-
Amazon Deals - ToS - Like us?
Help In Configuring My BSNL FTTH With Syrotech ONT
- Thread starter AshikAliLive
- Start date
- Replies 51
- Views 32,652
Upvote
0
I think for new bsnl ftth connections , they are not using MAC binding. To prove this , yesterday evening I kept Netlink ONU to bridge mode ( VoIP profile in router mode) and used one old TP-Link router with PPOE authentication. It worked with no issues. VoIP will be enabled only when the PPOE authentication is success at TP-Link.
Kept running this setup for few minutes and changed back to the original , that too worked with no issues.
screen shot from selfcare portal shows the MAC change. This made me to believe that only username and VLAN authentication is in place.
Kept running this setup for few minutes and changed back to the original , that too worked with no issues.
screen shot from selfcare portal shows the MAC change. This made me to believe that only username and VLAN authentication is in place.
Upvote
0
where is third party ont they r also using ont from same brandVisited the BSNL Office today,
They told Syrotech will not work, only "authorised ONTs" would work. I asked if they are doing mac binding, they told only vlan binding is in place. Further, they added the so-called authorized ONTs will have compatibility issue, so it will not work. It seems they have a problem me switching the ONT. And they started talking about security issues with the thirdparty ONTs.
Yeah, the same company that sets "password" as the password for the PPPoE credentials talk about security issue.
@varkey Seems have to return the Syrotech ONT
Upvote
0
better to bully them if they dont reset mac binding then i will disconnect connection
Upvote
0
@vu3knb Don't you think you are generalising it a bit too much? I mean how can you be sure that BSNL isn't MAC binding new FTTH connections?
The way I understand it, this whole authentication thing is between your ONT and your upstream OLT, which can belong to whoever and be of whatever brand (basically depends on your LCO).
Unless what you meant to say was only about direct connections from BSNL (the ones taken a few years back)?
On a side note: does anyone really have personal/business connections in India where LCO's/OLT operators have gone overboard and actually enabled both layers of authentication?? Mine simply binds MAC over PPPoE.
The way I understand it, this whole authentication thing is between your ONT and your upstream OLT, which can belong to whoever and be of whatever brand (basically depends on your LCO).
Unless what you meant to say was only about direct connections from BSNL (the ones taken a few years back)?
On a side note: does anyone really have personal/business connections in India where LCO's/OLT operators have gone overboard and actually enabled both layers of authentication?? Mine simply binds MAC over PPPoE.
Upvote
0
@pillaicha I changed to BSNL FTTH in April 2020 from the "Keralam Maarunnu..." KV because of its network "Quality". KV had MAC binding , and they had an option in their self care portal to reset it , which never used to work at all.
I have BSNL connection thru same LCO. AFAIK for BSNL connection , OLT only verifies the serial number of ONT and PPPoE authetication at BSNL side uses username & VLAN.
That's the reason why I could change the modem with no issues and not generalising the facts which I have observed.
I have BSNL connection thru same LCO. AFAIK for BSNL connection , OLT only verifies the serial number of ONT and PPPoE authetication at BSNL side uses username & VLAN.
That's the reason why I could change the modem with no issues and not generalising the facts which I have observed.
Upvote
0
Bro it's the same OLT. It's the same technology too. A line can either be GPON or EPON, not both. And the way most of these LCOs have implemented is they run whichever ISP they have on different VLANs on the same fiber line. That's how the same LCO gives multiple ISP support through the same fiber infrastructure.
So what I meant by asking if you're generalising is that the things we're talking about really happen between our personal ONT/ONU and OLT of the LCO. The ISP giving us an IP (and therefore the internet) isn't really a part of this.
In other words, ISP (whoever it is) gives us L3 and above capabilities, whereas the L2 registration and authentication can be using a variety of ways, mainly S/N, pass, S/N+pass, LOID... MAC binding also works at L2. It's just an extra way to lock down access to the fiber infrastructure.
Edit: What I've seen happen with KV is that these guys have come to an agreement with the LCO's. The information about our MAC address is passed on to KV's access gateway. This gateway maintains an internal routing table (since it performs Cgnat) and each of our authenticated L2 Mac addresses is assigned a L3 private IP from the CGNAT private address pool. So they've linked the MAC with customer identity, which is also several steps away from the simple authentication we were talking about. The reason you think KV does MAC binding and BSNL doesn't is probably cause of this?
Correct me if I'm wrong.
So what I meant by asking if you're generalising is that the things we're talking about really happen between our personal ONT/ONU and OLT of the LCO. The ISP giving us an IP (and therefore the internet) isn't really a part of this.
In other words, ISP (whoever it is) gives us L3 and above capabilities, whereas the L2 registration and authentication can be using a variety of ways, mainly S/N, pass, S/N+pass, LOID... MAC binding also works at L2. It's just an extra way to lock down access to the fiber infrastructure.
Edit: What I've seen happen with KV is that these guys have come to an agreement with the LCO's. The information about our MAC address is passed on to KV's access gateway. This gateway maintains an internal routing table (since it performs Cgnat) and each of our authenticated L2 Mac addresses is assigned a L3 private IP from the CGNAT private address pool. So they've linked the MAC with customer identity, which is also several steps away from the simple authentication we were talking about. The reason you think KV does MAC binding and BSNL doesn't is probably cause of this?
Correct me if I'm wrong.
Last edited:
Upvote
0
varkey
I got banned!
@pillaicha Please check my earlier post, yes there is L2 auth or binding at the ONT/OLT layer. However BSNL can also does mac binding at the PPPoE auth layer (this has no relation to the ONT/OLT) The BSNL auth server (access concetrator) can reject an auth request if it's coming from a different Mac address. I can point you to the logs I've shared earlier.
However nowadays BSNL doesn't appear to be doing mac binding at the PPPoE layer. Again varies with the regions though.
However nowadays BSNL doesn't appear to be doing mac binding at the PPPoE layer. Again varies with the regions though.
Upvote
0
@varkey thanks for clarifying that. So if BSNL isn't linking customer identify to MAC anymore, what do they use?
If it's just simple PPPoE username/password, for which their password is 'password', isn't that really unsafe? I agree MAC spoofing is a trivial affair, but still requires knowledge of the particular user's particular MAC.
If it's just simple PPPoE username/password, for which their password is 'password', isn't that really unsafe? I agree MAC spoofing is a trivial affair, but still requires knowledge of the particular user's particular MAC.
Upvote
0
Similar threads
- Solved
