Cisco ADSL & 877 router

Background

Cisco 877

My 1720 router with the wic1-adsl card served me well, I cannot think of any outages I had which required a reboot of my router, a few were line related, but the 1720 recovered well.

However over time a few limitations became apparent, the wic1-adsl supports ADSL ver.1 only and the 1720 cannot support a next generation adsl modem WIC which supports ADSL2. Also, in order to get a pure ipv6 interface, I needed to add in a 10 MB/s WIC card.

The cost of a modular router such as a 1800 series rack mount with the WIC2-ADSL2 card is prohibitive, but the 877 router combines all these in one box and they are available from ebay at sensible cost.

The drawing below shows how this fits into my network. As I have a separate firewall, NAT is not run on the 877.

IOS image

The IOS image loaded on the router was c870-advsecurityk9-mz.124-4.T2.bin, but this does not support IPv6, after some research, c870-advipservicesk9-mz.124-15.T5.bin seemed a good choice and at 18Mb in size it fitted in my flash. See the 1720 page for instructions on loading a .bin image to a Cisco router.

VLAN configuration

After several months operation, the next steps were to experiment with some ipv6 connectivity and set up a VPN to other locations. The 877 has four ethernet ports on the rear. One of these connects to my firewall with ipv4, one is designated for ipv6 only and another is for the local VPN address.

The usual way to assign ipaddresses to physical ethernet switch ports is to create a vlan and add the ethernet port in to that vlan. The vlan interface then has the ipaddress assigned to it.

The 877 seems to require an additional step to make this work. During my vlan config work, I saw the message “Access VLAN 2 does not exist. Please add it to vlan database”. I thought vlans were created when an “interface vlan2” was issued. After the config was complete, I was unable to ping off the 877 to another device. The interfaces were as follows:-

877#sh ip interface brief 
Interface                  IP-Address      OK? Method Status                Protocol
FastEthernet0              unassigned      YES unset  up                    up      
FastEthernet1              unassigned      YES unset  up                    down    
FastEthernet2              unassigned      YES unset  up                    up      
FastEthernet3              unassigned      YES unset  up                    up      
ATM0                       unassigned      YES NVRAM  up                    up      
Vlan1                      www.xxx.yyy.zzz YES NVRAM  up                    up      
Vlan2                      unassigned      YES NVRAM  up                    down    
Vlan3                      192.168.6.1     YES NVRAM  up                    down    

The line of concern was “Vlan3 192.168.6.1 YES NVRAM up down” showing that I had a physical link but no logical connection.

After a few false routes of enquiry, I found that I needed to create a vlan database with:-

877#vlan database
877(vlan)#vlan 2 name ipv6
VLAN 2 modified:
    Name: ipv6
877(vlan)#vlan 3 name "VPN local interface"
VLAN 3 added:
    Name: VPN local interface
877(vlan)#apply
APPLY completed.
877(vlan)#exit
APPLY completed.
Exiting....
877#

Please note that spaces in the name above need to be quoted. After entering this, the line protocol was up and I could see:-

877#show vlan-switch brief 

VLAN Name                             Status    Ports
---- -------------------------------- --------- -------------------------------
1    default                          active    Fa0, Fa3
2    ipv6                             active    Fa1
3    VPN local interface              active    Fa2

More importantly, I could ping a connected device.

Running Config (no NAT)

877adsl2#sh running-config
Building configuration...

Current configuration : 2399 bytes
!
! No configuration change since last restart
!
version 12.4
no service pad
service timestamps debug datetime
service timestamps log datetime
service password-encryption
!
hostname 877adsl2
!
boot-start-marker
boot-end-marker
!
logging buffered 51200 warnings
enable secret 5 $1$V0.E$3guessme!XQT46rw71
!
no aaa new-model
!
resource policy
!
clock timezone GMT 0
clock summer-time BST recurring 4 Sun Mar 1:00 4 Sun Oct 2:00
ip cef
!
!
!
!
ip domain list mydomain.co.uk
ip domain name mydomain.co.uk
ip name-server 8.8.8.8
ip name-server 8.8.4.4
!
ipv6 unicast-routing
ipv6 cef
ipv6 multicast-routing
!
!
interface ATM0
 no ip address
 no atm ilmi-keepalive
 pvc 0/38
  encapsulation aal5mux ppp dialer
  dialer pool-member 1
 !
 dsl operating-mode auto
 dsl enable-training-log
 hold-queue 224 in
!
interface FastEthernet0
 description Internet LAN to firewall
!
interface FastEthernet1
 description IPv6 interface
 switchport access vlan 2
!
interface FastEthernet2
 description VPN connection
 switchport access vlan 3
!
interface FastEthernet3
 description Internet access ipv4
!
interface Vlan1
 description Internet LAN
 ip address 81.187.218.249 255.255.255.248
!
interface Vlan2
 no ip address
 ipv6 enable
!
interface Vlan3
 description VPN local interface
 ip address 192.168.6.1 255.255.255.0
!
interface Dialer0
 description WAN link to AAISP
 ip address negotiated
 encapsulation ppp
 dialer pool 1
 dialer-group 1
 ipv6 enable
 ipv6 traffic-filter adsl-ipv6 in
 ppp chap hostname isp@me
 ppp chap password 7 guessmetoo!32E377B6260
!
ip route 0.0.0.0 0.0.0.0 Dialer0
!
!
no ip http server
no ip http secure-server
!
access-list 23 permit ww.xx.yy.zzz log
access-list 23 deny   any log
dialer-list 1 protocol ip permit
snmp-server community mystring RO 23
snmp-server location whereami
snmp-server contact whoami@mudomain.co.uk
!
!
ipv6 route ::/0 Dialer0
!
!
control-plane
!
banner login ^CC

No Access

^C
banner motd ^CCC

WARNING: No Access

^C
!
line con 0
 password 7 0828TopSecret!!5D42
 login
 no modem enable
line aux 0
line vty 0 4
 access-class 23 in
 password 7 07NoAccessAllowed!0
 login
 transport input all
!
scheduler max-task-time 5000
ntp clock-period 17175169
ntp server 213.179.228.1
ntp server 195.56.55.177
ntp server 131.234.137.24
!
!
end

877adsl2#

VPN configuration


rb/cisco-877.txt · Last modified: 22/07/2016 19:24 by andrew