07-09-2021 10:58 AM - edited 07-09-2021 11:01 AM
Hello guys,
i have looked for cisco VDSL ppoe config over internet they are always incomplete or with "no i route-cache" or other stuff.
This is what i dig during my Cisco adventure for my home router, there is a good level of research here.
It works, just adapt your parameter.
may be you don't need ssl-vpn just skip that part.
if you need a conf test this and have fun.
version 15.8 service nagle no service pad service tcp-keepalives-in service tcp-keepalives-out service timestamps debug datetime localtime service timestamps log datetime localtime show-timezone service password-encryption service internal ! hostname C897VA-K9 ! boot-start-marker boot system flash:/c800-universalk9-mz.SPA.158-3.M6.bin warm-reboot boot-end-marker ! ! logging buffered 40000 informational enable secret 9 xxxxxxxx ! aaa new-model ! ! aaa authentication login default local aaa authentication login sslvpn local aaa authentication ppp default local aaa authorization exec default local ! ! ! ! ! ! aaa session-id common process cpu threshold type total rising 75 interval 5 falling 20 interval 5 clock timezone Rome 1 0 clock summer-time DST recurring last Sun Mar 2:00 last Sun Oct 3:00 ! crypto pki server IOS-CA database level complete no database archive grant auto ! crypto pki trustpoint IOS-CA revocation-check crl rsakeypair IOS-CA ! crypto pki trustpoint TEST enrollment url http://192.168.1.1:80 serial-number subject-name CN=#your ddns hostname# subject-alt-name #your ddns hostname# revocation-check none rsakeypair TEST ! ! crypto pki certificate chain IOS-CA certificate ca 01 .... quit crypto pki certificate chain TEST certificate 02 ..... quit certificate ca 01 ... quit no vlan accounting ! ! ! ! ! no ip source-route ! ! ! ! ! ! ! ! ! ! ! ! ip port-map user-teamviewr_udp port udp 5938 ip port-map user-teamviewr_tcp port tcp 5938 ! ip dhcp bootp ignore ip dhcp excluded-address 192.168.1.2 192.168.1.4 ip dhcp excluded-address 192.168.1.11 ! ! ! ip dhcp pool Master import all network 192.168.1.0 255.255.255.0 default-router 192.168.1.1 dns-server 208.67.222.222 208.67.220.220 update arp ! ! ! ! no ip bootp server ip name-server 208.67.222.222 ip name-server 208.67.220.220 ip inspect WAAS flush-timeout 10 ip ddns update method ddns HTTP add http:/#USER#:#PASSWORD#@update.dyndns.it/nic/update?system=dyndns&hostname=<h>&myip=<a> remove http://#USER#:#PASSWORD#@update.dyndns.it/nic/update?system=dyndns&hostname=<h>&myip=<a> interval maximum 28 0 0 0 interval minimum 28 0 0 0 ! ip cef no ipv6 cef ! ! ! ! ! multilink bundle-name authenticated ! ! ! ! ! ! ! license feature MEM-8XX-512U1GB license udi pid C897VA-K9 sn xxxxxxxxxxx license boot module c800 level advipservices ! ! archive path flash:/archive/$h$t maximum 12 write-memory memory reserve critical 4096 memory reserve console 4096 memory free low-watermark processor 20000 memory free low-watermark IO 20000 ! no spanning-tree vlan 1 no spanning-tree vlan 10 no spanning-tree vlan 11 username xxxxx privilege 15 secret 9 xxxxxx ! redundancy no keepalive-enable notification-timer 120000 ! crypto vpn anyconnect flash:/webvpn/anyconnect-win-4.3.02039-k9.pkg sequence 1 ! ! ! ! ! controller VDSL 0 firmware filename flash:VA_A_39m_B_38u_24o_rc1_SDK_4.14L.04A-J.bin.V2 sra no cdp run ! ip tcp selective-ack ip tcp window-size 2144 ip tcp synwait-time 10 ! class-map match-any work match access-group 114 match access-group 117 match access-group 116 match protocol teamviewer match protocol ssh match protocol outlook-web-service class-map match-any management match protocol dns match protocol ntp match protocol dhcp match protocol imap match protocol kerberos match protocol ldap match protocol secure-imap match protocol secure-ldap match protocol snmp match protocol socks match protocol syslog class-map match-any qos-voice match ip dscp ef class-map match-any qos-scavenger match ip dscp cs1 class-map match-any Transactional match protocol citrix match protocol finger match protocol notes match protocol novadigm match protocol pcanywhere match protocol secure-telnet match protocol sqlnet match protocol sqlserver match protocol ssh match protocol telnet match protocol xwindows class-map match-any Signaling match