Notes on ZTE ZXHN F601 GPON ONT
Introduction
These are my notes while setting up ZTE’s ONT for GPON on a Linux desktop computer. I bought this thing from AliExpress at 20 USD, and got a cartoon box with the ONT itself, a power supply and a LAN cable.
This is a follow-up from a previous post of mine. I originally got a Nokia ONT when the fiber was installed, but I wanted an ONT that I can talk with. In particular, one that gives some info about the fiber link. Just in case something happens.
The cable of the 12V/0.5A power supply was too short for me, so I remained with the previous one (from Nokia’s ONT).
The software version of the ONT is V6.0.1P1T12 out of the box, which is certified by Bezeq. Couldn’t be better.
By default, this ONT acts as a GPON to Ethernet bridge. However, judging by its menus on the browser interface, it can also act as a router with one Ethernet port: If so requested, it apparently takes care of the PPPoE connection by itself, and is capable of supplying the whole package that comes with a router: NAT, a firewall, a DHCP server, a DNS and whatnot. I didn’t try any of this, so I don’t know how well it works. But it’s worth to keep these possibilities in mind.
In order to reset the ONT’s settings to the default values, press the RESET button with a needle for at least five seconds while the device is on (according to the user manual, didn’t try this).
So how come this thing isn’t sold at ten times the price, rebranded by some big shot company? I think the reason is this:
The PON LED is horribly misleading
According to the user guide, the PON LED is off when the registration has failed, blinking when registration is ongoing, and steadily on when registration is successful.
The problem is that registration doesn’t mean authentication. In other words, the fact that the PON LED is steadily on doesn’t mean that the other side (the OLT) is ready to start a PPPoE session. In particular, if the PON serial number is not set up correctly, the PON LED will be steadily on, even though the fiber link provider has rejected the connection.
Nokia’s modem’s PON led will blink when the serial number is wrong, and it makes sense: The PON is not good to go unless the authentication is successful. I suppose most other ONTs behave this way.
The only way to tell is through the browser interface. More about this below.
Browser interface
The ONT responds to pings and http at port 80 on address 192.168.1.1. A Chinese login screen appears. Switch language by clicking on where is says “English” at the login box’ upper right corner.
The username and password are both “admin” by default.
As already mentioned, this ONT has a lot of features. For me, there were two important ones: The ability to change the PON serial number, so I can replace ONTs without involving my ISP, and the ability to monitor the fiber link’s status and health. This can be crucial when spotting a problem:
Note that in this screenshot, the GPON State is “Authentication Success”. This is what it should be. If it says “Registration Complete”, it means that the ONT managed through a few stages in the setup process, but the link isn’t up yet: The other side probably rejected the serial number (and/or the password, if such is used). And by the way, when the fiber wasn’t connected at all, it said “Init State”.
Also note the input power, around -27 dBm in my case. It depends on a lot of factors, among others the physical distance to the other fiber transmitter. It can also change if optical splitters are added or removed on the way. All this is normal. But each such change indicates that something has happened on the optical link. So it’s a good way to tell if people are fiddling with the optics, for better and for worse.
These are the changes I made on my box, relative to the default:
- I turned the firewall off at Security > Firewall (was at “Low”). It’s actually possible to define custom rules, most likely based upon iptables. I don’t think the firewall operates when the ONT functions as a bridge, but just to be sure it won’t mess up.
- In Security > Service Control, there’s an option for telnet access from WAN. Removed it.
- In BPDU, disabled BPDU forwarding.
I don’t think any of these changes make any difference when using the ONT as a bridge.
Setting the PON serial number
Note to self: Look for a file named pon-serial-numbers.txt for the previous and new PON serial numbers.
When I first connected the ONT to the fiber, I was surprised to see that the PON LED flashed and then went steady. Say what? The network accepted the ONT’s default serial number without asking any questions?
I then looked at the “PON inform” status page (Status > Network Interface > PON Inform), and it said “Registration Complete”. Wow. That looked really reassuring. However, pppd was less happy with the situation. In fact, it had nobody to talk with:
Aug 06 10:56:21 pppd[36167]: Plugin rp-pppoe.so loaded. Aug 06 10:56:21 pppd[36167]: RP-PPPoE plugin version 3.8p compiled against pppd 2.4.5 Aug 06 10:56:21 pppd[36168]: pppd 2.4.5 started by root, uid 0 Aug 06 10:56:56 pppd[36168]: Timeout waiting for PADO packets Aug 06 10:56:56 pppd[36168]: Unable to complete PPPoE Discovery Aug 06 10:56:56 pppd[36168]: Exit.
Complete silence from the other side. I was being ignored bluntly.
Note that I’m discussing the PPPoE topic in another post of mine.
