I’ve got a Cisco 860VAE-W which I’m trying to bridge. I picked it up because I was interested in learning a bit about an IOS device – I’m coming at this pretty raw.

>show inventory

NAME: "C867VAE-W-A-K9", DESCR: "C867VAE-W-A-K9 chassis, Hw Serial#: GMK190700MQ, Hw Revision: 1.0"
PID: C867VAE-W-A-K9    , VID: V01 , SN: GMK190700MQ

I’m hooking it up to the Australian NBN (Superloop FTTN) on a rickety bit of wire, but the VDSL2 seems to connect ok.

>show controller VDSL 0

Controller VDSL 0 is UP

Daemon Status:           Up 

                        XTU-R (DS)              XTU-C (US)
Chip Vendor ID:         'BDCM'                   'BDCM'
Chip Vendor Specific:   0x0000                   0xB1BF
Chip Vendor Country:    0xB500                   0xB500
Modem Vendor ID:        'CSCO'                   'ALCB'
Modem Vendor Specific:  0x4602                   0x0000
Modem Vendor Country:   0xB500                   0x0F00
Serial Number Near:    GMK190700MQ C867VAE 15.7(3)M4  
Serial Number Far:     AA1638FS1KT-23
Modem Version Near:    15.7(3)M4
Modem Version Far:     0xb1bf

Modem Status:            TC Sync (Showtime!) 

DSL Config Mode:         VDSL2 
Trained Mode:   G.993.2 (VDSL2) Profile 17a
TC Mode:                 PTM 
Selftest Result:         0x00 
DELT configuration:      disabled 
DELT state:              not running 

Full inits:             1
Failed full inits:      0
Short inits:            0
Failed short inits:     2

Modem FW  Version:      4.12L.08
Modem PHY Version:      A2pv6F039x3.d24o
Trellis:                 ON                       ON
SRA:                     enabled                 enabled
 SRA count:              1                       1
Bit swap:                enabled                 enabled
 Bit swap count:         24                      127
Line Attenuation:        27.5 dB                  0.0 dB
Signal Attenuation:       0.0 dB                  0.0 dB
Noise Margin:             6.9 dB                  6.0 dB
Attainable Rate:        33699 kbits/s            9578 kbits/s
Actual Power:            12.7 dBm                 7.4 dBm
Per Band Status:        D1      D2      D3      U0      U1      U2      U3
Line Attenuation(dB):   22.3    49.5    63.9    15.2    38.7    N/A     N/A
Signal Attenuation(dB): 27.4    48.9    64.2    15.2    38.1    56.0    N/A
Noise Margin(dB):       6.9     6.9     6.9     6.2     5.9     6.2     N/A
Total FECC:             77                       208236
Total ES:               0                        0
Total SES:              0                        0
Total LOSS:             0                        0
Total UAS:              155                      155
Total LPRS:             0                        0
Total LOFS:             0                        0
Total LOLS:             0                        0

                  DS Channel1     DS Channel0   US Channel1       US Channel0
Speed (kbps):             0            31192             0              9578
SRA Previous Speed:       0                0             0                 0
Previous Speed:           0                0             0                 0
Reed-Solomon EC:          0               77           948            208236
CRC Errors:               0                0             0                 0
Header Errors:            0                0             0                 0
Interleave (ms):       0.00             0.00          0.00              0.00
Actual INP:            2.01            44.00          4.00             42.00

Training Log :  Stopped
Training Log Filename : flash:vdsllog.bin

I updated IOS to 15.7.3M4a, bumped the VDSL firmware to A39x3 and ROMMON to 15.3(3r)M3.

>show ver

Cisco IOS Software, C860 Software (C860VAEW-ADVSECURITYK9-M), Version 15.7(3)M4a, RELEASE SOFTWARE (fc1)
Technical Support: http://www.cisco.com/techsupport
Copyright (c) 1986-2019 by Cisco Systems, Inc.
Compiled Mon 25-Mar-19 11:10 by prod_rel_team

ROM: System Bootstrap, Version 15.3(3r)M3, RELEASE SOFTWARE (fc1)

c867vae-w uptime is 19 minutes
System returned to ROM by reload at 23:02:44 AEST Wed Oct 30 2019
System image file is "flash:c860vaew-advsecurityk9-mz.SPA.157-3.M4a.bin"
Last reload type: Normal Reload
Last reload reason: Reload Command

This product contains cryptographic features and is subject to United
States and local country laws governing import, export, transfer and
use. Delivery of Cisco cryptographic products does not imply
third-party authority to import, export, distribute or use encryption.
Importers, exporters, distributors and users are responsible for
compliance with U.S. and local country laws. By using this product you
agree to comply with applicable laws and regulations. If you are unable
to comply with U.S. and local laws, return this product immediately.

