How do I bridge a Cisco 860VAE-W from VDSL to Ethernet? [closed]

I've got a Cisco 860VAE-W which I'm trying to bridge. I picked it up because I was interested in learning a bit about an IOS device – I'm coming at this pretty raw.

>show inventory NAME: "C867VAE-W-A-K9", DESCR: "C867VAE-W-A-K9 chassis, Hw Serial#: GMK190700MQ, Hw Revision: 1.0" PID: C867VAE-W-A-K9 , VID: V01 , SN: GMK190700MQ 

I'm hooking it up to the Australian NBN (Superloop FTTN) on a rickety bit of wire, but the VDSL2 seems to connect ok.

>show controller VDSL 0 Controller VDSL 0 is UP Daemon Status: Up XTU-R (DS) XTU-C (US) Chip Vendor ID: 'BDCM' 'BDCM' Chip Vendor Specific: 0x0000 0xB1BF Chip Vendor Country: 0xB500 0xB500 Modem Vendor ID: 'CSCO' 'ALCB' Modem Vendor Specific: 0x4602 0x0000 Modem Vendor Country: 0xB500 0x0F00 Serial Number Near: GMK190700MQ C867VAE 15.7(3)M4 Serial Number Far: AA1638FS1KT-23 Modem Version Near: 15.7(3)M4 Modem Version Far: 0xb1bf Modem Status: TC Sync (Showtime!) DSL Config Mode: VDSL2 Trained Mode: G.993.2 (VDSL2) Profile 17a TC Mode: PTM Selftest Result: 0x00 DELT configuration: disabled DELT state: not running Full inits: 1 Failed full inits: 0 Short inits: 0 Failed short inits: 2 Modem FW Version: 4.12L.08 Modem PHY Version: A2pv6F039x3.d24o Trellis: ON ON SRA: enabled enabled SRA count: 1 1 Bit swap: enabled enabled Bit swap count: 24 127 Line Attenuation: 27.5 dB 0.0 dB Signal Attenuation: 0.0 dB 0.0 dB Noise Margin: 6.9 dB 6.0 dB Attainable Rate: 33699 kbits/s 9578 kbits/s Actual Power: 12.7 dBm 7.4 dBm Per Band Status: D1 D2 D3 U0 U1 U2 U3 Line Attenuation(dB): 22.3 49.5 63.9 15.2 38.7 N/A N/A Signal Attenuation(dB): 27.4 48.9 64.2 15.2 38.1 56.0 N/A Noise Margin(dB): 6.9 6.9 6.9 6.2 5.9 6.2 N/A Total FECC: 77 208236 Total ES: 0 0 Total SES: 0 0 Total LOSS: 0 0 Total UAS: 155 155 Total LPRS: 0 0 Total LOFS: 0 0 Total LOLS: 0 0 DS Channel1 DS Channel0 US Channel1 US Channel0 Speed (kbps): 0 31192 0 9578 SRA Previous Speed: 0 0 0 0 Previous Speed: 0 0 0 0 Reed-Solomon EC: 0 77 948 208236 CRC Errors: 0 0 0 0 Header Errors: 0 0 0 0 Interleave (ms): 0.00 0.00 0.00 0.00 Actual INP: 2.01 44.00 4.00 42.00 Training Log : Stopped Training Log Filename : flash:vdsllog.bin 

I updated IOS to 15.7.3M4a, bumped the VDSL firmware to A39x3 and ROMMON to 15.3(3r)M3.

>show ver Cisco IOS Software, C860 Software (C860VAEW-ADVSECURITYK9-M), Version 15.7(3)M4a, RELEASE SOFTWARE (fc1) Technical Support: http://www.cisco.com/techsupport Copyright (c) 1986-2019 by Cisco Systems, Inc. Compiled Mon 25-Mar-19 11:10 by prod_rel_team ROM: System Bootstrap, Version 15.3(3r)M3, RELEASE SOFTWARE (fc1) c867vae-w uptime is 19 minutes System returned to ROM by reload at 23:02:44 AEST Wed Oct 30 2019 System image file is "flash:c860vaew-advsecurityk9-mz.SPA.157-3.M4a.bin" Last reload type: Normal Reload Last reload reason: Reload Command This product contains cryptographic features and is subject to United States and local country laws governing import, export, transfer and use. Delivery of Cisco cryptographic products does not imply third-party authority to import, export, distribute or use encryption. Importers, exporters, distributors and users are responsible for compliance with U.S. and local country laws. By using this product you agree to comply with applicable laws and regulations. If you are unable to comply with U.S. and local laws, return this product immediately. A summary of U.S. laws governing Cisco cryptographic products may be found at: http://www.cisco.com/wwl/export/crypto/tool/stqrg.html If you require further assistance please contact us by sending email to [email protected]. Cisco C867VAE-W-A-K9 (revision 1.0) with 385024K/32768K bytes of memory. Processor board ID GMK190700MQ 1 DSL controller 1 Ethernet interface 3 FastEthernet interfaces 4 Gigabit Ethernet interfaces 1 ATM interface 1 terminal line 1 Virtual Private Network (VPN) Module 255K bytes of non-volatile configuration memory. 131072K bytes system flash allocated Configuration register is 0x2102 

