So we looked at the things that could happen at your end to make things slower and how you might look to resolve them. Now lets look at what your provider may be doing and what could happen on their network. We will be focusing on Cable and Telephone delivered services here (ADSL/VDSL). For those of you that work on these networks there is a level of simplification here. Yes I know there are other steps but they are of little if any concern to the end customer.

So we have two main categories here to look at. Deliberate decisions by the provider and ones they have no control over.

Deliberate decisions include over subscription, capping, bandwidth management, backhaul insufficiency and under investment. Now if you are going with a low end or monopoly provider all of these are likely to be bigger factors. So lets look at them….

Over subscription, the single biggest cause of slow downs and issues. Bandwidth is a finite resource and despite the technical differences both cable and phone delivered services use the same model with the only difference being where your connection gets merged with the rest. With VDSL and Cable this happens at your local cabinet and ADSL at your exchange. With the latter your connection goes to a local cabinet or mode. Once it’s here it is combined with everyone else’s and send on to providers facility. What you need to note here is that if you use VDSL you’ll be getting stuffed in with everyone else no matter who the provider is unless you are very lucky and use a provider with their own network. From the exchange out to the cabinets and on you you BT Openreach own ALL of this and you are on their network, even if you use Sky, Plustnet or Kcom for example. In some areas its even the case that Virgin traffic flows on these lines. So at this stage for 99% of the UK you are on the Virgin Network or the Openreach network. Each cabinet is normally supplied by a fibre and includes either the Virgin Headend or BT DSLAM. There is another small difference in that smaller Virgin cabinets feed into the “master” cabinets so one Virgin master cabinet may serve thousands of properties. These then connect to the Virgin fibre network and everyone’s traffic gets blasted down the same fibre. A BT DSLAM tends to service around 300 properties.

The backhaul, the fibre that goes to the next stop for your connection, has to carry everything and bandwidth on a fibre is again, finite. Multiple pairs can be used but there is a realistic upper limit on this. Right away you can see that 300 32Mbit connections isn’t going to be the same issue as say, 3000 100Mbit connections. ADSL, although slower, is actually installed at the same location as most BT connections end so it’s less of an issue here. The number of properties you share this fibre with is your contention ratio. This was a headline figure years ago when fibre was slow and many hundreds of ADSL connections were connected to low speed fibre. Nowadays it still plays a huge part but no one mentions it.

This all relies on one really big assumption, all of the customers arent going to be online using all of their bandwidth at once. Traditionally this works well but with the massive uptick in people staying at home or home working, it isn’t working so well and has been a source of constant issues and failure. This is where over subscription, selling connections based on a theoretical traffic model rather than actual traffic comes in. Virgin has way more scope to add users past what is sensible than Openreach as the DSLAM units are physically restricted in terms of connections.

One way providers try and manage this is use of traffic or bandwidth management. Although your connection speed doesn’t slow, the provider artificially slows the traffic on your connection to free up more bandwidth. This is a process many use and has drawn a lot of bad press. Thankfully it is falling out of favour. Lower cost providers or those with heavily congested networks often resort to this. As the data has to be paid for by the provider to BT many will use this as a cost reducing exercise. Incidentally traffic management is also VERY common on 3.5G and 4G mobile networks. As an end user this will show up as loss of performance despite your connection showing a normal speed. This will often happen at the same time every day and most end any management after midnight.

Under investment is the last part. All carriers are guilty of this one. Much of the network is old and in some cases bits of the Openreach network just cant support the speeds people want, this is particular bad on some industrial sites where older aluminium cables are installed. Large chunks of the Virgin network are as Nynex/Videotron/CW left them in the early 90s and this leads to some of the issues we will look at next.

External Forces

There are any number of things that can cause issues on the network of providers. Some obvious, some less so. There are of course the really obvious ones, damage to infrastructure from road works, road traffic accidents, tress and lightning and to be fair, there is little anyone can actually do about these. It wasn’t long ago our local FTTC cabinet was flattened by a car.

The cable network is pretty resilient, it’s almost exclusively underground and bar someone taking a cabinet or cable out its rare to have issues related to weather. Most cables in the network are point to point, so your cable goes to the cabinet in one go meaning its a long, uninterrupted run. Phone lines however run all over the place, the infrastructure is often quite old and lines are frequently merged and connected underground or in exposed locations leading to frequent issues with water ingress and/or flooding. Failing cables overhead can cause issues in winds and in icing conditions and are frequently treated to lightning strikes. Flooded ducts and open junction boxes are common causes of issues and the sight of an Openreach engineer in a cabinet or up a pole strikes fear into many customers.

Some sections of the Openreach network do use microwave links. Mostly these are remote villages or locations it’s hard to get fibre to. These installations can be affected by the weather in particular heavy rain, snow and fog.

Possibly one of the biggest complaints I hear and often the provider isn’t to blame or a simple change of equipment is all you need. So lets look at things you can do to help, how to narrow down issues and why they may happen.

This covers the issues you have control of, if you want to see what your provider may be doing to cause it click here…

Before we go anywhere remember, faults can and do happen. How often and how long for is directly related to your bill. Our Leased lines cost a fortune but in the time we have had them we have had one outage in three years which lasted minutes. Don’t expect to pay bargain basement prices and get good service, that’s not how it works.

