Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    GPON SFP Module on Netgate 2100 for SFR Business Fiber

    Scheduled Pinned Locked Moved Hardware
    17 Posts 4 Posters 1.8k Views 4 Watching
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • B Offline
      Bob60 @stephenw10
      last edited by

      Dear Steve,

      Thanks for your help. Unfortunately, the ISP box is provided with a built-in GPON module... I have a hammer nearby but I am not sure it is the best solution ;-)

      I have connected my Netgate to a standalone PC.

      My configuration :

      • LAN IP : 192.168.1.5
      • WAN interface activated but not configured

      I log into the Netgate with SSH. I can't ping nor ssh 192.168.1.10

      The SFP interface lights up on the Netgate but is there any command line that could help knowing what's going on ?

      Any suggestion ?

      Bob

      1 Reply Last reply Reply Quote 0
      • stephenw10S Offline
        stephenw10 Netgate Administrator
        last edited by

        Ok so first change the LAN subnet to something else like 192.168.100.1/24.

        Now try to ping 192.168.1.10 from pfSense.

        If it still fails add an IPAlias VIP on WAN in that subnet so for example 192.168.1.254/24. Then try to ping again.

        GertjanG B 2 Replies Last reply Reply Quote 0
        • GertjanG Offline
          Gertjan @stephenw10
          last edited by

          @stephenw10 said in GPON SFP Module on Netgate 2100 for SFR Business Fiber:

          Now try to ping 192.168.1.10 from pfSense.

          Wouldn't that IP address be mentioned in the documentation that comes with such a module ?

          No "help me" PM's please. Use the forum, the community will thank you.
          Edit : and where are the logs ??

          1 Reply Last reply Reply Quote 0
          • B Offline
            Bob60 @stephenw10
            last edited by

            Hi,

            Indeed, I have tried this, did not work the first time, but did the second... something must have went wrong...

            I have managed to log on and change the PON IP address to 192.168.0.10. I did reconnect the Netgate to my network.

            I have now the following configuration

            LAN IP address : 192.168.11.2/24
            WAN IP address : 192.168.0.5/24
            ONT IP address : 192.168.0.10/24

            Here is the ONT network configuration

            root@SFP:/home/ONTUSER# uci show network
            network.loopback=interface
            network.loopback.ifname=lo
            network.loopback.proto=static
            network.loopback.ipaddr=127.0.0.1
            network.loopback.netmask=255.0.0.0
            network.globals=globals
            network.globals.ula_prefix=auto
            network.lct=interface
            network.lct.ifname=lct0
            network.lct.netmask=255.255.255.0
            network.lct.proto=static
            network.lct.macaddr=00:06:B5:B5:B5:B5
            network.lct.ipaddr=192.168.0.10
            network.lct.gateway=192.168.2.0
            network.host=interface
            network.host.ifname=host
            network.host.ipaddr=0.0.0.0
            network.host.netmask=0.0.0.0
            network.host.macaddr=cc:aa:aa:bb:cc:dd
            network.host.proto=static
            network.host6=interface
            network.host6.ifname=@host
            network.host6.proto=static
            

            As far as I know how my ISP distrIbutes IP address through its DHCP, I need to send the following information in my DHCP request :

            Vendor-Class (60), length 65: "neufbox_NB6VAC-FXC-r1_NB6VAC-MAIN-R4.0.45d_NB6VAC-XDSL-A2pv6F039p"
            	    Client-ID (61), length 7: ether cc:aa:aa:bb:cc:dd
            

            So, I already changed network.host.macaddr=cc:aa:aa:bb:cc:dd.

            I am right ? What is the difference between network.lct and network host parameters ?

            Any ideas how to get any further ? (I need to wait my employees to leave after 6 pm to test the connection...)

            Regards,

            Bob

            GertjanG 1 Reply Last reply Reply Quote 0
            • B Offline
              Bob60
              last edited by

              I realize that the GPON embedded system is a WRT system

              root@SFP:/etc# cat openwrt_release
              DISTRIB_ID="OpenWrt"
              DISTRIB_RELEASE="7.5.3"
              DISTRIB_REVISION="14.07_ltq"
              DISTRIB_CODENAME="sfp"
              DISTRIB_TARGET="lantiq/generic"
              DISTRIB_DESCRIPTION="OpenWrt SFP 7.5.3"
              DISTRIB_TAINTS="no-all busybox"
              
              

              Is there any possibility to pass the configuration of this module through pfSense ?

