HG8045H - how to get this to bridge to my main router

Greetings. Signed up for the tek syndicate a while back after enjoying the videos and getting 'stuck' learning here :)

A little background:

  • Moved from the local cable ISP (tv cable group) to a FTTH service with NetLife, supposedly 100Mbit up/down.
  • Used to have a modem to take provider's fibre and convert to ethernet, which was plugged into WAN1 on my Zywall USG50. This was not officially supported, but I cloned the MAC, changed the port name, after which my router would work.
  • Recent change:
    NetLife has moved to GPON. They installed an optical device (based on my limited understanding this takes the main fibre and performs the appropriate multiplex stuff to provide the fibre that now runs to the replaced ONT)

NetLife removed the previous router and placed the Huwaei HG8045H. Without access of course.. The fibre runs directc into that device. After some basic research, I was able to get a password to get into the router and some settings were changed. I disabled wifi, set up my USG50 router to be on a dedicated IP and made that DMZ, so in theory the HG8045H is impacting as little as possible.

However - this setup means I have double NAT which I'm no fan of. There does not appear to be a bridge mode available.

After disabling wifi, the 8045 doesn't run scorching hot any longer, however I would love to get it to bridge the external IP from the ISP, to my USG50.

GPON and the related control protocol that the ISP has over the router and access, seems to imply that even if I bought my own ONT, this will be very challenging to get online unless the ISP helps out (which they are unlikely to do as this is not a business service).

Thanks for your suggestions and glad to be on the site :)

WW

Putting your router into a DMZ shouldn't cause a double NAT situation. In theory it should open all ports of your USG50 directly to your WAN.

Thanks for responding BlueKoda

The thing is, you have the public IP, then 192.168.100.2 handed to my main router as handed out by the HG8045H, which means my USG50 doesn't have the public IP. The USG50 is vastly better than the HG8045H in the level of control I have over my network.

In proper bridge mode, my USG50's DHCP request would get kicked over the the ISP, handing me the public IP.

There are a fair few posts about not using the ISP's ADSL/VDSL/cable router and instead using your own. Depending on the technology, you'd need username/pass and a bunch of other settings that you can pull from the internet or that are provided by the ISP, possibly with some MAC address cloning or other simple tricks.

Before NetLife deployed this device, I used the same trick to replace the Linksys N300 with my router. But that was connected via ethernet cable to their FTTH->ethernet modem. This was all taken away.

At least the wifi-disable on the router has made it run substantially cooler, plus DMZ traffic being the only traffic should have reduced CPU load (as nothing else is connected to it now). But I wonder if anything could replace this device in a compatible way.

GPON is not all that common yet so it seems, but in LATAM where I live now, everything is moving over to it.

Depends on what you want to achieve with the control.

You can configure your ISP router DHCP to hand out 16 IPs. Your own router gets one of them, say 192.168.100.2.

16 IPs means a network of /28 out of the initial /24 from your ISP. Then, you can divide the rest of the /24 network into smaller networks for your devices using your router's DHCP and apply whatever control you want over those networks/VLANs.

That way a PC will have a default gateway your router, which has a default gateway provided from the ISP already (192.168.100.1). Your router will act as a router and a packet with SOURCE IP from your PC will get routed to your ISP router without NAT. Your ISP router will accept that packet, as it's part of the big /24 network and process it - do the NAT and send it on its way to the Internet.

The trick here is to make the return traffic to work. For that you need a feature - Proxy ARP, enabled on the interface of your router, facing the ISP router. That way your router will respond to ARP requests made from the ISP router (searching for the PC to forward the packets), then your router will get that packet and based on its routing table forward the packet to the PC.

Profit!

Thanks DarkRage for your response, let me see if I can get something along those lines working.

Just be careful dividing the network.

You can't have a single 16 network followed by a 32 network ;)

Holy thread revival ;)

Someone posted up a working 'telecomadmin' pass again and there appears to be a bridge option now. However, if I throw the switch and flip the 'WAN Mode' from 'Route WAN' to 'Bridge WAN', how would I get back into the router in case this hoses my connection?

i.e. right now the router is accessed via 192.168.100.1 - I can't be without internet for long ;)

Attached screenshot for reference. Current setup is 192.168.100.1 (their router) to 192.168.100.2 (via DHCP, reserved on that address by MAC in their router) into my WAN1 on main router, using DMZ option.

Found a link to the service manual: http://m.setuprouter.com/router/huawei/hg8247h/manual-1979.pdf

Hi Wiebo, let me know if you were able to make the changes you wanted. If not, I can show you how to do it.

Regards,

Nozdormu

Thanks for your response Nozdormu - I have not gone ahead with this just yet, main reason being that I'm supporting a go-live of a customer and until that's done, I have to play it safe with my ISP (the backup connection would just about be good enough for basic stuff, but if I have to pull logs from the client to my laptop and push it back to the corporate network after that, it is a great deal slower.

That said, one thing that may come in handy would be to back up all the setting to my laptop for the router and having the 'how to get back up and running if I have to do a factor reset' from there, i.e.

back up the full settings including the specific ones that the ISP sets, try to flip to bridge mode (if I get lucky, it will just work). If that fails however, do a factor reset on the router and push the original settings back in.

Worst case in that situation I would have to call their tech support to get it back online.

Appreciate your response & follow up :)

I understand your hesitation but you only need to back up a working configuration file in order to revert back to a working state should you mess something up. Firstly login to the Router and go to the "System Tools" tab. Select "Configuration File" from the options on the left menu and click "Download Configuration File". Save that file in a safe place in your computer and use it to revert back to a working state if you accidentally break something.