WiFi

That out of the way lets look at the most common issue: WiFi
Almost all of t he issues I see are caused by WiFi. Either bad equipment, poor setup and unrealistic expectations. If you are having speed issues the very first thing you need to do is rule out the WiFi connection. Connect to the router with a cable, if you are using a laptop, turn the WiFi off on the machine, some machines will STILL use WiFi even if cabled (I’m looking at you here HP). Re-run your speed tests and if all is well, you have WiFi issues. If not, something deeper is going on. for at least half of people that have issues this will solve the issue.

So what are the possible causes. First and foremost, the router may just be pants. There are a lot of very unrealistic claims put out by many providers about their kit. At the end of the day these were all built by the lowest bidder with little QA or actual verification of the claims. A number of times providers have been told by the ASA they need to prove this and have been unable to. Dont beleive the hype. For example one of the larger providers touts their router as being the best in the world, able to solve world hunger and cure cancer in rats. Sad fact of the matter is that not only is it garbage, but it can actually slow other people’s connections arounf you down which brings us on to:

Congestion. The radio waves are not an infinite resource. You have to share a relativeley small amount of radio spectrum with everyone else. The most commonly used band at 2.4Ghz is quite small with only 11 channels. Given the distance WiFi can go thats normally enough but in dense housing you may have a problem. This is made worse by many supplier routers being fixed to one of those 11 channels by default and in the case of one of the larger suppliers, the router using up to 4 channels in one hit. That 11 channels doesn’t go so far with this happening. To make it worse. Microwave Ovens, Wireless AV, DECT cordless phones, Bluetooth, radio control and many, many other things.

The location of your router can make things worse with regards to interferance, especially with cheaper units. Site the router away from any of the above items and one of the most common trouble makers here is the DECT cordless phone sat on the top of the router. It needs to be at least 3ft from the router.

5Ghz WiFi can reduce a lot of this but that band also has some big users meaning that its not immune, although there are less things up here at the moment it IS affected by some doppler and fire control radars making it a little hit and miss around military installations and airfields

There are many apps available for mobiles that enable you to see channel use in relation to your router and if you know how, you can fix your router on clear channels. If your provider use your router to broadcast a free network for your provider’s customers to use, you can ask for this to be turned off (Virgin and BT do this by default!) Sometimes a channel change is all that’s needed.

Obstruction is another issue. WiFi does not penetrate well, especially metal or materials containing moisture. Adding repeaters or moving your router can help but a repeater may be the best bet. The 2.4 and 5Ghz bands behave differently. Although both are affected by metal 2.4Ghz gives better distance where as 5Ghz scatters better and gives better connections close in. Many routers use both to get better coverage.

Often overlooked is the capability of the router. Many broadand connections are capable of well over 100Mbit and many routers top out at 54Mbit. This was a particular concern for some BT Homehubs where the WiFi cannot match the broadband speed. Replacing an older router may help and you have to remeber, once again, that your connection id not only shared by you and your household but by every device and router in range on that channel.

The Router

We have touched on this already above, sometime it’s just time to upgrade the equipment. Your provider will sometimes do this but in most cases it is easy enough to do yourself and you’ll get better equipment this way. Quite often as technology advances lines get the new technology but the old equipment can’t support it and so you never see the gain. Vectoring being deployed by BT is a good example of this. Very few routers including their own support this yet it is being enabled on many lines and gives more stable connections and in some cases better speed. G.Fast is another example. There are still DOCSIS 2 modems out there on the virgin network that top out at 10Mbit despite Virgin no longer offering a service that slow.

Supplier routers are normally ‘just good enough’ often with just enough processing power to get the job done and no more. On top of this some kit is bugged and crippled out the box. The Virgin Superhubs are infamous for having a serious bug that couldn’t be fixed. When you get down to the very low end routers they can be truly awful.

A router issue will show up with a poor speed result regardless of what you do, even direct cable connection. Its always worth rebooting the router before you go any further and leave it off for at least 5 mins before powering back up. If you still have issues then you have one last thing to look at, the line.

Sadly not all broadband services are created equal. With ADSL, VDSL (Also incorrectly called Fibre) and 4G you have the option to change your router. Some providers don’t like this but you are free to do it and in almost every case, even where there is no problem this will result in an improvement. If you are on a cable connection though you have less control and you must used the supplied router. All is not lost though, most of not all support being used as a modem, turning off the router side of things and then you can use most types of commonly available broadband router. The same can be done with most satellite providers, however as a rule the supplied routers are normally actually pretty good and rarely a source of trouble.

The Lines

This is different depending on your provider.
For cable all you can do is look for loose connections. The F connectors used can work loose. Check the box outside and make sure the cover is on. Thats about all you can do.

For full fibre, you are in the same boat. Check the cables for damage and make sure they are secure.

For ADSL and VDSL youc an do a little more. The first thing your provider will ask you to do is disconnect everything except the modem. If you have a BT type socket you can remove the lower half of the face place on the NTE5C sockets with a built in filter. This leaves your modem as the only thing connected. If this helps, you have an issue in the house and more likeley than not a bad or missing microfilter. They do actually fail believe it or not! On the older sockets you can remove that plate and plug your microfilter right into the socket behind it. Likewise if this helps you have an issue in the house. Now Openreach will do this same test for your provider. If THEY find this solves the issue you’ll be charged for the call out so its good to do this if you can.

If it’s still no good the odds are you have a line problem and you need to speak to your Provider.

This is hopefully a quick guide to get you out of a hole with the old, free O365 offer BT did. Neither MS or BT will be helpful with this BUT if you can make it to second line support, you do get the answer. Neither online chat/WhatsApp or basic business support will be able to help and you’ll often end up getting the run around.

