Newbie question - is the 6100 directly compatible with this fiber connection?
-
Thanks very much for the support, gentleman. I've learned a lot about fiber equipment in the past month.
Also learning about Mexican ISPs (recently moved here) and how they do all sorts of shenanigans to restrict user experience compared to the ISPs in my prior country - fully locked down routers, client & isp sided config, no static IPs possible unless enterprise/business service, no bridge mode possible, default closed NAT, no access to PPPoE credentials, etc.
I've managed to hack my provided router to get full admin mode and retrieve configuration data, but I'm not sure a GPON SFP module will even be helpful for direct 6100 connection, because bridge seems impossible from all my recent attempts.
Nonetheless, appreciate all the help!
-
@xana said in Newbie question - is the 6100 directly compatible with this fiber connection?:
Also learning about Mexican ISPs (recently moved here) and how they do all sorts of shenanigans to restrict user experience compared to the ISPs in my prior country - fully locked down routers, client & isp sided config, no static IPs possible unless enterprise/business service, no bridge mode possible, default closed NAT, no access to PPPoE credentials, etc.
Humm, looks like Mexico is a modern country after all ;)
That is : everything is possible, nothing is for free.Just for my own curiosity : what was this country where ISP's accept the options you listed for free ?
I know it's not France, and pretty sure it's not or any other European country. -
@gertjan It's Australia. Never experienced any ISP that didn't allow bridge (simply a local modem option), and static IP addon's/full NAT on any ISP. I thought that this was normal. Never experienced a locked down modem. One hobbiest ISP I tried once had CGNAT by default, and a quick ticket had that changed. Things work a little differently here. Simple searching found my current MX ISP used to offer static IP combined with bridge mode, but now it is completely unavailable on residential.
I hacked the admin mode and can set it to bridge, and I got a PPPoE auth but everything was being captured by an ISP portal. I don't know, maybe more playing around is necessary.The best I was able to achieve was leaving as routed and getting my MX ISP (Totalplay) to change me from port restricted NAT to full clone NAT (on their side in addition to my side). One idea was to set the 6100 as DMZ. This sees the router receive some packets, but no port forwarding seems to work. Even when configured "correctly" via the router heh.
Back to topic. I found out my GPON was a B+ connector
Might try to source an adapter anyway. -
Urgh that sucks. Not easy to pcap on the WAN side to see what's happening either.
Maybe they require a VLAN or some priority tagging that doesn't happen in bridge mode?
Steve
-
Indeed. The default configuration loaded in to the router has one option for bridge pre-configured, but by default is not bound to any port so does nothing from what I can see. Interestingly, it's IPoE, not PPPoE. I tried to bind to LAN port pfSense and connect via DHCP, but there was no DHCP reply. So I'm not sure why it's preloaded and what purpose it is for.
The top profile is the standard routed which I currently use. If I create a new bridged profile, set it to PPPoE and use the same VLAN (400) as the routed profile, that's when I can connect and get a PPPoE auth, but all is captured by the ISP portal. I could not get a PPPoE auth when trying this using the VLAN from the IPoE bridge config that is pre-loaded (417.)
So is it possible the ISP can simply detect an unauthorised bridge connection and filter all traffic? Or is it more likely there is something I haven't figured out yet to achieve a sneaky bridge?
Pre-loaded bridge profile:
-
You may want to check with your ISP. I recently had fiber hooked up and the CPE also uses GPON, but the router had to be put into bridge mode by techs at the ISP. There is no way a user can do it locally.
It's possible yours is similar. That CPE may support a half bridge or full bridge mode but it may take some sweet talking of the ISP techs to make it happen.
-
In Canada, for all the lucky NEW customers Bell's modem (HH 4000) essentially cannot be put in bridge mode and has a non-removable GPON ONT. However, if you had the older generation modem (HH 3000) it has a removable GPON ONT. Asked to downgrade the modem and they said sorry we cant. Even if you go to a store they will replace a HH 4000 only with another HH 4000 and for a HH 3000 with another HH 3000.
Called a Bell Store and ironically all they have are HH 3000's and the HH 4000 are backordered (yet that is what Tech's are installing). Got customer service to allow HH 3000 on my account and picked it up at the store only to not have a GPON ONT in it. A Bell tech came out and put the GPON ONT module in the modem and I plugged it back into my Netgate 6100.
Rogers on the other hand which is slower with cable allows bridge mode for now but their new service went from 1Gbit/s|50Mbit/s to 1Gbit/s|30Mbit/s... basically backwards.
Mexico is not so backwards... I think ISPs are just real jerks with locked firmware and disabled bridge mode... and now are going crazy selling all their wifi mesh extenders to make up for the crappy modem WIFI... so people put their junk router in the basement where concrete absorbs the signal only so they can sell you all these WIFI mesh extenders. Very unethical.
