ath79: support Fortinet FAP-220-B
Fortinet FAP-220-B is a dual-radio, dual-band 802.11n enterprise managed
access point with PoE input and single gigabit Ethernet interface.
Hardware highlights:
Power: 802.3af PoE input on Ethernet port, +12V input on 5.5/2.1mm DC jack.
SoC: Atheros AR7161 (MIPS 24kc at 680MHz)
RAM: 64MB DDR400
Flash: 16MB SPI-NOR
Wi-Fi 1: Atheros AR9220 2T2R 802.11abgn (dual-band)
Wi-Fi 2: Atheros AR9223 2T2R 802.11bgn (single-band)
Ethernet: Atheros AR8021 single gigabit Phy (RGMII)
Console: External RS232 port using Cisco 8P8C connector (9600-8-N-1)
USB: Single USB 2.0 host port
LEDs: Power (single colour, green), Wi-Fi 1, Wi-Fi 2, Ethernet, Mode, Status
(dual-colour, green and yellow)
Buttons: reset button hidden in bottom grill,
in the top row, 2nd column from the right.
Label MAC address: eth0
FCC ID: TVE-220102
Serial port pinout:
3 - TxD
4 - GND
6 - RxD
Installation: The same methods apply as for already supported FAP-221-B.
For both methods, a backup of flash partitions is recommended, as stock firmware
is not freely available on the internet.
(a) Using factory image:
1. Connect console cable to the console port
2. Connect Ethernet interface to your PC
3. Start preferred terminal at 9600-8-N-1
4. Have a TFTP server running on the PC.
5. Put the "factory" image in TFTP root
6. Power on the device
7. Break boot sequence by pressing "Ctrl+C"
8. Press "G". The console will ask you for device IP, server IP, and filename.
Enter them appropriately.
The defaults are:
Server IP: 192.168.1.1 # Update accordingly
Device IP: 192.168.1.2 # Update accordingly
Image file: image.out # Use for example: openwrt-ath79-generic-fortinet_fap-220-b-squashfs-factory.bin
9. The device will load the firmware over TFTP, and verify it. When
verification passes, press "D" to continue installation. The device
will reboot on completion.
(b) Using initramfs + sysupgrade
1. Connect console cable to the console port
2. Connect Ethernet interface to your PC
3. Start preferred terminal at 9600-8-N-1
4. Have a TFTP server running on the PC.
5. Put the "initramfs" image in TFTP root
6. Power on the device.
7. Break boot sequence by pressing "Ctrl+C"
8. Enter hidden U-boot shell by pressing "K". The password is literal "1".
9. Load the initramfs over TFTP:
> setenv serverip 192.168.1.1 # Your PC IP
> setenv ipaddr 192.168.1.22 # Device IP, both have to share a subnet.
> tftpboot 81000000 openwrt-ath79-generic-fortinet_fap-220-b-initramfs-kernel.bin
> bootm 81000000
10. (Optional) Copy over contents of at least "fwconcat0", "loader", and "fwconcat1"
partitions, to allow restoring factory firmware in future:
# cat /dev/mtd1 > /tmp/mtd1_fwconcat0.bin
# cat /dev/mtd2 > /tmp/mtd2_loader.bin
# cat /dev/mtd3 > /tmp/mtd3_fwconcat1.bin
and then SCP them over to safety at your PC.
11. When the device boots, copy over the sysupgrade image, and execute
normal upgrade:
# sysupgrade openwrt-ath79-generic-fortinet_fap-220-b-squashfs-sysupgrade.bin
Return to stock firmware:
1. Boot initramfs image as per initial installation up to point 9
2. Copy over the previously backed up contents over network
3. Write the backed up contents back:
# mtd write /tmp/mtd1_fwconcat0.bin fwconcat0
# mtd write /tmp/mtd2_loader.bin loader
# mtd write /tmp/mtd3_fwconcat1.bin fwconcat1
4. Erase the reserved partition:
# mtd erase reserved
5. Reboot the device
Quirks and known issues:
- The power LED blinking pattern is disrupted during boot, probably due
to very slow serial console, which prints a lot during boot compared
to stock FW.
- "mac-address-ascii" device tree binding cannot yet be used for address
stored in U-boot partition, because it expects the colons as delimiters,
which this address lacks. Addresses found in ART partition are used
instead.
- Due to using kmod-owl-loader, the device will lack wireless interfaces
while in initramfs, unless you compile it in.
- The device heats up A LOT on the bottom, even when idle. It even
contains a warning sticker there.
- Stock firmware uses a fully read-write filesystem for its rootfs.
- Stock firmware loads a lot of USB-serial converter drivers for use
with built-in host, probably meant for hosting modem devices.
- U-boot build of the device is stripped of all branding, despite that
evidence of it (obviously) being U-boot can be found in the binary.
- The user can break into hidden U-boot shell using key "K" after
breaking boot sequence. The password is "1" (without quotes).
- Telnet is available by default, with login "admin", without password.
The same is true for serial console, both drop straight to the Busybox
shell.
- The web interface drops to the login page again, after successfull
login.
- Whole image authentication boils down to comparing a device ID against
one stored in U-boot.
- And this device is apparently made by a security company.
Big thanks for Michael Pratt for providing support for FAP-221-B, which
shares the entirety of image configuration with this device, this saved
me a ton of work.
