Orange FTTH: ONT Authorization by OLT (MAC, Password, Certificates) & TR-069 Provisioning Info

Hello Dear Forumers,

I want to connect my own ONT to Orange FTTH network.
The question is why OLT authorizes ONT? MAC and password or is there also a certificate?
Apparently someone managed to fire it on some Chinese insert ... but did not write what he set ...
MAC on Funboxie3 is worse with a password ...

PS. I know what the danger of connecting the trash to the FTTH network is. I connect the equipment that orange still has on offer but mine.

Additional question - is provisiong in orange based on TR-069? Anyone know the parameters for the server? Login pass?

best regards,

Piotr

The FTTH network identifies ONT by MAC Address - it must be added to the base for it to work

KrzyCho.corp wrote:

The FTTH network identifies ONT by MAC Address

The first part is fine - he is identified, but the second is not - MAC has nothing to do with it, it is called PON SN (PON serial number) and has a strictly defined format - four ASCII characters (vendor-id) followed by eight digits hexadecimal (device-id). In some, ONU can change the reported SN, but not in all (depends on the manufacturer).
And it is not the rule that this is how Olciak authorizes "his" - sometimes an alphanumeric password is involved, sometimes a logical ID (everything can be set), the mechanism with SN is, however, the easiest and most common, because even after resetting the ONU factory settings "gets along" with OLT and can download the configuration via OMCI.

TR069 is just one of the options - OMCI is the standard in GPON, but many * PONs just can't use it, which is a pity - having well-configured OMCI you can easily leave the default password of the ONU administrator - even a customer can even change it and give him full access to the device panel - in case of problems, it is enough to reset it to factory settings and virtually "from place" has a working network again. (Through OMCI, OLT can upload any WAN configuration profile to ONU, including PPPoE or other key variables, and even firewall or natu rules.)

As for the title question - if you find a way to "clone" SN ONU, the device will work without problems in the orange network. At the same time, as a man who has already installed a little different * PONs, please - we experiment only with functional devices that do not have damaged lasers and the ability to glow in fiber with something that clogs all communication in one of the directions.

I suggest you read: https://trzepak.pl/viewtopic.php?f=20&t=51177

bigospoznan wrote:

PS. I know what the danger of connecting the trash to the FTTH network is.

Out of curiosity, I will ask what?

Jawi_P wrote:

Out of curiosity, I will ask what?

It depends on what device you connect. The worst situation is how it shines with a laser with wavelengths equal to the transmitting or receiving waves and has no connection with GPON or the laser is simply released and "works as it wants" - such "ONU" can (and usually succeeds) paralyze all network communication.
Why? The data stream from OLT is one for the entire network and the tips return to olta the same, only one, and the tips "stick" to it through TDMA - if we "shining" something interfering with the fiber with the data transferred to / from the terminals, neither the tips and olciak will not take much away except for senseless continuous light.

// edit: I mean "all communication" all customers within the entire network , from OLT's optical channels connected to the same channel! The light does not forgive - here is a worse situation than in cable DOCSIS, because there some of the interference was suppressed by suppressors - here not, the levels are much too high and the signal-to-noise ratio must also be higher for the link to work as such.

I was completely unaware of this

DJTrueBeliever wrote:

I mean "all communication" all customers within the entire network , from OLT's optical channels connected to the same channel!

Not the entire network, only max 64 clients.

KrzyCho.corp wrote:

Not the entire network, only max 64 clients.

So all within one splitter? Or so?

Jawi_P wrote:

KrzyCho.corp wrote:

Not the entire network, only max 64 clients.

So all within one splitter? Or so?

Basically yes, but not within one location. One splitter 1:64 or several graduated ones are connected to the port, e.g. 1: 4 + 4x 1:16, so that the multiplicity is 64 at the end. In other words, max 64 ONT can be connected to one port on the OLT card

I will conquer the topic.
I have a new GPON terminal Huawei echolife HG8010H which is the one that mounts orange with FB2.
Can I change the serial number and MAC in it so that it obtains authorization (make a clone) ?.

There is something here, probably: http://support.huawei.com/hedex/pages/EDOC100...133/02/resources/cmd/ont_modify(gponnew).html

You will not hook up to one olciak two ends with the same SN - at best one tip will throw the other, in the worst it may cause OLT suspension due to an emergency.

