[网络折腾] 上海电信更换光猫华为MA5675M-电话/IPTV/网络桥接
by xiangxiang
0x00 背景
- 上海电信开通国际精品网需要199的十全十美套餐,更换电信套餐后网络变成了千兆
- 老的光猫为F450G V1.0, EPON口是1G的,电信需要强制升级为10G EPON的SDN光猫
- 老的光猫已经拆机使用TTL进行了破解,改成了桥接模式,电话/IPTV/网络桥接均正常
- 买了一个MA5675M验证配置,后面等万兆PON口接入加万兆光口的光猫,然后给软路由换个万兆卡
0x01 老光猫配置
- TTL大法: 波特率选115200, GND接GND, TX/RX交换试一下,VCC不用接
- 1.0版本TTL使用admin/admin登陆, 登陆后执行
show mdm InternetGatewayDevice.DeviceInfo.X_CT-COM_TeleComAccount就可以看到超密了 - 访问http://192.168.1.1, 使用telecomadmin及超密登陆
- 访问http://192.168.1.1/backupsettings.html直接导出配置
- 核心配置解读
1、 LAN口设置了VLAN绑定(也就是光猫管理页面上的数据绑定), 这个关联到IPTV
<LANEthernetInterfaceConfig instance="3">
<Enable>TRUE</Enable>
<X_BROADCOM_COM_IfName>eth2</X_BROADCOM_COM_IfName>
<X_CT-COM_Mode>1</X_CT-COM_Mode>
<X_CT-COM_VLAN>85/85</X_CT-COM_VLAN>
<LANVlanBindConfig instance="3">
<Enable>TRUE</Enable>
<X_BROADCOM_COM_IfName>eth2</X_BROADCOM_COM_IfName>
<X_CT-COM_VLAN>85/85</X_CT-COM_VLAN>
<X_CT_COM_VLAN_WAN_NAME>epon0.3</X_CT_COM_VLAN_WAN_NAME>
</LANVlanBindConfig>
<LANVlanBindConfig nextInstance="4" ></LANVlanBindConfig>
</LANEthernetInterfaceConfig>2、 Internet的桥接配置
<WANConnectionDevice instance="8">
<WANIPConnectionNumberOfEntries>0</WANIPConnectionNumberOfEntries>
<WANPPPConnectionNumberOfEntries>1</WANPPPConnectionNumberOfEntries>
<WANEthernetLinkConfig>
<Enable>TRUE</Enable>
<X_BROADCOM_COM_L2connectionId>1</X_BROADCOM_COM_L2connectionId>
<ConnectionMode>VlanMuxMode</ConnectionMode>
<IfName>epon0</IfName>
</WANEthernetLinkConfig>
<WANPPPConnection instance="1">
<Enable>TRUE</Enable>
<ConnectionType>PPPoE_Bridged</ConnectionType>
<Name>2_INTERNET_B_VID_</Name>
<Username>@vip1</Username>
<X_BROADCOM_COM_ConnectionId>1</X_BROADCOM_COM_ConnectionId>
<X_BROADCOM_COM_IfName>epon0.1</X_BROADCOM_COM_IfName>
<X_TWSH_COM_Tpid>33024</X_TWSH_COM_Tpid>
<MaxMTUSize>1500</MaxMTUSize>
<MACAddress>aa:bb:cc:dd:ee:ff</MACAddress>
<ConnectionTrigger>AlwaysOn</ConnectionTrigger>
<PortMappingNumberOfEntries>0</PortMappingNumberOfEntries>
<X_CT_COM_IPV4Enable>TRUE</X_CT_COM_IPV4Enable>
</WANPPPConnection>
<WANPPPConnection nextInstance="2" ></WANPPPConnection>3、 IPTV的桥接配置
<WANConnectionDevice instance="3">
<WANIPConnectionNumberOfEntries>0</WANIPConnectionNumberOfEntries>
<WANPPPConnectionNumberOfEntries>1</WANPPPConnectionNumberOfEntries>
<WANEthernetLinkConfig>
<Enable>TRUE</Enable>
<Mode>2</Mode>
<VLANIDMark>85</VLANIDMark>
<X_BROADCOM_COM_L2connectionId>3</X_BROADCOM_COM_L2connectionId>
<ConnectionMode>VlanMuxMode</ConnectionMode>
<IfName>epon0</IfName>
</WANEthernetLinkConfig>
<WANPPPConnection instance="1">
<Enable>TRUE</Enable>
<ConnectionType>PPPoE_Bridged</ConnectionType>
<Name>1_OTHER_B_VID_85</Name>
