Device Authentication Configure GPON (H.248-based)

Device Authentication Configure GPON (H.248-based):

This topic describes how to configure the H.248-based device authentication to prevent illegal MGs from registering with the MGC. [boxads]

Prerequisite:

The MG interface must be configured successfully.
The parameters, including the encryption type, the initial key and the DH authentication, and the MG ID, must be configured on the MGC. These parameters must be the same as the parameters configured on the MA5600T/MA5603T/MA5608T.

Precautions:

If Huawei products such as the SoftX3000 is used as the MGC, the authentication MG ID must be a character string with more than eight bits.

Procedure:

Step 1: In the global config mode, run the interface h248 command to enter the MG interface mode.
Step 2: Run the mg-software parameter 4 command to configure the registration mode.
Step 3: Run the mg-software parameter 6 0 command to configure the device authentication function on the MG interface.
Step 4: Run the auth command to configure the authentication MG ID and the initial key.
Step 5: Run the display auth command to query the authentication parameters.
Step 6: Run the reset coldstart command to reset the MG interface. Reset the MG interface to make the MG interface register with the MGC (and to make the modified attributes of the MG interface take effect) so that the MG interface can work in the normal state. The MG interface can be enabled in different ways (see Parameters of the reset command). For a newly configured MG interface, enable the MG interface through cold start.

Example of Device Authentication Configure:

[adsense]

Huawei-OLT(config)#interface h248 0
Huawei-OLT(config-if-h248-0)#mg-software parameter 4 0
Huawei-OLT(config-if-h248-0)#display mg-software parameter 4

------------------------------------------------- 
Interface Id:0 para index:4 value:0 
------------------------------------------------- 
APPENDIX: 
------------------------------------------------- 
Interface software parameter name: 
4: Whether MG register to MGC with wildcard 
0: Yes 
1: No 

Huawei-OLT(config-if-h248-0)#mg-software parameter 6 0
Huawei-OLT(config-if-h248-0)#display mg-software parameter 6

------------------------------------------------- 
Interface Id:0 para index:6 value:0 
------------------------------------------------- 
APPENDIX: 
------------------------------------------------- 
Interface software parameter name: 
6: Whether MG support authentication 
0: Yes 
1: No

Huawei-OLT(config-if-h248-0)#auth auth_mgid MA5600T/MA5603T/MA5608T initial_key
0123456789ABCDEF

Huawei-OLT(config-if-h248-0)#display auth

[AUTH_PARA config] 
Initial Key : 0123456789ABCDEF 
Auth MGid : MA5600T/MA5603T/MA5608T 
Algorithm : MD5 [bodyads]

Huawei-OLT(config-if-h248-0)#reset coldstart
Are you sure to reset MG interface?(y/n)[n]:y

GPON Device Authentication Configure (H.248-based)

Shahed Israr

Shahed Israr is a Network Engineer specializing in GPON, FTTH, and telecom access network technologies. With hands-on experience in Huawei OLT and ONT configuration, U2000 NMS deployment, iMaster NCE-FAN Lite management systems, firmware upgrades, and advanced network troubleshooting, he helps Internet Service Providers (ISPs) and network professionals deploy, manage, and optimize fiber optic networks efficiently. Through GPON Solution, he shares practical technical guides, real-world solutions, and professional knowledge to support engineers working in modern GPON infrastructure.

Comments

comments

2 thoughts on “Device Authentication Configure GPON (H.248-based)”

prudhviraju

October 12, 2015 at 6:49 pm

Dear sir,
Our company having Huawei MA5680T olt,At present we are using HG8240F,HG8346M onu's.I want to know reaming which onu's in Huawei will support to our olt,Can you tell me the difference between them.
- Shahed
  
  October 13, 2015 at 8:43 pm
  
  Sorry i did not work with Huawei MA5680T OLT device, so i can't suggest you about this issue.