So it seems I may have worked around the system here but it was a pain. We have family in Mexico... would love to have a Cell plan that doesn't cost an arm and a leg like here in Canada.
--Nikolaos
-
@nikolaosinlight said in Newbie question - is the 6100 directly compatible with this fiber connection?:
A Bell tech came out and put the GPON ONT module in the modem and I plugged it back into my Netgate 6100.
Nice! How does that appear to the 6100? What does
ifconfig -vvvm ix3
show? (assuming you used WAN1).Steve
-
I am using the WAN3 port as the service is 1.5Gbit/s down and 1Gbit/s up.
ifconfig -vvvm ix0 ix0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> metric 0 mtu 1500 options=e53fbb<RXCSUM,TXCSUM,VLAN_MTU,VLAN_HWTAGGING,JUMBO_MTU,VLAN_HWCSUM,TSO4,TSO6,LRO,WOL_UCAST,WOL_MCAST,WOL_MAGIC,VLAN_HWFILTER,VLAN_HWTSO,RXCSUM_IPV6,TXCSUM_IPV6> capabilities=f53fbb<RXCSUM,TXCSUM,VLAN_MTU,VLAN_HWTAGGING,JUMBO_MTU,VLAN_HWCSUM,TSO4,TSO6,LRO,WOL_UCAST,WOL_MCAST,WOL_MAGIC,VLAN_HWFILTER,VLAN_HWTSO,NETMAP,RXCSUM_IPV6,TXCSUM_IPV6> ether 90:ec:77:1c:a5:fc inet6 fe80::92ec:77ff:fe1c:a5fc%ix0 prefixlen 64 scopeid 0x5 media: Ethernet autoselect (Unknown <rxpause,txpause>) status: active supported media: media autoselect nd6 options=21<PERFORMNUD,AUTO_LINKLOCAL> plugged: SFP/SFP+/SFP28 100G SWDM4 (SC) vendor: ALCATELLUCENT PN: 3FE46541AA SN: ALCLF9792D2C DATE: 2021-07-27 module temperature: 49.85 C Voltage: 3.30 Volts RX: 0.01 mW (-18.45 dBm) TX: 1.64 mW (2.17 dBm) SFF8472 DUMP (0xA0 0..127 range): 03 04 01 00 00 00 02 00 00 00 00 03 20 00 28 FF 00 00 00 00 41 4C 43 41 54 45 4C 4C 55 43 45 4E 54 20 20 20 20 20 20 20 33 46 45 34 36 35 34 31 41 41 20 20 20 20 20 20 30 30 30 31 05 1E FF DC 00 1A 00 00 41 4C 43 4C 46 39 37 39 32 44 32 43 20 20 20 20 32 31 30 37 32 37 20 20 68 F0 05 60 41 4C 43 41 54 45 4C 20 33 46 45 34 36 35 34 31 41 41 30 31 32 42 56 4C 33 41 38 4A 4E 41 41 97
If from my 1Gbit/s LAN if I run speed test from my iMac I get:
907Mbit/s down and 934Mbit/s upSo I figured the LAN is limiting so ran speed test from shell and get:
/usr/local/bin/speedtest Retrieving speedtest.net configuration... Testing from Bell Canada (X.X.X.X)... Retrieving speedtest.net server list... Selecting best server based on ping... Hosted by Bell Mobility (Ottawa, ON) [11.73 km]: 4.881 ms Testing download speed................................................................................ Download: 715.68 Mbit/s Testing upload speed...................................................................................................... Upload: 441.08 Mbit/s
I consistently get about 15% lower on the downstream when testing from the 6100 where I thought I would see something in excess of 1Gbit/s and up to 1.5Gbit/s AND more strange on the downstream I get like 50% instead of around the 1Gbit/s.
Any reason why the speedtest-cli on the Netgate would perform so poorly and any way I can test my fiber Internet connection speed?
--Nikolaos
-
Mmm, that's cool!
The speetest-cli tool has always been a bit marginal at those speeds. It's useful for proving a link is functioning but the absolute values it returns are almost never accurate.
Can you connect a LAN client at 2.5G or 10G? Or just connect two LAN clients at 1G and run tests simultaneously?
Steve
-
I'm looking to do the same as you @nikolaosinlight, have any luck figuring out if you are able to get the full 1.5gbps down, or is it capped at 1gbps?
-
@nikolaosinlight could you share with us your configuration to make it work.
I have the same configuration with wan3 and the same Nokia GPON as you. But, I have a status: no carrier. I have a pppoe over vlan 35.
GPON is from HH3K.