Signed-off-by: Lech Perczak <lech.perczak@gmail.com>
2023-07-22 16:44:20 +00:00
|
|
|
// SPDX-License-Identifier: GPL-2.0-or-later OR MIT
|
|
|
|
|
|
|
|
#include "ar7100.dtsi"
|
|
|
|
#include "arxxxx_fortinet_loader.dtsi"
|
|
|
|
|
|
|
|
#include <dt-bindings/gpio/gpio.h>
|
|
|
|
#include <dt-bindings/input/input.h>
|
|
|
|
|
|
|
|
/ {
|
|
|
|
compatible = "fortinet,fap-220-b", "qca,ar7161";
|
|
|
|
model = "Fortinet FAP-220-B";
|
|
|
|
|
|
|
|
chosen {
|
|
|
|
bootargs = "console=ttyS0,9600";
|
|
|
|
};
|
|
|
|
|
|
|
|
aliases {
|
|
|
|
led-boot = &led_power;
|
|
|
|
led-failsafe = &led_power;
|
|
|
|
led-running = &led_power;
|
|
|
|
led-upgrade = &led_power;
|
|
|
|
label-mac-device = ð1;
|
|
|
|
};
|
|
|
|
|
|
|
|
keys {
|
|
|
|
compatible = "gpio-keys";
|
|
|
|
reset {
|
|
|
|
label = "reset";
|
|
|
|
linux,code = <KEY_RESTART>;
|
|
|
|
gpios = <&gpio 8 GPIO_ACTIVE_LOW>;
|
|
|
|
debounce-interval = <60>;
|
|
|
|
};
|
|
|
|
};
|
|
|
|
|
|
|
|
leds {
|
|
|
|
compatible = "gpio-leds";
|
|
|
|
|
|
|
|
led_power: power-green {
|
|
|
|
label = "green:power";
|
|
|
|
gpios = <&gpio 4 GPIO_ACTIVE_HIGH>;
|
|
|
|
default-state = "on";
|
|
|
|
};
|
|
|
|
|
|
|
|
status-green {
|
|
|
|
label = "green:status";
|
|
|
|
gpios = <&gpio 1 GPIO_ACTIVE_LOW>;
|
|
|
|
};
|
|
|
|
|
|
|
|
status-yellow {
|
|
|
|
label = "yellow:status";
|
|
|
|
gpios = <&gpio 0 GPIO_ACTIVE_LOW>;
|
|
|
|
panic-indicator;
|
|
|
|
};
|
|
|
|
|
|
|
|
mode-green {
|
|
|
|
label = "green:mode";
|
|
|
|
gpios = <&gpio 5 GPIO_ACTIVE_LOW>;
|
|
|
|
};
|
|
|
|
|
|
|
|
mode-yellow {
|
|
|
|
label = "yellow:mode";
|
|
|
|
gpios = <&gpio 6 GPIO_ACTIVE_LOW>;
|
|
|
|
};
|
|
|
|
|
|
|
|
wlan2g-green {
|
|
|
|
label = "green:wlan2g";
|
|
|
|
gpios = <&ath9k0 5 GPIO_ACTIVE_LOW>;
|
|
|
|
linux,default-trigger = "phy0tpt";
|
|
|
|
};
|
|
|
|
|
|
|
|
wlan2g-yellow {
|
|
|
|
label = "yellow:wlan2g";
|
|
|
|
gpios = <&ath9k0 3 GPIO_ACTIVE_LOW>;
|
|
|
|
linux,default-trigger = "phy0assoc";
|
|
|
|
};
|
|
|
|
|
|
|
|
wlan5g-green {
|
|
|
|
label = "green:wlan5g";
|
|
|
|
gpios = <&ath9k1 5 GPIO_ACTIVE_LOW>;
|
|
|
|
linux,default-trigger = "phy1tpt";
|
|
|
|
};
|
|
|
|
|
|
|
|
wlan5g-yellow {
|
|
|
|
label = "yellow:wlan5g";
|
|
|
|
gpios = <&ath9k1 3 GPIO_ACTIVE_LOW>;
|
|
|
|
linux,default-trigger = "phy1assoc";
|
|
|
|
};
|
|
|
|
};
|
|
|
|
|
|
|
|
virtual_flash {
|
|
|
|
devices = <&fwconcat0 &fwconcat1 &fwconcat2>;
|
|
|
|
};
|
|
|
|
};
|
|
|
|
|
|
|
|
&pcie0 {
|
|
|
|
status = "okay";
|
|
|
|
|
2023-12-01 21:11:39 +00:00
|
|
|
ath9k0: wifi@11,0 { /* 2.4 GHz */
|
ath79: support Fortinet FAP-220-B
Fortinet FAP-220-B is a dual-radio, dual-band 802.11n enterprise managed
access point with PoE input and single gigabit Ethernet interface.
Hardware highlights:
Power: 802.3af PoE input on Ethernet port, +12V input on 5.5/2.1mm DC jack.
SoC: Atheros AR7161 (MIPS 24kc at 680MHz)
RAM: 64MB DDR400
Flash: 16MB SPI-NOR
Wi-Fi 1: Atheros AR9220 2T2R 802.11abgn (dual-band)
Wi-Fi 2: Atheros AR9223 2T2R 802.11bgn (single-band)
Ethernet: Atheros AR8021 single gigabit Phy (RGMII)
Console: External RS232 port using Cisco 8P8C connector (9600-8-N-1)
USB: Single USB 2.0 host port
LEDs: Power (single colour, green), Wi-Fi 1, Wi-Fi 2, Ethernet, Mode, Status
(dual-colour, green and yellow)
Buttons: reset button hidden in bottom grill,
in the top row, 2nd column from the right.
Label MAC address: eth0
FCC ID: TVE-220102
Serial port pinout:
3 - TxD
4 - GND
6 - RxD
Installation: The same methods apply as for already supported FAP-221-B.
For both methods, a backup of flash partitions is recommended, as stock firmware
is not freely available on the internet.
(a) Using factory image:
1. Connect console cable to the console port
2. Connect Ethernet interface to your PC
3. Start preferred terminal at 9600-8-N-1
4. Have a TFTP server running on the PC.
5. Put the "factory" image in TFTP root
6. Power on the device
7. Break boot sequence by pressing "Ctrl+C"
8. Press "G". The console will ask you for device IP, server IP, and filename.
Enter them appropriately.
The defaults are:
Server IP: 192.168.1.1 # Update accordingly
Device IP: 192.168.1.2 # Update accordingly
Image file: image.out # Use for example: openwrt-ath79-generic-fortinet_fap-220-b-squashfs-factory.bin
9. The device will load the firmware over TFTP, and verify it. When
verification passes, press "D" to continue installation. The device
will reboot on completion.
(b) Using initramfs + sysupgrade
1. Connect console cable to the console port
2. Connect Ethernet interface to your PC
3. Start preferred terminal at 9600-8-N-1
4. Have a TFTP server running on the PC.
5. Put the "initramfs" image in TFTP root
6. Power on the device.
7. Break boot sequence by pressing "Ctrl+C"
8. Enter hidden U-boot shell by pressing "K". The password is literal "1".
9. Load the initramfs over TFTP:
> setenv serverip 192.168.1.1 # Your PC IP
> setenv ipaddr 192.168.1.22 # Device IP, both have to share a subnet.
