Just a quick question sorry if this been asked before, is there a way to to Override Factory Default setting of huawei ONT to always include an ACS settings even though the user hard reset the modem, I can easily do this with ease at mikrotik but haven’t found any luck to do it with huawei, we are an small isp we don’t have commercial with them that’s i’m just shooting the star
your OLT should be responsible to provide the ACS url to any CPE connecting for the first time or after a factory reset. Ofc that’s means providing also the wan interface configuration. My suggestion is to use a VLAN and hide the ACS there. Which in turn also means you need someone very skilled at networking to do this. The last thing you want is to expose your ACS to the net.
We are in the same situation as you and that’s how we handle things here.
thanks for the very good insight the problem is we just used a Chinese OLT and won’t sure be providing TR69 params on a huawei ONT… i’m very skilled at networking i just want a right direction, can you elaborate more on how you mitigate this? if only the modem can do DHCP after factory reset i can turn on OPTION 53 to provie the ACS parameter but there is no profile in modem by default, thanks again looking forward to here from you again
During my second year in academic studies I got a 4 out of 10 on the final exam on Networking. It’s a really deep stuff. Just because I am able to configure a router or to play with Tcp/Ip v4 tools does not mean I am a network specialist (just a programmer who happens to have to deal with GenieACS provisions), so I can´t help you with the networking/OLT side, but I do know (here comes the tricky part) each CPE has it own profile on the OLT. Each profile configure each individual basic CPE networking including PPPoE credentials on the wan interface and adds the vlan I mentioned. All profiles are handled by our management software via SSH commands.
As I said it’s how we did it and took us a few months until we came up with this scheme. YMMV.
For the record we end up creating two profile as rudymartin suggestion we create TR69 profile in the modem with DHCP on a separate VLAN and we locked down the ONU with seal and with EULA policy and we expose changing WiFi SSID and password in our home grown customer management portal so that there is no reason for the customer to poke and fiddle with the modem problem solved
This is exactly how I’ve done things. Our CPEs are very locked down. All LAN/WiFi management has to be done via our customer portal. All management is done over a separate vlan as @rudymartin suggests. Doing things like this obviously adds complexity, but we’ve found not allowing anyone (not even support) access to the web ui of the CPE eliminates a lot of issues with misconfiguration and ad-hoc configuration of the CPE.
In my provider I usually use a script via telnet to edit the factory settings using TFTP, substitution the file. We use other standard settings, such as user, name and password of WiFi, and even a vlan already placed