-
Amazon Deals - ToS - Warp
Help In Configuring My BSNL FTTH With Syrotech ONT
- Thread starter AshikAliLive
- Start date
- Replies 51
- Views 30,640
@vu3knb Don't you think you are generalising it a bit too much? I mean how can you be sure that BSNL isn't MAC binding new FTTH connections?
The way I understand it, this whole authentication thing is between your ONT and your upstream OLT, which can belong to whoever and be of whatever brand (basically depends on your LCO).
Unless what you meant to say was only about direct connections from BSNL (the ones taken a few years back)?
On a side note: does anyone really have personal/business connections in India where LCO's/OLT operators have gone overboard and actually enabled both layers of authentication?? Mine simply binds MAC over PPPoE.
The way I understand it, this whole authentication thing is between your ONT and your upstream OLT, which can belong to whoever and be of whatever brand (basically depends on your LCO).
Unless what you meant to say was only about direct connections from BSNL (the ones taken a few years back)?
On a side note: does anyone really have personal/business connections in India where LCO's/OLT operators have gone overboard and actually enabled both layers of authentication?? Mine simply binds MAC over PPPoE.
Upvote
0
@pillaicha I changed to BSNL FTTH in April 2020 from the "Keralam Maarunnu..." KV because of its network "Quality". KV had MAC binding , and they had an option in their self care portal to reset it , which never used to work at all.
I have BSNL connection thru same LCO. AFAIK for BSNL connection , OLT only verifies the serial number of ONT and PPPoE authetication at BSNL side uses username & VLAN.
That's the reason why I could change the modem with no issues and not generalising the facts which I have observed.
I have BSNL connection thru same LCO. AFAIK for BSNL connection , OLT only verifies the serial number of ONT and PPPoE authetication at BSNL side uses username & VLAN.
That's the reason why I could change the modem with no issues and not generalising the facts which I have observed.
Upvote
0
Bro it's the same OLT. It's the same technology too. A line can either be GPON or EPON, not both. And the way most of these LCOs have implemented is they run whichever ISP they have on different VLANs on the same fiber line. That's how the same LCO gives multiple ISP support through the same fiber infrastructure.
So what I meant by asking if you're generalising is that the things we're talking about really happen between our personal ONT/ONU and OLT of the LCO. The ISP giving us an IP (and therefore the internet) isn't really a part of this.
In other words, ISP (whoever it is) gives us L3 and above capabilities, whereas the L2 registration and authentication can be using a variety of ways, mainly S/N, pass, S/N+pass, LOID... MAC binding also works at L2. It's just an extra way to lock down access to the fiber infrastructure.
Edit: What I've seen happen with KV is that these guys have come to an agreement with the LCO's. The information about our MAC address is passed on to KV's access gateway. This gateway maintains an internal routing table (since it performs Cgnat) and each of our authenticated L2 Mac addresses is assigned a L3 private IP from the CGNAT private address pool. So they've linked the MAC with customer identity, which is also several steps away from the simple authentication we were talking about. The reason you think KV does MAC binding and BSNL doesn't is probably cause of this?
Correct me if I'm wrong. 🙂
So what I meant by asking if you're generalising is that the things we're talking about really happen between our personal ONT/ONU and OLT of the LCO. The ISP giving us an IP (and therefore the internet) isn't really a part of this.
In other words, ISP (whoever it is) gives us L3 and above capabilities, whereas the L2 registration and authentication can be using a variety of ways, mainly S/N, pass, S/N+pass, LOID... MAC binding also works at L2. It's just an extra way to lock down access to the fiber infrastructure.
Edit: What I've seen happen with KV is that these guys have come to an agreement with the LCO's. The information about our MAC address is passed on to KV's access gateway. This gateway maintains an internal routing table (since it performs Cgnat) and each of our authenticated L2 Mac addresses is assigned a L3 private IP from the CGNAT private address pool. So they've linked the MAC with customer identity, which is also several steps away from the simple authentication we were talking about. The reason you think KV does MAC binding and BSNL doesn't is probably cause of this?
Correct me if I'm wrong. 🙂
Last edited:
Upvote
0
varkey
I got banned!
@pillaicha Please check my earlier post, yes there is L2 auth or binding at the ONT/OLT layer. However BSNL can also does mac binding at the PPPoE auth layer (this has no relation to the ONT/OLT) The BSNL auth server (access concetrator) can reject an auth request if it's coming from a different Mac address. I can point you to the logs I've shared earlier.
However nowadays BSNL doesn't appear to be doing mac binding at the PPPoE layer. Again varies with the regions though.
However nowadays BSNL doesn't appear to be doing mac binding at the PPPoE layer. Again varies with the regions though.
Upvote
0
@varkey thanks for clarifying that. So if BSNL isn't linking customer identify to MAC anymore, what do they use?
If it's just simple PPPoE username/password, for which their password is 'password', isn't that really unsafe? I agree MAC spoofing is a trivial affair, but still requires knowledge of the particular user's particular MAC.
If it's just simple PPPoE username/password, for which their password is 'password', isn't that really unsafe? I agree MAC spoofing is a trivial affair, but still requires knowledge of the particular user's particular MAC.
Upvote
0
varkey
I got banned!
Help In Configuring My BSNL FTTH With Syrotech ONT | BSNL Bharat Fiber Broadband
I've a BSNL FTTH (Mysore Division), please help me in the configuration with Syrotech G/EPON ONU. I've MI R3P Pro router running OpenWRT, So I need the ONU to be in Bridge Mode. Thank You.
broadband.forum
This is a log entry where the PPPoE auth fails due to mac binding at BSNL's auth server.
Code:
Tue Mar 26 08:24:06 2019 daemon.notice pppd[31302]: pppd 2.4.7 started by root, uid 0
Tue Mar 26 08:24:06 2019 daemon.info pppd[31302]: PPP session is 8420
Tue Mar 26 08:24:06 2019 daemon.warn pppd[31302]: Connected to 20:d8:0b:d4:8d:f4 via interface eth0.702
Tue Mar 26 08:24:06 2019 kern.info kernel: [134208.751099] pppoe-wan2_test: renamed from ppp0
Tue Mar 26 08:24:06 2019 daemon.info pppd[31302]: Using interface pppoe-wan2_test
Tue Mar 26 08:24:06 2019 daemon.notice pppd[31302]: Connect: pppoe-wan2_test <--> eth0.702
Tue Mar 26 08:24:06 2019 daemon.info odhcpd[1015]: Using a RA lifetime of 0 seconds on br-lan
Tue Mar 26 08:24:06 2019 daemon.info pppd[31302]: CHAP authentication failed: Policy Failed
Tue Mar 26 08:24:06 2019 daemon.err pppd[31302]: CHAP authentication failed
Tue Mar 26 08:24:06 2019 daemon.notice pppd[31302]: Modem hangup
Tue Mar 26 08:24:06 2019 daemon.notice pppd[31302]: Connection terminated.
Tue Mar 26 08:24:06 2019 daemon.info pppd[31302]: Sent PADT
Tue Mar 26 08:24:06 2019 daemon.info pppd[31302]: Exit.
Upvote
0
Similar threads