> tftpboot 81000000 openwrt-ath79-generic-fortinet_fap-220-b-initramfs-kernel.bin
> bootm 81000000
10. (Optional) Copy over contents of at least "fwconcat0", "loader", and "fwconcat1"
partitions, to allow restoring factory firmware in future:
# cat /dev/mtd1 > /tmp/mtd1_fwconcat0.bin
# cat /dev/mtd2 > /tmp/mtd2_loader.bin
# cat /dev/mtd3 > /tmp/mtd3_fwconcat1.bin
and then SCP them over to safety at your PC.
11. When the device boots, copy over the sysupgrade image, and execute
normal upgrade:
# sysupgrade openwrt-ath79-generic-fortinet_fap-220-b-squashfs-sysupgrade.bin
Return to stock firmware:
1. Boot initramfs image as per initial installation up to point 9
2. Copy over the previously backed up contents over network
3. Write the backed up contents back:
# mtd write /tmp/mtd1_fwconcat0.bin fwconcat0
# mtd write /tmp/mtd2_loader.bin loader
# mtd write /tmp/mtd3_fwconcat1.bin fwconcat1
4. Erase the reserved partition:
# mtd erase reserved
5. Reboot the device
Quirks and known issues:
- The power LED blinking pattern is disrupted during boot, probably due
to very slow serial console, which prints a lot during boot compared
to stock FW.
- "mac-address-ascii" device tree binding cannot yet be used for address
stored in U-boot partition, because it expects the colons as delimiters,
which this address lacks. Addresses found in ART partition are used
instead.
- Due to using kmod-owl-loader, the device will lack wireless interfaces
while in initramfs, unless you compile it in.
- The device heats up A LOT on the bottom, even when idle. It even
contains a warning sticker there.
- Stock firmware uses a fully read-write filesystem for its rootfs.
- Stock firmware loads a lot of USB-serial converter drivers for use
with built-in host, probably meant for hosting modem devices.
- U-boot build of the device is stripped of all branding, despite that
evidence of it (obviously) being U-boot can be found in the binary.
- The user can break into hidden U-boot shell using key "K" after
breaking boot sequence. The password is "1" (without quotes).
- Telnet is available by default, with login "admin", without password.
The same is true for serial console, both drop straight to the Busybox
shell.
- The web interface drops to the login page again, after successfull
login.
- Whole image authentication boils down to comparing a device ID against
one stored in U-boot.
- And this device is apparently made by a security company.
Big thanks for Michael Pratt for providing support for FAP-221-B, which
shares the entirety of image configuration with this device, this saved
me a ton of work.
Signed-off-by: Lech Perczak <lech.perczak@gmail.com>
2023-07-22 16:44:20 +00:00
|
|
|
compatible = "pci168c,0029";
|
|
|
|
reg = <0x8800 0 0 0 0>;
|
|
|
|
ieee80211-freq-limit = <2402000 2482000>;
|
2023-11-16 16:17:32 +00:00
|
|
|
nvmem-cells = <&macaddr_uboot_3ff80 9>, <&cal_art_1000>;
|
ath79: support Fortinet FAP-220-B
Fortinet FAP-220-B is a dual-radio, dual-band 802.11n enterprise managed
access point with PoE input and single gigabit Ethernet interface.
Hardware highlights:
Power: 802.3af PoE input on Ethernet port, +12V input on 5.5/2.1mm DC jack.
SoC: Atheros AR7161 (MIPS 24kc at 680MHz)
RAM: 64MB DDR400
Flash: 16MB SPI-NOR
Wi-Fi 1: Atheros AR9220 2T2R 802.11abgn (dual-band)
Wi-Fi 2: Atheros AR9223 2T2R 802.11bgn (single-band)
Ethernet: Atheros AR8021 single gigabit Phy (RGMII)
Console: External RS232 port using Cisco 8P8C connector (9600-8-N-1)
USB: Single USB 2.0 host port
LEDs: Power (single colour, green), Wi-Fi 1, Wi-Fi 2, Ethernet, Mode, Status
(dual-colour, green and yellow)
Buttons: reset button hidden in bottom grill,
in the top row, 2nd column from the right.
Label MAC address: eth0
FCC ID: TVE-220102
Serial port pinout:
3 - TxD
4 - GND
6 - RxD
Installation: The same methods apply as for already supported FAP-221-B.
For both methods, a backup of flash partitions is recommended, as stock firmware
is not freely available on the internet.
(a) Using factory image:
1. Connect console cable to the console port
2. Connect Ethernet interface to your PC
3. Start preferred terminal at 9600-8-N-1
4. Have a TFTP server running on the PC.
5. Put the "factory" image in TFTP root
6. Power on the device
7. Break boot sequence by pressing "Ctrl+C"
8. Press "G". The console will ask you for device IP, server IP, and filename.
Enter them appropriately.
The defaults are:
Server IP: 192.168.1.1 # Update accordingly
Device IP: 192.168.1.2 # Update accordingly
Image file: image.out # Use for example: openwrt-ath79-generic-fortinet_fap-220-b-squashfs-factory.bin
9. The device will load the firmware over TFTP, and verify it. When
verification passes, press "D" to continue installation. The device
will reboot on completion.
(b) Using initramfs + sysupgrade
1. Connect console cable to the console port
2. Connect Ethernet interface to your PC
3. Start preferred terminal at 9600-8-N-1
4. Have a TFTP server running on the PC.
5. Put the "initramfs" image in TFTP root
6. Power on the device.
7. Break boot sequence by pressing "Ctrl+C"
8. Enter hidden U-boot shell by pressing "K". The password is literal "1".
9. Load the initramfs over TFTP:
> setenv serverip 192.168.1.1 # Your PC IP
> setenv ipaddr 192.168.1.22 # Device IP, both have to share a subnet.
