Bypassing Allied Telesis iMG616BD

Fiber was the third type of internet connection I had after dial-up and ADSL. Even though I was just 14 years old at the time the fiber was set up, it felt as it was the Christmas eve when I was 5 years. I already knew back then fiber was the future of computer communication and a 10Mbit synchronous line would soon be upgraded.

 

The Black Box

However, one thing has been remaining silent since the setup of the fiber connection. The gateway (or modem/home central as some call it) has no admin panel and the documentation seemed to be close to none on the internet. The gateway was an Allied Telesis iMG616BD and had only Fast Ethernet ports. The fact that it had only Fast Ethernet ports means I can send and receive max 100Mbit through my current fiber cable unless my ISP (Eidsiva Bredbånd) gives me a new gateway and upgrades the equipment on their end. The fact I did not get any way of entering any admin web-panel on the modem or find any documentation on the device encouraged me to find more information, as this was a black box on my network I barely knew anything about.

A simple Google search lead me to Allied Telesis' website where they have information about this device in addition to a data sheet which turned out to be quite helpful. It had came to my attention that it had a console output before I started searching for information on the net. It had one of those old-style DIN console interfaces (8-pin MINI-DIN to be accurate). It is odd that there is no USB interface for console interface, however newer models have USB console interfaces (Was DIN the old USB?). Other ways of communicating to it was through telnet and a web-gui, however no such feature was possible as I did not have any IP on the device. It also supported Allied View Network Management System, which I believe what my ISP uses to configure the gateway. I then decided to try and get a mini-din cable for it. However, the device required a special pinout which did not exist on the Internet. It was not possible to buy the console cable from the net, and it did not seem likely that anyone would allow me to buy the cable from Allied Telesis either. My ISP did also not seem so happy to allow me to access the device when I asked them, and it turned out it had been set up in bridge-mode, which seemed reasonable. Gaining access to the device seemed hopeless, so I decided to bypass it instead.

Planning

The information on the data sheet page on the Allied Telsis website turned out to give me all the information I needed in order to acquire a compatible media-converter. Internet access was simple, however telephone (VoIP) and TV (IPTV) was not exactly plug and play. Another thing which motivated me in this small networking project was the bypassing of another Norwegian fiber ISP's modem, Lyse. It came to my attention they used VLAN to run IPTV and VoIP on the same network, but I assumed Eidsiva did not use the same VLAN IDs. As I found no other information on how to do this, I had to find out which VLANs was being used. When I got the media converter, I started trying to find out which VLANs where being used by using Wireshark. However, one issue was that the VLAN tag on the Ethernet frame was removed by most of the computers I had access to. Therefore I had to use an old Dell Dimension 8400 to gain a capture which had the information I needed. A few small registry edits where also required as the VLAN tags where removed by default. By closely inspecting the traffic coming to my network interface, I quickly detected VLAN 5 and 10. I was excited about what would happen if I where to call on the phone number on the VoIP, as I did not know how it was talking to my ISP's server. I was amazed when I saw my phone number appeared on the Wireshark screen and no phone was calling. It was using SIP. Only a SIP VoIP device and a VLAN switch was required to replace my gateway (in addition to the media adapter, which I already had). I also decided to upgrade the cabled network, so I ordered an EdgeMax router and a Netgear Gigabit switch as well. 

Setup

Playing with the VoIP was perhaps the funniest part. Once I discovered the SIP protocol, I decided to get a client running on my PC. I quickly found out which servers I had to connect. Username was obvious (my phone number) and my password was only a guess (Same as webmail and access to other services on my ISP). The server was the same IP as the server I received data from, but I quickly found the DNS name of it when I managed to make an incoming call. In case anyone want to test this out themselves that are using Eidsiva as an ISP and got a VoIP, here is the setup required for MicroSIP:

SIP server: ipt-server.bb.nett

User: Phone number

Domain: ipt-server.bb.nett

Password: The password used to access Eidsiva's webmail or the password used to access customer website on "min side".

Note: In order to resolve the domain name, the DNS settings has to be set to ns1.eidsiva.net (82.147.40.2) (primary), ns2.eidsiva.net (82.147.40.34) secondary. It is possible to use other DNS servers as well, however there is then no guarantee you will connect to the correct server when connecting to an IP directly instead of resolving a hostname. 

The idea of being able to call phones from my own PC was genius, as that would give me the same cost to call someone from Sweden (or Nicaragua for that matter) that it would cost me to make the call at home. However, my ISP has blocked access to the SIP server for a good reason.: There is no good encryption on the SIP protocol and sessions can easily be taken over by a man in the middle. I did not go too deep into analysis of the SIP handshake, but at least the password is not sent in plaintext. A secure VPN tunnel back home when I am somewhere else would be secure enough, as it would then be close to impossible for others to see the traffic.

