CREATE A NEW VLAN AS VLAN ONT MANAGEMENT ( In This

case I’m using vlan 91)

OLT#conf t
OLT(config)#vlan 91
OLT(config-vlan)#name ont-management
OLT(config-vlan)#exit
OLT(config)#sho vlan 91
vlanid :91
name :ont-management
description :N/A
multicast-packet:flood-unknown
tpid:0x8100
port(untagged):
port(tagged):

#### tag to the uplink

OLT(config)#int smartgroup1
OLT(config)#switchport vlan 91 tag

1. making connection from ont and setting bridge to your server

OLT#sho run int gpon-onu_1/2/8:128 <– this ont connect to your server
Building configuration…
!
interface gpon-onu_1/2/8:128
tcont 1 profile 10M
gemport 1 name inet unicast tcont 1 dir both
gemport 1 traffic-limit upstream default downstream 300m
switchport mode hybrid vport 1
switchport vlan 91 tag vport 1

!
end
OLT#sho onu run con gpon-onu_1/2/8:128
pon-onu-mng gpon-onu_1/2/8:128
flow 2 switch switch_0/1
flow 3 switch switch_0/1
flow mode 1 tag-filter vid-filter untag-filter discard
flow 1 priority 0 vid 91
gemport 1 flow 1
vlan port eth_0/1 mode tag vlan 91 <— setting bridge
dhcp-ip ethuni eth_0/1 from-internet
!
OLT#

2. making connection to ont that you want to remote

I have an existing topology, so just inject the vlan management for that

for example :

interface gpon-onu_1/5/3:11
tcont 1 profile 100M
gemport 1 name inet unicast tcont 1 dir both
gemport 1 traffic-limit downstream 300m
switchport mode hybrid vport 1
switchport vlan 402 tag vport 1
!

pon-onu-mng gpon-onu_1/5/3:11
flow 2 switch switch_0/1
flow 3 switch switch_0/1
flow mode 1 tag-filter vid-filter untag-filter discard
flow 1 priority 0 vid 402
gemport 1 flow 1
switchport-bind switch_0/1 iphost 1
ip-host 1 dhcp-enable true ping-response true traceroute-response true
vlan-filter-mode iphost 1 tag-filter vid-filter untag-filter discard
vlan-filter iphost 1 priority 0 vid 402
!

AFTER THAT INJECT THE VLAN TO THE ONT

OLT(config)#int gpon-onu_1/5/3:11
OLT(config-if)#switchport vlan 91 tag vport 1
OLT(config-if)#exit
OLT(config)#pon-onu-mng gpon-onu_1/5/3:11
OLT(gpon-onu-mng)#flo 1 priority 0 vid 91
OLT(gpon-onu-mng)#switchport-bind switch_0/1 iphost 2
OLT(gpon-onu-mng)#vlan-filter-mode iphost 2 tag-filter vid-filter untag-
filter discard
OLT(gpon-onu-mng)#ip-host 2 ip 20.20.20.222 mask 255.255.255.0
gateway 20.20.20.252 <— you can set based on your netmask
OLT(gpon-onu-mng)#vlan-filter iphost 2 priority 0 vid 91
OLT(gpon-onu-mng)#security-mng 2 ingress-type wan mode permit state
enable protocol web <— this command used to make ont can reach via
wan ont

Done,

To make sure that IP is reachable, you can test ping from OLT.

But you need to make an Interface vlan first

OLT#sho run int vlan91

Building configuration…
!
interface vlan 91
ip address 20.20.20.254 255.255.255.0
ip proxy-arp
!
end
OLT#

OLT#ping 20.20.20.222
sending 5,100-byte ICMP echos to 20.20.20.222,timeout is 2 seconds.
!!!!!
Success rate is 100 percent(5/5),round-trip min/avg/max= 0/4/20 ms.

Verification

OLT#sho gpon remote-onu security-mng gpon-onu_1/5/3:11

Service control index: 2

State: enable
Control mode: permit
Service list: web
Ingress type: WAN
Start source IP: 0.0.0.0
End source IP: 0.0.0.0

and Now Try to ping in your server (for now I’m using laptop and connect
VPN to the server).

ping 20.20.20.222
PING 20.20.20.222 (20.20.20.222) 56(84) bytes of data.
64 bytes from 20.20.20.222: icmp_seq=1 ttl=62 time=16.4 ms
64 bytes from 20.20.20.222: icmp_seq=2 ttl=62 time=6.25 ms
64 bytes from 20.20.20.222: icmp_seq=3 ttl=62 time=5.87 ms
^C
— 20.20.20.222 ping statistics —
3 packets transmitted, 3 received, 0% packet loss, time 2003ms
rtt min/avg/max/mdev = 5.872/9.541/16.499/4.922 ms

good. Time to access via web