Configured the next EPON OLT BDCOM P3310B-2AC and P3310C-2AC.
How to recover the password or reset the configuration, see my article – BDCOM P3310 Reset Configuration
Connected to it with a console cable at a speed of 9600.
There was no configuration, all ports are turned off.
There may be a standard identical username and password admin
After connecting, we will go into the setup mode:
enable
config
Let’s see what the saved and active configuration is:
show configuration
show running-config
Getting started with the setup!
Delete the standard vlan 1 and add the vlan control (I have 207), vlan 301 (client):
no interface vlan 1
vlan 207,301
exit
interface vlan 207
description core
ip address 192.168.1.3 255.255.255.0
exit
ip default-gateway 192.168.1.1
I configured the fifth combo port as incoming (207 – control vlan, 301 – client):
interface gigaEthernet 0/5
description UPLINK
no shutdown
switchport trunk vlan-allowed 207
switchport trunk vlan-allowed add 301
switchport trunk vlan-untagged none
switchport mode trunk
exit
I chose a combo port so that I could enable the incoming link via copper or SFP.
We will write a template for ONU (in the future they will be registered themselves, you will only need to add a description and save the config):
epon onu-config-template ixnfo.com
cmd-sequence 001 epon onu port 1 ctc vlan mode tag 301
cmd-sequence 002 epon onu all-port ctc loopback detect
cmd-sequence 003 epon onu all-port storm-control mode 4 threshold 256
cmd-sequence 004 switchport port-security dynamic maximum 3
cmd-sequence 005 switchport port-security mode dynamic
exit
Another example of commands for a template:
cmd-sequence 006 loopback-detection recovery-time 7200
epon onu all-port storm-control mode ?
1 -- limit broadcast
2 -- limit multicast
3 -- limit unknown unicast
4 -- limit all packet
Manually allow only two MAC addresses per ONU:
interface EPON0/2:2
switchport port-security dynamic maximum 2
switchport port-security mode dynamic
Configure EPON ports:
interface EPON0/1
no shutdown
description ixnfo.com
switchport trunk vlan-untagged none
switchport trunk vlan-allowed 301
switchport mode trunk
epon pre-config-template ixnfo.com binded-onu-llid 1-64
filter dhcp
filter bpdu
switchport protected 1
interface EPON0/2
no shutdown
description ixnfo.com
switchport trunk vlan-untagged none
switchport trunk vlan-allowed 301
switchport mode trunk
epon pre-config-template ixnfo.com binded-onu-llid 1-64
filter dhcp
filter bpdu
switchport protected 2
interface EPON0/3
no shutdown
description ixnfo.com
switchport trunk vlan-untagged none
switchport trunk vlan-allowed 301
switchport mode trunk
epon pre-config-template ixnfo.com binded-onu-llid 1-64
filter dhcp
filter bpdu
switchport protected 3
interface EPON0/4
no shutdown
description ixnfo.com
switchport trunk vlan-untagged none
switchport trunk vlan-allowed 301
switchport mode trunk
epon pre-config-template ixnfo.com binded-onu-llid 1-64
filter dhcp
filter bpdu
switchport protected 4
Add admin and password:
aaa authentication login default local
aaa authentication enable default none
aaa authorization exec default local
username admin password 0 TEXT
enable password 0 TEXT
service password-encryption
We will indicate from which IPs the administrator is allowed to connect:
ip access-list standard MANAGEMENT
permit 192.168.1.2 255.255.255.255
exit
ip telnet access-class MANAGEMENT
Specify the time zone and NTP server with which time to synchronize (for new firmware, instead of sntp, you need to write ntp):
time-zone Kyiv +2
sntp server 192.168.1.1
sntp query-interval 3600
Configure SNMP:
snmp-server location test
snmp-server contact test
snmp-server community public ro MANAGEMENT
Set the device name and the length of the console line:
hostname TEST
terminal width 256
terminal length 256
Disable HTTP:
no ip http server
Or configure with IP access from a previously created access-list:
ip http server
ip http access-class MANAGEMENT
Specify the period in seconds after which the port should turn on after the error-disable state:
error-disable-recovery 10800
For the test I took ONU BDCOM P1501C1 (you do not need to configure), FOXGATE 1001w and FOXGATE 1001c (you do not need to configure), Foxgate NR1001 (standard IP 192.168.101.8 admin/admin) and TP-Link EP110 (you need to disable DHCP by going to 192.168.1.1) , connected them through a 1*8 divider to the first PON port.
