Huawei U2000 – GPON and why VAS Profiles are deprecated

Over the past years, I’ve been involved with many GPON deployments. Most of them with Huawei MA5600T or MA5800 OLT’s and the iManager U2000 as the NMS. In this article, you will read about what I consider a good implementation pattern for the deployments I have designed or was involved with. Specifically, in this article – the ONT provisioning & configuration.

Happy lab

Let’s assume you have built up a lab system, you manually configured everything. Your tests are successful and now you’re thinking about how you’re going to put this all together in production. Your company will deploy thousands of ONTs and therefore you need to eliminate all manual steps in the provisioning process. Buzzword: zero-touch provisioning.

Manage your Network

The iManager U2000 is a fairly nice NMS. Yes, it is a resource hugging bitch, license management is ugly, the client app runs only on Windows and the upgrade procedure towards new versions could be smoother. That being said, it is a powerful tool you have here in front of you. Inventory management, graphical network maps, backup & config automation, fine-grained alarm and fault management with troubleshooting hints and a user privilege management – possible to delegate any task to different admins without giving them too much power, etc. You can basically configure every aspect of our GPON network right from there and with a good visual aid. To some extent, you can even observe equipment from other vendors. Coupled with an extensive SOAP API and a very quick to integrate TL1 interface it does make your life easier.

Configuring your services

As you already know – you need a few things before your ONT is online and ready for the customer:

  • register the ONT on the OLT
  • apply L2 connectivity on the OLT (aka Service-Ports)
  • configure L2/3 connectivity on the ONT (aka WAN-Ports)
  • LAN-Port config, WLAN, SIP, ACL, CATV, …

Value Add?

The latest are considered Value-Added Services and are meant to be configured using those VAS Profiles in the U2000. Divided in General VAS Profiles and VAS Profiles.

Screenshot - VAS-Profile
Screenshot: VAS-Profile

Those profiles are specific to model and software version and that is the reason why you should not use them all together. Newer models can often not be found and you’ll be left with the general VAS Profile – able to configure only generic settings, applicable to all models.

CPE Management

On the bright side, all of the Huawei GPON ONT’s I have configured so far have a good TR-069 client and practically every configuration option is available there. Following the high cohesion, low coupling pattern it is cumbersome to have some of your settings in the VAS Profile and the remaining in your ACS. Additionally, if you factory reset an ONT it needs connectivity to the U2000 and the ACS to grab its configuration.

Going back to what you know and what you need to bring up an ONT – my recommendation for a zero-touch provisioning for GPON ONT’s on Huawei equipment is the following:

Automate it

Register the ONT on the OLT. Either directly on the CLI or by using the TL1 Interface on the U2000. I don’t need to say that you’re going to automate this. You can even use SNMP-TRAPs to listen to newly discovered ONTs.

Configure the Service-Ports and bring up the Management WAN Port. This can also be solely done on the OLT or via the U2000.

Now you need to tell the ONT your ACS Server, either by using DHCP-OPT 43.1 or by using the tr069-server-profile.

All the remaining – WAN-Ports, WLAN, SIP, ACL, CATV, and so on – you’re going to implement in your ACS.


The concept of VAS Profiles is a nice idea which unfortunately got more and more neglected by Huawei. Newer Models like the EchoLife HG8247H or HG8247Q you won’t even find on the list. By using an ACS you have a vendor-independent implementation where you can also manage other devices and have your CPE configuration concentrated in one system. As long as you only use GPON you can even neglect CWMP encryption on the ACS as it is relatively secure from the GPON viewpoint.

If you have questions or a different opinion don’t hesitate and contact us.