Mom & Pop Network

Category: Network

  • Doing VLAN trunk and access ports on MikroTik CRS/RouterOS

    Most of the switches in my homelab are MikroTik CRS switches, although I am getting a UniFi PoE switch (MikroTik didn’t make a 2.5G PoE switch, that’s why).

    I use two CRS304-4XG-IN switches to connect desktop computers to the 10G LAN, but wanted my desktops on a separate VLAN.

    On my network, I use VLAN 4 for desktops.

    The configuration you need is:

    /interface bridge
add admin-mac=XX:XX:XX:XX:XX:XX auto-mac=no name=bridge vlan-filtering=yes
/interface bridge port
add bridge=bridge comment=defconf interface=ether1
add bridge=bridge comment=defconf interface=ether2 pvid=4
add bridge=bridge comment=defconf interface=ether3 pvid=4
add bridge=bridge comment=defconf interface=ether4 pvid=4
add bridge=bridge comment=defconf interface=ether5
/interface bridge vlan
add bridge=bridge tagged=ether1 untagged=ether2,ether3,ether4 vlan-ids=4

    The bold parts are important, and I will explain what they are:

    • vlan-filtering=yes in the /interface bridge means you will filter for VLANs. This is required for VLAN trunk/access ports.
    • pvid=4 in the /interface bridge port means the specific port will use VLAN 4.
    • tagged=ether1 in the /interface bridge vlan means the trunk/tagged port is ether1.
    • untagged=ether2,ether3,ether4 means the ether2-4 ports are access ports
    • vlan-ids=4 means we are establishing a bridge on VLAN 4.

    Hopefully, this helps you set up VLAN trunking on a MikroTik CRS/RouterOS switch.

  • Running WPA3-Enterprise in my home network

    It’s no secret that by now, most home networks use WPA-Personal. Why? It’s a simple password. This included mine. Well, until today.

    I always wanted to try WPA3-Enterprise in my home network, at least on the SSID/VLAN for my devices (versus the rest of my family). The roadblock was FreeRADIUS not working with Samba and MS-CHAPv2, it was a permissions issue (I don’t want to pirate Windows Server).

    So here’s me connected to my WPA-Enterprise on my phone:

    Why?

    While I know the reasons for WPA3-Enterprise in an office network, it seems overkill for a home network. So why do it?

    Because I can.

    It’s easy enough to do on a Incus UniFi controller. After all, I have a cluster of MikroTik 10G equipment when I could just rent an ISP-provided router and extender like a Joe and focus on “AI” instead.

    Well, I’m done.

  • Cloning a Calix GPON ONT or Quantum Fiber SmartNID

    WARNING: This guide is for instructional purposes only. I am not responsible for any damages caused by this guide. This guide may violate your ISP’s terms of service and is possibly illegal. Proceed at your own risk. I also no longer live in CenturyLink/Quantum territory.

    While I now live in Verizon territory (and lack Verizon FiOS at the moment), when I lived in Seattle and got CenturyLink Fiber (now Quantum Fiber), I initially had an issue which looked like “latency spikes and packet loss”.

    Little did I know that the ONT (Optical Netowrk Terminal) given, a Calix 716GE-I R2 has a hard cap of 16384 TCP sessions, not unlike AT&T Fiber/U-verse routers. Even lesser known is that it’s very easy to clone Calix ONTs with just a JTAG cable and the Calix 803G doesn’t have the issue.

    CenturyLink Fiber then got rebranded as Quantum Fiber which uses SmartNIDs and DHCP, and then sold to AT&T. However, I had a CenturyLink-branded service with a Calix ONT at the time and moved eastwards before I could be switched over.

    Note: This is not for AT&T Fiber itself using a Nokia ONT or BGW320/BGW620. I never had AT&T Fiber, outside of Frontier FiberOptic GPON in Connecticut for a few months which inherited 802.1X from AT&T. Check the 8311 Discord server for AT&T Fiber proper.

    So you want to clone your ONT?

    Pre-requisites

    You need the following devices information:

    • Original, ISP-provided Calix ONT or SmartNID with the ONU MAC and FSAN Serial ready
    • If required, your GPON Password. CenturyLink/Quantum doesn’t use this
    • Calix ONT being cloned to
    • JTAG serial adapter

    About the JTAG adapter, the CP2102 models are recommended. Other models have had issues with Calix’s JTAG console.

    Cloning the ONT

    Now for the fun part.

    First off, you need to open your ONT.

    For the 803G (the destination ONT), these images should be self-explanatory.

    When you are inside, connect the JTAG.

    Note: The TX should go to your JTAG RX and vice-versa.

    Image source: fire-foo.com.

    When you connected your JTAG header pins, open a serial console (e.g. cu or PuTTY), plug in the power while hitting ESC on your keyboard repeatedly.

    When you are on the CFE> prompt, type b and press enter.

    Press enter for most of the values, except the Base MAC Address and GPON Serial Number which should be the ONU MAC and FSAN Serial respectively from your source ONT.

    Some ISPs may need a GPON password, but CenturyLink/Quantum does not. I do now know how to get the GPON password as I was never in that scenario.

    Once you are done, wait for the ONT to boot successfully, then turn off the power, close the ONT, and plug the fiber and power in place of your stock Calix ONT.

    An example of a JTAG session can be seen here.