.png)
4 weeks ago
1
Today I’m setting up a GPON network in my homelab. GPON is the ITU’s Gigabit-class Passive Optical Network technology, one of the most commonly deployed fiber to the home technologies. While it’s being replaced by its faster descendant XGS-PON, it’s still capable of 2.44Gbps down / 1.22Gbps up across 128 clients, all using only passive optical components between the headend (OLT) and clients (ONU).
I’ve got a single-port Optical Line Terminal (OLT) made by CData, as well as 8x client Optical Network Units (ONU) also made by CData. Big thanks to CData for providing the equipment for this project!
You can also download the config as a file here
!
!
sysname FD1601S-B1
!
!
traffic-profile profile-id 1 profile-name resi-1000-down cir 512000 pir 1024000 cbs 10240000 pbs 10240000
traffic-profile profile-id 2 profile-name resi-1000-up cir 256000 pir 1024000 cbs 8194000 pbs 10240000
traffic-profile profile-id 3 profile-name resi-200-down cir 102400 pir 204800 cbs 3278800 pbs 6555600
traffic-profile profile-id 4 profile-name resi-200-up cir 51200 pir 102400 cbs 1640400 pbs 3278800
!
!
dba-profile profile-id 0 profile-name dba-profile_0
type1 fix 256
commit
exit
dba-profile profile-id 1 profile-name dba-profile_1
type3 assure 56000 max 1024000
commit
exit
dba-profile profile-id 2 profile-name dba-service-100
type3 assure 25600 max 102400
commit
exit
dba-profile profile-id 3 profile-name dba-service-500
type3 assure 25600 max 512000
commit
exit
dba-profile profile-id 4 profile-name dba-service-1000
type3 assure 30720 max 1024000
commit
exit
!
!
!
ont-line-profile gpon profile-id 0 profile-name line-profile_0
#tcont 0 dba-profile-id 0
#tcont 1 dba-profile-id 1
#gem add 1 tcont 1
#gem mapping 1 1 vlan 1
commit
exit
ont-line-profile gpon profile-id 1 profile-name line-resi1000
#tcont 0 dba-profile-id 0
#tcont 1 dba-profile-id 1
#gem add 1 tcont 1
#gem mapping 1 1 vlan transparent
no gem mapping 1 1
gem delete 1
gem add 1 tcont 1 encrypt disable gem-car-upstream 2 gem-car-downstream 1
gem mapping 1 1 vlan 20
commit
exit
ont-line-profile gpon profile-id 2 profile-name line-resi200
#tcont 0 dba-profile-id 0
#tcont 1 dba-profile-id 1
#gem add 1 tcont 1
#gem mapping 1 1 vlan transparent
no gem mapping 1 1
gem delete 1
gem add 1 tcont 1 encrypt disable gem-car-upstream 4 gem-car-downstream 3
gem mapping 1 1 vlan 20
commit
exit
!
ipconfig-profile gpon profile-id 0 profile-name ipconfig-profile_0
#service internet
#nat enable
commit
exit
!
ont-srv-profile gpon profile-id 0 profile-name srv-profile_0
#ont-port eth adaptive pots adaptive catv adaptive wifi adaptive
port vlan eth 1 transparent
port vlan eth 2 transparent
port vlan eth 3 transparent
port vlan eth 4 transparent
port vlan eth 5 transparent
port vlan eth 6 transparent
port vlan eth 7 transparent
port vlan eth 8 transparent
port vlan eth 9 transparent
port vlan eth 10 transparent
port vlan eth 11 transparent
port vlan eth 12 transparent
port vlan eth 13 transparent
port vlan eth 14 transparent
port vlan eth 15 transparent
port vlan eth 16 transparent
port vlan eth 17 transparent
port vlan eth 18 transparent
port vlan eth 19 transparent
port vlan eth 20 transparent
port vlan eth 21 transparent
port vlan eth 22 transparent
port vlan eth 23 transparent
port vlan eth 24 transparent
commit
exit
ont-srv-profile gpon profile-id 1 profile-name srv-resi
ont-port eth adaptive pots adaptive catv adaptive
port native-vlan eth 1 20
port vlan eth 1 20
port vlan eth 2 transparent
port vlan eth 3 transparent
port vlan eth 4 transparent
port vlan eth 5 transparent
port vlan eth 6 transparent
port vlan eth 7 transparent
port vlan eth 8 transparent
port vlan eth 9 transparent
port vlan eth 10 transparent
port vlan eth 11 transparent
port vlan eth 12 transparent
port vlan eth 13 transparent
port vlan eth 14 transparent
port vlan eth 15 transparent
port vlan eth 16 transparent
port vlan eth 17 transparent
port vlan eth 18 transparent
port vlan eth 19 transparent
port vlan eth 20 transparent
port vlan eth 21 transparent
port vlan eth 22 transparent
port vlan eth 23 transparent
port vlan eth 24 transparent
commit
exit
!