              Bob

              keyserK 1 Reply Last reply Reply Quote 0
              • GertjanG Offline
                Gertjan @Bob60
                last edited by Gertjan

                @Bob60 said in GPON SFP Module on Netgate 2100 for SFR Business Fiber:

                Any ideas how to get any further ?

                and ...

                @Bob60 said in GPON SFP Module on Netgate 2100 for SFR Business Fiber:

                neufbox

                Oh oh ... 🇫🇷 FAI(ISP) alert.

                Dono about Neuf (edit : wrong : SFR ...), but if they publish details like the other ISP, Orange, then no one knows, even not the ISP itself. Forget about calling the support : "this is unsupported".

                But, help does exists, I guess : You probably are already aware of this forum ?

                @Bob60 said in GPON SFP Module on Netgate 2100 for SFR Business Fiber:

                Is there any possibility to pass the configuration of this module through pfSense ?

                The rest is "what I've read / seen / etc"

                pfSense sees, in the GPON slot, a 'NIC' that has a 'connection speed X'. Nothing more.
                You have to access the console of the PGON module to set up parameters, so that the other device, on the other side, recognizes the connection. This is probably, as you've already figured out : the MAC it announces -as this would indicate : "a neuf box on this side".

                On the pfSense level pfSense level, the DHCP WAN client, a DHCP option has to to be set up that contain info about the "requesting neuf box" (that isn't a neuf box - it you using pfSEnse and a GPON ^^). If this goes like Orange : an encoded DHCP option number full with 'numbers' that include the user ID, a connection password etc.
                Neuf (SFT) could be totally different of course.
                The forum I've mentioned above has all the info.

                I'm just brainstorming btw. I know how this could work with a Livebox & Orange, and if I was just using the connection as "Internet" only I could actually do this : no more Livebox, just the green fiber plug into the PGON into my 4100. Great. One (stupid !!) box less.
                But I also use the phone as a fax line (while this is still a thing ..... being a hotel : it actually is).
                And then there is the "TV" part what makes it really a "mess" - but I need the box as a TV set, as that is the only way I can see 'CNN' (I know, no comments please - : I keep my Livebox ... as I'm paying for it anyway, if i'm using it, or not.
                And, as said above : not using the 'box' can work, but unsupported. So as soon as some (Orange) changes something, not telling neither documenting this no where, my connection drops ..... and ChatPG won't be able to advice me, neither the "Orange Pro support". And all this while the connection is down.
                I'm to old for this ;)

                No "help me" PM's please. Use the forum, the community will thank you.
                Edit : and where are the logs ??

                B 1 Reply Last reply Reply Quote 0
                • keyserK Offline
                  keyser Rebel Alliance @Bob60
                  last edited by

                  @Bob60 Follow @Gertjan ’s advice. That forum (LaFibre) is where I found everything I needed to get that very fs.com ONT SFP running in my SG-2100 with Orange in France. Seems its not only Orange that does all they can to make it impossible for customers to have proper passthrough/RAW public IP on their own equipment 8-)

                  But it works when it works, and I have done it for 2 years running now. The DEALBREAKER is the dhcp options they require/insist on.
                  It has to be flawless with Orange - until you have transmitted a flawless DHCP discover frame with all the correctly formatted options, you wont recieve a single frame/packet on the link.

                  Love the no fuss of using the official appliances :-)

                  1 Reply Last reply Reply Quote 0
                  • B Offline
                    Bob60 @Gertjan
                    last edited by

                    @Gertjan, I know this forum but I thought that problem was more Netgate related... and regarding the SFR support, they are almost useless and if needed I can replug their box.

                    Are you also a NL guy living in France ;-) ?

                    GertjanG 1 Reply Last reply Reply Quote 0
                    • stephenw10S Offline
                      stephenw10 Netgate Administrator
                      last edited by

                      The GPON module is not what connects to the ISP it just passes the connection.

                      The pfSense WAN interface should still be set to DHCP. You have to add the IPAlias VIP in the GPON mgmt subnet to access it.

                      You should be able to see at least some sort of signal strength so you know the fiber is connected correctly in the gpon cli there.

                      keyserK 1 Reply Last reply Reply Quote 0
                      • GertjanG Offline
                        Gertjan @Bob60
                        last edited by Gertjan

                        @Bob60 said in GPON SFP Module on Netgate 2100 for SFR Business Fiber:

                        but I thought that problem was more Netgate related...

