What ONT options - because Calix routers are garbage

[neetz108]

help....

Need some advise and assistance. Metrofibre rolled out fibre in our estate. My 100mb line was activated and router delivered. I also have a good ASUS VDSL router (AC68u) - previously used with my 40mb VDSL connection.

Steps performed:
1. IP address of ASUS Router - 192.168.1.1
2. Asus router setup as DHCP server.
3. Changed static IP address on ONT router -192.168.1.14
4. Connected Ethernet cable from Calix ONT to ASUS router (Ethernet 1 port)
5. I am able to ping and access Calix ONT panel
6. Disabled LAN DHCP, WIRLESS on Calix ONT
7. Set WAN mode on Asus router to "Ethernet WAN" (for Ethernet 1 port)
8. Now, I'm unable to ping or access Calix ONT on 192.168.1.14.
9. Revert back to standard (DSL Mode).
10. I am able to ping and access 192.168.1.14.
11. Configure LAN gateway to 192.168.1.14.
12. Internet works fine on all devices.


Now, by configuring the network in this manner, I loose out on all the ASUS features. i.e. VPN, traffic / bandwidth amongst other cool features of my router. Its practically a dumb router at the moment.

How can I setup the Asus router using the Ethernet WAN mode and Calix ONT? I am not too familiar with the settings and configuration.

Any help will be appreciated.

 

[MagicDude4Eva]

Need some advise and assistance. Metrofibre rolled out fibre in our estate. My 100mb line was activated and router delivered. I also have a good ASUS VDSL router (AC68u) - previously used with my 40mb VDSL connection.

Steps performed:
1. IP address of ASUS Router - 192.168.1.1
2. Asus router setup as DHCP server.
3. Changed static IP address on ONT router -192.168.1.14
4. Connected Ethernet cable from Calix ONT to ASUS router (Ethernet 1 port)
5. I am able to ping and access Calix ONT panel
6. Disabled LAN DHCP, WIRLESS on Calix ONT
7. Set WAN mode on Asus router to "Ethernet WAN" (for Ethernet 1 port)
8. Now, I'm unable to ping or access Calix ONT on 192.168.1.14.
9. Revert back to standard (DSL Mode).
10. I am able to ping and access 192.168.1.14.
11. Configure LAN gateway to 192.168.1.14.
12. Internet works fine on all devices.


Now, by configuring the network in this manner, I loose out on all the ASUS features. i.e. VPN, traffic / bandwidth amongst other cool features of my router. Its practically a dumb router at the moment.

How can I setup the Asus router using the Ethernet WAN mode and Calix ONT? I am not too familiar with the settings and configuration.

Any help will be appreciated.

The Calix can not do bridged mode or supports PPPOE and I initially struggled for days to get my ASUS (N66U?) to connect and eventually dumped the ASUS (which was a painful decision). Pretty much everything on the Calix is garbage.

When I purchased the Ubiquiti kit (https://www.naschenweng.info/2017/01/05/ubiquiti-replacing-home-network-making-fibre-work-unifi/) I created two different subnets (10.0.0.1/24 for the Calix) with the Ubiquiti gateway (this would then be your ASUS) getting a fixed IP on WAN port of 10.0.0.2. I have turned off EVERYTHING on the Calix and for good measures also threw the Ubiquiti into the DMZ. On the LAN part (192.168.1.0/24) I made the Ubiquiti the gateway (192.168.1.1).

In my case I have a NAS as the DHCP-/DNS-server but in your case you should just be able to turn on DHCP on the ASUS. It is my suspicion that the Calix broadcasts other stuff on it's subnet and I also don't think that it's DHCP server is turned off when you say it is. Splitting subnets prevents all of this. My suggestion: Don't fight the Calix - it is an incapable device for the most basic requirements. Pull up two subnets and make your ASUS do all the heavy lifting (consider your Calix a dumb fibre-dialup-modem).

FWIW: Since the Calix does not have a WAN port, I just plugged my Ubiquiti WAN link into any Calix LAN port. Make sure that you connect nothing else to the Calix.

 

[neetz108]

The Calix can not do bridged mode or supports PPPOE and I initially struggled for days to get my ASUS (N66U?) to connect and eventually dumped the ASUS (which was a painful decision). Pretty much everything on the Calix is garbage.

When I purchased the Ubiquiti kit (https://www.naschenweng.info/2017/01/05/ubiquiti-replacing-home-network-making-fibre-work-unifi/) I created two different subnets (10.0.0.1/24 for the Calix) with the Ubiquiti gateway (this would then be your ASUS) getting a fixed IP on WAN port of 10.0.0.2. I have turned off EVERYTHING on the Calix and for good measures also threw the Ubiquiti into the DMZ. On the LAN part (192.168.1.0/24) I made the Ubiquiti the gateway (192.168.1.1).