Thank you,
-
@stephenw10
For those interested, I have been involved in getting a pfSense SG-2100 to replace a All-in-one ONT/Firewall/Router/Wifi box, from Orange in France on a 2.5Gbit FTTH GPON Service.I have read dusins of 1000+ forums and what not, and we got it all working by getting this GPON ONT SFP+ stick from fs.com:
https://www.fs.com/de-en/products/133619.html
It runs a OpenWRT on the ONT, so you can SSH to it clone your ISP box SerialNumber, VendorID, Mac-address and what not to it.
It works beautifully in the SG-2100 at 1Gbe speed, but I have seen dusins of posts from people using it in a 2.5Gbit capable port on a Microtik router. So it should be possible - however:
I believe the SG-6100 does not support 2.5/5Gbit on the SFP+ ports. It’s 1 or 10Gbe, and Fiber only as far as I recall.In France, there are a lot of other hoops to jump through - other than the ONT (with the right serialnumber).
You need to use the correct VLAN, use several pr. Customer individual DHCP options, and all DHCP packet COS marked as 6…..So very hostile indeed :-)
-
@initerworker I setup up a PPoE connection for my ISP with a MTU of 1492 (not sure if this was necessary or not but it works). For the ISP credentials I logged into my online account and reset the username and password and then used those credentials in my Netgate 6100.
In Interfaces -> Assignments -> VLANs (tab) make sure to select the interface corresponding to your PPoE assignment (e.g. ix0) and set the VLAN tag to 35 (priority can be left at 0).
It can take a few minutes to connect....
@boswall No unfortunately I have not been able to confirm that as I am quite happy with the 1Gbps up and down that I seem to be getting across my network.
-
My Nokia SFP seems to be older.
Mainly my behaviour looks like it. Sometimes, it can eventually read the correct voltage and temperature. But
status: no carrier
is stuck.GPON ONT SFP Class I Laser G-010S-A MREV: 02 ICS: 01
module temperature: 0.00 C Voltage: 0.00 Volts RX: 0.00 mW (-inf dBm) TX: 0.00 mW (-inf dBm)
Full output
ix0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> metric 0 mtu 1500 description: WAN options=e138bb<RXCSUM,TXCSUM,VLAN_MTU,VLAN_HWTAGGING,JUMBO_MTU,VLAN_HWCSUM,WOL_UCAST,WOL_MCAST,WOL_MAGIC,VLAN_HWFILTER,RXCSUM_IPV6,TXCSUM_IPV6> capabilities=f53fbb<RXCSUM,TXCSUM,VLAN_MTU,VLAN_HWTAGGING,JUMBO_MTU,VLAN_HWCSUM,TSO4,TSO6,LRO,WOL_UCAST,WOL_MCAST,WOL_MAGIC,VLAN_HWFILTER,VLAN_HWTSO,NETMAP,RXCSUM_IPV6,TXCSUM_IPV6> ... ... inet6 fe80::92ec:77ff:fe21:3bc6%ix0 prefixlen 64 scopeid 0x5 inet 0.0.0.0 netmask 0xff000000 broadcast 255.255.255.255 media: Ethernet autoselect status: no carrier supported media: media autoselect nd6 options=21<PERFORMNUD,AUTO_LINKLOCAL> plugged: SFP/SFP+/SFP28 100G SWDM4 (SC) vendor: ALCATELLUCENT PN: 3FE46541AA SN: ALCLF879CC63 DATE: 2018-06-22 module temperature: 0.00 C Voltage: 0.00 Volts RX: 0.00 mW (-inf dBm) TX: 0.00 mW (-inf dBm) SFF8472 DUMP (0xA0 0..127 range): 03 04 01 00 00 00 02 00 00 00 00 03 20 00 28 FF 00 00 00 00 41 4C 43 41 54 45 4C 4C 55 43 45 4E 54 20 20 20 20 20 20 20 33 46 45 34 36 35 34 31 41 41 20 20 20 20 20 20 30 30 30 31 05 1E FF DC 00 1A 00 00 41 4C 43 4C 46 38 37 39 43 43 36 33 20 20 20 20 31 38 30 36 32 32 20 20 68 F0 05 63 41 4C 43 41 54 45 4C 20 33 46 45 34 36 35 34 31 41 41 30 31 32 42 56 4C 33 41 38 4A 4E 41 41 97
MREV: 01 (I got it from the trash after installation by the bell agent).
- It returns the right value temperature and voltage, Rx mW and Tx mW.
- But, I can't use it for PPPoE. I am getting no incoming packets.
I purchased today from amazon an SFP to Copper to try it out-of-the-box and be sure it's not a PPPoE issue. But, we are on the same line with PPPoE and VLAN. It seems heavily related to the physical layer.
We will see,
B. r
-
Mmm, the module firmware could change everything there. It's basically an entire router in itself and could be simply configured wrong.
Steve
-
@initerworker from what I heard and I could be wrong but copper modules do not work.