> tftpboot 81000000 openwrt-ath79-generic-fortinet_fap-220-b-initramfs-kernel.bin
> bootm 81000000
10. (Optional) Copy over contents of at least "fwconcat0", "loader", and "fwconcat1"
partitions, to allow restoring factory firmware in future:
# cat /dev/mtd1 > /tmp/mtd1_fwconcat0.bin
# cat /dev/mtd2 > /tmp/mtd2_loader.bin
# cat /dev/mtd3 > /tmp/mtd3_fwconcat1.bin
and then SCP them over to safety at your PC.
11. When the device boots, copy over the sysupgrade image, and execute
normal upgrade:
# sysupgrade openwrt-ath79-generic-fortinet_fap-220-b-squashfs-sysupgrade.bin
Return to stock firmware:
1. Boot initramfs image as per initial installation up to point 9
2. Copy over the previously backed up contents over network
3. Write the backed up contents back:
# mtd write /tmp/mtd1_fwconcat0.bin fwconcat0
# mtd write /tmp/mtd2_loader.bin loader
# mtd write /tmp/mtd3_fwconcat1.bin fwconcat1
4. Erase the reserved partition:
# mtd erase reserved
5. Reboot the device
Quirks and known issues:
- The power LED blinking pattern is disrupted during boot, probably due
to very slow serial console, which prints a lot during boot compared
to stock FW.
- "mac-address-ascii" device tree binding cannot yet be used for address
stored in U-boot partition, because it expects the colons as delimiters,
which this address lacks. Addresses found in ART partition are used
instead.
- Due to using kmod-owl-loader, the device will lack wireless interfaces
while in initramfs, unless you compile it in.
- The device heats up A LOT on the bottom, even when idle. It even
contains a warning sticker there.
- Stock firmware uses a fully read-write filesystem for its rootfs.
- Stock firmware loads a lot of USB-serial converter drivers for use
with built-in host, probably meant for hosting modem devices.
- U-boot build of the device is stripped of all branding, despite that
evidence of it (obviously) being U-boot can be found in the binary.
- The user can break into hidden U-boot shell using key "K" after
breaking boot sequence. The password is "1" (without quotes).
- Telnet is available by default, with login "admin", without password.
The same is true for serial console, both drop straight to the Busybox
shell.
- The web interface drops to the login page again, after successfull
login.
- Whole image authentication boils down to comparing a device ID against
one stored in U-boot.
- And this device is apparently made by a security company.
Big thanks for Michael Pratt for providing support for FAP-221-B, which
shares the entirety of image configuration with this device, this saved
me a ton of work.
Signed-off-by: Lech Perczak <lech.perczak@gmail.com>
2023-07-22 16:44:20 +00:00
|
|
|
nvmem-cell-names = "mac-address", "calibration";
|
|
|
|
#gpio-cells = <2>;
|
|
|
|
gpio-controller;
|
|
|
|
};
|
|
|
|
|
2023-12-01 21:11:39 +00:00
|
|
|
ath9k1: wifi@12,0 { /* 5 GHz */
|
ath79: support Fortinet FAP-220-B
Fortinet FAP-220-B is a dual-radio, dual-band 802.11n enterprise managed
access point with PoE input and single gigabit Ethernet interface.
Hardware highlights:
Power: 802.3af PoE input on Ethernet port, +12V input on 5.5/2.1mm DC jack.
SoC: Atheros AR7161 (MIPS 24kc at 680MHz)
RAM: 64MB DDR400
Flash: 16MB SPI-NOR
Wi-Fi 1: Atheros AR9220 2T2R 802.11abgn (dual-band)
Wi-Fi 2: Atheros AR9223 2T2R 802.11bgn (single-band)
Ethernet: Atheros AR8021 single gigabit Phy (RGMII)
Console: External RS232 port using Cisco 8P8C connector (9600-8-N-1)
USB: Single USB 2.0 host port
LEDs: Power (single colour, green), Wi-Fi 1, Wi-Fi 2, Ethernet, Mode, Status
(dual-colour, green and yellow)
Buttons: reset button hidden in bottom grill,
in the top row, 2nd column from the right.
Label MAC address: eth0
FCC ID: TVE-220102
Serial port pinout:
3 - TxD
4 - GND
6 - RxD
Installation: The same methods apply as for already supported FAP-221-B.
For both methods, a backup of flash partitions is recommended, as stock firmware
is not freely available on the internet.
(a) Using factory image:
1. Connect console cable to the console port
2. Connect Ethernet interface to your PC
3. Start preferred terminal at 9600-8-N-1
4. Have a TFTP server running on the PC.
5. Put the "factory" image in TFTP root
6. Power on the device
7. Break boot sequence by pressing "Ctrl+C"
8. Press "G". The console will ask you for device IP, server IP, and filename.
Enter them appropriately.
The defaults are:
Server IP: 192.168.1.1 # Update accordingly
Device IP: 192.168.1.2 # Update accordingly
Image file: image.out # Use for example: openwrt-ath79-generic-fortinet_fap-220-b-squashfs-factory.bin
9. The device will load the firmware over TFTP, and verify it. When
verification passes, press "D" to continue installation. The device
will reboot on completion.
(b) Using initramfs + sysupgrade
1. Connect console cable to the console port
2. Connect Ethernet interface to your PC
3. Start preferred terminal at 9600-8-N-1
4. Have a TFTP server running on the PC.
5. Put the "initramfs" image in TFTP root
6. Power on the device.
7. Break boot sequence by pressing "Ctrl+C"
8. Enter hidden U-boot shell by pressing "K". The password is literal "1".
9. Load the initramfs over TFTP:
> setenv serverip 192.168.1.1 # Your PC IP
> setenv ipaddr 192.168.1.22 # Device IP, both have to share a subnet.
> tftpboot 81000000 openwrt-ath79-generic-fortinet_fap-220-b-initramfs-kernel.bin
> bootm 81000000
10. (Optional) Copy over contents of at least "fwconcat0", "loader", and "fwconcat1"
partitions, to allow restoring factory firmware in future:
# cat /dev/mtd1 > /tmp/mtd1_fwconcat0.bin
# cat /dev/mtd2 > /tmp/mtd2_loader.bin
# cat /dev/mtd3 > /tmp/mtd3_fwconcat1.bin
and then SCP them over to safety at your PC.
11. When the device boots, copy over the sysupgrade image, and execute
normal upgrade:
# sysupgrade openwrt-ath79-generic-fortinet_fap-220-b-squashfs-sysupgrade.bin
Return to stock firmware:
1. Boot initramfs image as per initial installation up to point 9
2. Copy over the previously backed up contents over network
3. Write the backed up contents back:
# mtd write /tmp/mtd1_fwconcat0.bin fwconcat0
# mtd write /tmp/mtd2_loader.bin loader
# mtd write /tmp/mtd3_fwconcat1.bin fwconcat1
4. Erase the reserved partition:
# mtd erase reserved
5. Reboot the device
Quirks and known issues:
- The power LED blinking pattern is disrupted during boot, probably due
to very slow serial console, which prints a lot during boot compared
to stock FW.
- "mac-address-ascii" device tree binding cannot yet be used for address
stored in U-boot partition, because it expects the colons as delimiters,
which this address lacks. Addresses found in ART partition are used
instead.
- Due to using kmod-owl-loader, the device will lack wireless interfaces
while in initramfs, unless you compile it in.
- The device heats up A LOT on the bottom, even when idle. It even
contains a warning sticker there.
- Stock firmware uses a fully read-write filesystem for its rootfs.
- Stock firmware loads a lot of USB-serial converter drivers for use
with built-in host, probably meant for hosting modem devices.
- U-boot build of the device is stripped of all branding, despite that
evidence of it (obviously) being U-boot can be found in the binary.
- The user can break into hidden U-boot shell using key "K" after
breaking boot sequence. The password is "1" (without quotes).
- Telnet is available by default, with login "admin", without password.
The same is true for serial console, both drop straight to the Busybox
shell.
- The web interface drops to the login page again, after successfull
login.
- Whole image authentication boils down to comparing a device ID against
one stored in U-boot.
- And this device is apparently made by a security company.
Big thanks for Michael Pratt for providing support for FAP-221-B, which
shares the entirety of image configuration with this device, this saved
me a ton of work.
Signed-off-by: Lech Perczak <lech.perczak@gmail.com>
2023-07-22 16:44:20 +00:00
|
|
|
compatible = "pci168c,0029";
|
|
|
|
reg = <0x9000 0 0 0 0>;
|
|
|
|
ieee80211-freq-limit = <2402000 2482000 4900000 5990000>;
|
2023-11-16 16:17:32 +00:00
|
|
|
nvmem-cells = <&macaddr_uboot_3ff80 2>, <&cal_art_5000>;
|
ath79: support Fortinet FAP-220-B
Fortinet FAP-220-B is a dual-radio, dual-band 802.11n enterprise managed
access point with PoE input and single gigabit Ethernet interface.
Hardware highlights:
Power: 802.3af PoE input on Ethernet port, +12V input on 5.5/2.1mm DC jack.
SoC: Atheros AR7161 (MIPS 24kc at 680MHz)
RAM: 64MB DDR400
Flash: 16MB SPI-NOR
Wi-Fi 1: Atheros AR9220 2T2R 802.11abgn (dual-band)
Wi-Fi 2: Atheros AR9223 2T2R 802.11bgn (single-band)
Ethernet: Atheros AR8021 single gigabit Phy (RGMII)
Console: External RS232 port using Cisco 8P8C connector (9600-8-N-1)
USB: Single USB 2.0 host port
LEDs: Power (single colour, green), Wi-Fi 1, Wi-Fi 2, Ethernet, Mode, Status
(dual-colour, green and yellow)
Buttons: reset button hidden in bottom grill,
in the top row, 2nd column from the right.
Label MAC address: eth0
FCC ID: TVE-220102
Serial port pinout:
3 - TxD
4 - GND
6 - RxD
Installation: The same methods apply as for already supported FAP-221-B.
For both methods, a backup of flash partitions is recommended, as stock firmware
is not freely available on the internet.
(a) Using factory image:
1. Connect console cable to the console port
2. Connect Ethernet interface to your PC
3. Start preferred terminal at 9600-8-N-1
4. Have a TFTP server running on the PC.
5. Put the "factory" image in TFTP root
6. Power on the device
7. Break boot sequence by pressing "Ctrl+C"
8. Press "G". The console will ask you for device IP, server IP, and filename.
Enter them appropriately.
The defaults are:
Server IP: 192.168.1.1 # Update accordingly
Device IP: 192.168.1.2 # Update accordingly
Image file: image.out # Use for example: openwrt-ath79-generic-fortinet_fap-220-b-squashfs-factory.bin
9. The device will load the firmware over TFTP, and verify it. When
verification passes, press "D" to continue installation. The device
will reboot on completion.
(b) Using initramfs + sysupgrade
1. Connect console cable to the console port
2. Connect Ethernet interface to your PC
3. Start preferred terminal at 9600-8-N-1
4. Have a TFTP server running on the PC.
5. Put the "initramfs" image in TFTP root
6. Power on the device.
7. Break boot sequence by pressing "Ctrl+C"
8. Enter hidden U-boot shell by pressing "K". The password is literal "1".
9. Load the initramfs over TFTP:
> setenv serverip 192.168.1.1 # Your PC IP
> setenv ipaddr 192.168.1.22 # Device IP, both have to share a subnet.
> tftpboot 81000000 openwrt-ath79-generic-fortinet_fap-220-b-initramfs-kernel.bin
> bootm 81000000
10. (Optional) Copy over contents of at least "fwconcat0", "loader", and "fwconcat1"
partitions, to allow restoring factory firmware in future:
# cat /dev/mtd1 > /tmp/mtd1_fwconcat0.bin
# cat /dev/mtd2 > /tmp/mtd2_loader.bin
# cat /dev/mtd3 > /tmp/mtd3_fwconcat1.bin
and then SCP them over to safety at your PC.
11. When the device boots, copy over the sysupgrade image, and execute
normal upgrade:
# sysupgrade openwrt-ath79-generic-fortinet_fap-220-b-squashfs-sysupgrade.bin
Return to stock firmware:
1. Boot initramfs image as per initial installation up to point 9
2. Copy over the previously backed up contents over network
3. Write the backed up contents back:
# mtd write /tmp/mtd1_fwconcat0.bin fwconcat0
# mtd write /tmp/mtd2_loader.bin loader
# mtd write /tmp/mtd3_fwconcat1.bin fwconcat1
4. Erase the reserved partition:
# mtd erase reserved
5. Reboot the device
Quirks and known issues:
- The power LED blinking pattern is disrupted during boot, probably due
to very slow serial console, which prints a lot during boot compared
to stock FW.
- "mac-address-ascii" device tree binding cannot yet be used for address
stored in U-boot partition, because it expects the colons as delimiters,
which this address lacks. Addresses found in ART partition are used
instead.
- Due to using kmod-owl-loader, the device will lack wireless interfaces
while in initramfs, unless you compile it in.
- The device heats up A LOT on the bottom, even when idle. It even
contains a warning sticker there.
- Stock firmware uses a fully read-write filesystem for its rootfs.
- Stock firmware loads a lot of USB-serial converter drivers for use
with built-in host, probably meant for hosting modem devices.
- U-boot build of the device is stripped of all branding, despite that
evidence of it (obviously) being U-boot can be found in the binary.
- The user can break into hidden U-boot shell using key "K" after
breaking boot sequence. The password is "1" (without quotes).
- Telnet is available by default, with login "admin", without password.
The same is true for serial console, both drop straight to the Busybox
shell.
- The web interface drops to the login page again, after successfull
login.
- Whole image authentication boils down to comparing a device ID against
one stored in U-boot.
- And this device is apparently made by a security company.
Big thanks for Michael Pratt for providing support for FAP-221-B, which
shares the entirety of image configuration with this device, this saved
me a ton of work.
Signed-off-by: Lech Perczak <lech.perczak@gmail.com>
2023-07-22 16:44:20 +00:00
|
|
|
nvmem-cell-names = "mac-address", "calibration";
|
|
|
|
#gpio-cells = <2>;
|
|
|
|
gpio-controller;
|
|
|
|
};
|
|
|
|
};
|
|
|
|
|
|
|
|
&mdio0 {
|
|
|
|
status = "okay";
|
|
|
|
|
|
|
|
phy0: ethernet-phy@0 {
|
|
|
|
reg = <0x0>;
|
|
|
|
};
|
|
|
|
};
|
|
|
|
|
|
|
|
ð0 {
|
|
|
|
status = "okay";
|
|
|
|
compatible = "syscon", "simple-mfd";
|
|
|
|
};
|
|
|
|
|
|
|
|
ð1 {
|
|
|
|
status = "okay";
|
2023-11-16 16:17:32 +00:00
|
|
|
nvmem-cells = <&macaddr_uboot_3ff80 0>;
|
ath79: support Fortinet FAP-220-B
Fortinet FAP-220-B is a dual-radio, dual-band 802.11n enterprise managed
access point with PoE input and single gigabit Ethernet interface.
Hardware highlights:
Power: 802.3af PoE input on Ethernet port, +12V input on 5.5/2.1mm DC jack.
SoC: Atheros AR7161 (MIPS 24kc at 680MHz)
RAM: 64MB DDR400
Flash: 16MB SPI-NOR
Wi-Fi 1: Atheros AR9220 2T2R 802.11abgn (dual-band)
Wi-Fi 2: Atheros AR9223 2T2R 802.11bgn (single-band)
Ethernet: Atheros AR8021 single gigabit Phy (RGMII)
Console: External RS232 port using Cisco 8P8C connector (9600-8-N-1)
USB: Single USB 2.0 host port
LEDs: Power (single colour, green), Wi-Fi 1, Wi-Fi 2, Ethernet, Mode, Status
(dual-colour, green and yellow)
Buttons: reset button hidden in bottom grill,
in the top row, 2nd column from the right.
Label MAC address: eth0
FCC ID: TVE-220102
Serial port pinout:
3 - TxD
4 - GND
6 - RxD
Installation: The same methods apply as for already supported FAP-221-B.
For both methods, a backup of flash partitions is recommended, as stock firmware
is not freely available on the internet.
(a) Using factory image:
1. Connect console cable to the console port
2. Connect Ethernet interface to your PC
3. Start preferred terminal at 9600-8-N-1
4. Have a TFTP server running on the PC.
5. Put the "factory" image in TFTP root
6. Power on the device
7. Break boot sequence by pressing "Ctrl+C"
8. Press "G". The console will ask you for device IP, server IP, and filename.
Enter them appropriately.
The defaults are:
Server IP: 192.168.1.1 # Update accordingly
Device IP: 192.168.1.2 # Update accordingly
Image file: image.out # Use for example: openwrt-ath79-generic-fortinet_fap-220-b-squashfs-factory.bin
9. The device will load the firmware over TFTP, and verify it. When
verification passes, press "D" to continue installation. The device
will reboot on completion.
(b) Using initramfs + sysupgrade
1. Connect console cable to the console port
2. Connect Ethernet interface to your PC
3. Start preferred terminal at 9600-8-N-1
4. Have a TFTP server running on the PC.
5. Put the "initramfs" image in TFTP root
6. Power on the device.
7. Break boot sequence by pressing "Ctrl+C"
8. Enter hidden U-boot shell by pressing "K". The password is literal "1".
9. Load the initramfs over TFTP:
> setenv serverip 192.168.1.1 # Your PC IP
> setenv ipaddr 192.168.1.22 # Device IP, both have to share a subnet.
> tftpboot 81000000 openwrt-ath79-generic-fortinet_fap-220-b-initramfs-kernel.bin
> bootm 81000000
10. (Optional) Copy over contents of at least "fwconcat0", "loader", and "fwconcat1"
partitions, to allow restoring factory firmware in future:
# cat /dev/mtd1 > /tmp/mtd1_fwconcat0.bin
# cat /dev/mtd2 > /tmp/mtd2_loader.bin
# cat /dev/mtd3 > /tmp/mtd3_fwconcat1.bin
and then SCP them over to safety at your PC.
