Starting with TR 069

Hello everyone

I am starting in the world of TR069

I want to be able to control the FTTH for now, for which I have Huawei MA5608T brand OLTs and Multibrand ONTs (Huawei, ZTE, C-DATA, among others)
I have already installed the GenieACS server v1.2 without problem following the installation manual Installation Guide — GenieACS Documentation 1.2.13 documentation.

According to the guide, it asks us to add a configuration line for the authentication of the CPE

image1896×565 53.9 KB

Now I configure the ont in its administration part

Ont reaches server with ping command

With this configuration it would be enough for me to be able to see the ONT for administration in GenieACS but that is not the case, no device appears.

What could be happening?

Remove the cwmp.auth entry, its not necessary as GenieACS in the default inform script sets per CPE auth.

Thanks akcoder
Although I don’t really understand why eliminate the line since it is defining the username and password with which the CPE will identify itself with the ACS.

Likewise, I deleted the line but I still cannot see the equipment on the GenieACS server.

Can you do a tcpdump on your server to confirm that the ONT is communicating with the ACS?

Thanks dustin

My problem was with the NAT issue, I was testing with a remote site.
Now I have a local laboratory, I configured the ont in the ACS part with the IP of my GenieACS server and nothing else, without credentials or users and I am already seeing it.

image1229×323 18.5 KB

Now that I can see the ONT on my GenieACS server I have a few questions:

1. Can I change WAN parameters such as IP, Mask, Gateway, DNS?
2. When I try to change the name of the SSID I get an error Connection request error: Incorrect connection request credentials, wouldn’t the lines I previously deleted enter there?
3. Can I change the LAN segmentation?
4. How can I send command to enable WAN access?

1. Yes
2. There are two different sets of credentials. One used by the CPE to auth to the ACS and one for the ACS to auth to the CPE. Do you have any auth enabled on the CPE itself?
3. Yes
4. Device specific. Refresh all the CPE params in the ACS UI. Snapshot the data in the ACS (use a script to pull down the JSON for the device). Make your change in the UI, refresh everything in the CPE again and compare the JSON.

According to the wiki documentation there are 2 types, CPE to ACS and ACS to CPE.
In order to apply changes in the ACS to CPE mode, I must configure 2 lines.

• InternetGatewayDevice.ManagementServer.ConnectionRequestPassword
• InternetGatewayDevice.ManagementServer.ConnectionRequestUsername

Entering the username and password information.

When I try to make some modification it shows the error

• A41B34-H2%2D2-CMDCA428CD50: Connection request error: Incorrect connection request credentials
  
  

  image1327×390 30.2 KB

My config on GenieACS

• Device.ManagementServer.ConnectionRequestPassword |hgw|
• Device.ManagementServer.ConnectionRequestUsername |hgw|
• InternetGatewayDevice.ManagementServer.ConnectionRequestPassword |ACS|
• InternetGatewayDevice.ManagementServer.ConnectionRequestUsername |ACS|

My config on ONT
Web server URL http://192.168.100.150:7547
user name hgw
Password ••••
Connection request URL http://10.24.0.4:58000
Connection request user name ACS
Connection request password ••••
Enable periodic reporting Check
Cycle reporting time 43200 second
Use certificate or not Not Check

image806×580 52.1 KB

genieacs-cwmp-access.log
sysclub@genieacs:/var/log/genieacs$ tail -5 genieacs-cwmp-access.log
2024-11-13T23:28:45.917Z [INFO] ::ffff:192.168.100.1 A41B34-H2%2D2-CMDCA428CD50: ACS request; acsRequestId=“19327dba2bf0107” acsRequestName=“GetParameterNames”
2024-11-13T23:28:45.928Z [INFO] ::ffff:192.168.100.1 A41B34-H2%2D2-CMDCA428CD50: ACS request; acsRequestId=“19327dba2bf0108” acsRequestName=“GetParameterNames”
2024-11-13T23:28:45.954Z [INFO] ::ffff:192.168.100.1 A41B34-H2%2D2-CMDCA428CD50: ACS request; acsRequestId=“19327dba2bf0109” acsRequestName=“GetParameterNames”
2024-11-13T23:28:45.962Z [INFO] ::ffff:192.168.100.1 A41B34-H2%2D2-CMDCA428CD50: ACS request; acsRequestId=“19327dba2bf010a” acsRequestName=“GetParameterNames”
2024-11-13T23:28:45.971Z [INFO] ::ffff:192.168.100.1 A41B34-H2%2D2-CMDCA428CD50: ACS request; acsRequestId=“19327dba2bf010b” acsRequestName=“GetParameterNames”