You can *try* to ask MS to remove the account, I’ve tried numerous avenues to make this happen, none even got a response even those suggested by our O365 partner. Its also been suggested invoking right to be forgotten may be helpful but I’m not sure how that applies here.

If you have an on site exchange server you *may* have had random password warnings after an Outlook patch a few months ago, I think I covered this elsewhere but it does serve as a warning you *may* be about to run into this issue.

This will only work if you can still log into the BT business portal at http://business.bt.com/ Otherwise you’ll need to throw yourselves on their mercy. The portal is painfully slow and I got a fair few HTTP 500 errors. The Ui doesnt seem to refresh that well, this may be Edge as Chrome wouldn’t login at all!

The Scenario:
Customer would like to move to Office 365. Upon setting up the count you find their tenancy can’t be completed as the domain is already used in a tenancy elsewhere. It transpires the customer had a 365 account which is no longer used as part of a BT business package. The above password symptoms can give this away.

The Fix:
Log into http://business.bt.com/
Under “Manage Services” click “Manage Domains”
Click “Manage Email Accounts” to expand it
Find your package, normally “Business Email Lite” and click Manage
Every single account shown on the domain you wish to recover must be removed, this isn’t a quick process. you’ll potentially have issues with the Primary User. Use the “go back to main hub” link at the bottom liberally as it seems to not always refresh the email list.

Primary User:

*IF* your primary user is not an account on that domain then you are done. The moment the last user of your domain has gone BT will release that domain.

If the user *is* a member of the domain this is where is goes all runny. I’ve not been able to find a way within the broken UI or O365 to do this. You are on the mercy of BT for this step I’m afraid. However if you call them and are clear about what you want and what you are trying to do this will only take a few moments to sort,

If you haven’t already please read part 1

W have our telnet connection up and running, we have the cards initalised and we know why we are here. Next up we need to get the VDSL profiles, line profiles and templates done.

First up we want to force H248 mode. H248 is covered here

protocol support h248

This has been the default so far for the systems I’ve looked at. I’m not overly sure WHAT the repercussions are of not setting this are but this is Huawei’s recommendation for VDSL. We now setup a line profile. When you hear the words “reset your IP profile” this is what is meant. These profiles decide how to handle your line and decide what connection speeds you’ll be allowed. A profile may have a max and min SNR and these are used to calculate what settings to use. We will only be adding one here but you could add multiples or just add them as needs be. The line profile and channel profile go together to make an overall picture of how that line will be handled. Huawei go into this in exhaustive detail here

vdsl line-profile quickadd 3 transmode 1 bitswap 2 2 adapt 2 2 snr 60 0 300 60 0 300 power-management 2 2 255 30 255 3 9 name VDSL LINE PROFILE 2

If you are copy and pasting you may want to pop this into notepad first, copy and pasting long lines *can* include line breaks too.

So what are we doing here? vdsl line-profile quickadd is our command. You *can* use add rather than quickadd and do this interactively. Specifying quickadd a profile number and pressing ? will help you build the line. Most of what’s here can stay as defaults unless you REALLY know what you are doing, the SNR parameters are specified after power-management and using the help system will help you build a different line profile if you know what you need. This line works well with the Huawei white modems and the HomeHub 5 so it follows this is a good setup for UK specific modems. And alternate line looks like :

vdsl line-profile quickadd 3 snr 60 0 300 60 0 300

Which is the one used by Hong Telecom. The first line is from Huawei themselves so I’d stick with that. Next up is the VDSL channel profile…

vdsl channel-profile quickadd 3 path-mode both interleaved-delay 8 2 inp 4 2 rate 128 100000 128 100000 100000 100000 rate-threshold 0 0 0 0 name VDSL CHANNEL PROFILE 3

This one is the profile that’s applied to a line, this is where you apply line rate limits etc. Again you have the option to do this interactively (recomended) or use ? to build the command line but most of what is above will do you. This is going in as profile 3 again there is a lot you should leave be but the rates are specified after the rate keyword. In order these are:

Minimum transmit rate downstream
Minimum reserved transmit rate downstream
Maximum transmit rate downstream
Minimum transmit rate upstream
Minimum reserved transmit rate
Maximum transmit rate upstream

The last bit is to stitch these together into a template….

vdsl line-template quickadd 3 line 3 channel1 3 100 100 name VDSL LINE TEMPLATE 3

Again you have the same two options to do this interactively or be guided. In this case we added template 3 using line template 3, channel template 3. the two numbers control line adaptation and can stay as they are, then lastly we give it a name. The documention does mention alarm profiles however we will stay with the default one for now. We just want these lines up.

We are working with VLAN 1, the default one for ease of use. We now need to make sure our GE and fibre ports are members of VLAN 1, they are by default but it can’t hurt. These are ports 0 and 1 respectively. Bear in mind the SFP port 0 is connected to the GE port so you only have 2 ports here

port vlan 1 0/0 0
port vlan 1 0/0 1

You’ll most likely get a warning about the ports already being members. Now comes the bit that will mess you up, especially if you follow the online examples. Pay careful attention to this next bit.

