Cisco ADSL & 877 router


Cisco 877

My 1720 router with the wic1-adsl card served me well, I cannot think of any outages I had which required a reboot of my router, a few were line related, but the 1720 recovered well.

However over time a few limitations became apparent, the wic1-adsl supports ADSL ver.1 only and the 1720 cannot support a next generation adsl modem WIC which supports ADSL2. Also, in order to get a pure ipv6 interface, I needed to add in a 10 MB/s WIC card.

The cost of a modular router such as a 1800 series rack mount with the WIC2-ADSL2 card is prohibitive, but the 877 router combines all these in one box and they are available from ebay at sensible cost.

The drawing below shows how this fits into my network. As I have a separate firewall, NAT is not run on the 877.

IOS image

The IOS image loaded on the router was c870-advsecurityk9-mz.124-4.T2.bin, but this does not support IPv6, after some research, c870-advipservicesk9-mz.124-15.T5.bin seemed a good choice and at 18Mb in size it fitted in my flash. See the 1720 page for instructions on loading a .bin image to a Cisco router.

VLAN configuration

After several months operation, the next steps were to experiment with some ipv6 connectivity and set up a VPN to other locations. The 877 has four ethernet ports on the rear. One of these connects to my firewall with ipv4, one is designated for ipv6 only and another is for the local VPN address.

The usual way to assign ipaddresses to physical ethernet switch ports is to create a vlan and add the ethernet port in to that vlan. The vlan interface then has the ipaddress assigned to it.

The 877 seems to require an additional step to make this work. During my vlan config work, I saw the message “Access VLAN 2 does not exist. Please add it to vlan database”. I thought vlans were created when an “interface vlan2” was issued. After the config was complete, I was unable to ping off the 877 to another device. The interfaces were as follows:-

877#sh ip interface brief 
Interface                  IP-Address      OK? Method Status                Protocol
FastEthernet0              unassigned      YES unset  up                    up      
FastEthernet1              unassigned      YES unset  up                    down    
FastEthernet2              unassigned      YES unset  up                    up      
FastEthernet3              unassigned      YES unset  up                    up      
ATM0                       unassigned      YES NVRAM  up                    up      
Vlan1             YES NVRAM  up                    up      
Vlan2                      unassigned      YES NVRAM  up                    down    
Vlan3                 YES NVRAM  up                    down    

The line of concern was “Vlan3 YES NVRAM up down” showing that I had a physical link but no logical connection.

After a few false routes of enquiry, I found that I needed to create a vlan database with:-

877#vlan database
877(vlan)#vlan 2 name ipv6
VLAN 2 modified:
    Name: ipv6
877(vlan)#vlan 3 name "VPN local interface"
VLAN 3 added:
    Name: VPN local interface
APPLY completed.
APPLY completed.

Please note that spaces in the name above need to be quoted. After entering this, the line protocol was up and I could see:-

877#show vlan-switch brief 

VLAN Name                             Status    Ports
---- -------------------------------- --------- -------------------------------
1    default                          active    Fa0, Fa3
2    ipv6                             active    Fa1
3    VPN local interface              active    Fa2

More importantly, I could ping a connected device.

Running Config (no NAT)

877adsl2#sh running-config
Building configuration...

Current configuration : 2399 bytes
! No configuration change since last restart
version 12.4
no service pad
service timestamps debug datetime
service timestamps log datetime
service password-encryption
hostname 877adsl2
logging buffered 51200 warnings
enable secret 5 $1$V0.E$3guessme!XQT46rw71
no aaa new-model
resource policy
clock timezone GMT 0
clock summer-time BST recurring 4 Sun Mar 1:00 4 Sun Oct 2:00
ip cef
ip domain list
ip domain name
ip name-server
ip name-server
ipv6 unicast-routing
ipv6 cef
ipv6 multicast-routing
interface ATM0
 no ip address
 no atm ilmi-keepalive
 pvc 0/38
  encapsulation aal5mux ppp dialer
  dialer pool-member 1
 dsl operating-mode auto
 dsl enable-training-log
 hold-queue 224 in
interface FastEthernet0
 description Internet LAN to firewall
interface FastEthernet1
 description IPv6 interface
 switchport access vlan 2
interface FastEthernet2
 description VPN connection
 switchport access vlan 3
interface FastEthernet3
 description Internet access ipv4
interface Vlan1
 description Internet LAN
 ip address
interface Vlan2
 no ip address
 ipv6 enable
interface Vlan3
 description VPN local interface
 ip address
interface Dialer0
 description WAN link to AAISP
 ip address negotiated
 encapsulation ppp
 dialer pool 1
 dialer-group 1
 ipv6 enable
 ipv6 traffic-filter adsl-ipv6 in
 ppp chap hostname isp@me
 ppp chap password 7 guessmetoo!32E377B6260
ip route Dialer0
no ip http server
no ip http secure-server
access-list 23 permit ww.xx.yy.zzz log
access-list 23 deny   any log
dialer-list 1 protocol ip permit
snmp-server community mystring RO 23
snmp-server location whereami
snmp-server contact
ipv6 route ::/0 Dialer0
banner login ^CC

No Access

banner motd ^CCC

WARNING: No Access

line con 0
 password 7 0828TopSecret!!5D42
 no modem enable
line aux 0
line vty 0 4
 access-class 23 in
 password 7 07NoAccessAllowed!0
 transport input all
scheduler max-task-time 5000
ntp clock-period 17175169
ntp server
ntp server
ntp server


rb/cisco-877.txt · Last modified: 13/03/2018 17:22 by andrew