I took a likely looking setup from whirlpool.net and the IPoE twist in that thread and have been hammering away at it since for my startup-config:

! version 15.7 no service pad service timestamps debug datetime msec localtime show-timezone year service timestamps log datetime msec localtime show-timezone year no service password-encryption ! hostname c867vae-w-a-k9 ! boot-start-marker boot system flash:c860vaew-advsecurityk9-mz.SPA.157-3.M4a.bin boot-end-marker ! logging buffered 51200 warnings ! no aaa new-model wan mode dsl clock timezone AEST 10 0 clock summer-time AEDT recurring 1 Sun Oct 2:00 1 Sun Apr 3:00 ! ip domain name local ip cef no ipv6 cef ! crypto pki trustpoint TP-self-signed-3512251453 enrollment selfsigned subject-name cn=IOS-Self-Signed-Certificate-3512251453 revocation-check none rsakeypair TP-self-signed-3512251453 ! crypto pki certificate chain TP-self-signed-3512251453 certificate self-signed 01 nvram:IOS-Self-Sig#5.cer ! archive log config logging enable hidekeys username <USERNAME> privilege 15 secret 5 <SECRET> ! controller VDSL 0 operating mode vdsl2 firmware filename flash:VAEW_A_39x3_B39x3_24o.SSA.bin sra ! interface ATM0 no ip address shutdown no atm ilmi-keepalive ! interface Ethernet0 description VDSL virtual interface for NBN FTTN no ip address no shutdown bridge-group 1 ! interface FastEthernet0 description LAN FE0 no ip address ! interface FastEthernet1 description LAN FE1 no ip address ! interface FastEthernet2 description LAN FE2 no ip address ! interface GigabitEthernet0 description LAN GE0 Connection to Orbi router no ip address ! interface GigabitEthernet1 description LAN GE1 Link for admin / monitoring switchport access vlan 255 no ip address ! interface GigabitEthernet2 description WAN GE2 no ip address shutdown duplex auto speed auto ! interface Wlan-GigabitEthernet0 description Internal switch interface connecting to the embedded AP no ip address ! interface Vlan1 no ip address bridge-group 1 ! interface Vlan255 ip address 10.0.255.1 255.255.255.0 ! ip forward-protocol nd ip http server ip http secure-server ! ip route 0.0.0.0 0.0.0.0 10.0.255.254 ip ssh version 2 ! snmp-server community <COMMUNITY STRING> RO bridge 1 protocol ieee ! line con 0 no modem enable line aux 0 line 2 no activation-character no exec transport preferred none transport input all stopbits 1 line vty 0 4 login local transport input ssh ! ntp server au.pool.ntp.org ntp server 0.au.pool.ntp.org ntp server 1.au.pool.ntp.org ! 

It seems to me that Ethernet0 is the virtual interface that the DSL modem uses, so that and vlan1 have been added to bridge-group 1. Nothing on that bridge gets an IP address (makes sense) and then bridge 1 protocol ieee seems the right choice. I don't really understand how GE0 finds its way into the bridging setup but I guess it works for other people. Lastly GE1 is configured with an IP address so the device can still be monitored and managed over the network.

So from my nascent understanding, this config looks pretty reasonable and the DSL side appears to be working. But, of course, I can't get the Orbi sitting behind the Cisco to successfully acquire a DHCP lease.

I've been sifting through the Cisco docs; they're comprehensive, but maybe too comprehensive? It feels like finding a needle in a haystack.

So, yeah, how do I bridge a Cisco 860VAE-W from VDSL to Ethernet?