Use ER7212PC SFP Port to Connect ISP Fibre
My ISP currently provides a Huawei HG8245 Modem/Router that the fibre is connected to which I connect my ER7212PC via ethernet cable but this means I have double NAT as unable to put the HG8245 into bridge mode due to limited admin access.
Can I bypass the ISP HG8245 and connect the fibre directly into an SFP port of my ER7212PC and if so what spec SFP module should I buy (500Mb fibre)
Any thoughts welcome and appreciated.
- Copy Link
- Subscribe
- Bookmark
- Report Inappropriate Content
Hi @JeremyT
Thanks for posting in our business forum.
JeremyT wrote
@Clive_A The modem/router is a Huawei HG8245h and the module is not removable, this is relatively basic device. Looking at the data sheet it has an optical connector for SC/APC.
Further details on the GPON specifications:
So assume I would need a LC APC to SC APC patch cable like this: https://www.fs.com/products/41163.html
Which should then support the SFP module.
Not gonna be helpful if you are asking me third-party module.
These should be what you are looking into.
It is a single-mode SC-interface gigabit module. The wavelength should be 1310nm. Pick up one fitting the specs and try it out.
BTW, you sent me a link to a fiber product? Not really a module. You are looking for the module, right?
- Copy Link
- Report Inappropriate Content
Hello,
A few thoughts...
1. Goin' the hard way, Goin' with fiber... you need a GPON accepted by your ISP (mine accepts almost one model any mortal being can find in this world !) and with the right optical connector shape. In my country it is standardized around SC/APC-SC/APC (green/green) excepted for one provider which is using SC/APC-SC/UPC (green/blue) and with the fiber capacity like monomode, multimode... etc. The standard here is multimode with small bend radius (the light is guided properly but there's high damping in the way for long distance).
The color of the fiber sleeve itself usually indicates its capability : it's not decoration and it sometimes may not match the color of your housing/office. But as the connectors present some color, OEM allow themself to sell white ones for ISP connection as regard low grade. I've got high end ones at home and it is flashy yellow with green connectors ! My WAF was highly affected by this. If you need UV resistant or cold resistant ones, you may suffer from other colors too.
Once you've got the correct GPON and the proper fiber, it must be programmed to authenticate properly. The one which is used by my ISP resets itself once accessed and the connection id code needs to be manually put back in and only the ISP knows it or you may need to find a verbose friend in the company (telnet or ssh is needed over a hard to find specific IP fixed by the GPON maker and using a SFP to RJ45 adapter to preset it).
There's a last trap ... the GPON SFP adapter must be accepted/supported by your router firmware... And its not the case for every module on the market. This is where the interoperaility list from tp-link may be important.
Then there's a somehow easy way...
2. forget NAT, go IPv6 if your ISP allows it as NAT does not exist in IPv6.
Configure your Huawei to do DHCPv6-PD client (prefix delegation) on the WAN side of your router to get control of a slice of IPv6 addresses from your ISP. And activate the DHCPv6-PD server on the LAN side of the huawei. Then set your router get a sub-delegation from the huawei that will be distributed on the LAN side using SLAAC (auto configuration of each client IP through distribution of the network prefix). If your huawei firmware does not support DHCPv6-PD : it's finished before starting anything !
This is pure routing thus easy to manage. Keep in mind that with IPv6 DHCPv6 is mostly used to configure routers the one after the other (this is not DHCPv4!). Keep also in mind that firewalling is then only a question of ACL management as any computer can be exposed to the real world as you wish to. No NAT, no need to get port redirection, etc unless special needs.
If some device are still IPv4 dependant leave them here : it is usually low throughput device that can afford the double NAT mess. On devices that do both set priority to IPv6. It will be a backup as some sites still use only IPv4.
And surprise... IPv6 supports several IP address on eachinterface ... the ones beginning by 2 allows access to the external world : your ISP shall distribute one slice of thoses addresses to you. The ones begining by FD are blocked and confined to you network. It is usefull to get both configure because if your ISP goes down the global access IP will disapear and the Local access IP will still allow you to communicate on your network.
You'll observe on properly configured device that its IPv6 IP will change every 20mn roughly (common device setup). This changing address will be used by the device to go quietly on the internet. This delay can be reduced but by experience small ones make internet communication unstable. I tried 15 seconds : it's funny to use but common softwares are not shaped to deal with such rate of addresses change. Anyway If you look well you'll find a fixed address on your device that is not used to communicate to the external world : it has to be used to expose your server to the external world through the ACL of your router and huawei stuff.
The advantage is that when a slice of IPv6 has been delegated to you : you can do whatever you what with it. Ok ... still in the boundary of the contractual terms you've got with your ISP.
Regards,
Eric..
- Copy Link
- Report Inappropriate Content
Hi @JeremyT
Thanks for posting in our business forum.
We are not able to provide this information due to different ISPs using different fiber optics. You should try this out in your environment. Nor can we guarantee the module(third-party) you may implement is gonna be compatible.
You should contact your ISP regarding the fiber optic specs and mode.
- Copy Link
- Report Inappropriate Content
Thanks for the response, I can connect tot he existing SIP modem and see details of the fibre connection (see below), what do I need to determine type of SFP module?