11. When the device boots, copy over the sysupgrade image, and execute
normal upgrade:
# sysupgrade openwrt-ath79-generic-fortinet_fap-220-b-squashfs-sysupgrade.bin
Return to stock firmware:
1. Boot initramfs image as per initial installation up to point 9
2. Copy over the previously backed up contents over network
3. Write the backed up contents back:
# mtd write /tmp/mtd1_fwconcat0.bin fwconcat0
# mtd write /tmp/mtd2_loader.bin loader
# mtd write /tmp/mtd3_fwconcat1.bin fwconcat1
4. Erase the reserved partition:
# mtd erase reserved
5. Reboot the device
Quirks and known issues:
- The power LED blinking pattern is disrupted during boot, probably due
to very slow serial console, which prints a lot during boot compared
to stock FW.
- "mac-address-ascii" device tree binding cannot yet be used for address
stored in U-boot partition, because it expects the colons as delimiters,
which this address lacks. Addresses found in ART partition are used
instead.
- Due to using kmod-owl-loader, the device will lack wireless interfaces
while in initramfs, unless you compile it in.
- The device heats up A LOT on the bottom, even when idle. It even
contains a warning sticker there.
- Stock firmware uses a fully read-write filesystem for its rootfs.
- Stock firmware loads a lot of USB-serial converter drivers for use
with built-in host, probably meant for hosting modem devices.
- U-boot build of the device is stripped of all branding, despite that
evidence of it (obviously) being U-boot can be found in the binary.
- The user can break into hidden U-boot shell using key "K" after
breaking boot sequence. The password is "1" (without quotes).
- Telnet is available by default, with login "admin", without password.
The same is true for serial console, both drop straight to the Busybox
shell.
- The web interface drops to the login page again, after successfull
login.
- Whole image authentication boils down to comparing a device ID against
one stored in U-boot.
- And this device is apparently made by a security company.
Big thanks for Michael Pratt for providing support for FAP-221-B, which
shares the entirety of image configuration with this device, this saved
me a ton of work.
Signed-off-by: Lech Perczak <lech.perczak@gmail.com>
2023-07-22 16:44:20 +00:00
|
|
|
nvmem-cell-names = "mac-address";
|
|
|
|
|
|
|
|
pll-data = <0x00110000 0x00001099 0x00991099>;
|
|
|
|
phy-handle = <&phy0>;
|
|
|
|
phy-mode = "rgmii";
|
|
|
|
};
|
|
|
|
|
|
|
|
&usb1 {
|
|
|
|
status = "okay";
|
|
|
|
};
|
|
|
|
|
|
|
|
&usb_phy {
|
|
|
|
status = "okay";
|
|
|
|
};
|
|
|
|
|
|
|
|
&art {
|
2023-11-16 16:17:32 +00:00
|
|
|
nvmem-layout {
|
|
|
|
compatible = "fixed-layout";
|
|
|
|
#address-cells = <1>;
|
|
|
|
#size-cells = <1>;
|
ath79: support Fortinet FAP-220-B
Fortinet FAP-220-B is a dual-radio, dual-band 802.11n enterprise managed
access point with PoE input and single gigabit Ethernet interface.
Hardware highlights:
Power: 802.3af PoE input on Ethernet port, +12V input on 5.5/2.1mm DC jack.
SoC: Atheros AR7161 (MIPS 24kc at 680MHz)
RAM: 64MB DDR400
Flash: 16MB SPI-NOR
Wi-Fi 1: Atheros AR9220 2T2R 802.11abgn (dual-band)
Wi-Fi 2: Atheros AR9223 2T2R 802.11bgn (single-band)
Ethernet: Atheros AR8021 single gigabit Phy (RGMII)
Console: External RS232 port using Cisco 8P8C connector (9600-8-N-1)
USB: Single USB 2.0 host port
LEDs: Power (single colour, green), Wi-Fi 1, Wi-Fi 2, Ethernet, Mode, Status
(dual-colour, green and yellow)
Buttons: reset button hidden in bottom grill,
in the top row, 2nd column from the right.
Label MAC address: eth0
FCC ID: TVE-220102
Serial port pinout:
3 - TxD
4 - GND
6 - RxD
Installation: The same methods apply as for already supported FAP-221-B.
For both methods, a backup of flash partitions is recommended, as stock firmware
is not freely available on the internet.
(a) Using factory image:
1. Connect console cable to the console port
2. Connect Ethernet interface to your PC
3. Start preferred terminal at 9600-8-N-1
4. Have a TFTP server running on the PC.
5. Put the "factory" image in TFTP root
6. Power on the device
7. Break boot sequence by pressing "Ctrl+C"
8. Press "G". The console will ask you for device IP, server IP, and filename.
Enter them appropriately.
The defaults are:
Server IP: 192.168.1.1 # Update accordingly
Device IP: 192.168.1.2 # Update accordingly
Image file: image.out # Use for example: openwrt-ath79-generic-fortinet_fap-220-b-squashfs-factory.bin
9. The device will load the firmware over TFTP, and verify it. When
verification passes, press "D" to continue installation. The device
will reboot on completion.
(b) Using initramfs + sysupgrade
1. Connect console cable to the console port
2. Connect Ethernet interface to your PC
3. Start preferred terminal at 9600-8-N-1
4. Have a TFTP server running on the PC.
5. Put the "initramfs" image in TFTP root
6. Power on the device.
7. Break boot sequence by pressing "Ctrl+C"
8. Enter hidden U-boot shell by pressing "K". The password is literal "1".
9. Load the initramfs over TFTP:
> setenv serverip 192.168.1.1 # Your PC IP
> setenv ipaddr 192.168.1.22 # Device IP, both have to share a subnet.
> tftpboot 81000000 openwrt-ath79-generic-fortinet_fap-220-b-initramfs-kernel.bin
> bootm 81000000
10. (Optional) Copy over contents of at least "fwconcat0", "loader", and "fwconcat1"
partitions, to allow restoring factory firmware in future:
# cat /dev/mtd1 > /tmp/mtd1_fwconcat0.bin
# cat /dev/mtd2 > /tmp/mtd2_loader.bin
# cat /dev/mtd3 > /tmp/mtd3_fwconcat1.bin
and then SCP them over to safety at your PC.
