General guidance for getting started - specifically when configuring FritzBox routers

Hey, this is my first time working with an ACS and I’m feeling a bit overwhelmed. (Apologies in advance if I’m not asking the “right” questions or if I have the wrong assumptions, I’m still trying to orientate myself as to how all this works)

My end goal is to be able to automatically configure a WAN IP/GW/DNS on a interface of a FritzBox router, but I don’t know where to begin or what I would even need to do with GenieACS to make that happen.

I’ve searched the forum for posts related to FritzBoxes and I saw one from about a vendor config file. In that thread there is discussion about uploading an existing vendor config file to GenieACS and then pushing that down to the FritzBox.

I’m not exactly sure what this vendor config file is or how I can get it. I know that I can download a file from my FritzBox that is a backup of the config - is this a vendor config file? If that’s the case, I could easily write a python script to edit the WAN IP/GW/DNS settings for the interface I’m interested in, but then I’d need to know how to programmatically upload this file to GenieACS and push that down to the device I want. (That’s also something else I’m not sure how to do. I’m familiar with writing basic get/post requests in python, but I don’t know where or how I’d upload that to my GenieACS instance or how I would clean up un-needed files afterwards.

Futhermore, another road block I’ve run into is getting Genie to see my Fritzbox when I plug it in. I’m currently running the server inside of an Ubuntu VM that’s in virtualbox on my windows work laptop. I would imagine I need to bridge the correct NIC with the VM, but then I don’t know where in Genie’s various files I can specify what network it should listen on.

I’m assuming that my workflow would look something like this:
Connect Fritzbox to the same network where GenieACS is hosted
Run a python function to get Fritzbox info (serial number, MAC, anything else I need)
Run a 2nd python function to populate a config file template with the WAN IP/GW/DNS settings
Run a 3rd python function to upload this new config file to GenieACS
Somehow tell GenieACS to push that config down to the correct Fritzbox???
Somehow verify that the configuration has been successfully applied to the Fritzbox
Somehow remove old config file from GenieACS so I don’t slowly fill up my disk over time

Is any of that remotely within the realm of possibility or am I way off base here? Any guidance would be appreciated!


Yes, all of this is entirely possible. But I question what is so special about FritzBox that users are not leveraging the capabilities of CWMP? I know nothing about FritzBox so pardon my ignorance on this.

The way this works with normal CPEs is CPE connects to ACS, ACS pushes provisioning to the CPE and then the device is provisioned.

1 Like

This is very helpful, thank you!!

This confuses me a little bit - pardon my ignorance - but I thought all of the above actions I mentioned, that you said were possible, would happen over CWMP. Is using tr-069 the same thing as CWMP or am I mixing up concepts? As for the fritzbox, they support tr-069, so I assumed I would be making use of this protocol automatically by using genieACS.

Previously I had been trying to use another protocol tr-064, but after speaking to the vendor they recommended I use an ACS and that’s how I wound up here. I’m working for a small ISP and at the moment we don’t have any ACS set up to manage our CEs, hence why I’m trying to figure this stuff out. I know the vendor we’re using supports this because the big players in our space also use these devices for residential areas and manage them with an ACS. They obviously don’t share info on their infrastructure setup, so I’m here trying to figure it out from scratch.

CWMP == CPE WAN Management Protocol == TR-069.

Same here :slight_smile: Hence why we are using GenieACS.

CWMP/TR-069 is the base protocol/implementation. There are many additional TRs that build on this, like TR-143 and TR-181.

You should review this TR-069 crash course.

1 Like

One more question if I may - is there anything special that needs to be done in order for a device to be visible to genieACS? I’m not sure if I’m missing something or doing something wrong. (I also realize the high possibility that the issue lies with the router I’m trying to configure)

In my case, I have genieacs running in a VM and I’ve bridged my laptop’s physical ethernet adapter to the VM and connected my router to this physical adapter. I can access the router from my VM so I know the connection works.

I’ve updated my /opt/genieacs/genieacs.env file to specifically point to the bridged interface:

Nevertheless, the router is not automatically discovered by genieacs and is not listed under “devices”.

My worry is that there is some kind of special certificate already installed on the router for the other large ISPs that enables the router to work with their ACS, but since I don’t have that, it won’t automatically be discoverable from my ACS.

Communication between a CPE, in this case, a FRITZ!Box, and an ACS is always CPE initiated. The likely reason you’re not seeing the FRITZ!Box in the devices list is because the FRITZ!Box doesn’t know about the ACS to talk to it.

Educating the FRITZ!Box about GenieACS is unfortunately not simple; you can’t ‘just’ set the ACS settings in the web interface like you can on other CPEs. That said, there are ways, and which one you chose will depend on your environment.
The common ways are:

  • DHCP Option 43
  • PPPoE in the message field
  • A custom provider configuration from AVM

You could also modify the configuration backup file to include your GenieACS URL, but you’ll need to update the checksums for the FRITZ!Box to read the file again.

It might be a better idea to get another CPE that you can easily configure the ACS settings in, learn about GenieACS and TR-069, then tackle the FRITZ!Box.

Hey, thanks for the reply. Would you have an example of how I might configure the DHCP option 43? Does the CPE need a username and password to authenticate to the ACS? (If yes - is this the same username and password that I use to log into the GUI on port 3000, or can I set this some other way?)

Do I need to provide these details in option 43 in HEX form?

For example, this is what I’m currently (unsuccessfully) trying on my test ubuntu VM running GenieACS at :

sudo nano /etc/dhcp/dhcpd.conf

# Define a vendor-specific option space for TR-069
option space TR069;
option TR069.acs-url code 1 = string;

# Subnet declaration for enp0s9
subnet netmask {
  option routers;
  option domain-name-servers,;
  vendor-option-space tr069;
  option tr069.acs-url "http:\/\/";

I unfortunately cannot change the CPE device because I’m working for an ISP that already has procurement contracts and workflows in place for these FritzBoxes - I’m just trying to automate the configuration of these devices before they go out to customers.

Would you have an example of how I might configure the DHCP option 43?

I don’t, but I remember something about having to force isc-dhcpd to send the vendor-option when the FRITZ!Box doesn’t request it.

Does the CPE need a username and password to authenticate to the ACS

You should use CPE to ACS authentication, but the username/password can’t be sent via DHCP. It needs to be set in the FRITZ!Box by other means, usually the custom provider configuration from AVM. See CPE Authentication — GenieACS Documentation 1.2.13 documentation for examples on how to enable CPE to ACS authentication with the cwmp.auth option.

I’m working for an ISP that already has procurement contracts and workflows in place for these FritzBoxes

I strongly suggest you contact AVM and have them generate a provider configuration file based on your requirements. This way, you can roll out FRITZ!Boxes that will always be able to securely connect back to your ACS if the customer does a factory reset.