We mow need to tie each vdsl port to the VLAN we are working with. Here you have the ability to control exactly how traffic will be handled. We could split endpoints into multiple vlans, provide multiple vlans to the endpoint, eg a CCTV and Telephony VLAN and direct these to actual VLANs on the outgoing trunks. A vlan MUST exist and be routed to an external interface before traffic from the remote will flow. Vlan ? will get you started on this part. So our command here is:

service-port 0 vlan 1 vdsl mode ptm 0/1/0 multi-service user-vlan 100

If you want to omit the vlan management (this gave me some issues) use:

service-port 0 vlan 1 vdsl mode ptm 0/2/1

So we are setting up service port 0, you can have 1999 of these so even with the number of channels on this unit you wont run out soon. Our destination vlan is 1, the default vlan and we are in ptm mode. Next is our port ID, we covered this in part one. So we are looking at frame 0, board 1, port 0 here. which is the first VDSL channel on board 1. Multi-service as we want to be able to embed multiple tags. You can ignore this, however if you want to use BT surplus kit or equipment setup for use in the UK you will want to set this. User VLAN specifies the vlan we are going to use.

Many people setting up VDSL modems in the UK will run accross a modem that syncs but no traffic flows. By default *most* UK providers use a VLAN which is why we enabled multi service above and set the VLAN as 101 which is what most use. You can of course set this as anything you want or even not set multi-service at all. By doing so your modems and routers will need to be configured specifically for this setup, the beauty of setting this is that all the off the shelf, cheap/free ISP provided kit will work right off the bat with no modifications especially the white Huawei and ECI modems.

The bad news is you’ll need to do this on a per port basis, have fun with that. Last make damn sure you do

save configuration

If you plug in to that VDSL port now and all is well traffic will be flowing. You’ll note there is no authentication going on here. Generally what would happen is each port gets mapped either to a specific vlan and then this vlan is forwarded to a PPPOE server either in bulk or a per port vlan. Typically a carrier would use per port and something called stacking so that authentication and traffic are unique to each user. In this setup we have done you *could* snoop traffic at an endpoint.

Now there is an issue here I haven’t fixed, I can’t get the second SFP port running. This is do do with working as part of a GPON solution which means there’s only 1Gb or 10Gb of traffic routing here and thats only if your infrastructure is capable of handling 10Gbit. A 10GBit capable card in the firewall itself would be one way to do this but watch your PCI-E bandwidth if you are planning on getting close. 10Gb allows for 100 100Mb channels concurrently, which *should* be enough.

UPDATE

Changing the port mode is stupidly easy. After trying some more things I ended up with a non routing system again, so I dug round, fixed the issue and stumbled on the solution. In my case this did nuke all the settings and it does warn you of this!

port mode 0/0/0 ge

Will put port 0 and the GE port into plain old Gigabit ethernet mode. This is the default. To take 1 out of GPON and into GE just do:

port mode 0/0/1 ge

Port now will happily play with a normal SFP now. Dont forget to save!

We recently managed to get hold of one of these units and the power supply unit for it. Although the power supply is pretty simple to get setup the DSLAM itself is a little bit more complex.

We have had issues and concerns with the older Versa DSLAMs we use. We simply aren’t getting the reach we are expecting even on brand new cable and though on paper these seem flexible the command interface is horrid and it seems getting them working is more dumb luck. On two events we have places that on paper, should not be an issue, but in practice we were struggling at the 1km mark to get anything where on paper we should have been around the 30Mbit range. We may have been able to work on this a bit by forcing the use of lower line speed profiles but the Versa dosnt make this easy. On top of this we found we had to disable 17a due to crosstalk issues. VDSL2 was ratified in 2005 which is pretty close to the manufacture date of these units which may mean there are protocol oddities here.

So in comes the Huawei SmartMX. We got this unit complete for a good price along with most of the kit. Because we are suspicious we checked the serial numbers with Huawei and all good. At this early juncture they were helpful and the documentation is concise and the staff helpful. Versa were right up to the point they realised they were not going to get any more sales. The support team walked me through a full factory reset to clear the passwords on the unit and they did ask me NOT to share this part, sorry guys. The info is out there though and if you ask the support team they will tell you. I’m guessing this is a result of the high retail value of these units and the fact there are thousands of these in poorly protected street cabinets.

Our unit came with the CCUE card, which is the top dog in terms of management cards and two H835VDSH cards and a DC PSU. We got the SMU01b unit with this which gives AC to DC, environment monitoring and support for 48V of battery power.

The H835VDSH cards are 24 channel VDSL2 boards. These have no on board splitter or pass through port so you’ll need to provide the splitter elsewhere. Annoyingly they use 64 way telco connectors rather than 50 and these can be a dog to find, expect to make up your own leads and note that the pairing is NOT the standard used on 50 ways! We wanted VDSL2 with Vectoring so a search found us two H83BVCLF boards for the right money. These don’t have splitters either but we can work round that.

Vectoring allows higher throughput as a result of less crosstalk. Draytek have a write up here :
https://www.draytek.co.uk/support/guides/kb-what-is-vdsl-vectoring-sra-and-ginp about what this is. In our case the environments are often VERY noisy electrically split accross phases, multiple generators and run in large copper backbones. Vectoring should help us here, a LOT.

So off we go and the first thing we run in to is that all the config guides are aimed at use in FTTC networks,. There is little or no allowance for using it as *just* a bridge in the examples. The unit can do it but everything is overly complicated. Connect up to the console port with a Cisco cable at 9600 baud. And now bring on the pain. This console is beyond awful. dont even think about using backspace 🙂 Its also slow and easy to out-type where it’ll just drop chars. So we want to improve this as fast as we can.