<X_BROADCOM_COM_ConnectionId>3</X_BROADCOM_COM_ConnectionId>
<X_BROADCOM_COM_IfName>epon0.3</X_BROADCOM_COM_IfName>
<X_TWSH_COM_Tpid>33024</X_TWSH_COM_Tpid>
<X_BROADCOM_COM_VlanMux8021p>0</X_BROADCOM_COM_VlanMux8021p>
<X_BROADCOM_COM_VlanMuxID>85</X_BROADCOM_COM_VlanMuxID>
<MACAddress>aa:bb:cc:dd:ee:ff</MACAddress>
<ConnectionTrigger>AlwaysOn</ConnectionTrigger>
<PortMappingNumberOfEntries>0</PortMappingNumberOfEntries>
<X_CT_COM_IPV4Enable>TRUE</X_CT_COM_IPV4Enable>
<X_CT-COM_ServiceList>OTHER</X_CT-COM_ServiceList>
<X_CT-COM_LanInterface-DHCPEnable>FALSE</X_CT-COM_LanInterface-DHCPEnable>
<X_CT-COM_MulticastVlan>51</X_CT-COM_MulticastVlan>
</WANPPPConnection>
<WANPPPConnection nextInstance="2" ></WANPPPConnection>
</WANConnectionDevice>4、 电话/TR069的WAN设置 理论上在电信下发配置完成后,可以删除TR069,仅保留VLAN46
<WANConnectionDevice instance="9">
<WANIPConnectionNumberOfEntries>1</WANIPConnectionNumberOfEntries>
<WANPPPConnectionNumberOfEntries>0</WANPPPConnectionNumberOfEntries>
<WANEthernetLinkConfig>
<Enable>TRUE</Enable>
<Mode>2</Mode>
<VLANIDMark>46</VLANIDMark>
<X_BROADCOM_COM_L2connectionId>2</X_BROADCOM_COM_L2connectionId>
<ConnectionMode>VlanMuxMode</ConnectionMode>
<IfName>epon0</IfName>
</WANEthernetLinkConfig>
<WANIPConnection instance="1">
<Enable>TRUE</Enable>
<ConnectionType>IP_Routed</ConnectionType>
<Name>3_TR069_VOICE_R_VID_46</Name>
<X_BROADCOM_COM_FirewallEnabled>TRUE</X_BROADCOM_COM_FirewallEnabled>
<DNSEnabled>TRUE</DNSEnabled>
<MaxMTUSize>1460</MaxMTUSize>
<MACAddress>aa:bb:cc:dd:ee:ff</MACAddress>
<ConnectionTrigger>AlwaysOn</ConnectionTrigger>
<X_BROADCOM_COM_IfName>epon0.2</X_BROADCOM_COM_IfName>
<X_BROADCOM_COM_ConnectionId>2</X_BROADCOM_COM_ConnectionId>
<X_TWSH_COM_Tpid>33024</X_TWSH_COM_Tpid>
<X_BROADCOM_COM_VlanMux8021p>0</X_BROADCOM_COM_VlanMux8021p>
<X_BROADCOM_COM_VlanMuxID>46</X_BROADCOM_COM_VlanMuxID>
<PortMappingNumberOfEntries>0</PortMappingNumberOfEntries>
<X_CT_COM_IPV4Enable>TRUE</X_CT_COM_IPV4Enable>
<X_BROADCOM_COM_UnnumberedModel>FALSE</X_BROADCOM_COM_UnnumberedModel>
<X_BROADCOM_COM_ExternalIPv6AddressPrefixLength>0</X_BROADCOM_COM_ExternalIPv6AddressPrefixLength>
<X_BROADCOM_COM_IPv6PrefixDelegationEnabled>TRUE</X_BROADCOM_COM_IPv6PrefixDelegationEnabled>
<X_CT-COM_ServiceList>TR069,VOIP</X_CT-COM_ServiceList>
以下省略
</WANIPConnection>
<WANIPConnection nextInstance="2" ></WANIPConnection>
</WANConnectionDevice>5、 LOID UserName中的值就是LOID
<X_CT-COM_UserInfo>
<UserName>1234567890</UserName>
<Status>0</Status>
<Result>1</Result>
<ServiceName>VIP</ServiceName>
<ServiceNum>1</ServiceNum>
<AllServicesName>ZIPTV|????PH|ZIPTV|????PH|ZIPTV|VIP</AllServicesName>