protocol h323 match protocol rtcp match protocol sip class-map match-any video match access-group 118 match protocol whatsapp match protocol facetime class-map match-any voice match access-group 115 match protocol rtp audio class-map match-any qos-critical-data match ip dscp cs6 match ip dscp af21 af22 match ip dscp cs2 class-map match-any qos-call-signalling match ip dscp cs3 match ip dscp af31 ! policy-map QoS-Out-child-test class voice priority 600 class work bandwidth percent 30 class management bandwidth percent 5 class Signaling bandwidth percent 5 class video bandwidth percent 10 class class-default fair-queue policy-map QoS-Out-parent-test class class-default shape average #your outgoing bandwidth# service-policy QoS-Out-child-test ! ! ! ! ! ! ! ! ! ! ! ! interface ATM0 no ip address shutdown no atm ilmi-keepalive ! interface BRI0 no ip address encapsulation hdlc shutdown isdn termination multidrop ! interface Ethernet0 description ** VDSL2 ** no ip address ! interface Ethernet0.835 description ** Tag PPPoE (VDSL 0) ** encapsulation dot1Q 835 no ip redirects no ip unreachables no ip proxy-arp ip virtual-reassembly in pppoe enable group global pppoe-client dial-pool-number 1 service-policy output QoS-Out-parent-test ! interface GigabitEthernet0 description ** RETE INTERNA ** no ip address ! interface GigabitEthernet1 description ** RETE INTERNA ** no ip address ! interface GigabitEthernet2 description ** RETE INTERNA ** no ip address ! interface GigabitEthernet3 description ** RETE INTERNA ** no ip address speed 100 ! interface GigabitEthernet4 description ** RETE INTERNA ** no ip address ! interface GigabitEthernet5 description ** RETE INTERNA ** no ip address ! interface GigabitEthernet6 description ** RETE INTERNA ** no ip address ! interface GigabitEthernet7 description ** RETE INTERNA ** no ip address ! interface GigabitEthernet8 description ** WAN GigabitEthernet ** no ip address shutdown duplex auto speed auto ! interface Virtual-Template1 description ** VPN - Virual Template ** mtu 1406 ip unnumbered Dialer0 ! interface Vlan1 description ** VLAN - RETE INTERNA ** ip address 192.168.1.1 255.255.255.0 ip nbar protocol-discovery ipv4 ip flow ingress ip flow egress ip nat inside ip virtual-reassembly in ip verify unicast source reachable-via rx allow-self-ping ip tcp adjust-mss 1452 ! interface Dialer0 mtu 1492 ip ddns update hostname #your ddns hostname# ip ddns update ddns host #your ddns hostname# ip address negotiated ip access-group 105 in no ip redirects no ip unreachables ip nat outside ip virtual-reassembly in ip verify unicast source reachable-via rx allow-default encapsulation ppp ip tcp adjust-mss 1452 dialer pool 1 dialer-group 1 no cdp enable ppp mtu adaptive ppp authentication chap callin ppp chap hostname #your chap username# ppp chap password 7 #your chap passsword# ppp ipcp address accept ! ip local pool VPN-POOL 192.168.69.10 192.168.69.30 ip forward-protocol nd ip http server ip http access-class 81 ip http authentication local ip http secure-server ip http secure-port 1443 ip http timeout-policy idle 180 life 86400 requests 10000 ! ip flow-top-talkers top 10 sort-by packets cache-timeout 250 ! no ip ftp passive ip tftp blocksize 8192 ip dns server ip nat translation timeout 500 ip nat translation tcp-timeout 500 ip nat translation pptp-timeout 30 ip nat translation udp-timeout 30 ip nat translation finrst-timeout 30 ip nat translation syn-timeout 30 ip nat translation dns-timeout 30 ip nat translation routemap-entry-timeout 30 ip nat translation icmp-timeout 30 ip nat translation port-timeout tcp 85 5 ip nat translation port-timeout udp 90 5 ip nat translation port-timeout tcp 5228 never ip nat translation arp-ping-timeout 30 no ip nat service nbar !ip nat inside source static tcp 192.168.1.11 85 interface Dialer0 85 !ip nat inside source static udp 192.168.1.11 90 interface Dialer0 90 !above static nat Example ip nat inside source list 100 interface Dialer0 overload ip route 0.0.0.0 0.0.0.0 Dialer0 ip route 0.0.0.0 255.255.255.0 Null0 ip route 10.0.0.0 255.0.0.0 Null0 ip route 127.0.0.0 255.255.255.0 Null0 ip route 169.254.0.0 255.255.0.0 Null0 ip route 172.16.0.0 255.240.0.0 Null0 ip route 192.0.2.0 255.255.255.0 Null0 ip route 192.168.0.0 