First up login and do the following. If your system is defaulted you might not want to do this but it cant hurt. The default user is root with the password mduadmin. Once logged in..

enable
erase configuration

It will prompt you if this is right and then go on to reboot. Thsi means you have a nice clean canvas. This does NOT erase the management interface settings, this is possibly deliberate so the whole thing can still be setup remotely. Let’s get that management interface sorted, login again..

enable
config
interface meth0
ip address <desired ip> 24

Obviously <desired ip> should match what you want to use IP address wise. Now if this is all you are doing then quit and save. Make sure the ‘ETH’ port is connected to your Lan and for simplicity connect the GE port too.

quit
save configuration

If you find the interface is already setup you’ll need to change the settings/ after typing interface meth0 you can press ? for help with this. Once you get your head round how the system goes together its pretty easy. Now, logout of the console by typing quit till you get to a login prompt. this is important as it’ll only allow one session. You should be able to telnet into the unit at the IP you set and we are off. It doesn’t solve the awful terminal setup but it stops the dropped chars. There may be a solution for this via serial as Huawei do give some very specific serial settings that they suggest.

We have three boards, the two VCLF boards and one VDSH. The system organises things into frame/slot/port. We only have one frome here so thats always 0/. Slot wise, 0 is the CCUE, 1 is the top slot, 4 is the bottom and 5 is the PSU. So we have:

CCUE = 0/0
VCLF = 0/1
VCLF = 0/2
VDSH= 0/3
PDVA = 0/5

0/4 has nothing in it. This may be different depending on your cards. Each board must be confirmed except 0/0 to enable it, so we need to do this for each board we have

board confirm 0/1
board confirm 0/2
board confirm 0/3

Once you’ve done this try:

display board 0

You should see something like:

  ---------------------------------------------------------------------
  SlotID  BoardName  Status           SubType0 SubType1  Online/Offline
  --------------------------------------------------------------------
  0       H831CCUE   Active_normal    UP2A
  1       H83BVCLF   Normal
  2       H83BVCLF   Normal
  3       H835VDSH   Normal
  4
  5       H832PDVA   Normal
  --------------------------------------------------------------------

Now if all says normal we are good and we can start the setup. you’ll want part 2 for that..

Any of you interested in a free trial of VOIPFone can use the link below. You get a free trial of the system and I get a little something if you decide to use it.

We use VOIPFone now for most of our installs. they offer the best combination of flexibility and features for us. Where events frequently use large numbers of lines then go dormant for the rest of the year we can park and manage numbers without issues. The system also works flawlessly with Freepbx and out own fork and the mobile app gives a level of redundancy if a site goes ofline.

Voipfone 30 day Free Trial

Well its been a manic few months and what a ride. Amongst the chos we had to bump our “scratch” host up to PHP7. This host is used for things that arent important in the scheme of things. This had two side effects:

1. The Facebook plugin for WP had a meltdown over the upgrade knocking this site offline
2. People actually noticed this, in fact a few people did, I didnt actually think anyone bothered with this much!

Running into event season as it were we HAD to sort out the main site first, then we simply ran out of time to sort out the extra bits on the scratch server. Its all gone quiet now and we have moved this sit to the main host as it IS getting traffic and does aparently provide a good resource, and all is well…ish!

This host can’t send email, well not of yet, that will get fixed in the next few days. So if you do tag any articles etc I won’t see them till I log in. Same with user accounts.

The PHP issue stil lives on, this is an older version of PHP, mainly as the old website needed it. The new one doesnt even use PHP yet so at some point it’ll get upgraded too, the hope is I can bump wordpress up a few versions to solve the compatibility problems, pull the FB plugin then upgrade the lot.

Moving on it’s good to see that this site IS getting hits and it is helping people out. That’s exactly why it exists. I do have a youtube channel ad although it’s VERY early days, you’ll find it here : https://www.youtube.com/channel/UCDGHnpD1qx3flLZH4O-jlGA

R

This document is aimed squarely at the Vodafone incarnation of this phone. This *may* work with other providers. You will possibly want to look at the SPA504 wipe procedure as its a similar process in more detail.

We have recently ended up with a load of these phones to go into my event stock. I was offered these at a daft price with no history. As these have WiFi they are VERY handy. They can be paired up with a 5V battery supply and they are instantly seriously useful at an event. After my experiences with the SPA504’s I wasn’t too worried and indeed when I flashed them up I was able to factory reset them all without any bother. Awesome….or so I thought.

Fast forward to today and I want to start getting these setup. I pop into the web interface, asked for a login, so enter the default (admin, no password) and get thrown out. Bum! Tried a few defaults, nothing. This doesn’t look so good all of a sudden. A quick look at the UI and the firmware customization is set to Vodafone…uh oh…this is feeling familiar. I can get to the firmware update screen though so I’ll blow the firmware away… no, that didn’t help either, arse! I’ve spent money on stands for this lot so I’d really like them working.

Off we go to Google, and we find dozens of threads on this, ok this isn’t looking great. So let’s do some sniffing, maybe the 504 process works…

On boot the phone is trying to pull the config off of the damn firewall, ok, this is odd, maybe my fault, but its not helpful, of all the places you don’t want a TFTP server your firewall is WAY up the list. I also then spotted it tried to go out to ctprov.ctukprod.ims.vodafone.pt in particular it’s after http://ctprov.ctukprod.ims.vodafone.pt/vfuk/base/ciscoSpa525g2.xml. A quick browse and it seems Vodafone have used a bit more intelligence than Gamma. Although the phone gets a response from the server I don’t with a browser, I’ll bet they are looking at user agent strings or there is more to it than that URL, either way I don’t care at this point as I know what file is needed.

