This guide was used to configure my parents' internet connection with an improved setup devoid of the provded ISP bloatbox.
To do that, you need a few things prior to starting, namely:
- GPON SFP(+) module with an unlocked serial number configuration (e.g. here),
- Router/Gateway to plug that module (e.g. UDM-Pro, UCG-Fiber),
- SC-to-SC cable with APC plugs on both sides (e.g. here).
Please consider the following prior to proceeding,
- This is going to be a Ubiquiti specific setup guide as that's what I use across our households. You can easily use this guide with a custom router and/or gateway.
- The ISP my parents had was Cosmote, the largest one in Greece. You can adapt this guide easily for others, but might require some tweaks.
- I am not responsible for any reprecusions or damage you do in your devices if you follow this guide - use it at your own risk.
To complete this guide successfully, you need to have SSH access enabled in your gateway and/or router. For Ubiquiti specific setups, you can follow the official documentation here on how to enable it.
Then, you should ssh to the device as follows,
# Notes:
# - replace 10.10.10.1 with your IP of the gateway
# - username is `root` normally (for all users), but in some cases might be ubnt - check your product manual
ssh [email protected]
The first thing that you have to do is to plug the module into a compatible SFP(+) port. In gateway devices you should plug it to a WAN port which is specifically configured for this purpose. If you are using a switch, then plug it into one of the available SFP(+) ports.
One the module is plugged in, give it a few moments to boot up - you will be able to soon see it in the interface.
Important note: unfortunately, Ubiquiti devices do not support natively negotiating the speed of 2.5Gbit for SFP+ ports. Therefore you can only reliably set it to either 1Gbit or 10Gbit. 2.5GBit, if set manually, might work but not guaranteed.
We now need to configure access to the module, so we're able to access it. To do so, we need to perform a few specific steps in order to achieve that.
Normally, these modules have a pre-configured IP address and we need to configure our gateway such that we're able to access it.
In your ip configuration, you need to find the interface which your SFP port is associated with.
For example in the UDM-Pro family of devices, this is eth9 --
root@VoltronUDM-Pro:~# ip addr
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
link/loopback e2:63:<redacted> brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
inet6 2001:<redacted>::1/128 scope global deprecated
valid_lft forever preferred_lft 0sec
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
2: dummy0: <BROADCAST,NOARP> mtu 1500 qdisc noop state DOWN group default qlen 1000
link/ether f6:78:<redacted> brd ff:ff:ff:ff:ff:ff
3: eth9: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP group default qlen 10000
link/ether e0:63:<redacted> brd ff:ff:ff:ff:ff:ff
inet6 fe80::e263:<redacted>/64 scope link
valid_lft forever preferred_lft forever
4: eth8: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc mq state DOWN group default qlen 1000
link/ether e0:63:da:8c:62:ba brd ff:ff:ff:ff:ff:ff
inet6 fe80::e263:<redacted>/64 scope link
valid_lft forever preferred_lft forever
5: eth10: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 9216 qdisc mq master br0 state UP group default qlen 10000
link/ether e0:63:<redacted> brd ff:ff:ff:ff:ff:ff
inet6 fe80::e263:<redacted>/64 scope link
valid_lft forever preferred_lft forever
Assuming you use Ubiquiti, the ports you see in the interface are mapped to an eth interface if you
subtract 1 from the displayed number.
Namely Port 10 will be eth9 and so on... (at least under normal circumstances).
Use the following command to bring up the required subnet to the associated interface.
As per documentation (also on hack-gpon), our interface operates in the 192.168.1.x subnet
with a default IP address of 192.168.1.10.
Let's add the subnet to the eth9 interface,
ip addr add dev eth9 local 192.168.1.2/24
Route all traffic from that interface to the 192.168.1.2 gateway address we created above,
iptables -t nat -A POSTROUTING -o eth9 -d 192.168.1.0/24 -j SNAT --to 192.168.1.2
To reverse the above changes, do the following to remove the POSTROUTING,
iptables -t nat -D POSTROUTING -o eth9 -d 192.168.1.0/24 -j SNAT --to 192.168.1.2
and the actual subnet from eth9,
ip addr delete dev eth9 local 192.168.1.10/24
To ensure your changes got applied you can review the output of,
ip addr
and for iptables,
iptables -t nat -L POSTROUTING
Now you should be able to access the GPON module by pinging its address from the UDM-Pro shell,
root@UDM-Pro:~# ping 192.168.1.10
PING 192.168.1.10 (192.168.1.10) 56(84) bytes of data.
64 bytes from 192.168.1.10: icmp_seq=1 ttl=64 time=0.656 ms
64 bytes from 192.168.1.10: icmp_seq=2 ttl=64 time=0.268 ms
64 bytes from 192.168.1.10: icmp_seq=3 ttl=64 time=0.259 ms
64 bytes from 192.168.1.10: icmp_seq=4 ttl=64 time=0.253 ms
64 bytes from 192.168.1.10: icmp_seq=5 ttl=64 time=0.266 ms
After ensuring you are able to ping the module, you should ssh to it.
As mentioned previously the default parameters of the FS GPON module are as follows,
| IP | 192.168.1.10 |
|---|---|
| user | ONTUSER |
| pass | 7sp!lwUBz1 |
Therefore, based on the above parameters you can ssh to the GPON module by using the following command,
ssh -oKexAlgorithms=+diffie-hellman-group1-sha1 [email protected]
Note: it is important to use that specific (and outdated) algorithm as newer ones are not supported by the module firmware -- and that is OK
You need to get the device serial number which should be exactly 12 digits (normally). That is located in your current ONU -- we had a FritzBox 5530, therefore it had the following format,
AVMGXXXXXXXX
All letters should be capitals. To set the serial in this specific module you can use the following command,
set_serial_number AVMGXXXXXXXX
or,
sfp_i2c -i8 -s "AVMGXXXXXXXX"
Important note: you will not be able to see the updated serial number in the module without doing a reboot first.
Some ISPs require a specific ID for the device used, in our case it was the following,
sfp_i2c -i7 -s "F!box5530"
_Important note: the updated device number will not be applied without performing a reboot of the module first.
After applying the above commands, you need to reboot the module -- you can do that by using the following command,
reboot
Then after waiting for a few minutes for the operation to complete you can check that the serial number is changed to the desired one,
fw_printenv | grep nSerial
or by using,
sfp_i2c -g | grep nSerial
Without the | grep nSerial you will get the dump of the entire configuration.
You need to go to the Unifi dashboard in your gateway and have the following settings in the GPON WAN (Port 10),
These are the settings you should change and use the credentials as you used to login to your service in your previous router.
To use your prior modem for VoIP telephony purposes, just plug it in to a switch port and use the same credentials as previously. The only catch is to not set a custom DNS (let it default to auto), and you should be able to get your telephony credentials.
That should allow you to remove the ISP issued box and use a Unifi gateway instead (or a router of your choice). Hope this helps!
Important: I am not able to provide support or reply to any questions regarding this. Use it at your own discretion and as you see fit.