Jump to:navigation, search
Wiki

VDSL interface

From Securepoint Wiki





notempty Dieser Artikel bezieht sich auf eine nicht mehr aktuelle Version!
notempty Der Artikel für die neueste Version steht hier

notempty Zu diesem Artikel gibt es bereits eine neuere Version, die sich allerdings auf eine Beta-Version bezieht





























In dieser Seite werden die Variablen für unterschiedliche Sprachen definiert.
Diese Seite wird auf folgenden Seiten eingebunden


















































Create VDSL interface for a VDSL modem connection

Last adaption: 02.2023

New:
  • Name of the VLAN interface in the wizard and default route now match each other

notemptyThis article refers to a Beta version

Access: UTM-IP:Port or UTM-URL:Port
Port as configured at Network / Appliance Settings / Webserver
Default-Port: 11115
i.e.: https://utm.ttt-point.de:11115
Default: https://192.168.175.1:11115 → Network →Network configurationTab Network interfaces Button + VDSL


Introduction

This article describes how to create a VDSL interface for a VDSL modem connection.
Either the web interface of the firewall or the CLI can be used for this purpose.


Requirements

The following is required:


In this example configuration, VLAN ID 7 is used, but this can vary between providers. Before setting up the VDSL connection, the VLAN ID used by the provider should be requested.


Known VLAN IDs for VDSL connections are:

Provider VLAN-ID
EWETEL 2011
EWETEL (Business - without voice) - (no VLAN)
M-Net 40
NetColone 10
Telekom 7
Vodafone 132
Vodafone lines through Telekom 7
Willi Tel 2511


If the modem to be used already takes care of VLAN tagging on its own, the connection is handled by the UTM as a normal PPPoE connection. The setup of such a connection is described in a separate article.


Setup via web interface

To access the network configuration of the UTM, an administrator login must be performed on the firewall.
Then, click on → Network →Network ConfigurationTab Network Interfaces Button + VDSL.


Step 1
Name: wan0 Assign an appropriate name to the interface (ideally "wan" + number of the interface).
Name + IP address
Interface: LAN1 Select interface to which the VDSL interface is to be bound
VLAN ID: 7 Enter VLAN ID (usually preset)
Next Click to go to the next step
Step 2
Username: Securepoint Enter the username provided by the internet provider
Login credentials
Password:     Enter the password provided by the internet provider
Next Click to go to the next step
Step 3
Zones: »external »firewall-external »external_v6 »firewall-external_v6 Add desired zones
Zones
Add new zone: Yes
dmz0		 When enabled, a new zone is automatically added
Generate rules: Yes If activated, a rule set is automatically created
notemptyThe automatically generated rule sets are "any rules" (all services are allowed for the entire network connected to the respective interface). These must be replaced without exception!
Finish Click to finish editing
Once the status changes to green and a public IP address is displayed in the "IP addresses" field of the PPPoE interface, the connection to the provider has been successfully established.


Setup via CLI (Command Line Interface)

Setting up a VDSL connection is also possible via CLI.
The connection can be established via the web interface, directly on the appliance, or through an SSH connection.



Create VLAN interface

  • Login with the user Admin.
  • Subsequently, the VLAN interface is created with the following command, via which the PPPoE connection is established later.


interface new name "eth0.7" type VLAN options [ vlan_id=7 vlan_parent=eth0 ]

  • Where the number 7 used here represents the VLAN ID, which may need to be changed.

notemptyA space must be inserted before and after the square brackets [ & ]!



Create VDSL interface

  • To link the wanX interface with the VLAN interface and the provider data, the following command is entered:

interface new name wan0 type PPPOE flags [ DYNADDR ] options [ ppp_user=Securepoint ppp_password=insecure pppoe_parent=eth0.7 ppp_lcp=1 mtu=1492 ]

    • For ppp_user=, enter the login name for the VDSL dial-in (here: "Securepoint").
    • For ppp_password=, enter the corresponding password (here: "insecure").


  • Subsequently, the zones external, firewall-external, external_v6, firewall-external_6 and vpn-ipsec are bound to the wan0 interface:

inteface zone get interface zone set id "X" interface "wan0"
The command Interface zone get is used to determine the IDs of each respective zone. These IDs are then used as parameters instead of 'X' in the second command to bind the external, firewall-external, external_v6, firewall-external_6 and vpn-ipsec zones to the wan0 interface.

  • Finally, the command system update interface is executed.


Create default route

Click → Network →Network ConfigurationTab Routing Button + Add Default Route to add a default route:


Gateway-interface: wan0
Off IPv6		 Select interface to which VDSL is connected
Save Saves the route
If everything worked, then the entry in the Routing tab will look like the one shown on the right.


Network objects and portfilter rules

If not already available, the corresponding network object and portfilter rules must be created.
notemptyThe auto-generated rules are only meant to facilitate the deployment of the appliance and must be replaced by custom rules !
Auto-generated rules cannot be edited, so new rules must be created.

# Source Destination Service NAT Action Active
4 internal-network internet default-internet HN Accept On


Select the VDSL modem

  • Many DSL providers no longer offer the option to configure routers as modems, or the routers may function as DSL modems but not as VDSL modems.
    It is best to contact the manufacturer of the router/modem for more information.

Retrieved from "https://wiki.securepoint.de/index.php?title=UTM/NET/VDSL_v12&oldid=91711"