255.255.0.0 Null0 ip ssh version 2 ! logging history size 250 logging source-interface Vlan1 dialer-list 1 protocol ip permit ipv6 ioam timestamp ! access-list 80 remark # traffico accesso ssh - line vty 0 4 in access-list 80 permit 192.168.1.0 0.0.0.255 access-list 80 permit 192.168.69.0 0.0.0.255 access-list 80 deny any access-list 81 remark # traffico accesso WEB access-list 81 permit 192.168.1.0 0.0.0.255 access-list 81 permit 192.168.69.0 0.0.0.255 access-list 81 deny any access-list 100 remark # traffico NAPT - NAT overload access-list 100 permit ip 192.168.1.0 0.0.0.255 any access-list 105 remark # Regole antispofing - dialer 0 in access-list 105 deny icmp any any echo access-list 105 deny icmp any any echo-reply access-list 105 deny udp any any eq echo access-list 105 deny udp any eq echo any access-list 105 permit ip any any access-list 114 remark # VPN access-list 114 permit ip any host xxxx access-list 114 permit ip any host xxx access-list 114 permit ip any host xxx access-list 114 permit ip any host xxx access-list 115 remark # TEAMS AUDIO access-list 115 permit tcp any range 50000 50019 any access-list 115 permit udp any range 50000 50019 any access-list 116 remark # TEAMS VIDEO access-list 116 permit tcp any range 50020 50039 any access-list 116 permit udp any range 50020 50039 any access-list 117 remark # TEAMS SCREEN SHARING access-list 117 permit tcp any range 50040 50059 any access-list 117 permit udp any range 50040 50059 any access-list 118 remark # WHATSAPP e FACETIME VIDEO access-list 118 permit tcp any any eq 5223 access-list 118 permit udp any any range 3478 3947 access-list 118 permit udp any any range 16384 16387 access-list 118 permit udp any any range 16393 16402 access-list 119 remark # WHAZZUP TEXT access-list 119 permit tcp any any eq 5222 ! ! ! control-plane ! ! ! mgcp behavior rsip-range tgcp-only mgcp behavior comedia-role none mgcp behavior comedia-check-media-src disable mgcp behavior comedia-sdp-force disable ! mgcp profile default ! ! ! ! ! alias exec bw show interface | include protocol|BW alias exec memory show mem stat alias exec process show process cpu alias exec ip show ip int brief alias exec ntp show ntp associations alias exec vdsl sh controller vdsl 0 alias exec proto sh ip nbar protocol-discovery top 20 alias exec cpu show proc cpu sorted 1min | exclude 0.00%__0.00%__0.00% alias exec temperature show environment alias exec qos show policy-map interface ethernet 0.835 alias exec cpu2 sh proc cpu his alias exec nat show ip nat statistics alias exec natver show ip nat translations verbose ! line con 0 no modem enable stopbits 1 line aux 0 line vty 0 4 access-class 80 in exec-timeout 30 0 transport preferred ssh transport input ssh transport output telnet ! exception memory ignore overflow processor exception memory ignore overflow io exception crashinfo maximum files 3 scheduler max-sched-time 2000 scheduler isr-watchdog scheduler allocate 20000 1000 ntp source Dialer0 ntp server 1.it.pool.ntp.org ntp server 2.it.pool.ntp.org ntp server 0.it.pool.ntp.org ! ! ! ! ! ! ! ! webvpn gateway #NAME# ip interface Virtual-Template1 port 443 ssl trustpoint TEST logging enable inservice ! webvpn context #NAME# title "Private VPN" color #004080 secondary-color #0062ee title-color #002f80 ! acl "webvpn-acl" permit ip 192.168.69.1 255.255.255.0 192.168.1.0 255.255.255.0 permit ip 192.168.1.0 255.255.255.0 192.168.69.0 255.255.255.0 deny ip any any deny ip any any syslog login-message "Unauthorized Access Is Prohibited" virtual-template 1 tunnel aaa authentication list sslvpn gateway #NAME# domain #NAME# !domain and #name# is optional logging enable ! ssl authenticate verify all inservice ! policy group #your policy# functions svc-enabled timeout idle 6000 timeout session 10800 filter tunnel webvpn-acl svc address-pool "VPN-POOL" netmask 255.255.0.0 svc default-domain "your domain" svc keep-client-installed svc dpd-interval client 30 svc dpd-interval gateway 40 svc keepalive 300 svc rekey method new-tunnel svc split include 192.168.69.0 255.255.255.0 svc split include 192.168.1.0 255.255.255.0 svc dns-server primary 192.168.1.1 hide-url-bar default-group-policy #your policy# ! end
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide