TR-069 explained : the management protocol for fiber CPEs
Contents
Do you manage a fleet of fiber ONUs, operator boxes or 4G/5G CPEs ? Without a remote management tool, every installation, every firmware update, every diagnostic becomes an on-site visit. At 200+ devices, that is economically unsustainable.
Since 2004, TR-069 (also called CWMP — CPE WAN Management Protocol) has standardized remote management. French operators (Orange, SFR, Bouygues, Free) use it to drive tens of millions of boxes. POL integrators and RIPs rely on TR-069 to industrialize their deployments. This guide explains the protocol, its functions and why it is an invisible pillar of modern FTTH.
What is TR-069 / CWMP ?
TR-069 (Technical Report 069) is a specification published in 2004 by the Broadband Forum. It defines a bidirectional communication protocol between :
- A CPE (Customer Premises Equipment) : ONU, HGU, router, fiber box, 4G/5G CPE, IPTV STB
- An ACS (Auto-Configuration Server) : centralized operator server
The protocol relies on CWMP (CPE WAN Management Protocol) for application-level communication. It carries RPCs (Remote Procedure Calls) in SOAP/XML over HTTPS. The CPE usually initiates the session, according to a configurable period (periodic inform).
Key features
1. Auto-configuration and provisioning
On first connection, the CPE contacts the ACS and receives :
- Its service identity (LOID, SLID, line number)
- The Internet/VoIP/TV multicast VLANs
- The PPPoE or IPoE credentials
- The default WiFi configuration
- The QoS profiles
Result : zero-touch provisioning. The user plugs in the ONU, everything works in 2-3 minutes without intervention.
2. Firmware update management
The ACS detects the firmware version of each CPE and can trigger mass or targeted updates. Typical cases :
- Fixing a critical security flaw (CVE)
- Adding a new service (HD VoIP, 4K TV, WiFi 6E)
- Fixing a hardware bug identified in production
3. Monitoring and supervision
The ACS continuously monitors :
- PON link status (optical power, errors)
- WiFi metrics (SNR, connected clients, channels)
- Traffic statistics
- CPU temperature, uptime
- Alarms reported by the CPE
4. Remote diagnostics and troubleshooting
On ACS instruction, the CPE runs tests (Ping, Traceroute, bandwidth test) and returns the results. Operator support can diagnose 80% of faults without an on-site visit. Examples of diagnostics :
- Connectivity to the OLT and the DHCP server
- Effective bandwidth to the backbone
- Optical signal quality (ONU → OLT)
- WiFi load and interference
5. Remote reboot and reset
The ACS can reboot or reset a CPE remotely, useful for :
- Resolving a simple issue (black screen, missing WiFi)
- Forcing the application of a new configuration
- Resetting a CPE at the end of a customer contract
ACS / CPE architecture
| Element | Role |
|---|---|
| ACS (Auto-Configuration Server) | Central operator server that manages all CPEs |
| CPE (Customer Premises Equipment) | Subscriber-side equipment : ONU, HGU, 4G/5G CPE, STB |
| CWMP (CPE WAN Management Protocol) | SOAP/XML application protocol |
| Transport | HTTPS (TLS 1.2/1.3) on port 7547 by default |
| Authentication | HTTP Digest + TLS certificates |
| Data Model | TR-181 (successor to TR-098 / TR-106) |
| Sequences | Inform (CPE → ACS), then the ACS sends RPCs |
A production ACS typically manages 100,000 to several million CPEs. It is critical operator infrastructure, with a 99.99% SLA.
Operational benefits
- Installation without intervention : zero-touch provisioning. Support drops off the CPE, the customer plugs it in, it works.
- Drastic reduction in support costs : 80% of faults resolved remotely
- Security : security updates deployed across the whole fleet within days
- Quality of service : continuous monitoring detects anomalies before the user calls
- New services : remote activation of paid options (speed upgrade, premium TV, HD VoIP)
- Consistency : uniform configurations across millions of devices
- Standardization : multi-vendor — a single ACS manages V-SOL, Huawei, Nokia, ZTE ONUs, etc.
Elfcam ACS (TR069-VACS)
For POL integrators, alternative operators and RIPs, Elfcam offers TR069-VACS, an ACS software specialized in managing ONUs :
- Flexible deployment : cloud, on-premise (Windows/Linux), hybrid
- Unified management : all V-SOL devices (HGU, SFU, PoE ONU) and TR-069-compatible equipment
- Rights- and domain-based management : delegation for multi-site integrators
- Batch configuration : reusable templates, Plug & Play
- Real-time monitoring + data collection and analysis
- User-friendly web interface : no mandatory CLI
- Benchmark against the ITMS of major operators
Ideal for a hotel managing 150 rooms in POL, a RIP operating 5000 subscribers, or an integrator managing multiple customer sites.
TR-069-compatible equipment from Elfcam
- HGU V-SOL WiFi 6 — TR-069-compatible, automatic provisioning
- HGU V-SOL WiFi 5 — affordable alternative
- ONU V.SOL 2.5 GbE — SFU managed via TR-069
- ONU V-SOL PoE XPON — outdoor installation, remotely managed
- OLT GPON 16 ports — controls all ONUs via OMCI + TR-069
- PLC splitters — PON distribution
Evolution : USP / TR-369
TR-069 is showing its limits in 2026 : heavy XML protocol, not suited to modern IoT ecosystems, limited scalability. The Broadband Forum published TR-369 (User Services Platform, USP) :
- Modern transport : MQTT, STOMP, WebSockets, CoAP
- Compact serialization : Protocol Buffers
- IoT-ready : hundreds of objects per home
- Native support for Matter and other IoT standards
- Better horizontal scalability
The TR-069 → TR-369 transition is gradual (2024-2028). Most modern ACSs support both protocols. For a new POL project, favor TR-369-compatible equipment for long-term durability.
Tip : TR-069 security
In 2016, the Mirai/Deutsche Telekom vulnerability exploited poorly configured TR-069 flaws (port 7547 open without authentication). Always enable : (1) HTTPS only (reject HTTP), (2) strong Digest Auth with unique credentials per CPE, (3) IP whitelist of authorized ACSs on the CPE side, (4) verified TLS certificates.
FAQ — TR-069 and ACS
1Is TR-069 active on my operator box ?
2Can I disable TR-069 on my box ?
3TR-069 vs OMCI, what is the difference ?
- OMCI : protocol between the OLT and the ONU, over the PON fiber itself (ITU-T G.988). Manages the optical link, VLAN, QoS on the fiber side.
- TR-069 : protocol between the ONU and the operator ACS, over the IP WAN. Manages the application-level configuration (services, WiFi, VoIP).
4Does an open-source ACS exist ?
- GenieACS : very popular, open-source, high-performance, cloud-ready
- Freenet ACS : old but stable
- openSI-ACS : focused on alternative ISPs
5How many CPEs can an ACS manage ?
- Simple ACS (single-server) : 10,000-50,000 CPEs
- ACS cluster : 100,000 - 1 million CPEs
- Major operator ACS (Orange, Deutsche Telekom) : 5-20 million distributed CPEs
6Does my personal data transit via TR-069 ?
7Do you need an ACS for a hotel POL ?
- Automatic provisioning when adding a room
- Mass updates during scheduled maintenance
- Centralized fault monitoring
- Quick reset when a customer checks out
8Elfcam delivery and support ?
In summary
TR-069 / CWMP is the protocol that industrialized CPE management in modern FTTH. Zero-touch provisioning, mass updates, remote diagnostics, continuous monitoring : it is invisible to the user but indispensable for operators and integrators.
For a POL or operator deployment, combine an Elfcam OLT, TR-069-compatible V-SOL ONUs and an ACS (Elfcam TR069-VACS, open-source GenieACS, or a commercial solution). For long-term durability, check TR-369 (USP) compatibility — the successor suited to massive IoT and cloud-native.