!
!
ont-sipagent-profile gpon profile-id 0 profile-name sipagent-profile_0
commit
exit
ont-digitmap-profile gpon profile-id 0 profile-name digitmap-profile_0
commit
exit
ont-siprightflag-profile gpon profile-id 0 profile-name sipright-profile_0
commit
exit
ont-pots-profile gpon profile-id 0 profile-name pots-profile_0
commit
exit
ont mult-srv-profile gpon profile-id 0 profile-name default-mult-srv-profile
ont-line-profile profile-id 0
ont-srv-profile profile-id 0
commit
exit
ont mult-srv-profile gpon profile-id 1 profile-name resi1000-srv-profile
ont-line-profile profile-id 1
ont-srv-profile profile-id 1
commit
exit
ont mult-srv-profile gpon profile-id 2 profile-name resi-200-srv-profile
ont-line-profile profile-id 2
ont-srv-profile profile-id 1
commit
exit
!
!
!
!
vlan 1-2,20-30,69,666,1000
!
!
!
!
!
!
!
!
!
radius
exit
!
!
tacacs+
exit
!
user name root password *#*!#/)zW*+C-J/J123 privilege-level 15
user name admin password *#*!#/)zW*+C-J/J123 privilege-level 2
user name operator password *#*!#/)zW*+C-J/J123 privilege-level 1
user name guest password *#*$N&C(Ho+U0.lp\23 privilege-level 0
!
aaa
domain default
aaa_protocol radius
exit
!
!
interface mgmt
ip address 192.168.1.100 24
exit
!
!
!
!
!
!
!
!
interface gpon 0/0
flow-control 1 disable
frame-max 1 9600
ont authmode 1 auto
ont policy-auth 1 match any sn-auth to mult-srv-profile profile-name default-mult-srv-profile priority 0
ont policy-auth 1 match any sn-auth to mult-srv-profile profile-id 2 priority 1
ont add 1 1 sn-auth "CDTCAF53E6E3"
ont ont-port 1 1 eth adaptive pots adaptive catv adaptive iphost adaptive wifi adaptive
ont mac-learning 1 1 enable
ont mac-aging 1 1 300
ont veip 1 1 trunk
ont loopdetect 1 1 disable detect-frequency 8 resume-interval 300 auto-shutdown enable
ont native-vlan 1 1 concern
ont multicast mode 1 1 unconcern
ont port native-vlan 1 1 eth 1 vlan 21
ont port vlan 1 1 eth 1 21
ont tcont 1 1 0 dba-profile-id 0
ont tcont 1 1 1 dba-profile-id 1
ont mapping-mode 1 1 vlan
ont gemport 1 1 1 tcont 1 gem-car-upstream 4 gem-car-downstream 3 encrypt disable priority-queue-upstream 1 priority-queue-downstream 1
ont gemport mapping 1 1 1 1 vlan 21
ont fec 1 1 disable
ont omcc encrypt 1 1 disable
ont qos-mode 1 1 priority-queue
ont add 1 3 sn-auth "CDTCAF53E6DF"
ont ont-port 1 3 eth adaptive pots adaptive catv adaptive iphost adaptive wifi adaptive
ont mac-learning 1 3 enable
ont mac-aging 1 3 300
ont veip 1 3 trunk
ont loopdetect 1 3 disable detect-frequency 8 resume-interval 300 auto-shutdown enable