A quick google finds a template config file which I will link below. The file was saved onto a handy web server so that it gave us http://192.168.223.3/vfuk/base/ciscoSpa525g2.xml (I’m not fussy about internal IP secrecy). You’d need to provide that tree though for this to work, the IP address we are going to fudge in a second.

As with most of our sites we use PF or SmoothWall, so this bit is easy. You need to be able to create a DNS override, some routers allow this but most basic units don’t. ctprov.ctukprod.ims.vodafone.pt was pointed to our web server with an override so the phone now gets our web server’s IP and not the provisioning server. A reboot of the phone and it started up, still locked, asked the web server for the file ( tail -f /var/log/httpd/access.log on most systems) and rebooted again. This is a Cisco product, this means nothing until tested. Upon reboot nothing has changed, this doesn’t feel great at this stage so I fire up the web UI….and the password has gone. We are in, the phones are useful again.

Now there is a Caveat here. I’ve not really played with the phones much. I don’t know for sure they won’t revert if that DNS fudge is removed, eg if they are plugged in elsewhere. However the web UI has a lot of options to stop auto provisioning so you *SHOULD* be able to stop it undoing your hard work. Of course if you want to provision these phones from a central location you’ll need to dig deeper.

You can find an example config file here which is what I used with no changes.

UPDATE:
Since posting this I have found out that these will partially revert to locked if allowed out in the big wide world. There are three fixes…
1) Block 85.205.252.214 at the firewall, or better still block the whole /24
2) Block port 80 from your IP phones getting to the outside world
3) in the UI, go to advanced mode, Provisioning tab and turn off “Provision Enable”

Which one you use is up to you, they all work.

This is a slightly more in depth look into the realities and legalities of using surplus TETRA kit in the united Kingdom. This deals ONLY with commercial use and not use by Radio Amateurs. Much of this applies to HAM use but there are a few exceptions where you CAN use these radios. However as is made clear in your licence you may not do so for commercial use.

The information in here is sourced either from other sites (I’ll try and link these in) or direct from OFCOM. Remeber before trying to argue the toss that it is actually OFCOM that has the final say.

And of course the caveat. I am not a lawyer, I don’t know your kit, I don’t know where it came from or how you intend to use it. This is a GUIDE only and nothing more. At the end of the day it is your responsibility alone, not mine, not the vendor who sold you the kit, to make sure what you are doing is legal and complies with the terms of your licence.

A little about licences…

In the original post I didn’t cover this at all, this lead to some confusion. You’ll likeley already have a business licence or be thinking about one. You’ll be looking at one of a number of options…
* Simple Light
* Simple Site
* Technically Assigned
* Area Defined
Suppliers Light is a very different kettle of fish but as a rule it doesnt get around the limitations discussed here. It buys you some more wiggle room but there are other restrictions.

Technically assigned and Area defined have changed a little and are seriously expensive if you start going mad. For the purpose of this I’ll be concentrating on the first two, that’s what the majority have and to be fair, if you have THAT much money to throw around on technically assigned or area defined there are some more avenues open to you.

There is one other avenue that makes this whole article moot. It is possible to obtain permission to access the Airwave network. For emergency organisations you may apply as a few have done including The Red Cross. However as a commercial entity allow a suitably large sum for network access and then per handset. It’s unknown if Airwave allow the use of your own equipment.

Your licence will give you more guidance, however typically you’ll get the following conditions: (Ive omitted bands that are of no interest)

Simple Light (Or just Simple)
Maximum ERP of 5W
No use of Base Stations
5 Allocations in the Low band (77.6875 – 86.3750)
7 Allocations in the VHF Band (164.0500 – 173.0875)
3 Allocations in the UHF Band (449.1325 – 449.4750)

Simple Site
Maximum ERP of 2W
Use of Base stations subject to above ERP Limit
16 Allocations in the VHF Band limited to .02W (159.63750-164.2000)
17 Allocations in the UHF Band (459.0500 to 459.47500)

Licence Free Bands

There is also a licence free band called PMR466 we need to bear in mind. The controls on what is allowed in this band are very strict. The band runs from 446.000 to 446.200 as twelve channels and another groups below this at 434.040 to 434.790. The requirements for this are availabe in some detail here, but one thing for our purposes is very important; “PMR446 users are reminded that their radios are only licence-exempt if they are built and operated within the conditions of the exemption regulations.” So this automatically rules out the use of ANY TETRA handset in this band. That was easy, no ifs, buts, just don’t! The details on this are here

Tetra Bands

Sepura and Simoco, the guys that started this decided that rather than this messy LF/HF/VLF/UHF/VHF mess they would use a simple two letter identifier to identify what bands their devices can use. If you check the model of your radio online it’ll give you what the capabilities are. You can sometimes also identify this from the hardware code where it’ll be the forth and fifth letters. The bands are as follows:

TG – 400-433Mhz
TL – 368-400Mhz
TN – 380-414Mhz
TR – 350-372Mhz
UO – 440-473Mhz
XB – 851-870Mhz
TZ – 410-430Mhz
TS – 370-400Mhz
TW – 380-430Mhz
TT – 380-400Mhz
UW – 407.473Mhz

So a quick look and we can write most ot his lot off right away. The Lowest we are realistically going to go on our licences is 449MHz. This means we are looking at UO or UW. Hams can in theory get away on the extreme edge of TZ and TW and a Technically assigned is possible to, but this is the extreme limit of the radio and a bad idea.

This is where it starts to really go wrong. Let’s look at what lives in those bands, you can look yourself here.