Now in order to set the HG8045H as a Gateway (that way your main router will have the public facing IP instead of a private one) you only need to do the following:
Go to the "WAN" tab and select your connection.
Change the "WAN Mode" from "Route WAN" into "Bridge WAN"
In the "Bridging Options" select the LAN that you use to connect the Huawei modem to your main router. Like in my case, I selected LAN1 because I have an ethernet cable that goes from the LAN1 interface in the Huawei Gateway to my WAN interface on my Cisco router.

If you are not going to use the wifi from the Netlife gateway, I also recommend you go to the "WLAN" tab and deselect "Enable WLAN"

Anyway, hope that helps!

Regards,

Nozdormu

The wifi was disabled the second I could, not only does it suck (i.e. I have a unifi based network which is vastly superior to their wifi + covers the whole house, that said, it currently doesn't have 5G able equipment). but also it overheats the equipment like mad (making it very hot to the touch).

Will probably crack on with this over the weekend :)

Have you tried setting up your WAN interface on your USG50 to have a VLAN ID of 999, as I can see that it just using IPoE and I can see any user name and password used to authenticate and bypassing the Huwaei HG8045H.
I have just read it again and I'm wrong, but if you were to get an ONT, the settings should allow you connect. This should be OS1 or OS2 single fibre, you maybe able to get and SFP to Eternet converter ( Mabe Wrong again) But ideas

I was looking at possibly upgrading my main router to something like this: http://www.amazon.com/Ubiquiti-Networks-Edgerouter-Router-ERPro-8/dp/B00IA5J8M8 and then try to find a compatible module to feed it with.

Some that I looked at are:

http://www.huawei.com/ucmf/groups/public/documents/webasset/hw_415752.pdf

https://www.finisar.com/optical-transceivers/ftgn2117p2txn

Both look interesting & I have not looked at cost yet. I do also have a set of media converters (Gbit ethernet to SFP) which might do the job, but my concern remains the ISP may not support this.

The previous setup I had was fibre->ethernet and then ethernet to my USG50, but this is the new setup that got rid of it. Apart from the risk of the ISP locking their router down again and flipping it back to router mode, probably the safest is to log in, dump the config, flip to bridge mode, cross fingers.

The good news is that this weekend I should finally have a long-enough break to try what @nozdormu mentioned. The key there is to remember that once the router is switched to bridge mode, it no longer has an IP address that you can access. So, if I do have a problem the only way to get back it to throw the full reset and then log back in, using default pass, before restoring the settings and reconnecting the fiber feed.

My longer term solution (assuming I stay here and don't move to another country in the region) is to try to move to the fibre into my master router option (the EP Pro SFP looks nice for that, but I'd have to experiment and hope to build a friendly relationship with someone in the ISP to achieve it).

Note this is a home connection and the cost I'm paying is roughly half of their current offer prices are, and these guys are by far the cheapest/most stable in this area (i.e. even at full non-business prices, there is nothing that can touch their speeds in Ecuador). The next step up would triple my cost as I'd have to go full business, which would probably get me a clean feed via ethernet again :)

To the moderators - I know you guys don't like thread revivals but this is a slow process (hopefully improving soon as my travel this year for work should be done) - all part of the game plan :) - please let me know if a different approach is preferred.

Thanks everyone for your kind responses over time and I will let you know how it ends up behaving soon!

Once this part is sorted, I hope to finally set up some VLAN stuff. There has been some excellent stuff on that on this site already and I need to get my act together and figure that out properly for once :)

Had a mild scare when this initially failed to behave. Then recalled the 'interesting' approach they had for their previous modem / E900 combo which insisted on having the client MAC either cloned (this was not needed this time) or have 'e900' as the name. I renamed my port to be 'e900' and did a few reboots. Thankfully the HG8045H is now in bridge mode.

How long this will last, nobody knows - but I have my public IP on my proper router at long last.

Appreciate everyone's inputs, thanks again @nozdormu, @Darkrage, @BlueKoda in particular and @tigrooby as well for your interest. I will post up something if I end up going the upgraded router 'route' :) -

it was a tad scary as initially there was NO internet access, but a full power cycle and more patience from my side got the traffic flowing again just nicely :)

Now to see if this improved speeds again - not that they were bad, but you know, I like speed :D

Should have remembered to tell you that after you make the changes on the Huawei Gateway, you should also do a release/renew of the IP on your main router to get the new one. ¯_(ツ)_/¯

It is a quirk of the USG50, it can be a bit temperamental on detecting a fail-over is needed and post-fail-over that it should go back to the original (higher speed) link. I did to a release/renew and it picked up the public IP the first round.

Another thing is that I use a service called unlocator, which I had to give a nudge for the updated IP.

I've also swapped around some switches, TL-SG3210 installed in my office to replace my dumb GBit switch, as I want to, at a minimum, start doing some minor VLAN stuff to separate my office gear from the 'rest of house/common' gear. The other thing I'm doing is moving those GBit switches (including the Netgear I moved) that have fans, to my hallway, and having fanless and thus silent stuff in my office. I threw in another switch (unmanaged, 24 port Gbit) so I can do easier maintenance and PC builds for others. As the fiber to my office is behaving itself just nicely, there is a possibility I will pick up a second fiber + GBIC modules so I can get a 2x1GBit trunk from my DLink smartswitch to the office switch. Will see :)

Main thing so far is that this is behaving itself :)

hello wiebo
can you give instrucction how did you put bridge mode this modem ??
hola amigo tambien soy de ecuador estoy luchando con este modem HG8045H tratando ponerle en modo puente he probado varios coasa pero nada hasta tengo conocimiento hacer vlan y se que equpo esta con tag vlan 999 pongo modo puente y atras de este equipo coloco vlan tag pero no funciona
si puedes darme una pista para hacerlo le agredeceria
saludos

Thread is old. Read date.