In my case I have a NAS as the DHCP-/DNS-server but in your case you should just be able to turn on DHCP on the ASUS. It is my suspicion that the Calix broadcasts other stuff on it's subnet and I also don't think that it's DHCP server is turned off when you say it is. Splitting subnets prevents all of this. My suggestion: Don't fight the Calix - it is an incapable device for the most basic requirements. Pull up two subnets and make your ASUS do all the heavy lifting (consider your Calix a dumb fibre-dialup-modem).

FWIW: Since the Calix does not have a WAN port, I just plugged my Ubiquiti WAN link into any Calix LAN port. Make sure that you connect nothing else to the Calix.

Thanks. I also have QNAP NAS Device and will consider running the similar setup like yours. How much does the Ubiquiti Gateway cost? I have spent quite a bit on the ASUS router few months back already

 

[MagicDude4Eva]

Thanks. I also have QNAP NAS Device and will consider running the similar setup like yours. How much does the Ubiquiti Gateway cost? I have spent quite a bit on the ASUS router few months back already

I imported pretty much everything. In my case it was the USG, CloudKey, 2 x POE switches and AC AP - all slightly over 8K. The USG alone here would have cost around 1.8K. I decided to go full out with 12U rack at home and CAT6 as a Xmas project and gift to myself:

 

[Sinbad]

Md4e have you had any issues with your APs going into a provisioning/reboot loop?

Mine does it every now and then, and to fix it I need to reboot the controller.

They've given me beta controller and ap firmware to try to resolve...

 

[MagicDude4Eva]

Md4e have you had any issues with your APs going into a provisioning/reboot loop?

Mine does it every now and then, and to fix it I need to reboot the controller.

They've given me beta controller and ap firmware to try to resolve...

I only had this when I turned on logging via Syslog server. This caused hell on my network. I turned it off and since then no issue. Not sure if you use UCK or your own roll of the controller.

 

[Sinbad]

Cloud key...

No syslog server.

 

[MagicDude4Eva]

Cloud key...

No syslog server.

My setup is: USG -> US8 POE Switch (Office Switch with Cloud Key) -> Another US8 POE Switch (in Lounge). Lounge Switch has feeding AC Pro via POE. Had not a single issue other than having to fix IPs and the Syslog issue over the weekend.

 

[MagicDude4Eva]

Cloud key...

No syslog server.

Are you on the latest FW (came out over the weekend):
- CloudKey: 0.5.9 / Controller: 5.3.11
- Switches: 3.7.34.5997
- APs: 3.7.34.5997 (are you using UniFi AP-AC-Pro or something else?)
- USG: 4.3.34.4943823

I did read on the UBNT forum that some AP's had boot-loops on some firmware caused by the PoE switches cycling power.

 

[Sinbad]

Are you on the latest FW (came out over the weekend):
- CloudKey: 0.5.9 / Controller: 5.3.11
- Switches: 3.7.34.5997
- APs: 3.7.34.5997 (are you using UniFi AP-AC-Pro or something else?)
- USG: 4.3.34.4943823

I did read on the UBNT forum that some AP's had boot-loops on some firmware caused by the PoE switches cycling power.

Hi
No POE switches (yet)
AP (AC Lite) is at the version you gave. CK firmware is the same - but I have a beta controller (5.4.8) in an attempt to fix this.

 

[midnightcaller]

Hi MD4E

Your setup is exactly what I have been researching (except that I want one switch)

Vumatel dropped a Raycore 8port layer 2 switch.
I was planning on one of
USG
CK
POE switch
AP pro

I have checked scoop for pricing.
Can you share more details on imported the products ?

Thanks

 

[itareanlnotani]

Anyone tried replacing the ONU?

Should be a matter of changing the VPI/VCI to whatever your network uses, add the LOID, and making sure its compatible hardware-wise.
Eg GPON or EPON or whatever your provider is using., and add in your PPPoE user/pass in your own router (assuming its PPPoE, most are afaik).

I use my own ONU here in China (as the default is crippled). Had to hack the original router to get the PPPoE details, but wasn't too hard.
http://www.computersolutions.cn/blog/2014/09/hacking-shanghai-telecoms-e8-wifiepon-fibre-modem/

Replacement units here are cheap 10rmb-100rmb or so x2 for rands.
I have the 华为/Huawei HG810E, works flawlessly. 10rmb-30rmb s/hand here on Taobao.

If we had a working post service, as opposed to theft and non delivery service, I could ship one to test.

 

[MagicDude4Eva]

Hi MD4E

Your setup is exactly what I have been researching (except that I want one switch)

Vumatel dropped a Raycore 8port layer 2 switch.
I was planning on one of
USG
CK
POE switch
AP pro

I have checked scoop for pricing.
Can you share more details on imported the products ?