- Copy Link
- Report Inappropriate Content
Hi @JeremyT
Thanks for posting in our business forum.
JeremyT wrote
Thanks for the response, I can connect tot he existing SIP modem and see details of the fibre connection (see below), what do I need to determine type of SFP module?
Easiest way, unplug the module, and read the specs on the paper. If there is no spec written on it, we cannot figure it out. You need to contact the field rep or the tech support of your ISP or modem regarding that.
The software only provides the temp, voltage, and current. That does not make us understand what module you have now.
- Copy Link
- Report Inappropriate Content
@Clive_A The modem/router is a Huawei HG8245h and the module is not removable, this is relatively basic device. Looking at the data sheet it has an optical connector for SC/APC.
Further details on the GPON specifications:
So assume I would need a LC APC to SC APC patch cable like this: https://www.fs.com/products/41163.html
Which should then support the SFP module.
- Copy Link
- Report Inappropriate Content
Hi @JeremyT
Thanks for posting in our business forum.
JeremyT wrote
@Clive_A The modem/router is a Huawei HG8245h and the module is not removable, this is relatively basic device. Looking at the data sheet it has an optical connector for SC/APC.
Further details on the GPON specifications:
So assume I would need a LC APC to SC APC patch cable like this: https://www.fs.com/products/41163.html
Which should then support the SFP module.
Not gonna be helpful if you are asking me third-party module.
These should be what you are looking into.
It is a single-mode SC-interface gigabit module. The wavelength should be 1310nm. Pick up one fitting the specs and try it out.
BTW, you sent me a link to a fiber product? Not really a module. You are looking for the module, right?
- Copy Link
- Report Inappropriate Content
- Copy Link
- Report Inappropriate Content
Hello,
A few thoughts...
1. Goin' the hard way, Goin' with fiber... you need a GPON accepted by your ISP (mine accepts almost one model any mortal being can find in this world !) and with the right optical connector shape. In my country it is standardized around SC/APC-SC/APC (green/green) excepted for one provider which is using SC/APC-SC/UPC (green/blue) and with the fiber capacity like monomode, multimode... etc. The standard here is multimode with small bend radius (the light is guided properly but there's high damping in the way for long distance).
The color of the fiber sleeve itself usually indicates its capability : it's not decoration and it sometimes may not match the color of your housing/office. But as the connectors present some color, OEM allow themself to sell white ones for ISP connection as regard low grade. I've got high end ones at home and it is flashy yellow with green connectors ! My WAF was highly affected by this. If you need UV resistant or cold resistant ones, you may suffer from other colors too.
Once you've got the correct GPON and the proper fiber, it must be programmed to authenticate properly. The one which is used by my ISP resets itself once accessed and the connection id code needs to be manually put back in and only the ISP knows it or you may need to find a verbose friend in the company (telnet or ssh is needed over a hard to find specific IP fixed by the GPON maker and using a SFP to RJ45 adapter to preset it).
There's a last trap ... the GPON SFP adapter must be accepted/supported by your router firmware... And its not the case for every module on the market. This is where the interoperaility list from tp-link may be important.
Then there's a somehow easy way...
2. forget NAT, go IPv6 if your ISP allows it as NAT does not exist in IPv6.
Configure your Huawei to do DHCPv6-PD client (prefix delegation) on the WAN side of your router to get control of a slice of IPv6 addresses from your ISP. And activate the DHCPv6-PD server on the LAN side of the huawei. Then set your router get a sub-delegation from the huawei that will be distributed on the LAN side using SLAAC (auto configuration of each client IP through distribution of the network prefix). If your huawei firmware does not support DHCPv6-PD : it's finished before starting anything !
This is pure routing thus easy to manage. Keep in mind that with IPv6 DHCPv6 is mostly used to configure routers the one after the other (this is not DHCPv4!). Keep also in mind that firewalling is then only a question of ACL management as any computer can be exposed to the real world as you wish to. No NAT, no need to get port redirection, etc unless special needs.
If some device are still IPv4 dependant leave them here : it is usually low throughput device that can afford the double NAT mess. On devices that do both set priority to IPv6. It will be a backup as some sites still use only IPv4.
And surprise... IPv6 supports several IP address on eachinterface ... the ones beginning by 2 allows access to the external world : your ISP shall distribute one slice of thoses addresses to you. The ones begining by FD are blocked and confined to you network. It is usefull to get both configure because if your ISP goes down the global access IP will disapear and the Local access IP will still allow you to communicate on your network.
You'll observe on properly configured device that its IPv6 IP will change every 20mn roughly (common device setup). This changing address will be used by the device to go quietly on the internet. This delay can be reduced but by experience small ones make internet communication unstable. I tried 15 seconds : it's funny to use but common softwares are not shaped to deal with such rate of addresses change. Anyway If you look well you'll find a fixed address on your device that is not used to communicate to the external world : it has to be used to expose your server to the external world through the ACL of your router and huawei stuff.
The advantage is that when a slice of IPv6 has been delegated to you : you can do whatever you what with it. Ok ... still in the boundary of the contractual terms you've got with your ISP.
Regards,
Eric..
- Copy Link
- Report Inappropriate Content
Information
Helpful: 0
Views: 601
Replies: 7
Voters 0
No one has voted for it yet.