The linked manual refers to OLT and tip management using OMCI - it's quite different. If you have a working transparent ONU, then you do not need to replace it - you connect your router directly to it.
Another thing, if you got FB3 or other router with built-in non-replaceable ONU - then in fact its "cloning" would give you some benefits, of course assuming you would not want to use FB3 at all.

Oh, you see exactly how you write. I have FB3 and Asus router. I do not want to double up, because then DDNS does not work in Asus and threads of access to hdd connected to Asus usb.
The order from Orange is for exchange, but the technicians probably went to Majorca.
I need to configure it myself, but I don't know exactly how to do it.

If you enable DMZ on FB on the ASUSA address then you should have access to HDD ..?

LucekB wrote:

If you enable DMZ on FB on the ASUSA address then you should have access to HDD ..?

It can't be done because it is on a different subnet and FB will not accept a local address from another pool.
If I connect to the LAN, then yes, but DDNS will not work.

You must clone in the ONU Huaweia serial number of the PON module from FB3 (this is the one that begins with the letters SMBS on the rating plate). Orange has olciaki mostly Huaweia (and several dozen pieces of Alcatel-Lucent), which, in any case, manage OMCI with those of him.

LucekB wrote:

As on FB you will enable DMZ

This loses all protocols except TCP and UDP. And internet protocols are huge; you won't set up the L2TP / IPSec tunnel - that's why I hate double showers.

How to make a clone on it without putting it on the programmer ?.
Is the option of an external program to change SN ?.
Tomorrow they are to be with me on FB2 for a replacement, but if I can't manage my HG8010H, I have to pay them PLN 129.
Today there were my technical friends and they connected the GPON to me, but they did not connect because of this serial number (no authorization). So I'm on my own, actually on You .

And after telnet / ssh with data telecomadmin / admintelecom can't do it?

Pewnie tak, ale potrzebuję poprowadzenia za rączkę.
Czyli np. Putty, sesje na SHH ustawiam, adres ip Gpon (192.168.100.1) i co dalej
W sumie to lepszy Tera Term.

Welcome Visiting Huawei Home Gateway
Copyright by Huawei Technologies Co., Ltd.