368-406 is pretty much all MOD, you REALLY don’t want to be in here!
406-430 is a mixed bag but mostly MOD.
UK Airwave allocation starts at about 380Mhz up to around 410. Dolphin had allocations in 425-430 and there are some D700 and D1700s still kicking about! All of this is in MOD space and “leased” to Airwave.
430 is Amateur (70cm) band. You don’t want to be here, if anything if you start upsetting Amateurs you are MORE likely to get caught!
There are more Tetra channels splattered about above here used by Connect (TFL) then into the licenced bands above. PMR466 on top and then we run out of band for all but XB. For giggles, XB is mostly pagers and Mobile phones.

So frequency wise, you have UO and UW as your options. The use of ANYTHING else simply isnt legal. UW sets are few and far between, I’ve never even seen a UO set. Almost everything on the market is TZ or TW and there is no way you can legally use these, no way, no how UNLESS you have specific permission from Airwave or Connect.

Caveat – As mentioned there ARE some Technically assigned frequences around 430Mhz, these are limited, first come first serve and expensive. You are also right on the radio’s limit so it’s really not recommended.

UK Back to back, DMO, TG1, Licence Free ETC

We’ve seen these mentioned a few times by sellers implying that you can use the radios they are selling exempt. The only exempt band in range of the frequency sets we have found legal to use specifically forbids the use of equipment not specifically designed for it. Even if it didnt the power of most TETRA sets is way over the allowed limit and they breach the band use conditions in other ways. Simply put, there is NO WAY to use these licence free.

Why Bother?

So you have found some UO/UW sets, you are thinking about buying them, why?! There is no good use case for these on the licences we have covered. If we assume you have a Simple licence you can’t have base stations, that in itself removes the big reason for using TETRA handsets.

The handsets are designed to be used in range or a repeater in a vehicle or reasonable range of a relay/base unit. These are scattered all over the country and the radios can use any nearby vehicle base to jump onto the network. This leads to the second issue. You cant use any bases or repeaters so you are stuck with the handset’s output. Looking at one of the most common radios, the MTH800 we run into an issue. The rated power of this radio tops out at 1.8W with most running at just 1W. Although thats in the realms of your maximum for a Simple Site licence its significantly less than you can do on a Simple Licence. A quick search throws up ONE UW handset, the STP8040 which likewise tops out at 1.8W at £250 + £30 shipping from overseas. In comparison a good DMR (Motorola) can be had for under £100 from the UK and gives you 5W of RF power and the same security or more. Without a TEA module you can’t use the encryption feature of the handsets, that means your voice is transmitted as PCM data which is trivial to recover with a £30 USB dongle and a laptop. Most DMR radios CAN encrypt data properly.

Finally TETRA is built around the ability to pass data around the network, trunk out to the phone network and proivide many other features you just cant use without a full blown network, it’s not JUST a radio system. The use case for these is poor to say the least. In fact for the cost of that one handset you could have four good quality, solid analog units.

DCS/DMO/CTCSS and TETRA

Tetra and its relative MPT1327 assume exclusive use of a channel. The systems work differently but neither of them play well with other channel users. As part of your licence you have a duty to minimise disruption and the use of CTCSS, DCS or DMR codes is mandatory. We routineley run into whole swathes of spectrum rendered unsuable due to people not doing this. Where the majority of your transmission is data (as is the case with both) you’ll often cause the decoders on on the radios of other users to open meaning they get a blast of your data. It also means your radios will be unable to mitigate a congested channel properly so as well as driving other users up the wall there is no gurantee your radios will even work (Especially true of the MPT1327 control channel)

Legalities of Sale

If you are selling a TETRA radio with an active TEA and valid Airwave programming you are comitting a criminal offence, one that is highly likeley going to result in jail time. Most of these devices are trackable and if they have registered on the airwave network then they know where it is already. If you happen to end up with one of these units as a result of a surplus stock purchase or auction you need to contact Airwave imediately. Turn the radio off and call them. In the event you find one laying about dial 101 and arrange to hand it in. Don’t be tempted to use it.

Things go a bit grey after this. OFCOM don’t care about the sale of these devices and by selling of buying one you arent committing any specific criminal offence although the guide linked below does open the question of aiding and abetting the committing of an offence. It would be questionable in the eyes of Trading Standards were you to sell one intending it to be used, especially if passed off as licence free or legal to use. OFCOM have ben quite open about working with Trading Standards on this issue. The best bet here is speak to OFCOM, if they can be used they should be able to tell you, if not your only real option is to sell them as non working film props or if you are lucky enough to have the right ones, to Radio Amateurs.

What’s the Risk?

First up there is the side effects of actually using these radios on frequencies you shouldn’t. There is the obvious risk that you may cause interference. For some users that is going to cause annoyance and disruption and will in time lead to the issue being referred to OFCOM. However in more serious cases you may disrupt the Airwave network or Military comms in the local area, the potential is there to cause serious damage or loss of life.

Secondly, a lot of this spectrum lies within the MOD’s remit. The MOD are notorious for their lack of sense of humour when it comes to their spectrum space. I personally have experienced this as a result of pointing a Band C doppler radar in the wrong direction. They are very proficient at tracking down the cause of issues and making it stop. This at the very least is going to involve you doing a LOT of explaining before the decision is made to charge you or hand you over to OFCOM. Disrupting Military coms is a very bad idea!

