European Union financed implementation of optic fiber all over Croatia last few years, so my hometown, Pojatno, was finally included in plans for upgrade. yay!
First they installed cable from street pole to my house and placed a box on my attic. Few days later two technicians installed optical cable connecting that box and my network equipment. I already had D-Link Gigabit switch x16, MikroTik RB2011 and MikroTik Groove 52 for WiFi connection towards my neighbor so I asked them to install their gear next to my equipment which they did.
I asked technicians if they can switch my equipment to bridge mode so I can configure PPPoE connection from RB2011 and have complete control over Internet connection. They called operator and it was instantly switched. Later i noticed I don’t have PPPoE username and password to set up PPPoE so I emailed support and they sent it back instantly. Very nice support from Iskon telecom provider.
Speeding up my old RB2011
First thing I noticed is that I’m not able to reach 300Mbit with RB2011 router like people said on pcekspert forum, so I searched web a little bit more and found out I’m missing Fast track configuration (usually I delete everything and configure from scratch). After adding Fast track CPU was 100% but I was able to reach 300Mbps download. But that was a signal that I need something more powerful if I ever switch to 1Gbps, 2Gbps or higher speed.
So after more searching I found out best solution is to buy RB4011 and Zyxel PGM3000 SFP then replace all telecom equipment with only one router MikrotTik RB4011 and mentioned SFP.
PPPoE over ether interface on MikroTik RB2011
So, first to explain my configuration when using Iskon telecom equipment in bridge mode:
- Huawei OptiXstar EG8010Hv6-10- connected with optic in bridge mode
- Speedport plus (Sercom) VDSL2 – connected to Huawei with LAN cable
- RB2011 – LAN port 2 connected to Speedport plus
- D-Link switch connected to RB2011 LAN port 1
- All computers connected to D-Link switch
RB2011 had bridge mode without port 2 so I can use it for PPPoE. It’s pretty simple, add PPPoE client to eher2 interface, add connection details and off you go, oh yes you must masquerade traffic in Firewall so devices behind RB2011.
So here it is in pictures:
Bridge
PPPoE client
PPPoE client username/password
Firewall NAT rule
Firewall srcnat action masquerade
So this worked really fine for some time until I received my RB4011 and Zyxel PMG3000 SFP. It’s time to configure this!
Remove telecom equipment
Before removing Iskon telekom equipment I had to connect to admin web gui to check connection details.
First I checked under Huawei HG8010h connection details:
After writing down IP, username and password I pressed reset to reset Huawei router to factory defaults, otherwise you are not able to connect to web gui interface.
Connected my laptop directly to router, set my network card to static IP on laptop to 192.168.100.2/24 and connected to Huawei GUI in Google Chrome, just type in Chrome 192.168.100.1 and login with root/PASSWORDfromROUTER. There I was able to read SERIAL number, notice there are two serial numbers there, and one is printed on the back of the router, well, this SN is useless. You will need the second one. Write it down, it is important. Now you can turn Huawei off and put this router into the box for storage. If you need ONU GPON PLOAM you can also get it from web gui but as of 05/2025 this is not needed anymore in Croatia.
Next was to check Speed port plus connection details:
Did same reconfiguration of my laptop’s IP static address. Set it to 192.168.1.2/24 and connected it directly to Speedport plus LAN port. After I logged in I checked VLAN settings. I just had to confirm settings other people noted on pcekspert forum.
VLAN 103 for managment
VLAN 3967 for Internet
VLAN 3968 for VoIP
VLAN 3939 for IPTV
Since I have only Internet I was interested in VLAN 3967.
Ok, now turn off Speedport plus and put it in the box/storage.
PPPoE over SFP interface on MikroTik RB4011
I reset my laptop’s IP address to use DHCP and connected it to RB4011.
Connected fiber optic cable that was before in Huawei to my MikroTik RB4011 SFP port. SFP port went green, so everything is fine.
With Winbox app I created VLAN 3967 on sfp-sfpplus1 interface under INTERFACES:
Under PPP I created PPPoE Client:
and added my username and password I got from Iskon telecom:
Also don’t forget to add Firewall rule to allow all local computers to access Internet:
Adjust Zyxel PMG3000-d20b SFP serial number
You must have optic fiber connected to Zyxel SFP to make this work!
Zyxel deafult address is 10.10.1.1, so I have added IP 10.10.1.2/24 to my RB4011 MikroTik router:
Now open Tools – Telnet select SSH and enter address 10.10.1.1 and user admin:
It will ask for password, enter again admin for password.
You will be prompted with second login, so enter twmanu/twmanu for username and password and then it will prompt you with #ZYXEL. Type linuxshell to get Linux shell. To adjust serial number on SFP type:
manufactory
set sn SERIAL_FROM_HUAWEI_WEB_GUI
exit
hal
set sn SERIAL_FROM_HUAWEI_WEB_GUI
exitNow check SFP status with following command:
onu ploamsgStatus curr_state=5 means connected.
Reboot MikroTik RB4011 router and that should be it. Enjoy!
Helpful links
https://forum.pcekspert.com/showthread.php?t=307226
https://wiki.mikrotik.com/Manual:IP/Fasttrack
https://www.ebay.com/itm/225289886506
https://hack-gpon.org/ont-zyxel-pmg3000-d20b/
https://hack-gpon.org/ont-huawei-hg8010h/
https://e.huawei.com/en/products/optical-terminal/optixstar-eg8010hv6-10