</X_CT-COM_UserInfo>6、 SIP(电话) UPDATE 根据https://github.com/qweraqq/qweraqq.github.io/issues/2反馈, sh.ctcims.cn已关闭,必须改成sh2.ctcims.cn,所有地方都要改包括@后面,不然会鉴权失败无法通话
注意这里的DigitMap,理论上DigitMap只是协助拨打号码(不需要按拨打按键),可以不用配置
<X_BROADCOM_COM_MinFlashDuration>90</X_BROADCOM_COM_MinFlashDuration>
<X_BROADCOM_COM_MaxFlashDuration>500</X_BROADCOM_COM_MaxFlashDuration>
<PbxInsideDigitmap>[0-8]xxx</PbxInsideDigitmap>
<DigitMap>11[0249]|120|100xx|20[01]|400xxxxxxx|800xxxxxxx|1[3458]xxxxxxxxx|01[3458]xxxxxxxxx|2[1-9]xxxxxx|3[1-9]xxxxxx|5xxxxxxx|6[1-9]xxxxxx|8[1-9]xxxxxx|955XX|X*.X.#|X*.X.T|**x.T|##|[*#]x[0-9*].#|*#x[0-9*].#|#*x[0-9*].#</DigitMap>
<SpecificDigitmap>110|120|119</SpecificDigitmap>
<X_CT-COM_CODEC_NEGOTIATED_MODE>remote</X_CT-COM_CODEC_NEGOTIATED_MODE>
<VbdCodec>2</VbdCodec>
<DigitMapMatchMode>min</DigitMapMatchMode>
<X_CT-COM_StartDigitTimer>15</X_CT-COM_StartDigitTimer>
<X_CT-COM_InterDigitTimerShort>5</X_CT-COM_InterDigitTimerShort>
<X_CT-COM_InterDigitTimerLong>20</X_CT-COM_InterDigitTimerLong>
<CallIdFskAppendChar>$</CallIdFskAppendChar>
<CritDigitTimer>5</CritDigitTimer>
<VersionTime>20200731185433</VersionTime>
<SIP>
<ProxyServer>sh.ctcims.cn</ProxyServer>
<RegistrarServer>sh.ctcims.cn</RegistrarServer>
<OutboundProxy>BAC02.区名.sh.ctcims.cn</OutboundProxy>
<RegisterExpires>3600</RegisterExpires>
<X_CT-COM_Standby-ProxyServer>sh.ctcims.cn</X_CT-COM_Standby-ProxyServer>
<X_CT-COM_Standby-RegistrarServer>sh.ctcims.cn</X_CT-COM_Standby-RegistrarServer>
<X_CT-COM_Standby-OutboundProxy>BAC02.区名.sh.ctcims.cn</X_CT-COM_Standby-OutboundProxy>
<SipDateEnable>TRUE</SipDateEnable>
<X_CT-COM_HeartbeatCycle>300</X_CT-COM_HeartbeatCycle>
<UserAgent>ZTE ZXHN F450G V1.0</UserAgent>
</SIP>LINE配置, 1个固定电话号码对应1路line
<Line instance="1">
<Enable>Enabled</Enable>
<SubsReg>TRUE</SubsReg>
<SubsUA>TRUE</SubsUA>
<TelUrlType>0</TelUrlType>
<SIP>
<AuthUserName>SIP鉴权用户名+862112345678@sh.ctcims.cn</AuthUserName>
<AuthPassword>SIP鉴权密码</AuthPassword>
<URI>电话号码+862112345678</URI>
</SIP>
以下省略
</Line>7、 PPPoE的桥接配置
这个地方有些tricky, VLAN绑定需要三层的交换, 而PPPoE是一种2层链路技术,正常下无法穿透三层交换机。
由于是通过自己的路由器拨号,且需要单口复用(IPTV/网络),导致我们必须使用VLAN绑定。
为了能成功拨号,我们必须做额外的配置。
在F450G中默认已经有了这个配置,但如果是自己的光猫就可能需要额外配置了。
<X_CT-COM_PPPOE_BridgeAutoEmulator>
<Enable>TRUE</Enable>
</X_CT-COM_PPPOE_BridgeAutoEmulator>0x02 华为MA5675M配置
其它型号的配置是类似的,关键是与上一章节中老光猫的核心配置一一对照
- LOID配置(输入老光猫的LOID)
- LAN配置(打开3层交换)
- WAN配置(Internet/VLAN46/VLAN85)
- 路由配置(VLAN绑定/PPPoE穿透3层交换)
- SIP配置(复制老光猫中的SIP配置)
0x03 最终效果
- 软路由拨号/IPTV
- 网络拓扑
0x04 补充一些个人的网络配置理解
- VLAN/VLAN间通讯是不同的, VLAN绑定是解决VLAN间通讯, 光猫默认的桥接我猜测是会untag VLAN的
- 未来计划组软路由的单臂路由
光纤 光纤
电信光纤--光猫ONU/PON Stick-----万兆3层交换机-----软路由
|
| 网线
IPTV/SIP电话 ___|________ LAN