And Thirdly there is OFCOM. They are well aware this equipment is out there and being used illegally. Officially you are likely to be looking at a large fine and the loss of your equipment, often the fine is based on the amount of illegal kit in use. However there is no upper limit and up to two years jail time is also on the table. At the time of writing there have been three local seizures of non compliant TETRA Equipment with 5 digit fines involved.

You have been warned!

Links

Sepura Bands

OFCOM: Radio Spectrum and The Law

OFCOM: Business Radio Licencing

We just came into posession of a number of these phones. They are bulky but the layout is nice and clean, they are solid and it would be nice to use them. As with many Avaya sets these are setup for h232 so we need to get these on SIP and programmed. Thankfully Avaya still have the files available so let’s get going…. This will be quick and dirty as its more an aide memoir for each step.

You’ll need a HTTP server at the least and control over the DHCP server. Our Lab is FreePBX and PFSense so this is easy for us.

So first up, reset the phone to defaults. The default password is “CRAFT” but if your phones have another set you may need to do some digging on how to wipe these. I have reset over 100 of these in the last few days and no one had a non default password so the odds are good.

Power up the phone (We used POE) and wait for the DHCP prompt. Hit * and enter the password above (27238). Select clear and let it reboot.  You’ll need to go back into that menu again and scroll down to “SIG”. Change from Default to SIP.

If you are doing just one phone…

Go into ADDR and set the http server to the IP of your web server and then exit and let it reboot (Again), you should now get an error on the phone, “HTTP: 1 -401”. On your web server in the error log you’ll see something like :  [Tue Mar 12 11:54:54 2019] [error] [client 192.168.223.133] File does not exist: /var/www/html/96xxupgrade.txt

If you have a few to do you can use DHCP option 242. Set it as type string and pop in your HTTP server address and some vlan info as follows:

L2Q=1,L2QVLAN=0,VLANTEST=0, HTTPSRVR=<youserverip>,HTTPDIR=/<httpdir>/

Now it DOES seem if doing things this way you CAN specify a directory (see below for why I mention it) and this does work, I’ve verified it. Having made the procedure below work I had a large number of these to do and I was buggered if I was doing them all by hand.

You’ll now need to upload the contents of the firmware from ftp://ftp.avaya.com/incoming/Up1cku9/tsoweb/9600/05152017/96xx-IPT-SIP-R2_6_17-172303.zip

There seems to be no way to tell it where to look on the server doing it manually so sadly, this is going into your web server root unless you use DHCP option 242 as above. It may be possible to to clean this up with virtual hosts of you are so inclined. In my case I took out all the languages I didn’t need.

Either method, you now need to reboot the phone and it should trundle off and update itself. This can take a while and the phone may seem it has died or gotten stuck, be patient. It’ll reboot a few times.  Once it boots the UI is noticeably different, you’ll getr a complaint about no call server and it’ll go into a boot loop. Press the program key when offered to break the loop.

You’ll now need to sort out a settings file. Create the file 46xxsettings.txt in the same location as the other files you uploaded. Pop the contents below in this file BUT make sure you edit things to reflect your setup…

SET DNSSRVR 8.8.8.8
SET DOMAIN <SIP SERVER IP>
SET SIPDOMAIN <SIP SERVER IP>
SET SIPPORT 5160
SET SIP_CONTROLLER_LIST <SIP SERVER IP>:5160;transport=tcp
SET SIPREGPROXYPOLICY alternate
SET CONFIG_SERVER_SECURE_MODE 0
SET SIPPROXYSRVR <SIP SERVER IP>
SET SIPSIGNAL 1
SET SIP_PORT_SECURE 5161
SET ENABLE_AVAYA_ENVIRONMENT 0
SET DIALPLAN [2-8]xxx|91xxxxxxxxxx|9[2-9]xxxxxxxxx
SET PHNNUMOFSA 4
SET SNTPSRVR <NTP SERVER IP>
SET GMTOFFSET -5:00
SET DSTOFFSET 1
SET DSTSTART 2SunMar2L
SET DSTSTOP 1SunNov2L
SET DISPLAY_NAME_NUMBER 1
SET SIG 2
SET HTTPSRVR <HTTP SERVER IP>
SET MSGNUM *97
SET ENABLE_EARLY_MEDIA 1
SET RTP_PORT_LOW 10001
SET RTP_PORT_RANGE 9999
SET SIG_PORT_LOW 5160
SET SIG_PORT_RANGE 1

Note the port, 5160! If you are using CHAN_SIP exclusively or its an older freepbx change this to 5060. If you are on a newer install you’ll need this set to 5160 if PJSIP is your primary channel driver. This is yet another device in the LONG list of things that just don’t play ball with PJSIP. If anyone can make it play please let me know but for now it seems its yet another thing that’s been broken.

Regardless of which port you use, you’ll need to enable TCP for CHAN_SIP. I was able to make this work with UDP, however it was acting up, a little digging shows that this is known to be an issue.

Restart the phone and you *should* get prompted for your username (Extension number) and Password (Secret)

Log in and you should be good.

There is one really handy feature with these, press the menu button and you can logout… this make these phones potentially useful for hotdesking!

Now there are a few other things you can mess with , the settings file is dealt with in depth in a few locations, https://www.3cx.com/community/threads/avaya-96xx-9620-phones.11168/ does have a pile of info on these. There are some known limitations and you can make things play ball a little better if you don’t mind recompiling your freepbx instance, this is covered here: https://community.freepbx.org/t/avaya-96×1-extended-features/40543

DHCP Options are covered here : https://downloads.avaya.com/css/P8/documents/003876932