Solution: I went into the Network > PON > SN menu in the browser interface, and copied the serial number that was printed on my previous ONT in full. It was something like ALCLf8123456. That is, four capital letters, followed by 8 hex digits. There’s also a place to fill in the password. Bezeq’s fiber network apparently doesn’t use a password, so I just wrote “none”. Clicked the “Submit” button, the ONT rebooted (it takes about a minute), and after that the Internet connection was up and running.
And of course, the GPON State appeared as “Authentication Success” in the “POD Inform” page.
So don’t trust the PON LED, and don’t get deceived by the words “Registration Complete”. Unless you feed the serial number that the fiber network provider expects, there’s nobody talking with you.
In fact, there’s an option in browser interface to turn off the LEDs altogether. It seemed like a weird thing to me at first, but maybe this is the Chinese workaround for this issue with the PON LED.
Bottom line
With the Internet link up and running, I ran a speed test. Exactly the same as the Nokia ONT.
So the final verdict is that this a really good ONT, which provides a lot of features and information. The only problem it apparently has is the confusing information regarding the PON link’s status when the serial number is incorrect. Which is probably the reason why this cute thing remains a Chinese no-name product.
Reader Comments
Hi,
i’ve got the same ONT but dont see how to turn it into a pure Bridge not actually a router !! do you have an idea ?
Given that I got up a pppoe connection through the ONT with its out-of-the-box configuration, I believe that it’s a bridge as is.
I See, sadly the one i’ve got has only ROUTE in the Box list i can’t choose Bridge , i guess its not supported
Thank you for telling about ZTE f601, it works perfectly as a bridge.
Its built in WAN pppoe service couldn’t establish connections though – always shows “disconnect reason: ISP TIMED OUT”. I managed to setup pppoe connections only using my laptop or EdgeRouter with ZTE f601 as bridge.
John Doo, as for firmware v6.0.1P1T12 I didn’t have to select anything to use ZTE as a bridge. Just plug optic fiber into ZTE and connect ZTE to router with ethernet cable.
Also you can try connecting ZTE to you laptop with ethernet cable and check pppoe connection using pppoeconf (and plog).
Looks like a great solution so I bought a ZTE f601 on Ali Express.
It does not ping or respond to http in a browser at address 192.168.1.1
So I bought another one from a different supplier. $18 is nothing!
Still no response. I did a full sweep from 192.168.0.0 to 192.168.255.255.
Of course it came with no documentation. Are you sure of its ip address?
Yup, that’s the IP address. Maybe check routing & firewall on your computer?
OK, Got past that. Before I call Bezek and give them the SN and get a username, still not clear on the concept. Will the permanent IP I get from Bezek be assigned to the ppp interface of my linux box running pppoe? Or does it stay on the ZTE and I have to port forward everything to my box? Did not see port forwarding in the web interface.
If you run pppoe on Linux, it means that the ppp session is done between the Linux machine and Bezeq, directly, and the ZTE merely relays Ethernet packets from your computer to Bezeq.
So the IP address that you get from Bezeq is registered on the Linux computer directly. If that’s a fixed IP, your computer will get a fixed IP.
You may, alternatively, let the ZTE do the ppp dialing, in which case it gets the IP address, and plays NAT games with the computer’s Internet traffic. In this case, you run no pppoe on the computer, but just treat the ZTE as the default gateway (don’t know exactly how to do this). I guess that’s not what you want.
Thanks for your help. Works like a charm. Bfiber using fedora as my router.
That sounds like Cellcom was purposefully preventing you from using your own PON gateway, which is in line with their policy at the time (same as Partner then), and only rectified recently.
How long did this work before they caught on and blocked your connection, forcing you to use their PON gateway instead?
You’re referring to something I mentioned at the other post. For the record, Cellcom never disconnected me, but rather implied that Bezeq would if I didn’t go back to their ONT. And as I wrote on that other post, that was three weeks after the initial installation.
That is certainly true. And while it certainly is interesting that Cellcom did not disconnect you (others have tried similar things with the Nokia G-010S-A that they purchased from Bezeq when Cellcom also provided the same SFP PON gateway, just with a different firmware revision, only to be promptly disconnected after anywhere from a few days to a few weeks), their implication that Bezeq would disconnect you was not accurate, as Bezeq would not do anything of the sort unless Cellcom themselves explicitly requested it, since you did nothing that breaks Bezeq’s TOS, but Cellcom, and Partner as well, was ignoring the legal requirement of allowing customers to use their own equipment on Bezeq’s G.PON infrastructure (back then it only applied to Bezeq’s, recently it has been expanded to all G.PON networks, with the same limitation that it has to be on the infrastructure provider’s whitelist).