Thanks

I bought everything from Amazon during the December holidays - and by that time Scoop could not deliver in time. If I had planned it better, I would have bought it from Scoop as their dealer pricing was not bad. I remember that the Cloud Key at Scoop was R1200 (ex VAT) and Amazon had it for $77 and all Ubiquiti products had a 15% discount on Amazon - so I got the UCK for $65 (which turned out to be R875). Where I really scored was that Amazon bungled up my order (I placed it on the 21 December and they struggled to get it dispatched) and after much back and forth, they waved the international shipping as wall as paid for taxes/duties and then still gave me a $20 store credit. My actual order for 1 UCK, 2 PoE switches, 1 USG and 1 AP Pro then worked out to something around $550 or about R7500.

If I had more patience I would have ordered it through Scoop (my next AP Pro will properly be ordered through them). If there is another place we brings them in cheaper, I would be interested in that also.

The one regret I have is that in my office (where I have the cabinet) I should have gone with a 16-port PoE switch instead of the 8-port as I only have 2 ports free (after I completed my cabling, I learned that I could have interconnected both switches via SFP, thus freeing up one LAN port).

 

[MagicDude4Eva]

Anyone tried replacing the ONU?

I am sure it is possible. I initially investigated it but ran into so many issues. My FTTH provider (MetroFibre) could not give me any networking/technical info. I have read that people in Europe have used a Mikrotik with GPON module successfully, but they never used Calix but some other brand. I might be misinformed, but when I wanted to find out how to do a PPPOE dialup into the Calix (since it does not support bridged mode), I was told that this is not possible as the ONT and the server-equivalent have some special protocol/handshake which can not be negotiated via another GPON module. I technically believe that this is just a BS explanation and if I was more network savvy and had enough money/access to test-kit, it would very well be possible to make it work.

The reason I turned the Calix ONT into a dumb device was also because of support issues. In case my connectivity goes south, I don't have to face the situation that I am blamed for having some "hacky PPPOE dialup" via my own kit. They can do their tests/configs on the Calix and the rest of my network remains unaffected.

Compared to some other FTTH providers MFN at least just drops the ONT. I have read that others drop the ONT and then some Mikrotik or other Wifi router and customers do not have access to either. With MFN I have at least full ONT access and was able to turn off all the other functional garbage.

Shipping from Taobao is not really an issue - I normally use Aramex for this - spending days on trying to figure out a way to cut out the ONT makes only sense if you have existing equipment (such as a high-end Wifi/router with VPN etc) which you would want to re-use. I went the quick (but expensive way) and threw out all my other kit.

 

[itareanlnotani]

I am sure it is possible. I initially investigated it but ran into so many issues. My FTTH provider (MetroFibre) could not give me any networking/technical info. I have read that people in Europe have used a Mikrotik with GPON module successfully, but they never used Calix but some other brand. I might be misinformed, but when I wanted to find out how to do a PPPOE dialup into the Calix (since it does not support bridged mode), I was told that this is not possible as the ONT and the server-equivalent have some special protocol/handshake which can not be negotiated via another GPON module. I technically believe that this is just a BS explanation and if I was more network savvy and had enough money/access to test-kit, it would very well be possible to make it work.

The reason I turned the Calix ONT into a dumb device was also because of support issues. In case my connectivity goes south, I don't have to face the situation that I am blamed for having some "hacky PPPOE dialup" via my own kit. They can do their tests/configs on the Calix and the rest of my network remains unaffected.

Compared to some other FTTH providers MFN at least just drops the ONT. I have read that others drop the ONT and then some Mikrotik or other Wifi router and customers do not have access to either. With MFN I have at least full ONT access and was able to turn off all the other functional garbage.

Shipping from Taobao is not really an issue - I normally use Aramex for this - spending days on trying to figure out a way to cut out the ONT makes only sense if you have existing equipment (such as a high-end Wifi/router with VPN etc) which you would want to re-use. I went the quick (but expensive way) and threw out all my other kit.

I saw (I've read your blog).
Personally I would have reflashed the first router with openwrt or similar (I use AdvancedTomato), but UBNT stuff is nice.
If I had spare power I'd run similar myself too. (Offgrid, and spending money on building the main house in the plot, so less money for toys than usual).

I have a as yet uninstalled set of p2p ubnt AP's at home in Noordhoek I'll eventually be using for a NHW CCTV install. Unfortunately broke my leg, so stuck in China for a few more months.

 

[MagicDude4Eva]

I saw (I've read your blog).
Personally I would have reflashed the first router with openwrt or similar (I use AdvancedTomato), but UBNT stuff is nice.
If I had spare power I'd run similar myself too. (Offgrid, and spending money on building the main house in the plot, so less money for toys than usual).

I have a as yet uninstalled set of p2p ubnt AP's at home in Noordhoek I'll eventually be using for a NHW CCTV install. Unfortunately broke my leg, so stuck in China for a few more months.

