  Just hoping to get the rest of the code sorted

FTTN in Australia customer has to supply hardware. All other connection types, FTTC, FTTP etc have a NTD. FTTC you should use the NBNCo NTD provided as it powers the DPU.

If you're on plain FTTN ie and the only thing in your house is a TO (Telecommunications Outlet), then you supply the hardware for this connection. There is no need for a static route in NAT mode. All that will be provided by DHCP.

This should be connected directly to the phone line, and not through any other device. As @leontunnie is with ABB they will use a simple IPoE configuration, with no settings, so that means no Dialer0, no PPPoE. Just simple ethernet config and NAT.

Does show controller vdsl 0  produce a showtime? If it does, all you need is some NAT rules:

That means on the external interface you'll need a rule like "ip nat outside" on the LAN side you'll need "ip nat inside".

Create the access list that allows the VLAN to be NATTed

access-list 1 remark INSIDE_IF=Vlan1
access-list 1 permit 192.168.1.0 0.0.0.255

Then you'll want to create an overload rule. The external interface should be "Ethernet0"

ip nat inside source list 1 interface {{ YOUR EXTERNAL INTERFACE }} overload

If you want to port forward to a particular host on your network, ie say BitTorrent then this should do:

ip nat inside source static tcp 192.168.1.{{your IP}} {{port}} interface Ethernet0 {{port}}

Create your VLAN1

interface Vlan1
description Local Area Network
no ip address
no ip redirects
no ip unreachables
no ip proxy-arp
ip flow ingress
ip flow egress
ip virtual-reassembly
ip tcp adjust-mss 1412
!

This modem certainly does work with NBNCo and was sold for a time by Internode and Telstra. The above config is what I've seen on whirlpool.net.au and what I used with my 887 before the NVRAM failed

AussieBB#sh run
Building configuration...

Current configuration : 5100 bytes
!
version 15.6
service tcp-keepalives-in
service tcp-keepalives-out
service timestamps debug datetime localtime show-timezone year
service timestamps log datetime localtime show-timezone year
service password-encryption
service sequence-numbers
!
hostname AussieBB
!
boot-start-marker
boot-end-marker
!
!
logging buffered 51200 warnings
no logging console
!
aaa new-model
!
!
aaa authentication login default local
aaa authorization console
aaa authorization exec default local
!
!
!
!
!
aaa session-id common
clock timezone utc 10 0
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!