A summary of U.S. laws governing Cisco cryptographic products may be found at:

If you require further assistance please contact us by sending email to
[email protected].

Cisco C867VAE-W-A-K9 (revision 1.0) with 385024K/32768K bytes of memory.
Processor board ID GMK190700MQ
1 DSL controller
1 Ethernet interface
3 FastEthernet interfaces
4 Gigabit Ethernet interfaces
1 ATM interface
1 terminal line
1 Virtual Private Network (VPN) Module
255K bytes of non-volatile configuration memory.
131072K bytes system flash allocated 

Configuration register is 0x2102

I took a likely looking setup from whirlpool.net and the IPoE twist in that thread and have been hammering away at it since for my startup-config:

version 15.7
no service pad
service timestamps debug datetime msec localtime show-timezone year
service timestamps log datetime msec localtime show-timezone year
no service password-encryption

hostname c867vae-w-a-k9

boot system flash:c860vaew-advsecurityk9-mz.SPA.157-3.M4a.bin

logging buffered 51200 warnings

no aaa new-model
wan mode dsl
clock timezone AEST 10 0
clock summer-time AEDT recurring 1 Sun Oct 2:00 1 Sun Apr 3:00

ip domain name local
ip cef
no ipv6 cef

crypto pki trustpoint TP-self-signed-3512251453
 enrollment selfsigned
 subject-name cn=IOS-Self-Signed-Certificate-3512251453
 revocation-check none
 rsakeypair TP-self-signed-3512251453

crypto pki certificate chain TP-self-signed-3512251453
 certificate self-signed 01 nvram:IOS-Self-Sig#5.cer

 log config
  logging enable
username <USERNAME> privilege 15 secret 5 <SECRET>

controller VDSL 0
 operating mode vdsl2
 firmware filename flash:VAEW_A_39x3_B39x3_24o.SSA.bin

interface ATM0
 no ip address
 no atm ilmi-keepalive

interface Ethernet0
 description VDSL virtual interface for NBN FTTN
 no ip address
 no shutdown
 bridge-group 1

interface FastEthernet0
 description LAN FE0
 no ip address

interface FastEthernet1
 description LAN FE1
 no ip address

interface FastEthernet2
 description LAN FE2
 no ip address

interface GigabitEthernet0
 description LAN GE0 Connection to Orbi router
 no ip address

interface GigabitEthernet1
 description LAN GE1 Link for admin / monitoring
 switchport access vlan 255
 no ip address

interface GigabitEthernet2
 description WAN GE2
 no ip address
 duplex auto
 speed auto

interface Wlan-GigabitEthernet0
 description Internal switch interface connecting to the embedded AP
 no ip address

interface Vlan1
 no ip address
 bridge-group 1

interface Vlan255
 ip address

ip forward-protocol nd
ip http server
ip http secure-server

ip route
ip ssh version 2

snmp-server community <COMMUNITY STRING> RO
bridge 1 protocol ieee

line con 0
 no modem enable
line aux 0
line 2
 no activation-character
 no exec
 transport preferred none
 transport input all
 stopbits 1
line vty 0 4
 login local
 transport input ssh

ntp server au.pool.ntp.org
ntp server 0.au.pool.ntp.org
ntp server 1.au.pool.ntp.org

It seems to me that Ethernet0 is the virtual interface that the DSL modem uses, so that and vlan1 have been added to bridge-group 1. Nothing on that bridge gets an IP address (makes sense) and then bridge 1 protocol ieee seems the right choice. I don’t really understand how GE0 finds its way into the bridging setup but I guess it works for other people. Lastly GE1 is configured with an IP address so the device can still be monitored and managed over the network.

So from my nascent understanding, this config looks pretty reasonable and the DSL side appears to be working. But, of course, I can’t get the Orbi sitting behind the Cisco to successfully acquire a DHCP lease.

I’ve been sifting through the Cisco docs; they’re comprehensive, but maybe too comprehensive? It feels like finding a needle in a haystack.

So, yeah, how do I bridge a Cisco 860VAE-W from VDSL to Ethernet?

Leave a Reply

Your email address will not be published. Required fields are marked *