• Categories
  • Recent
  • Tags
  • Popular
  • Users
  • Search
  • Register
  • Login
Netgate Discussion Forum
  • Categories
  • Recent
  • Tags
  • Popular
  • Users
  • Search
  • Register
  • Login

SG2100 - Unable to get DHCP WAN IP on GPON interface

Hardware
4
28
1.3k
Loading More Posts
  • Oldest to Newest
  • Newest to Oldest
  • Most Votes
Reply
  • Reply as topic
Log in to reply
This topic has been deleted. Only users with topic management privileges can see it.
  • S
    stealthmode
    last edited by Aug 2, 2024, 10:02 PM

    Hi,

    I have a SG2100 and have connected a GPON ONU module into it's SFP with the aim of replacing the ISP router.

    The GPON ONU states that the current state is 5 when I execute the command onu ploamsg

    This must imply that the ISP recognises my GPON ONU. However, PFSense does not receive a WAN IP.

    Here are the settings, my ISP use IPoE.

    • Therefore Interface > WAN Settings have set the "IPv4 Configuration Type" to DHCP
    • Configured MAC address spoofing to ISP router
    • I've been told to set the VLAN tag as 12.
    • Interfaces > VLANs created a new VLAN tag 12 for the WAN interface
    • Interfaces > Interface Assignments changed WAN network port to VLAN 12
    • Interfaces > Switch > VLANs > Enabled 802.1q VLAN mode > Save
    • Interfaces > Switch > VLANs > Add Tag > gave VLAN 12 and members as "1" > Save

    Despite following these steps, the WAN interface does not get an WAN IP address. Can you please help?

    K 1 Reply Last reply Aug 3, 2024, 9:03 AM Reply Quote 0
    • S
      stephenw10 Netgate Administrator
      last edited by Aug 2, 2024, 10:45 PM

      On the 2100 only the LAN uses the onboard switch. The WAN (mvneta0) is a seperate NIC. So you don't need to add any config to the switch settings there, only set the WAN as mvneta0.12.

      You may need to assign mvneta0 directly as well because traffic to the GPON module management would not normally be using a VLAN.

      I'm not sure what that ONU command is supposed to return. Do you have a link to a manual or command reference?

      S 1 Reply Last reply Aug 3, 2024, 8:21 AM Reply Quote 0
      • S
        stealthmode @stephenw10
        last edited by Aug 3, 2024, 8:21 AM

        @stephenw10 hi again, thank you for your reply.

        The ONU stick is running OpenWrt 14.97_ltq -- Lantiq Edition for GPON

        I've been looking at the following:

        https://hack-gpon.org/ont-fs-com-gpon-onu-stick-with-mac/

        https://resource.fs.com/mall/doc/20230831180515egrzs6.pdf

        https://medium.com/@cyayon/configure-onu-gpon-onu-34-20bi-for-orange-isp-2af4fccfc95a

        https://github.com/xvzf/zyxel-gpon-sfp

        Can you please clarify what do you mean by - "You may need to assign mvneta0 directly as well because traffic to the GPON module management would not normally be using a VLAN."

        K 1 Reply Last reply Aug 3, 2024, 9:08 AM Reply Quote 0
        • K
          keyser Rebel Alliance @stealthmode
          last edited by Aug 3, 2024, 9:03 AM

          @stealthmode I’m using that exact combo (2100 + FS GPON ONU) so we know pfSense and the SFP module plays nice together.

          Since you are seeing state 5 in onu ploamsg you are connected to the ISP’s GPON tree, and we are likely then dealing with missing or wrong pfSense config. This can be VERY tricky to troubleshoot however, as the ISP holds the keys to the kingdom.

          What country and ISP are you trying to connect to? I’m using my setup in France and using Orange as the ISP.
          Orange’s use of IPoE is VERY VERY strict, and requires a LOT of specific DHCP options to be configured + VLAN priority settings - otherwise they simply do no not reply to to your pfSenses DHCP REQUESTs - and nothing works.

          So you need to find some way to verify what VLAN and DHCP settings is required by your ISP to accept DHCP requests.

          Love the no fuss of using the official appliances :-)

          1 Reply Last reply Reply Quote 1
          • K
            keyser Rebel Alliance @stealthmode
            last edited by Aug 3, 2024, 9:08 AM

            @stealthmode said in SG2100 - Unable to get DHCP WAN IP on GPON interface:

            Can you please clarify what do you mean by - "You may need to assign mvneta0 directly as well because traffic to the GPON module management would not normally be using a VLAN."

            If you are certain your ISP is using VLAN 12 for their services, you do not need to assign mvneta0 to an interface unless you wish to be able to SSH to the GPON module (for status and management). Your WAN should be assigned to mvneta0.12
            You could then assign mvneta0 to a OPT1 interface and give it a static 192.168.1.1/24 address. That would allow you to SSH to pfSense, and from there SSH to 192.168.1.10 (The GPON ONU)

            Love the no fuss of using the official appliances :-)

            S 1 Reply Last reply Aug 3, 2024, 10:50 AM Reply Quote 0
            • S
              stealthmode @keyser
              last edited by Aug 3, 2024, 10:50 AM

              @keyser Thank you very much for confirming!

