VDSL interface

notempty

Dieser Artikel bezieht sich auf eine nicht mehr aktuelle Version!

notempty

Der Artikel für die neueste Version steht hier

notempty

Zu diesem Artikel gibt es bereits eine neuere Version, die sich allerdings auf eine Reseller-Preview bezieht

Create VDSL interface for a VDSL modem connection

Last adaption: 02.2023

New:

Name of the VLAN interface in the wizard and default route now match each other

notempty

This article refers to a Resellerpreview

11.7

Introduction

This article describes how to create a VDSL interface for a VDSL modem connection.
Either the web interface of the firewall or the CLI can be used for this purpose.

Requirements

The following is required:

An unused Ethernet interface
Corresponding zones
Access data from the internet provider

In this example configuration, VLAN ID 7 is used, but this can vary between providers. Before setting up the VDSL connection, the VLAN ID used by the provider should be requested.

Known VLAN IDs for VDSL connections are:

Provider	VLAN-ID
EWETEL	2011
EWETEL (Business - without voice)	- (no VLAN)
M-Net	40
NetColone	10
Telekom	7
Vodafone	132
Vodafone lines through Telekom	7
Willi Tel	2511

If the modem to be used already takes care of VLAN tagging on its own, the connection is handled by the UTM as a normal PPPoE connection. The setup of such a connection is described in a separate article.

Setup via web interface

To access the network configuration of the UTM, an administrator login must be performed on the firewall.
Then, click on → Network →Network ConfigurationTab Network Interfaces Button + VDSL.

Step 1
Name:	wan0	Assign an appropriate name to the interface (ideally "wan" + number of the interface).	Name + IP address
Interface:	LAN1	Select interface to which the VDSL interface is to be bound
VLAN ID:	7	Enter VLAN ID (usually preset)
Next	Click to go to the next step

Step 2
Username:	Securepoint	Enter the username provided by the internet provider	Login credentials
Password:		Enter the password provided by the internet provider
Next	Click to go to the next step

Step 3
Zones:	»external »firewall-external »external_v6 »firewall-external_v6	Add desired zones	Zones
Add new zone:	Yes dmz0	When enabled, a new zone is automatically added
Generate rules:	Yes	If activated, a rule set is automatically created notempty The automatically generated rule sets are "any rules" (all services are allowed for the entire network connected to the respective interface). These must be replaced without exception!
Finish	Click to finish editing
Once the status changes to green and a public IP address is displayed in the "IP addresses" field of the PPPoE interface, the connection to the provider has been successfully established.

Setup via CLI (Command Line Interface)

Setting up a VDSL connection is also possible via CLI.
The connection can be established via the web interface, directly on the appliance, or through an SSH connection.

Create VLAN interface

Login with the user Admin.
Subsequently, the VLAN interface is created with the following command, via which the PPPoE connection is established later.

interface new name "eth0.7" type VLAN options [ vlan_id=7 vlan_parent=eth0 ]

Where the number 7 used here represents the VLAN ID, which may need to be changed.

notempty

A space must be inserted before and after the square brackets [ & ]!

Create VDSL interface

To link the wanX interface with the VLAN interface and the provider data, the following command is entered:

interface new name wan0 type PPPOE flags [ DYNADDR ] options [ ppp_user=Securepoint ppp_password=insecure pppoe_parent=eth0.7 ppp_lcp=1 mtu=1492 ]

- For ppp_user=, enter the login name for the VDSL dial-in (here: "Securepoint").
- For ppp_password=, enter the corresponding password (here: "insecure").

Subsequently, the zones external, firewall-external, external_v6, firewall-external_6 and vpn-ipsec are bound to the wan0 interface:

inteface zone get interface zone set id "X" interface "wan0"
The command Interface zone get is used to determine the IDs of each respective zone. These IDs are then used as parameters instead of 'X' in the second command to bind the external, firewall-external, external_v6, firewall-external_6 and vpn-ipsec zones to the wan0 interface.

Finally, the command system update interface is executed.

Create default route

Click → Network →Network ConfigurationTab Routing Button + Add Default Route to add a default route:

Gateway-interface:	wan0 Off IPv6	Select interface to which VDSL is connected
Save	Saves the route

If everything worked, then the entry in the Routing tab will look like the one shown on the right.

Network objects and portfilter rules

If not already available, the corresponding network object and portfilter rules must be created.
notempty

The auto-generated rules are only meant to facilitate the deployment of the appliance and must be replaced by custom rules !

Auto-generated rules cannot be edited, so new rules must be created.

		#	Source	Destination	Service	NAT	Action	Active
		4	internal-network	internet	default-internet	HN	Accept	On

Select the VDSL modem

Many DSL providers no longer offer the option to configure routers as modems, or the routers may function as DSL modems but not as VDSL modems.
It is best to contact the manufacturer of the router/modem for more information.