Login:root
Password:
Password is default value, please modify it!
WAP>?
amp add policy-stats pon
amp add policy-stats port
amp add stats gemport
amp clear policy-stats pon
amp clear policy-stats port
amp clear stats gemport
amp debug lswtable all
amp del policy-stats pon
amp del policy-stats port
amp del stats gemport
amp display efc
amp display l2act
amp display l2mac
amp display sfc
amp display userflow
amp show
ampcmd show car all
ampcmd show car index
ampcmd show emac stat
ampcmd show flow all
ampcmd show flow index
ampcmd show log
ampcmd show queue all
ampcmd show queue index
ampcmd trace all
ampcmd trace cli
ampcmd trace dpoe
ampcmd trace drv
ampcmd trace emac
ampcmd trace emap
ampcmd trace eth
ampcmd trace gmac
ampcmd trace gmap
ampcmd trace onu
ampcmd trace optic
ampcmd trace qos
backup cfg
bbsp add policy-stats btv
bbsp clear policy-stats btv all
bbsp del policy-stats btv
Broadband debug
Broadband display
Broadband stat
chipdebug
clear amp pq-stats
clear file
clear lastword
clear pon statistics
clear poncnt dnstatistic
clear poncnt gemport upstatistic
clear poncnt upstatistic
clear port statistics
collect debug info
component delete all
cpu debug off
cpu debug on
dbg
debug ctp all
debug ctp step
debug dsp down msg
debug dsp msg
debug dsp up msg
debug ffwd all
debug ffwd event
debug ffwd fwd
debug ffwd lsw
debug ffwd napt
debug ffwd timer
debug fw pktinfo num
debug rtp stack
debug sample mediastar
debug vbr-fw all
debug vbr-fw hook
debug vbr-fw vbr-id
debug vport all
debug vport step
display access mode
display acl chain all
display amp policy-stats pon
display amp policy-stats port
display amp pq-stats
display amp stats gemport
display apmpolicy
display bbsp stats btv
display bmsxml crc
display boardItem
display ctp all
display ctp detail
display deviceInfo
display dsp channel para
display dsp channel running status
display dsp channel status
display dsp chip stat
display dsp codec status
display dsp interrupt stat
display epon ont info
display equip test mode
display equipId
display equiptest status
display ethoam ma info
display ethoam md info
display ethoam mep info
display ethoam mep perf
display ffwd all
display ffwd stat
display file
display filter rf
display flashlock status
display flow
display fw all
display fw statistic
display inner version
display jb grid status
display jb para
display l2ffwd table
display lanmac
display lastword
display log info
display mac all
display macaddress
display machineItem
display memory info
display msg-queue
display napt all
display oaml2shell ethvlan
display onu info
display optic
display optmode
display patch information
display pon statistics
display poncnt dnstatistic
display poncnt gemport upstatistic
display poncnt upstatistic
display portstatistics
display pppoe_em result
display productId
display productmac
display rf config
display route
display rtp stack channel stat
display rtp stack para
display rtp stack version
display rtp statck chip stat
display sn
display startup info
display swm bootstate
display swm state
display sysinfo
display telnet access
display timeout
display vbridge info
display vbridge nni-binding
display vbridge port-binding
display vbridge statistic
display vbridge uni-binding
display vbridge uplink-binding
display vendorId
display version
display vport all
display vport detail
display wan layer all
display wanmac
display wifi pa type
display wlanmac
display zsp version
get ip conntrack
get iptables filter
get iptables mangle
get iptables nat
get iptables raw
get mac agingtime
get ont oamfrequency
get opm switch
get optic debug info
get optic par info
get optic txmode
get poncnt upgemport
get port config
get port isolate
get port vlan
get rogue status
get testself
get vlan auth
get wlan enable
ifconfig
igmp clear statistics
igmp get debug switch
igmp get flow info
igmp get global cfg
igmp get multilmac
igmp get port multicast config
igmp get statistics
igmp set debug switch
ip -6 neigh
ip -6 route
ip -6 rule
ip neigh
ip route
ip rule
load pack
logout
maintain mode
mid get
mid off
mid set
netstat -na
oamcmd clear log
oamcmd debug
oamcmd pdt show log
oamcmd show flow
oamcmd show log
omcicmd alarm ctrl show
omcicmd alarm show
omcicmd clear log
omcicmd clear msg stat
omcicmd debug
omcicmd error log
omcicmd mib att show
omcicmd mib copy show
omcicmd mib show
omcicmd mib stat show
omcicmd pdt show log
omcicmd pm show
omcicmd show flow
omcicmd show log
omcicmd show msg stat
omcicmd show olt type
omcicmd show qos
omcicmd show tcont table
ping
quit
reset
restore manufactory
save data
set ethportmirror
set timeout
set userpasswd
setconsole
su
test monitor interface
traceroute
tunnel show all
vbridge statistic clear
vport statistic clear
wap ll
wap ls
wap ps
wap top
WAP>
?
amp add policy-stats pon
amp add policy-stats port
amp add stats gemport
amp clear policy-stats pon
amp clear policy-stats port
amp clear stats gemport
amp debug lswtable all
amp del policy-stats pon
amp del policy-stats port
amp del stats gemport
amp display efc
amp display l2act
amp display l2mac
amp display sfc
amp display userflow
amp show
ampcmd show car all
ampcmd show car index
ampcmd show emac stat
ampcmd show flow all
ampcmd show flow index
ampcmd show log
ampcmd show queue all
ampcmd show queue index