Save the settings:
write
On new firmware, save as follows:
write all
This completes the basic setup.
Select the desired ONU and add a description:
interface EPON0/1:1
description TEST
You can limit the speed on ONU ports in kilobits (not all ONUs support this), for this we execute the commands:
epon onu port 1 ctc rate-limit 15000 ingress
epon onu port 1 ctc rate-limit 15000 egress
If it is necessary that traffic can go between ONUs (which is not recommended!), then add the command for the port:
epon inner onu switch
Instead of telnet, you can optionally use SSH, which is enabled by the command:
ip sshd enable
Example of configuring a GigaEthernet port with vlan without a tag:
interface GigaEthernet0/6
description ixnfo.com
switchport mode access
switchport pvid 301
switchport protected 1
An example of using short SNMP descriptions, for example, by default: GigaEthernet0/1, EPON0/1, and with the executed command: g0/1, epon0/1:
short-ifdescr
no short-ifdescr
If the Internet is fed to UPLINK via one VLAN without a tag, then the configuration will differ as follows:
interface vlan 1
ip address 192.168.1.5 255.255.0.0
exit
ip default-gateway 192.168.1.1
interface gigaEthernet 0/5
description UPLINK
no shutdown
switchport mode access
switchport pvid 1
exit
epon onu-config-template ixnfo.com
cmd-sequence 001 epon onu port 1 ctc vlan mode tag 301
cmd-sequence 002 epon onu all-port ctc loopback detect
cmd-sequence 003 epon onu all-port storm-control mode 4 threshold 256
cmd-sequence 004 switchport port-security dynamic maximum 3
cmd-sequence 005 switchport port-security mode dynamic
exit
interface EPON0/1
no shutdown
description test
switchport trunk vlan-untagged none
switchport trunk vlan-allowed 1
switchport mode trunk
epon pre-config-template ixnfo.com binded-onu-llid 1-64
filter dhcp
filter bpdu
switchport protected
If any ONU floods, for example EPON0/2:28, then you can disable the ethernet port on it (with a loop this will not help):
interface EPON0/2:28
epon onu port 1 ctc shutdown
See also: How to block ONU BDCOM
View firmware version, MTU, list of administrators:
show version
show system mtu
show local-users
The following MAC addresses are reserved for new firmware versions and can not be used:
X2:XX:XX:XX:XX:XX Local Administered
X6:XX:XX:XX:XX:XX Local Administered
XA:XX:XX:XX:XX:XX Local Administered
XE:XX:XX:XX:XX:XX Local Administered
That they could be used we execute a command:
epon local-mac forward
An example of assigning an IP address to ONU (if ONU supports):
epon0/1:1#epon onu ip address static 192.168.5.5 255.255.255.0 gateway 192.168.5.1 vlan 1
epon0/1:1#epon onu ctc ip address static 192.168.5.5 255.255.255.0 gateway 192.168.5.1 cvlan 5 svlan 0 priority 0
Allow traffic between multiple ONUs (by default, traffic between all ONUs is prohibited):
epon0/1:1#epon inner-onu-switch
See also my articles:
- Configuring DHCP snooping on BDCOM P3310
- Adding ONU with trunk port
- 1 Gbps per ONU BDCOM
- How to view information about ONU on BDCOM OLT
- Firmware Update BDCOM P3310
- How to remove ONT from the BDCOM OLT configuration
- Configuring TP-Link EP110
- BDCOM OLT DDM SNMP OID
- Configuring BDCOM P3608
- My other articles about BDCOM