Sky Fibre Unlimited Pro on a Cisco 887VA

I recently decided to look for a replacement for the crappy white OpenReach modem that was installed as part of my Sky Fibre Unlimited Pro FTTC connection. The problem was that I didn’t want to fork out for an expensive VDSL2 modem to find I couldn’t get it working with the silly MER authentication used by Sky to try and prevent you from using your own router.

Luckily, a Cisco 887v a became available to test with before I took the plunge and bought one. I started googling and couldn’t find one success case of using this router with Sky’s service. Undeterred, I started to tinker and eventually got it working….

Before you begin you will need your mac address,  user-id and password. I won’t cover how to obtain these in this post as I provided steps (steps 1 to 7) to obtain them in an earlier post.

Once you have your mac, username and password, you will need to use them to create three bits of information.

MAC:             <0000.0000.0000> (remove the :’s and place a . after every four characters)
Hostname:    <username>|<password>
Client-ID:      <hexadecimal string of Hostname> (A converter is available here.)

I won’t go into any other configuration in this post, just the interface configuration.

First of all you want to disable the ATM interface as it shared a physical interface with the VDSL controller.

interface ATM0
no ip address
shutdown
no atm ilmi-keepalive

The VDSL modem should automatically connect to the DSLAM. You can check it’s progress by using “show controller vdsl 0”.

When the VDSL modem connects it brings interface Ethernet0 up. Eth0 is a virtual port but is used as your outside interface. OpenReach encapsulate traffic for different ISPs in Vlans. In the case of Sky it is Vlan 101 so you need to use a sub interface of Eth0.

interface Ethernet0
mac-address <mac>
no ip address
!
interface Ethernet0.101
encapsulation dot1Q 101
ip dhcp client request classless-static-route
ip dhcp client client-id hex <client-id in hex>
ip dhcp client hostname <username>|<password>
ip address dhcp
no ip redirects
no ip proxy-arp
ip flow ingress
ip flow egress
ip nat outside
no ip virtual-reassembly in

Thats it. I’ll post my full config below which includes some basic NAT. It doesn’t include any security though. And no, you don’t need a dialer interface!

version 15.1
no service pad
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname Router
!
boot-start-marker
boot-end-marker
!
!
!
no aaa new-model
!
memory-size iomem 10
crypto pki token default removal timeout 0
!
!
ip source-route
!
!
!
!
!
ip cef
no ipv6 cef
!
!
multilink bundle-name authenticated
license udi pid CISCO887VA-K9 sn FCZ1633C05Z
license boot module c880-data level advipservices
!
!
!
!
!
!
controller VDSL 0
!
!
!
!
!
!
!
!
interface Ethernet0
mac-address <mac>
no ip address
!
interface Ethernet0.101
encapsulation dot1Q 101
ip dhcp client request classless-static-route
ip dhcp client client-id hex <client-id>
ip dhcp client hostname <username>|<password>
ip address dhcp
no ip redirects
no ip proxy-arp
ip flow ingress
ip flow egress
ip nat outside
no ip virtual-reassembly in
!
interface ATM0
no ip address
shutdown
no atm ilmi-keepalive
!
interface FastEthernet0
switchport access vlan 1
!
interface FastEthernet1
!
interface FastEthernet2
!
interface FastEthernet3
!
interface Vlan1
ip address 192.168.1.1 255.255.255.0
ip flow ingress
ip flow egress
ip nat inside
ip virtual-reassembly in
!
ip forward-protocol nd
no ip http server
no ip http secure-server
!
!
ip nat inside source list NATACL interface Ethernet0.101 overload
!
ip access-list standard NATACL
permit 192.168.1.0 0.0.0.255
!
logging esm config
access-list 1 permit 192.168.1.0 0.0.0.255
dialer-list 1 protocol ip permit
!
!
!
!
!
control-plane
!
!
line con 0
no modem enable
line aux 0
line vty 0 4
login
transport input all
!
end

 

Sky Fibre Unlimited – pfsense

I took the day off work today to wait in the house for an OpenReach engine to switch me to FTTC from Sky. The engineer turned up at the door at 8:10am… Perfect! Up and running by 8:30am… Sky router in the cupboard and pfsense doing the hard work by 8:45am.

The only complaint I have about the whole order process was that I couldn’t upgrade my order. By that I mean I ordered the 40-10Mb/s package initially and then called back to change it to the 80-20Mb/s package. The lovely lady on the phone said “no problem!” As it transpires, however, I cannot actually upgrade until I have had the lower package for a month. Gutted!

I know Sky don’t like people using their own routers / firewalls with their internet service but frankly, I don’t give a shit! Their router is utter pants. A quick iPerf to a known high speed network and I found the throughput on the Sky router was approximately 34.2Mb/s download and 7.6Mb/s upload. After switching to my pfsense box I was getting a consistent 39.4Mb/s download and 9.2Mb/s upload. Case closed!

Now. How did I get it working with pfsense? I’ll show you. Just follow the steps below.

1. Connect to your Sky router either via WiFi or Ethernet. Make sure its plugged in and switched on as well. Obviously.
2.Open your web browser and type in the routers IP address. The default is http://192.168.0.1.
3.Click on the Maintenance link at the top of the page. It will ask you to login. The default username is “admin” and password is “sky” without quotes.
4. Scroll down the page until you find the “LAN Port” section. You will see the following.


5. Copy the Mac Address into notepad for use later. Make sure it is the LAN Mac Address that you use otherwise you will fail.
6. Head to http://www.cm9.net/skypass/ and click the button for F@ST2504 once you have read and accept the T&C’s.
7. Input the Mac Address from notepad to the LAN MAC Address field and your Default WPA Key in the other field. The WPA key is the “Your Password” section on the little slip of paper inside the router box. It is also printed on the back of the router.
8. Copy and paste bother the username and password to notepad for later use.
9. Connect to your pfsense box and login.
10. Go to Interfaces.
11. Fill in the information as follows. Type: Set to DHCP. Mac Address: Copy and paste the LAN Mac from notepad. Hostname: <username>|<password> as copied from the cm9 site.

12. Click “Save”
13. Click Apply Changes.
14. Plug your OpenReach Modem (Lan 1 port) into your pfsense box (WAN port).

That’ it! Simple eh?

I believe the hostname field is DHCP option 61. Providing your router supports this option i don’t see why this wouldn’t work with any other “cable” router or firewall.