Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    SG2100 - How do I connect to GPON ONU interface?

    Scheduled Pinned Locked Moved Hardware
    18 Posts 2 Posters 2.2k Views 4 Watching
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • S Offline
      stealthmode @stephenw10
      last edited by

      @stephenw10

      Thank you for sharing these steps

      I changed the LAN IP back to 192.168.1.1 instead of adding a VIP

      I tried to ping 192.168.1.10 from pfsense and that failed

      I tried test port to port 22 to 192.168.1.10 and the connection failed

      Only port 22 is opened as per the manual

      The module is https://www.fs.com/de-en/products/133619.html

      S stephenw10S 2 Replies Last reply Reply Quote 0
      • S Offline
        stealthmode @stealthmode
        last edited by

        Here is what the connection looks like

        IMG_4587 (1).jpg

        1 Reply Last reply Reply Quote 0
        • stephenw10S Offline
          stephenw10 Netgate Administrator @stealthmode
          last edited by stephenw10

          @stealthmode said in SG2100 - How do I connect to GPON ONU interface?:

          I changed the LAN IP back to 192.168.1.1 instead of adding a VIP

          Ok that won't work.

          The LAN interface must remain in a different subnet to the gpon module management otherwise it can't route to it. It will only work with a VIP on the WAN so it routes the traffic out to the GPON module.

          You could set the WAN directly to 192.168.1.100 but I assumed you want that as DHCP so it pulls a public address once the fibre is connected. Using a VIP allows that.

          S 1 Reply Last reply Reply Quote 1
          • S Offline
            stealthmode @stephenw10
            last edited by

            @stephenw10

            Thank you, sorry about that.

            I reverted the config, assigned the LAN IP as 192.168.2.1

            Assigned an IP alias VIP for the LAN interface to 192.168.1.100 / 24

            Tried the Ping test and ensured that the source interface was set as 192.168.1.100, the ping failed

            Tried port test on 22 and ensure that the source interface was set as 192.168.1.100, the connection to port 22 failed

            stephenw10S 1 Reply Last reply Reply Quote 0
            • stephenw10S Offline
              stephenw10 Netgate Administrator @stealthmode
              last edited by

              @stealthmode said in SG2100 - How do I connect to GPON ONU interface?:

              Assigned an IP alias VIP for the LAN interface to 192.168.1.100 / 24

              The IPAlias VIP has to be on the WAN, where the GPON module is.

              S 1 Reply Last reply Reply Quote 1
              • S Offline
                stealthmode @stephenw10
                last edited by

                @stephenw10 Damn it... thank you...

                That worked, the ping worked finally :D

                1 Reply Last reply Reply Quote 0
                • stephenw10S Offline
                  stephenw10 Netgate Administrator
                  last edited by

                  Nice! Ok so if it works from pfSense itself it can also work from a LAN client if you have the right outbound NAT rule. I would try to make the rule as specific as possible so it never over-matches. So probably from LANsubnet to 192.168.1.10 address.

                  S 1 Reply Last reply Reply Quote 1
                  • S Offline
                    stealthmode @stephenw10
                    last edited by

                    @stephenw10 Thank you for all your help... can you please let me know if something is wrong with my NAT configuration?

                    I tried setting the interface as both LAN and WAN but not able to ping from my laptop... sorry for the trouble

                    IMG_4594 (1).jpg

                    1 Reply Last reply Reply Quote 0
                    • stephenw10S Offline
                      stephenw10 Netgate Administrator
                      last edited by

                      Ok I would use hybrid mode rather than manual. Otherwise you will need to add NAT rules for all other traffic.

                      The one user rule should be on the WAN interface. It translates traffic as it leaves the WAN.

                      The translation (NAT) address should be the VIP. If that's 1.15 that should be OK.

                      S 1 Reply Last reply Reply Quote 0
                      • S Offline
                        stealthmode @stephenw10
                        last edited by

                        @stephenw10 Awesome, that worked, thank you thank you thank you so much.... how can I buy you a beer/coffee?.... thank you so much

                        1 Reply Last reply Reply Quote 0
                        • stephenw10S Offline
                          stephenw10 Netgate Administrator
                          last edited by

                          No worries, glad to help. 😁

                          1 Reply Last reply Reply Quote 0
                          • First post
                            Last post
                          Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.