              I'm in Portugal and my ISP is MEO.

              Let me dig through what the possible DHCP options might be.

              I wanted to confirm another thing - that since I see status 5 on ONU, that means that there are no settings which need to be modified on the ONU? is that right? Basically, the ISP recognises the ONU.

              K 2 Replies Last reply Aug 3, 2024, 11:14 AM Reply Quote 0
              • K
                keyser Rebel Alliance @stealthmode
                last edited by keyser Aug 3, 2024, 11:19 AM Aug 3, 2024, 11:14 AM

                @stealthmode said in SG2100 - Unable to get DHCP WAN IP on GPON interface:

                I wanted to confirm another thing - that since I see status 5 on ONU, that means that there are no settings which need to be modified on the ONU? is that right? Basically, the ISP recognises the ONU.

                As far as I know and understand how the GPON ONU/ONT topology works yes - The ONU is connected and logged into the GPON tree, so traffic should be able to flow. The trouble is that when the ISP is using IPoE authentication (The DHCP exchange is the authentication), no traffic will flow your way before you have authenticated. So you are likely unable to verify if traffic is flowing by doing a promiscious packet capture on your OPT1 (mvneta0) interface. But try and do it anyways - it will show any frames your pfsense sends, and if you were authenticated it would show any frames (including vlan 12 tagged ones - your WAN) inbound to your pfsense - normally broadcasts/Arp and such. Perhaps you could be lucky that they allow certain frames to pass even in unauthenticated state - thus verifying that traffic is actually flowing.

                The only thing i’m a little unsure of is MAC addressing. On my ISP (Orange) it is necessecary to clone the ISPs router box MAC address to the GPON ONU - otherwise it won’t log into the GPON tree. After that connection is established (state 5) and the ONU enters bridgemode, Orange doesn’t really care about the router (pfSense) MAC address on the WAN interface. I decided to clone the router MAC address to pfSense as well. But your ISP may or may not care about the MAC address - both on the ONU side and the Router/pfSense side.

                Love the no fuss of using the official appliances :-)

                1 Reply Last reply Reply Quote 1
                • S
                  stephenw10 Netgate Administrator
                  last edited by Aug 3, 2024, 11:31 AM

                  Do you not even see a response to DHCP requests without the correct incantation?

                  K 1 Reply Last reply Aug 3, 2024, 11:45 AM Reply Quote 0
                  • K
                    keyser Rebel Alliance @stephenw10
                    last edited by Aug 3, 2024, 11:45 AM

                    @stephenw10 Nope, if your DHCP frame is not formattted correctly with the required DHCP options to authenticate, then there will be no DHCP reply/offer. So you are unable to verify if traffic actually works or your VLAN tagging is correct.

                    On top of that my ISP - Orange - requires all DHCP frames to be priority 6 tagged as well. If they are not, no replies are made.

                    Love the no fuss of using the official appliances :-)

                    1 Reply Last reply Reply Quote 0
                    • S
                      stephenw10 Netgate Administrator
                      last edited by stephenw10 Aug 3, 2024, 11:47 AM Aug 3, 2024, 11:47 AM

                      Urgh, well that's not easy then! 😞
                      #funtimes

                      K 1 Reply Last reply Aug 3, 2024, 11:56 AM Reply Quote 0
                      • K
                        keyser Rebel Alliance @stephenw10
                        last edited by Aug 3, 2024, 11:56 AM

                        @stephenw10 Indeed - if the ISP is strict like Orange, it will be impossible to to make it work unless you have one of two options:

                        • Someone inside info from the ISP to be able configure all the right settings.
                        • Be able to do a packet capture of your original ISP routers DHCP exchange and mimic all settings in pfSense

                        In Orange’s case there is a large internet forum in france where thousands of people share their findings + a representative (unofficial I presume) from Orange shares the strict requirements their end verifies before passing authentication.

                        Love the no fuss of using the official appliances :-)

                        S 1 Reply Last reply Aug 3, 2024, 4:18 PM Reply Quote 0
                        • S
                          stealthmode @keyser
                          last edited by Aug 3, 2024, 4:18 PM

                          @keyser said in SG2100 - Unable to get DHCP WAN IP on GPON interface:

                          Be able to do a packet capture of your original ISP routers DHCP exchange and mimic all settings in pfSense

                          How should I be able to do this? any ideas?

                          K 2 Replies Last reply Aug 3, 2024, 11:23 PM Reply Quote 0
                          • K
                            keyser Rebel Alliance @stealthmode
                            last edited by keyser Aug 3, 2024, 11:25 PM Aug 3, 2024, 11:23 PM

                            @stealthmode not really No since your ISP is using GPON. It would require special hardware that can bridge the GPON fiber and give you a capture sitting in the middle.

                            If your ISP router has another WAN port (RJ45), it might work by linking that to your pfsense while doing a packet capture on the pfsense port. The ISP router might send the same crafted DHCP request on the RJ45 WAN port as it does on the GPON fiber port when linking up/booting.