The setup on the Cisco SIP box was not as trivial. The web-gui was a bit Windows 98-style and the configuration on it had the worst one I had ever seen. Some options where in hexadecimal where each bit in binary represented a boolean. A given range of bits could also mean a number (eg. which VLAN ID to use). It was technically the worst type of configuration input I had seen. Ever. When I make a value I store flags (say an 8-bit integer), I do not prompt the user to enter a hex value to change that value. That is not user-friendly and I would be way more lazy than how I currently am. Radio buttons? Back to configuration of the VoIP box, it took a few days for me to set it up right. For a long period I where only able to make outgoing calls. When I had set the SIPRegOn, it made all sense that the device had not "registered" itself on to the SIP server. 

Setting up the VLAN on the Netgear switch was not as easy as I thought it would be. As a Norwegian, I refuse to read documentation which comes with what I buy, even though it is a lot funnier (and sometimes frustrating) to figure out things by my self. Example: Reading a forum post on how to set everything here would be boring compared to figuring out how to set everything up here by myself, but frustrating when stuff gets wrongly configurated. The VLAN config allowed me to select which interface belonged to which VLAN and whether or not the Ethernet frame should be tagged. It took a while for me to realize that T was tagged ethernet frame and U was untagged ethernet frame as the documentation on the switch was not quite clear at this point. 

As Internet and VoIP was working, the TV was the only remaining part. I was confused why I had an IP address on the port for VLAN 10, but the TV refused to start. I had previously seen a continuous stream on around 3Mbit/s of MPEG TS packets when I was connected to the interface to the gateway from my ISP. I realized these came from a broadcast address and I looked on the broadcast settings on my switch. In order to get it working I had to enable IGMP snooping as this allowed the switch to forward broadcast packets from a VLAN to other ports on my switch.I also disabled the validation of broadcast packets, something I am not sure if is necessary. The ID for which VLAN broadcast packets to listen for was also specified. Suddenly, TV was working. 

 

One very good question is "why?" Why would I bypass the modem when it does not give me any benefits like faster internet or something like that? I believe the answer lies in why a radio amateur requires a huge system in order to receive radio signals. Personally I think it is funny to work with switches, routers and play around with network equipment. It also allows me to gain a deeper understanding of how my home network works beyond the black box, and it is a lot cooler to have a more "overkill network setup" for computer geeks. When I was done with this project, I ask myself if my ISP has ever thought about the cost to upgrade beyond Fast Ethernet? Today all the fiber customers have the AT gateway which only has Fast Ethernet interfaces. According to a manual to the gateway, the maximum speed they could deliver would be 90Mbit/s (I would say around 80Mbit/s because of HD TV). Beyond that, they would have to replace every single gateway for every customer who wanted faster internet. In addition to this, the equipment in their fiber centrals would have to be upgraded unless they already support faster speeds than Fast Ethernet. I also find it odd why Eidsiva does not have the VLAN information on their website, as some customers may want to bypass their gateway. Even if they had, this project would not have been as fun as if they did not post it. 

Image gallery:

 

Technical information for lazy readers:

Allied Telesis iMG616BD technical information:

http://www.alliedtelesis.com/p-2177.html

http://www.alliedtelesis.com/media/datasheets/iMG616lh-bd_ds.pdf (Data Sheet)

ftp://nas.lmkom.dk/Data/Allied%20Telesis/iMG6xx/iMG616srf+/Manualer/Software_Reference_Manual_3-8_Issue1.pdf (Manual)

Console Interface: 8-Pin mini-DIN, must have special pinout (AT-RGCONSOLECABLE (990-011748-00))

Serial access information for accessing the gateway through the console interface:

Baud rate: 38400

Data: 8 bit

Parity: none

Stop: 1 bit

Flow control: none

 

Media convert requirements:

Tx:1310nm

Rx:1550nm 

SC fiber interface

 

VLAN information:

VLAN 1: Internet

VLAN 5: VoIP

VLAN 10: IPTV

Remember to allow broadcast packets to be forwarded to the desired port for IPTV (IGMP snooping)

Comments (1) -

cheapest price for garcinia cambogia
5/19/2014 1:18:05 PM #

Hi, I do think your site could be having internet browser compatibility problems. When I take a look at your website in Safari, it looks fine however when opening in IE, it has some overlapping issues. I just wanted to give you a quick heads up! Other than that, fantastic website!

Feel free to surf to my web site;  cheapest price for garcinia cambogia - http://screenlounge.ca/xe/?document_srl=175585

Add comment

  Country flag

biuquote
  • Comment
  • Preview
Loading

About the author

I am a software development student while I work with C# and C++ applications in my free time. I also play a lot of Xbox games (Halo ftw!) and I am a huge tech enthusiast. I've been coding in C# for about 5 years now. Always been interested in code-optimizing, databases and networking. And if you got a cookie, you better give it to me.

Month List