ont native-vlan 1 3 concern
ont multicast mode 1 3 unconcern
ont port native-vlan 1 3 eth 1 vlan 22
ont port vlan 1 3 eth 1 22
ont tcont 1 3 0 dba-profile-id 0
ont tcont 1 3 1 dba-profile-id 1
ont mapping-mode 1 3 vlan
ont gemport 1 3 1 tcont 1 gem-car-upstream 2 gem-car-downstream 1 encrypt disable priority-queue-upstream 1 priority-queue-downstream 1
ont gemport mapping 1 3 1 1 vlan 22
ont fec 1 3 disable
ont omcc encrypt 1 3 disable
ont qos-mode 1 3 priority-queue
ont add 1 4 sn-auth "CDTCAF53E6E1"
ont ont-port 1 4 eth adaptive pots adaptive catv adaptive iphost adaptive wifi adaptive
ont mac-learning 1 4 enable
ont mac-aging 1 4 300
ont veip 1 4 trunk
ont loopdetect 1 4 disable detect-frequency 8 resume-interval 300 auto-shutdown enable
ont native-vlan 1 4 concern
ont multicast mode 1 4 unconcern
ont port native-vlan 1 4 eth 1 vlan 23
ont port vlan 1 4 eth 1 23
ont tcont 1 4 0 dba-profile-id 0
ont tcont 1 4 1 dba-profile-id 1
ont mapping-mode 1 4 vlan
ont gemport 1 4 1 tcont 1 gem-car-upstream 4 gem-car-downstream 3 encrypt disable priority-queue-upstream 1 priority-queue-downstream 1
ont gemport mapping 1 4 1 1 vlan 23
ont fec 1 4 disable
ont omcc encrypt 1 4 disable
ont qos-mode 1 4 priority-queue
ont add 1 5 sn-auth "CDTCAF53E6DD"
ont ont-port 1 5 eth adaptive pots adaptive catv adaptive iphost adaptive wifi adaptive
ont mac-learning 1 5 enable
ont mac-aging 1 5 300
ont veip 1 5 trunk
ont loopdetect 1 5 disable detect-frequency 8 resume-interval 300 auto-shutdown enable
ont native-vlan 1 5 concern
ont multicast mode 1 5 unconcern
ont port native-vlan 1 5 eth 1 vlan 24
ont port vlan 1 5 eth 1 24
ont tcont 1 5 0 dba-profile-id 0
ont tcont 1 5 1 dba-profile-id 1
ont mapping-mode 1 5 vlan
ont gemport 1 5 1 tcont 1 gem-car-upstream 2 gem-car-downstream 1 encrypt disable priority-queue-upstream 1 priority-queue-downstream 1
ont gemport mapping 1 5 1 1 vlan 24
ont fec 1 5 disable
ont omcc encrypt 1 5 disable
ont qos-mode 1 5 priority-queue
exit
!
interface ge 0/0
exit
!
interface xge 0/0
frame-max 1 9600
vlan mode 1 trunk
vlan trunk 1 20-30,69
exit
!
!
!
!
!
# DHCP snooping config
!
# DHCP security-table config
!
# DHCP ipsg config
!
interface vlanif 1
description vlan-lan
ip address 192.168.0.4 24
exit
!
!
!
!
!
!
!
!
!
timezone gmt+ 02:00
!
!
!
snmp-agent community read */*puhcfl
snmp-agent community write */*pxfydqe
snmp-agent community write */*LoxxelqBox|eHdqqexv\qdpce
!
!
!
service telnet enable
service ssh enable
service http enable
service https enable
service snmp disable
!
!
end
!
