You sign up for fiber internet, you’ve already got a perfectly good router - a Ubiquiti Dream Machine (Unifi UDM) - and all you want is to plug the optics plug straight into it.
Instead, the ISP hands you a box you never asked for. In my case a Huawei OptiXStar HG8245X6-10 GPON terminal, but they’re all the same idea: a mandatory middleman wedged between the fiber and your network. It burns power around the clock, needs configuring, is a closed box you don’t control and its only real job is to bridge packets. And it’s now your single point of failure - when that box dies, your whole internet goes down with it, no matter how many shadow modes or power backups you’ve installed.
The good news: you can throw it out entirely. A ~60 EUR GPON SFP stick plugs straight into the UDM’s SFP+ WAN port, registers on the GPON network pretending to be your old ONT, and lets the UDM run the PPPoE session itself. One box instead of two, full control, and one less thing blinking in the rack.
This took me a while to get right, and I owe the breakthrough to two people on Reddit - @Dm3Ch and @JopoSran4ik_01 posting on this thread.
Below is the complete walkthrough. I run a UDM Beast myself, but it’s the same on a UDM Pro - or any UDM with an SFP WAN cage. The exact values I show - VLAN 42, the serial format, the PPPoE login - are from my own ISP configuration; yours will likely differ, but the procedure in general is identical for any GPON ISP.
Disclaimer: This is what I did with my own line and my own hardware. Cloning your ONT’s identity onto a third-party stick is squarely your responsibility - check that it’s allowed under your contract, and if you brick something or knock yourself offline, that’s on you. Keep the Huawei around until everything works.
You need bridged PPPoE on the right VLAN (it’s 42 on my line), meaning your router runs the PPPoE session, not the ISP’s box. So call your ISP (or use their chat) and ask them to switch your line to bridge mode.
If your terminal already runs in bridge/passthrough, you’re ready. If it currently works as a normal router doing PPPoE itself, you need that change before any of the following will work.
Read the sticker on the Huawei - you need its GPON/ONT serial. This is the single most important value in the whole process, because the stick has to present exactly this identity to the network.
A little background, because it explains why the serial can look like two completely different strings:
Background: A GPON serial is 8 bytes total - a 4-byte vendor ID in ASCII, followed by a 4-byte device part in hex. Huawei’s vendor ID is
HWTC, which in hex is48 57 54 43. So a Huawei GPON SN always shows up in one of two encodings:a)
HWTC+ 8 hex chars, e.g.HWTCxxxxxxxxb) the exact same value fully in hex:48575443+ 8 hex chars, e.g.48575443xxxxxxxx
Depending on the manufacturer, it might be printed one of those two ways:
HWTCxxxxxxxx, that is your GPON SN - use it as-is.48575443xxxxxxxx, the leading 48575443 is just ASCII for
HWTC. Mentally swap it back: 48575443 → HWTC, keep the remaining 8 hex
chars, and you have your HWTCxxxxxxxx serial.From here on I’ll refer to it as HWTCxxxxxxxx.
Buy exactly this stick from FS.com - not a generic lookalike, this specific one with the web GUI:
The “MAC-I” / Web GUI variant matters: it lets you set the ONT serial, MAC and vendor ID, both over SSH and through a small web console. That’s the whole trick.
Plug the FS stick into the SFP port of your UDM’s WAN. It should show up in the Port Manager with its MAC - but you need the interface name the UDM uses internally, so SSH is the reliable way.
SSH into the UDM (you may need to enable SSH first in the UniFi settings), then list the links and look for the matching MAC:
ip -br link
Find the line whose MAC matches the stick. If you’re not sure which one it is,
run ip monitor link and plug/unplug the stick a couple of times - the interface
that appears and disappears is the one.
In my case the stick sat in port 13, which the UDM exposes as eth12 - so
port 13 = dev eth12. Yours may differ; substitute your interface name
wherever I write eth12 below.
The has a default IP: 192.168.101.1. To connect to it, give your UDM an
address on that subnet, pointed at the stick’s interface:
ip addr add 192.168.101.2/24 dev eth12
Now check you can reach it:
ping -c 3 -I 192.168.101.2 192.168.101.1
If the pings come back, SSH onto the stick (password: root):
ssh root@192.168.101.1
If that works - congrats, you’re on the stick. Check its current identity and GPON status:
gccli sys sn; gccli sys mac; gccli sys vendorid; gccli gpon state; gccli gpon status
Heads up: Whenever you reboot the stick or re-edit its settings in the web
console (next step), the 192.168.101.2 address on the UDM drops off - just
re-run the ip addr add line above to get back in. After your internet is
up and running, you most likely don’t need to log onto it ever again
The stick also has a web UI on port 80, but it’s only reachable from the UDM. So log out of both the stick and the UDM, then log back into the UDM with an SSH tunnel that forwards your local port 8888 to the stick’s web server:
ssh <udm> -L 8888:192.168.101.1:80
In that same shell, hop back onto the stick:
ssh root@192.168.101.1
Now open the stick’s admin console in your browser (login admin / admin):
Two things happen here - one in the web UI, one over SSH.
In the web console, first switch the PON Mode from Auto to GPON, per FS.com’s official configuration guide:
WAN Configuration → PON Mode → GPON
Let it reboot.
Log back into the web console and go to ONT Authentication:
HWTCxxxxxxxx value from Step 1.Then, over SSH on the stick, set the same identity and persist it. Use your
real HWTCxxxxxxxx serial, and the MAC you want the stick to present (the
AA:BB:CC:DD:EE:FF below is a placeholder):
gccli sys sn HWTCxxxxxxxx; gccli sys mac AA:BB:CC:DD:EE:FF; gccli sys vendorid HWTC; gccli sys save; sync; reboot
After it comes back, open the stick’s status page in the web console and confirm the MAC and ONT authentication are set correctly. Get this right before you touch the fiber - almost every failure later traces back to a wrong value here.
Over in the UDM Pro console, set up the WAN:
Then, in the UDM Pro’s Console Settings, set MSS Clamping to Custom:
1452. (PPPoE eats 8 bytes of MTU overhead - 1500 → 1492 - and clamping the
TCP MSS to 1452 avoids the classic “some sites load, some hang forever” PPPoE
MTU mess.) This is also highly provider dependent, so make sure to check that.
This is the moment of truth. Unplug the optical cable from the Huawei and plug it into the UDM’s stick.
Watch the stick walk up the GPON state machine from O1 (no optical signal) to O5 (registered). Confirm with:
gccli gpon status
Once you’re at O5 and the UDM’s PPPoE session comes up, you’re online - directly, with the Huawei sitting in a drawer.
The golden rule: check the GPON state before you debug anything else. PPPoE and VLAN settings are irrelevant if the stick never registers on the fiber.
On the FS stick:
gccli gpon state; gccli gpon status
You want O5. If you’re not there, don’t waste a second on PPPoE or VLAN yet - work the optical/auth layer first:
That’s it. The Huawei is gone, the UDM Pro terminates fiber and PPPoE on its own, and you’ve got one fewer black box between you and the internet.
I hope this saves the next person a few evenings.