genieacs-ui-access.log
sysclub@genieacs:/var/log/genieacs$ tail -5 genieacs-ui-access.log
2024-11-14T00:57:04.138Z [INFO] admin@::ffff:192.168.100.10: Query presets; filter=“true” limit=1 skip=9 sort={“_id”:1} projection={“_id”:1}
2024-11-14T00:57:04.139Z [INFO] admin@::ffff:192.168.100.10: Count presets; filter=“true” count=3
2024-11-14T00:57:04.148Z [INFO] admin@::ffff:192.168.100.10: Query presets; filter=“true”
2024-11-14T00:57:04.150Z [INFO] admin@::ffff:192.168.100.10: Query provisions; filter=“true”
2024-11-14T00:57:05.483Z [INFO] admin@::ffff:192.168.100.10: Query config; filter=“true”

What could be happening?
Why doesn’t it connect?

You do not need to change these lines if you use the default GenieACS inform script. GenieACS will set per CPE connection request credentials. Remove the connection request username/password you have configured in your CPE.

Here is an abbreviated version of the default inform script:

// Device ID as username
const username = declare("DeviceID.ID", {value: 1}).value[0];
const now = Date.now();

// Password will be fixed for a given device because Math.random() is seeded with device ID by default.
const password = Math.trunc(Math.random() * Number.MAX_SAFE_INTEGER).toString(36);

// Refresh values daily
const daily = Date.now(86400000);

// Unique inform offset per device for better load distribution
const informTime = daily % 86400000;

declare("InternetGatewayDevice.ManagementServer.ConnectionRequestUsername", {value: daily}, {value: username});
declare("InternetGatewayDevice.ManagementServer.ConnectionRequestPassword", {value: daily}, {value: password});

declare("Device.ManagementServer.ConnectionRequestPassword", {value: daily}, {value: password});
declare("Device.ManagementServer.PeriodicInformEnable", {value: daily}, {value: true});

ok
Delete the 2 configuration lines, delete the genieacs ont, restart the ONT, when consulting it again and trying to make any modifications you get the same error.

Connection request error: Incorrect connection request credentials

sysclub@genieacs:~$ ping 10.24.0.4
PING 10.24.0.4 (10.24.0.4) 56(84) bytes of data.
64 bytes from 10.24.0.4: icmp_seq=1 ttl=63 time=1.96 ms
64 bytes from 10.24.0.4: icmp_seq=2 ttl=63 time=2.15 ms
64 bytes from 10.24.0.4: icmp_seq=3 ttl=63 time=2.10 ms
64 bytes from 10.24.0.4: icmp_seq=4 ttl=63 time=2.08 ms
^C
— 10.24.0.4 ping statistics —
4 packets transmitted, 4 received, 0% packet loss, time 3004ms
rtt min/avg/max/mdev = 1.958/2.073/2.153/0.071 ms

sysclub@genieacs:~$ nmap -p 58000 10.24.0.4
Starting Nmap 7.93 ( https://nmap.org ) at 2024-11-15 09:01 -05
Nmap scan report for 10.24.0.4
Host is up (0.0021s latency).

PORT STATE SERVICE
58000/tcp open unknown

Nmap done: 1 IP address (1 host up) scanned in 0.08 seconds

What does the ACS show as your Connection Request username and Connection Request Password?

InternetGatewayDevice.ManagementServer.ConnectionRequestUsername
InternetGatewayDevice.ManagementServer.ConnectionRequestPassword

I have also tried like this:

image807×584 52.1 KB

image1919×388 23.5 KB

And This

image809×581 51.9 KB

image1916×378 23.4 KB

I think that is your problem.
You did not need to create those in Admin.

Delete those four from Admin.
Delete the device from the ACS.
Reboot the device and allow it to register and then retry your tests.

ConnectionRequest remove an reload ACS and remove device

image1112×398 14.7 KB

Reboot the ONT and…

The ACS server register the ont again and …

Same Error

image1343×894 86.7 KB

If you navigate to here (screenshot below), what value do you have?

image747×313 6.29 KB