My first router was (I blew when trying to flash it and even with recovery it does not come back to live) an ASUS N66U and it was quite a capable device and would have had no issue with PPPOE dialup / bridged mode etc (that was the reason I bought it). I just did not anticipate that the Calix 813G is just such a poor device. I would not mind off-grid - but the electrical work in my current house is such a mess that I would have to rewire everything first. Maybe I win the lottery and move somewhere else (one can only hope).

 

[eddief1]

I have read that people in Europe have used a Mikrotik with GPON module successfully, but they never used Calix but some other brand

Yes, the Calix headend (OLT) does support the Mikrotik GPON SFP (https://routerboard.com/SFPONU), I have tested.

We dont use the Calix combo routers/wifi as we use the Calix 801G (https://www.calix.com/systems/gigafamily-overview/gigapoints.html), they are 'dumb' bridges, then just use any standard router plugged into it, pretty much like putting an ADSL modem into "bridge-mode"

 

[MagicDude4Eva]

Yes, the Calix headend (OLT) does support the Mikrotik GPON SFP (https://routerboard.com/SFPONU), I have tested.

We dont use the Calix combo routers/wifi as we use the Calix 801G (https://www.calix.com/systems/gigafamily-overview/gigapoints.html), they are 'dumb' bridges, then just use any standard router plugged into it, pretty much like putting an ADSL modem into "bridge-mode"

That's interesting. Do you work for an ISP? Was there any specific config required on the Mikrotik (i.e. duplicating MAC address, VLAN tagging etc?) This is good news for people already using Mikrotik.

Is there any performance difference between the 801G, 813G and 84x - specifically when it comes to network throughput or do all of the devices have the same GPON/fibre module? I have not really found the time to read up on how GPON works, but like with ADSL/VDSL modems certain chipsets perform better than others - I suppose the same would not really apply to FTTx (or at least the gain would be hardly noticeable on a link slower than 1Gbps?).

 

[eddief1]

That's interesting. Do you work for an ISP? Was there any specific config required on the Mikrotik (i.e. duplicating MAC address, VLAN tagging etc?) This is good news for people already using Mikrotik.

GPON is a little different, no config is actually done on the ONT (It's why the web config pages are so limited). It is plugged into the fibre network, discovered by the OLT and all config is performed from the OLT (Headend) by the ISP, so it becomes about company policy if they would allow a non-calix device on the network. It really depends on the ISP network setup if you would require setting up VLANS on the mikrotik or not so can't answer for that.

Is there any performance difference between the 801G, 813G and 84x - specifically when it comes to network throughput or do all of the devices have the same GPON/fibre module? I have not really found the time to read up on how GPON works, but like with ADSL/VDSL modems certain chipsets perform better than others - I suppose the same would not really apply to FTTx (or at least the gain would be hardly noticeable on a link slower than 1Gbps?).

If you going to use them like you mentioned (Calix as bridge and your own router after), then NO, you can pass line rate, 1Gbps synchronous (limit of ethernet port)

One thing to consider is that the router/wif router you put after the calix, remember you going to be doing NAT on it, if you have a very high speed connection you should consider a router that does NAT in hardware (in silicon), a good choice here are the Edgemax routers as they do hardware offloading, cheaper consumer routers can max out the cpu doing NAT alone, you should be fine with a higher range mikrotik

 

[MagicDude4Eva]

GPON is a little different, no config is actually done on the ONT (It's why the web config pages are so limited). It is plugged into the fibre network, discovered by the OLT and all config is performed from the OLT (Headend) by the ISP, so it becomes about company policy if they would allow a non-calix device on the network. It really depends on the ISP network setup if you would require setting up VLANS on the mikrotik or not so can't answer for that.



If you going to use them like you mentioned (Calix as bridge and your own router after), then NO, you can pass line rate, 1Gbps synchronous (limit of ethernet port)

One thing to consider is that the router/wif router you put after the calix, remember you going to be doing NAT on it, if you have a very high speed connection you should consider a router that does NAT in hardware (in silicon), a good choice here are the Edgemax routers as they do hardware offloading, cheaper consumer routers can max out the cpu doing NAT alone, you should be fine with a higher range mikrotik

Thanks. I doubt that most providers will then allow other ONT's - from a support perspective this could create havoc. Rather offer a functionally limited device as the Calix and ISPs will not have issues (i.e. if the fibre is lit up and something is not working on the ONT, they will either reset the device or just swop it out). I disabled NAT on the ONT and placed the IP of the Ubiquiti router into the DMZ (with the hope that the Calix will not touch any traffic).

I assume that since FTTx is fairly new in SA that whatever infrastructure is deployed is 1st-world technology and perhaps over time ISPs will get a bit smarter and more open (it is also understandable to lock down ONTs / networks for competitive reasons - similar to what we had when ADSL started off).