Also, you say the Bell technician threw it in the trash, if so that means it is likely not assigned to work on your network anymore. I really don't understand your scenario here as it really wouldn't make any sense that anyone could just buy a module on Amazon and automagically allow it to gain access to the Bell network if they were stealing fibre from a neighbour or something i.e. think of there being a mac address or something in these ONT's.
When I got a HH4000 and went to a store to get it swapped for a HH3000 they gave me a HH3000 without the ONT in it which I told them was completely useless but that is what they allowed and then I called a Bell technician who came out with an ONT, assigned it to my network and plugged it in and was done. When he left I pulled it out of the HH3000 and plugged it into the Netgate 6100 and configured the 6100 with VLAN, etc. and voila!
If you get it to work with a model from Amazon please do let me know but I would be surprised!
-
Hi,
I bought a TP-Link-MC220L-Converter... it works.
So, this is not a misconfiguration in PPPoE settings or VLAN ISP-specific tags.I would like to remove the TP-Link-MC220L-Converter from my setup. But, my current issue is the SFP doesn't seem to success in beeing an active carrieer at hardware level. I am betting on a driver issue.
I have an embedded and linux expertise. And, I know SFP can be a really mess of things. Could you, @stephenw10 or your team, support me with the 6100 netgate and the GPON ONT SFP Class I Laser G-010S-A MREV: 02 ICS: 01? Have you anything in mind that will helps us to investigate?
@nikolaosinlight, I don't known anything about the "myth" of hardware filtering. From now, I can't said anything. Maybe, the technician threw the defective SFP to the trash because the module is not working in "RX". From my reading only the IPTV is mac filtered to limite number of dhcp lease. By any chances, if you have a picture of your SFP, I would like to know the MREV written on it.
Best regards,
-
@initerworker said in Newbie question - is the 6100 directly compatible with this fiber connection?:
I bought a TP-Link-MC220L-Converter... it works.
So that was using the same GPON SFP module just in the media converter instead of the 6100 SFP port directly?
Do you see link LEDs on it when the fibre is connected? Do you see those when it's in the 6100?
You might try it in one the the combo ports (ix3, ix2) since those are fixed 1G.
Unfortunately we can't offer much support on this as we have no way of knowing if that can be made to work. Officially gpon modules are not supported.
Steve
-
So I'm in a similar situation.
I also have a Nokia GPON ONT SFP G-010S-A MREV: 01 ICS: 01. This was provided by my ISP. When plugged into an Adran 854-v6 they also provided, everything works.
I'd like to replace that Adtran with a Netgate 6100 running pfsense+ 24.03.
I've plugged the Nokia SFP into the 6100's WAN3 and
ifconfig -vvvm ix0
gives:[24.03-RELEASE][admin@pfSense.home.arpa]/root: ifconfig -vvvm ix0 ix0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> metric 0 mtu 1500 description: WAN3 options=4e138bb<RXCSUM,TXCSUM,VLAN_MTU,VLAN_HWTAGGING,JUMBO_MTU,VLAN_HWCSUM,WOL_UCAST,WOL_MCAST,WOL_MAGIC,VLAN_HWFILTER,RXCSUM_IPV6,TXCSUM_IPV6,HWSTATS,MEXTPG> capabilities=4f53fbb<RXCSUM,TXCSUM,VLAN_MTU,VLAN_HWTAGGING,JUMBO_MTU,VLAN_HWCSUM,TSO4,TSO6,LRO,WOL_UCAST,WOL_MCAST,WOL_MAGIC,VLAN_HWFILTER,VLAN_HWTSO,NETMAP,RXCSUM_IPV6,TXCSUM_IPV6,HWSTATS,MEXTPG> ether 90:ec:77:XX:XX:XX inet6 fe80::92ec:77ff:feXX:XXXX%ix0 prefixlen 64 scopeid 0x5 media: Ethernet autoselect status: no carrier supported media: media autoselect nd6 options=21<PERFORMNUD,AUTO_LINKLOCAL> drivername: ix0 plugged: SFP/SFP+/SFP28 100G SWDM4 (SC) vendor: ALCATELLUCENT PN: 3FE46541AA SN: ALCLF9XXXXXX DATE: 2019-10-12 module temperature: 0.00 C voltage: 0.00 Volts lane 1: RX power: 0.00 mW (-inf dBm) TX bias: 0.00 mA
So it does see it!
But is it a bad sign that temperature/voltage/power are zero/inf?
There appear to be little lights adjacent to the 6100's SFP port (or are they holes?), but they are not illuminated. What does that mean?
I've configured my WAN with VLAN and PPPoE per various forum threads, I believe correctly, and so I'm starting to think these two hardware are not compatible?
Thanks for any pointers...
-