!
ip dhcp excluded-address 10.0.0.1 10.0.0.10
!
ip dhcp pool lanpool
network 10.0.0.0 255.255.255.0
default-router 10.0.0.1
dns-server 8.8.8.8 8.8.4.4
lease 7
!
!
!
ip name-server 202.142.142.142
ip name-server 202.142.142.242
ip inspect name FWv4 tcp router-traffic
ip inspect name FWv4 udp router-traffic
ip inspect name FWv4 icmp
ip cef
no ipv6 cef
!
!
!
!
!
multilink bundle-name authenticated
!
!
chat-script lte "" "AT!CALL1" TIMEOUT 60 "OK"
!
!
!
!
!
license udi pid C897VAG-LTE-LA-K9 sn
!
!
archive
log config
logging enable
notify syslog contenttype plaintext
hidekeys
username admin privilege 15 password 7
!
redundancy
!
!
!
!
!
controller VDSL 0
operating mode vdsl2
!
controller Cellular 0
lte modem link-recovery rssi onset-threshold -110
lte modem link-recovery monitor-timer 20
lte modem link-recovery wait-timer 10
lte modem link-recovery debounce-count 6
no cdp run
!
track 1 ip sla 1 reachability
!
!
policy-map shape-outbound
class class-default
shape average 39500000
!
!
!
!
!
!
!
!
!
!
!
interface ATM0
no ip address
shutdown
no atm ilmi-keepalive
!
interface Cellular0
ip address negotiated
no ip redirects
no ip proxy-arp
ip nat outside
ip virtual-reassembly in
encapsulation slip
dialer in-band
dialer idle-timeout 0
dialer string lte
dialer-group 1
async mode interactive
!
interface Cellular1
no ip address
encapsulation slip
!
interface Ethernet0
ip address dhcp
no ip redirects
no ip unreachables
no ip proxy-arp
ip nat outside
ip virtual-reassembly in
ip tcp adjust-mss 1460
!
interface GigabitEthernet0
no ip address
!
interface GigabitEthernet1
no ip address
!
interface GigabitEthernet2
no ip address
!
interface GigabitEthernet3
no ip address
!
interface GigabitEthernet4
no ip address
!
interface GigabitEthernet5
no ip address
!
interface GigabitEthernet6
no ip address
!
interface GigabitEthernet7
no ip address
!
interface GigabitEthernet8
backup delay 0 10
backup interface Cellular0
ip address dhcp
duplex auto
speed auto
no cdp enable
!
interface Vlan1
ip address 10.0.0.1 255.255.255.0
no ip proxy-arp
ip flow ingress
ip flow egress
ip nat inside
ip virtual-reassembly in
ip tcp adjust-mss 1452
!
ip forward-protocol nd
ip http server
ip http secure-server
!
!
ip tftp source-interface Vlan1
ip nat inside source route-map BACKUP interface Cellular0 overload
ip nat inside source route-map PRIMARY interface GigabitEthernet8 overload
ip ssh server algorithm encryption aes128-ctr aes192-ctr aes256-ctr
ip ssh client algorithm encryption aes128-ctr aes192-ctr aes256-ctr
!
ip access-list extended INTERNET-IN
deny ip 0.0.0.0 0.255.255.255 any
deny ip 10.0.0.0 0.255.255.255 any
deny ip 127.0.0.0 0.255.255.255 any
deny ip 169.254.0.0 0.0.255.255 any
deny ip 172.16.0.0 0.15.255.255 any
deny ip 192.168.0.0 0.0.255.255 any
deny ip 198.18.0.0 0.0.255.255 any
deny ip 224.0.0.0 31.255.255.255 any
deny tcp any any fragments
deny udp any any fragments
deny icmp any any fragments
deny ip any any ttl range 0 1
permit icmp any any echo
permit icmp any any echo-reply
permit icmp any any time-exceeded
permit icmp any any unreachable
permit icmp any any packet-too-big
permit udp any any eq bootpc
deny ip any any
ip access-list extended SSH-IN
permit tcp 192.168.0.0 0.0.255.255 any eq 22
permit tcp 172.16.0.0 0.15.255.255 any eq 22
permit tcp 10.0.0.0 0.255.255.255 any eq 22
deny ip any any
!
ip sla 1
icmp-echo 8.8.8.8 source-interface GigabitEthernet8
frequency 10000
ip sla schedule 1 life forever start-time now
dialer-list 1 protocol ip permit
ipv6 ioam timestamp
!
route-map BACKUP permit 1
match ip address 1
match interface Cellular0
!
route-map PRIMARY permit 1
match ip address 1
match interface GigabitEthernet8
!
access-list 1 permit 10.0.0.0 0.0.0.255
access-list 1 permit any
!
!
!
control-plane
!
!
!
mgcp behavior rsip-range tgcp-only
mgcp behavior comedia-role none
mgcp behavior comedia-check-media-src disable
mgcp behavior comedia-sdp-force disable
!
mgcp profile default
!
!
!
!
!
!
vstack
!
line con 0
no modem enable
line aux 0
line 2
no activation-character
no exec
transport preferred none
stopbits 1
line 3
exec-timeout 0 0
script dialer lte
modem InOut
no exec
line 8
no exec
line vty 0 4
access-class SSH-IN in
exec-timeout 30 0
logging synchronous
transport input ssh
!
scheduler allocate 20000 1000
ntp server 202.89.184.139
ntp server 203.206.171.84
ntp server 220.233.200.157
!
end

AussieBB#

Hello,

I haven't followed the entire thread, so I hope I am not suggesting anything redundant, but as far as I recall, you need the 'wan mode ethernet' command in your config as well...

Mate i'm honestly struggling to see why there would be a static route in there..... Any tips?

Ive done some digging and managed to get the following:

AussieBB#sh ip interface brief
Interface IP-Address OK? Method Status Protocol
ATM0 unassigned YES NVRAM administratively down down
Cellular0 unassigned YES NVRAM up up
Cellular1 unassigned YES unset down down
Ethernet0 unassigned YES NVRAM administratively down down
GigabitEthernet0 unassigned YES unset down down
GigabitEthernet1 unassigned YES unset down down
GigabitEthernet2 unassigned YES unset down down
GigabitEthernet3 unassigned YES unset down down
GigabitEthernet4 unassigned YES unset down down
GigabitEthernet5 unassigned YES unset down down
GigabitEthernet6 unassigned YES unset down down
GigabitEthernet7 unassigned YES unset down down
GigabitEthernet8 192.168.3.10 YES DHCP up up
NVI0 21.21.21.1 YES unset up up
Vlan1 10.0.0.1 YES NVRAM down down
AussieBB#
AussieBB#
AussieBB#
AussieBB#
AussieBB#sh ip route
Codes: L - local, C - connected, S - static, R - RIP, M - mobile, B - BGP
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2
i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
ia - IS-IS inter area, * - candidate default, U - per-user static route
o - ODR, P - periodic downloaded static route, H - NHRP, l - LISP
a - application route
+ - replicated route, % - next hop override, p - overrides from PfR

Gateway of last resort is 192.168.3.1 to network 0.0.0.0

S* 0.0.0.0/0 is directly connected
192.168.3.0/24 is variably subnetted, 2 subnets, 2 masks
C 192.168.3.0/24 is directly connected, GigabitEthernet8
L 192.168.3.10/32 is directly connected, GigabitEthernet8

Does this help?