                        I see it like this :

                        pfSense is a 'hardware a,d or sofware box' with RJ45 on all sides.
                        Specs for these sockets are world known. [ that is, if you can keep over the top VM virtual driver and realtek NIXs out of the door ]

                        The "ISP" box is another animal.
                        It has a (useless) wifi AP biuld in.
                        As soon as the connection comes up, it can do a 'phone simulation". At best this is a SIP thing, or it looks ike SIP, smells like SIP but isn't SIP.
                        It can "create" an extra access to the ISP video and video on demand servers. You often need another box for this. The video communication is often pure, totally undocumented magic.

                        And then there is the media convert. back in the past : the classic "modem". later on : a TV cable carrier modulator. And ADSL was also used : worked pretty well over classic POTS ....
                        And now : fiber ... but what goes on over fiber is speced, but what is not known/RFC detailed/written somewhere : how to 'create' the connection.
                        What to send, what to receive, before you have your actual "IP" channel open.

                        That's why every ISP makes its own box. If they didn't, support would melt down the very same day. So things have become very easy these days : when I hook up my Livebox I even don't have to connect to "192.168.1.1" (default Livebox GUI) anymore to enter my fti/xxxx and connection password .
                        But under the hood, everything changed. Things became huge.

                        edit : I've edited my post above.

                        edit :

                        @Bob60 said in GPON SFP Module on Netgate 2100 for SFR Business Fiber:

                        Are you also a NL guy living in France ;-) ?

                        Yep.

                        No "help me" PM's please. Use the forum, the community will thank you.
                        Edit : and where are the logs ??

                        1 Reply Last reply Reply Quote 0
                        • keyserK Offline
                          keyser Rebel Alliance @stephenw10
                          last edited by keyser

                          @stephenw10 said in GPON SFP Module on Netgate 2100 for SFR Business Fiber:

                          The GPON module is not what connects to the ISP it just passes the connection.

                          The pfSense WAN interface should still be set to DHCP. You have to add the IPAlias VIP in the GPON mgmt subnet to access it.

                          You should be able to see at least some sort of signal strength so you know the fiber is connected correctly in the gpon cli there.

                          Stephen is correct unless your ISP provides it Internet Service in a specific VLAN like Orange do.

                          So you need to figure out if SFR is using a VLAN number for its internet service.

                          The ONT mudule is just a bridge (like a switch) once it’s configured to connect to the ISP’s fiber. Any frames recieved on the fiber is passed on to the NIC in pfSense (Including VLAN tags if present)

                          Love the no fuss of using the official appliances :-)

                          GertjanG 1 Reply Last reply Reply Quote 0
                          • GertjanG Offline
                            Gertjan @keyser
                            last edited by

                            @keyser said in GPON SFP Module on Netgate 2100 for SFR Business Fiber:

                            (like a switch)

                            Or even a modem, as it modulates light waves according to the incoming electrical Ethernet bit stream.
                            And the other way around.
                            And it has of course a micro controller with some OS (a WRT in this case) onboard to monitor stuff, like temp checking, bit rate syncing, and who knows what more.
                            It could even contain have a 'call home' process for the greater data collection needs ... oh boy ...

                            No "help me" PM's please. Use the forum, the community will thank you.
                            Edit : and where are the logs ??

                            1 Reply Last reply Reply Quote 0
                            • stephenw10S Offline
                              stephenw10 Netgate Administrator
                              last edited by

                              Mmm, it could do all sorts of things but mostly they don't because no ISP wants to maintain that!

                              1 Reply Last reply Reply Quote 0
                              • B Offline
                                Bob60
                                last edited by

                                Hi guys,

                                Thanks for all your help and advises. I thought that by-passing the SFR box would be much more easier to achieve.

                                I know that some SFR Box 6 users succeeded because ONTs on these boxes are supplied separately allowing easier tcpdumping to know what is going on, not having to mess around with all fiber complicated stuff (sorry but I stopped working in the IT for 13 years now).

                                On the SFR Box 8 I now have, ONTs are built in making the challenge a step higher.

                                Unfortunately, I have no time to spend hours or days on this kind of improvement of our small network.

                                I have much more Netgate related problems to deal with, I will surely post again.

                                Sorry for this,

                                Thanks again,

                                Robert

                                1 Reply Last reply Reply Quote 0
                                • stephenw10S Offline
                                  stephenw10 Netgate Administrator
                                  last edited by

                                  Always good to details efforts in an edge case. Someone else will be trying this. 😉

                                  1 Reply Last reply Reply Quote 0
                                  • First post
                                    Last post
                                  Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.