ampcmd trace all
ampcmd trace cli
ampcmd trace dpoe
ampcmd trace drv
ampcmd trace emac
ampcmd trace emap
ampcmd trace eth
ampcmd trace gmac
ampcmd trace gmap
ampcmd trace onu
ampcmd trace optic
ampcmd trace qos
backup cfg
bbsp add policy-stats btv
bbsp clear policy-stats btv all
bbsp del policy-stats btv
Broadband debug
Broadband display
Broadband stat
chipdebug
clear amp pq-stats
clear file
clear lastword
clear pon statistics
clear poncnt dnstatistic
clear poncnt gemport upstatistic
clear poncnt upstatistic
clear port statistics
collect debug info
component delete all
cpu debug off
cpu debug on
dbg
debug ctp all
debug ctp step
debug dsp down msg
debug dsp msg
debug dsp up msg
debug ffwd all
debug ffwd event
debug ffwd fwd
debug ffwd lsw
debug ffwd napt
debug ffwd timer
debug fw pktinfo num
debug rtp stack
debug sample mediastar
debug vbr-fw all
debug vbr-fw hook
debug vbr-fw vbr-id
debug vport all
debug vport step
display access mode
display acl chain all
display amp policy-stats pon
display amp policy-stats port
display amp pq-stats
display amp stats gemport
display apmpolicy
display bbsp stats btv
display bmsxml crc
display boardItem
display ctp all
display ctp detail
display deviceInfo
display dsp channel para
display dsp channel running status
display dsp channel status
display dsp chip stat
display dsp codec status
display dsp interrupt stat
display epon ont info
display equip test mode
display equipId
display equiptest status
display ethoam ma info
display ethoam md info
display ethoam mep info
display ethoam mep perf
display ffwd all
display ffwd stat
display file
display filter rf
display flashlock status
display flow
display fw all
display fw statistic
display inner version
display jb grid status
display jb para
display l2ffwd table
display lanmac
display lastword
display log info
display mac all
display macaddress
display machineItem
display memory info
display msg-queue
display napt all
display oaml2shell ethvlan
display onu info
display optic
display optmode
display patch information
display pon statistics
display poncnt dnstatistic
display poncnt gemport upstatistic
display poncnt upstatistic
display portstatistics
display pppoe_em result
display productId
display productmac
display rf config
display route
display rtp stack channel stat
display rtp stack para
display rtp stack version
display rtp statck chip stat
display sn
display startup info
display swm bootstate
display swm state
display sysinfo
display telnet access
display timeout
display vbridge info
display vbridge nni-binding
display vbridge port-binding
display vbridge statistic
display vbridge uni-binding
display vbridge uplink-binding
display vendorId
display version
display vport all
display vport detail
display wan layer all
display wanmac
display wifi pa type
display wlanmac
display zsp version
get ip conntrack
get iptables filter
get iptables mangle
get iptables nat
get iptables raw
get mac agingtime
get ont oamfrequency
get opm switch
get optic debug info
get optic par info
get optic txmode
get poncnt upgemport
get port config
get port isolate
get port vlan
get rogue status
get testself
get vlan auth
get wlan enable
ifconfig
igmp clear statistics
igmp get debug switch
igmp get flow info
igmp get global cfg
igmp get multilmac
igmp get port multicast config
igmp get statistics
igmp set debug switch
ip -6 neigh
ip -6 route
ip -6 rule
ip neigh
ip route
ip rule
load pack
logout
maintain mode
mid get
mid off
mid set
netstat -na
oamcmd clear log
oamcmd debug
oamcmd pdt show log
oamcmd show flow
oamcmd show log
omcicmd alarm ctrl show
omcicmd alarm show
omcicmd clear log
omcicmd clear msg stat
omcicmd debug
omcicmd error log
omcicmd mib att show
omcicmd mib copy show
omcicmd mib show
omcicmd mib stat show
omcicmd pdt show log
omcicmd pm show
omcicmd show flow
omcicmd show log
omcicmd show msg stat
omcicmd show olt type
omcicmd show qos
omcicmd show tcont table
ping
quit
reset
restore manufactory
save data
set ethportmirror
set timeout
set userpasswd
setconsole
su
test monitor interface
traceroute
tunnel show all
vbridge statistic clear
vport statistic clear
wap ll
wap ls
wap ps
wap top
WAP>

in the HG8247H router I can edit the SN and GPON pass.
A rather simple matter with the slogan in the Orange network.
However, I don't know if I'm doing well with SN. As it was written on the sticker under FB3 and starts with SMBS is the vendor ID and the rest the correct number.
in Huwei pastes the whole number of 12 characters and I take it as ASCII probably.
And Huawei replaces it with HEX.
But despite this, I do not grab the internet.
What am I doing wrong?

bigospoznan wrote:

in the HG8247H router I can edit the SN and GPON pass.
A rather simple matter with the slogan in the Orange network.
However, I don't know if I'm doing well with SN. As it was written on the sticker under FB3 and starts with SMBS is the vendor ID and the rest the correct number.
in Huwei pastes the whole number of 12 characters and I take it as ASCII probably.
And Huawei replaces it with HEX.
But despite this, I do not grab the internet.
What am I doing wrong?

If you can change SN, enter as many characters as in the original.
From what I remember, I only entered characters in what's in brackets.