                            Alternatively you would need an ISP router that is hacked to mirror packets to a secondary port (if possible at all on that HW).

                            All you need is a copy of that first DHCP request frame as that shows all options and if needed prioriry settings.

                            Love the no fuss of using the official appliances :-)

                            1 Reply Last reply Reply Quote 0
                            • S
                              stephenw10 Netgate Administrator
                              last edited by Aug 3, 2024, 11:51 PM

                              Mmm, but finding someone else who has already done it for your ISP would be easiest. Perhaps there is some local forum for users?

                              1 Reply Last reply Reply Quote 0
                              • K
                                keyser Rebel Alliance @stealthmode
                                last edited by Aug 4, 2024, 8:04 AM

                                @stealthmode I’m from Denmark, but my french “connection” required me to find all the info I needed on this french site: https://lafibre.info/index.php

                                There is a LOT of info sharing on various ISPs on that site. Perhaps someone there have also been working with MEO if they are present in France, or if that someone has remote sites in Portugal.

                                Love the no fuss of using the official appliances :-)

                                1 Reply Last reply Reply Quote 0
                                • K
                                  keyser Rebel Alliance @stealthmode
                                  last edited by Aug 4, 2024, 8:24 AM

                                  @stealthmode I can see there is some discussions about ISP’s in portugal. Perhaps you can find something here:
                                  https://lafibre.info/europe-sud/

                                  Love the no fuss of using the official appliances :-)

                                  S 1 Reply Last reply Aug 4, 2024, 1:27 PM Reply Quote 1
                                  • S
                                    stealthmode @keyser
                                    last edited by Aug 4, 2024, 1:27 PM

                                    @keyser said in SG2100 - Unable to get DHCP WAN IP on GPON interface:

                                    https://lafibre.info/europe-sud/

                                    Thank you very much! I'm enquiring on this forum as well as other forums for this ISP

                                    S 1 Reply Last reply Aug 4, 2024, 1:49 PM Reply Quote 0
                                    • S
                                      stealthmode @stealthmode
                                      last edited by Aug 4, 2024, 1:49 PM

                                      Great news! I logged into the CLI of the router and was able to capture some additional details on the WAN interface.

                                      Interface:                     erouter0
                                      MAC Address :                  <removed>
                                      Description:                   Interface_erouter0
                                      Type:                          IPoE
                                      Vlan 802.1p:                   0
                                      Vlan Mux ID:                   12
                                      Vlan TPID:                     0x8100
                                      IPv6:                          Enabled
                                      IGMP Proxy:                    Enabled
                                      IGMP Source:                   Enabled
                                      MLD Proxy:                     Disabled
                                      MLD Source:                    Disabled
                                      NAT:                           Enabled
                                      NAT Type:                      Masquerade
                                      Firewall IPv4:                 Enabled
                                      Firewall IPv6:                 Enabled
                                      Force Disable Firewall IPv4:   Disabled
                                      Force Disable Firewall IPv6:   Disabled
                                      ARPPing:                       Enabled
                                      ARPPing timeout(secs):         900
                                      ARPPing number of repetitions: 3
                                      Status:                        Connected
                                      IPv4 address:                  <removed>
                                      IPv6 address:                  <removed>
                                      Enable/Disable:                Enabled
                                      Addressing Type IPv4:          DHCP
                                      ------DHCPv4------
                                      Option 60 Vendor ID:           meods00
                                      Option 61 IAID:
                                      Option 61 DUID:
                                      Subnet Mask:                   <removed>
                                      Default Gateway:               <removed>
                                      Option 125:
                                      DNS Servers:                   <removed>
                                      Remaining Lease Time(secs):    <removed>
                                      ------DHCPv6------
                                      Type:                          PrefixDelegation
                                      Prefix:                        <removed>/56
                                      Preferred lifetime:            90000
                                      Valid lifetime:                90000
                                      Default gateway:               <removed>
                                      DNS Servers:                   <removed>
                                      ----------------------------------------------
                                      

                                      Considering the above, I need to set Option 60, and also set the DHCPv6 options. Do you think that there are any other settings I should configure on the WAN interface?

                                      thank you

                                      K 1 Reply Last reply Aug 4, 2024, 2:49 PM Reply Quote 0
                                      • K
                                        keyser Rebel Alliance @stealthmode
                                        last edited by Aug 4, 2024, 2:49 PM

                                        @stealthmode VendorID might be the only setting needed - it might not. Sometimes not everything is outputted in Shell command like that. But try

                                        Love the no fuss of using the official appliances :-)

                                        1 Reply Last reply Reply Quote 0
                                        • S
                                          stephenw10 Netgate Administrator
                                          last edited by stephenw10 Aug 5, 2024, 1:30 PM Aug 4, 2024, 5:02 PM

                                          Mmm, what did you run to get that? I can't decide if that's what the server sent rather than the client.

                                          S 1 Reply Last reply Aug 4, 2024, 8:05 PM Reply Quote 0
                                          1 out of 28
                                          • First post
                                            1/28
                                            Last post
                                          Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.