You can also download the config as a file here
# 2025-09-27 15:34:10 by RouterOS 7.20rc1
# software id = XB52-1V8V
#
# model = CRS305-1G-4S+
# serial number = HHB0A3N8HRP
/interface bridge
add admin-mac=F4:1E:57:74:FD:8E auto-mac=no comment=defconf name=bridge \
vlan-filtering=yes
/interface vlan
add interface=bridge name=vlan-cust-com vlan-id=20
add interface=bridge name=vlan-cust1 vlan-id=21
add interface=bridge name=vlan-cust2 vlan-id=22
add interface=bridge name=vlan-cust3 vlan-id=23
add interface=bridge name=vlan-cust4 vlan-id=24
add interface=bridge name=vlan-iptv vlan-id=69
add interface=bridge name=vlan-lan vlan-id=1
/ip pool
add name=pool-cust-com ranges=100.64.0.100-100.64.0.254
add name=pool-cust1 ranges=100.64.1.100-100.64.1.254
add name=pool-cust2 ranges=100.64.2.100-100.64.2.254
add name=pool-cust3 ranges=100.64.3.100-100.64.3.254
add name=pool-cust4 ranges=100.64.4.100-100.64.4.254
/ip dhcp-server
add address-pool=pool-cust-com interface=vlan-cust-com name=dhcp4-cust-com
/interface bridge port
add bridge=bridge comment=defconf frame-types=\
admit-only-untagged-and-priority-tagged interface=ether1
add bridge=bridge comment=defconf interface=sfp-sfpplus1
add bridge=bridge comment=defconf interface=sfp-sfpplus2
add bridge=bridge comment=defconf interface=sfp-sfpplus3
add bridge=bridge comment=defconf interface=sfp-sfpplus4
/ip neighbor discovery-settings
set discover-interface-list=all
/interface bridge vlan
add bridge=bridge tagged=sfp-sfpplus3,sfp-sfpplus2 vlan-ids=20-30,69
/ip address
add address=100.64.0.1/24 interface=vlan-cust-com network=100.64.0.0
add address=100.64.1.1/24 interface=vlan-cust1 network=100.64.1.0
add address=100.64.2.1/24 interface=vlan-cust2 network=100.64.2.0
add address=100.64.3.1/24 interface=vlan-cust3 network=100.64.3.0
add address=100.64.4.1/24 interface=vlan-cust4 network=100.64.4.0
add address=100.64.69.2/24 interface=vlan-iptv network=100.64.69.0
/ip dhcp-client
add interface=vlan-lan
/ip dhcp-server network
add address=100.64.0.0/24 dns-server=192.168.0.3 domain=apalrd.fi gateway=\
100.64.0.1 netmask=24 ntp-none=yes
/ip firewall nat
add action=masquerade chain=srcnat out-interface=vlan-lan src-address=\
100.64.0.0/10
/ipv6 route
add disabled=no distance=1 dst-address=64:ff9b::/96 gateway=\
fe80::be24:11ff:fed7:e52d%vlan-lan pref-src="" routing-table=main scope=\
30 suppress-hw-offload=no target-scope=10
add disabled=no distance=1 dst-address=::/0 gateway=\
fe80::10:18ff:fe48:74c%vlan-lan pref-src="" routing-table=main scope=30 \
suppress-hw-offload=no target-scope=10
/ipv6 address
add address=2001:db8:420:6944::9 advertise=no interface=vlan-lan
# address pool error: pool not found: pd-pool1 (4)
add address=::1 from-pool=pd-pool1 interface=vlan-cust-com
# address pool error: pool not found: pd-pool1 (4)
add address=::1 from-pool=pd-pool1 interface=vlan-cust1
# address pool error: pool not found: pd-pool1 (4)
add address=::1 from-pool=pd-pool1 interface=vlan-cust2
# address pool error: pool not found: pd-pool1 (4)
add address=::1 from-pool=pd-pool1 interface=vlan-cust3
# address pool error: pool not found: pd-pool1 (4)
add address=::1 from-pool=pd-pool1 interface=vlan-cust4
/ipv6 dhcp-client
add interface=vlan-lan pool-name=pd-pool1 prefix-hint=::/59 request=\
address,prefix
/ipv6 dhcp-server
add address-pool=pd-pool1 interface=vlan-cust-com name=dhcp-cust-com
/ipv6 firewall nat
add action=src-nat chain=srcnat out-interface=vlan-lan src-address=\
2001:db8:420:6920::/59 to-address=\
2001:db8:420:6900:e203:18ab:6c15:dbe4/128
/ipv6 nd
set [ find default=yes ] dns=2001:db8:420:6900:be24:11ff:fe19:afa6 \
managed-address-configuration=yes pref64=64:ff9b::/96 ra-interval=5s-10s
/system clock
set time-zone-name=Europe/Helsinki
/system package update
set channel=testing