11. When the device boots, copy over the sysupgrade image, and execute
normal upgrade:
# sysupgrade openwrt-ath79-generic-fortinet_fap-220-b-squashfs-sysupgrade.bin
Return to stock firmware:
1. Boot initramfs image as per initial installation up to point 9
2. Copy over the previously backed up contents over network
3. Write the backed up contents back:
# mtd write /tmp/mtd1_fwconcat0.bin fwconcat0
# mtd write /tmp/mtd2_loader.bin loader
# mtd write /tmp/mtd3_fwconcat1.bin fwconcat1
4. Erase the reserved partition:
# mtd erase reserved
5. Reboot the device
Quirks and known issues:
- The power LED blinking pattern is disrupted during boot, probably due
to very slow serial console, which prints a lot during boot compared
to stock FW.
- "mac-address-ascii" device tree binding cannot yet be used for address
stored in U-boot partition, because it expects the colons as delimiters,
which this address lacks. Addresses found in ART partition are used
instead.
- Due to using kmod-owl-loader, the device will lack wireless interfaces
while in initramfs, unless you compile it in.
- The device heats up A LOT on the bottom, even when idle. It even
contains a warning sticker there.
- Stock firmware uses a fully read-write filesystem for its rootfs.
- Stock firmware loads a lot of USB-serial converter drivers for use
with built-in host, probably meant for hosting modem devices.
- U-boot build of the device is stripped of all branding, despite that
evidence of it (obviously) being U-boot can be found in the binary.
- The user can break into hidden U-boot shell using key "K" after
breaking boot sequence. The password is "1" (without quotes).
- Telnet is available by default, with login "admin", without password.
The same is true for serial console, both drop straight to the Busybox
shell.
- The web interface drops to the login page again, after successfull
login.
- Whole image authentication boils down to comparing a device ID against
one stored in U-boot.
- And this device is apparently made by a security company.
Big thanks for Michael Pratt for providing support for FAP-221-B, which
shares the entirety of image configuration with this device, this saved
me a ton of work.
Signed-off-by: Lech Perczak <lech.perczak@gmail.com>
2023-07-22 16:44:20 +00:00
|
|
|
|
2023-11-16 16:17:32 +00:00
|
|
|
cal_art_1000: calibration@1000 {
|
|
|
|
reg = <0x1000 0xeb8>;
|
|
|
|
};
|
ath79: support Fortinet FAP-220-B
Fortinet FAP-220-B is a dual-radio, dual-band 802.11n enterprise managed
access point with PoE input and single gigabit Ethernet interface.
Hardware highlights:
Power: 802.3af PoE input on Ethernet port, +12V input on 5.5/2.1mm DC jack.
SoC: Atheros AR7161 (MIPS 24kc at 680MHz)
RAM: 64MB DDR400
Flash: 16MB SPI-NOR
Wi-Fi 1: Atheros AR9220 2T2R 802.11abgn (dual-band)
Wi-Fi 2: Atheros AR9223 2T2R 802.11bgn (single-band)
Ethernet: Atheros AR8021 single gigabit Phy (RGMII)
Console: External RS232 port using Cisco 8P8C connector (9600-8-N-1)
USB: Single USB 2.0 host port
LEDs: Power (single colour, green), Wi-Fi 1, Wi-Fi 2, Ethernet, Mode, Status
(dual-colour, green and yellow)
Buttons: reset button hidden in bottom grill,
in the top row, 2nd column from the right.
Label MAC address: eth0
FCC ID: TVE-220102
Serial port pinout:
3 - TxD
4 - GND
6 - RxD
Installation: The same methods apply as for already supported FAP-221-B.
For both methods, a backup of flash partitions is recommended, as stock firmware
is not freely available on the internet.
(a) Using factory image:
1. Connect console cable to the console port
2. Connect Ethernet interface to your PC
3. Start preferred terminal at 9600-8-N-1
4. Have a TFTP server running on the PC.
5. Put the "factory" image in TFTP root
6. Power on the device
7. Break boot sequence by pressing "Ctrl+C"
8. Press "G". The console will ask you for device IP, server IP, and filename.
Enter them appropriately.
The defaults are:
Server IP: 192.168.1.1 # Update accordingly
Device IP: 192.168.1.2 # Update accordingly
Image file: image.out # Use for example: openwrt-ath79-generic-fortinet_fap-220-b-squashfs-factory.bin
9. The device will load the firmware over TFTP, and verify it. When
verification passes, press "D" to continue installation. The device
will reboot on completion.
(b) Using initramfs + sysupgrade
1. Connect console cable to the console port
2. Connect Ethernet interface to your PC
3. Start preferred terminal at 9600-8-N-1
4. Have a TFTP server running on the PC.
5. Put the "initramfs" image in TFTP root
6. Power on the device.
7. Break boot sequence by pressing "Ctrl+C"
8. Enter hidden U-boot shell by pressing "K". The password is literal "1".
9. Load the initramfs over TFTP:
> setenv serverip 192.168.1.1 # Your PC IP
> setenv ipaddr 192.168.1.22 # Device IP, both have to share a subnet.
> tftpboot 81000000 openwrt-ath79-generic-fortinet_fap-220-b-initramfs-kernel.bin
> bootm 81000000
10. (Optional) Copy over contents of at least "fwconcat0", "loader", and "fwconcat1"
partitions, to allow restoring factory firmware in future:
# cat /dev/mtd1 > /tmp/mtd1_fwconcat0.bin
# cat /dev/mtd2 > /tmp/mtd2_loader.bin
# cat /dev/mtd3 > /tmp/mtd3_fwconcat1.bin
and then SCP them over to safety at your PC.
11. When the device boots, copy over the sysupgrade image, and execute
normal upgrade:
# sysupgrade openwrt-ath79-generic-fortinet_fap-220-b-squashfs-sysupgrade.bin
Return to stock firmware:
1. Boot initramfs image as per initial installation up to point 9
2. Copy over the previously backed up contents over network
3. Write the backed up contents back:
# mtd write /tmp/mtd1_fwconcat0.bin fwconcat0
# mtd write /tmp/mtd2_loader.bin loader
# mtd write /tmp/mtd3_fwconcat1.bin fwconcat1
4. Erase the reserved partition:
# mtd erase reserved
5. Reboot the device
Quirks and known issues:
- The power LED blinking pattern is disrupted during boot, probably due
to very slow serial console, which prints a lot during boot compared
to stock FW.
- "mac-address-ascii" device tree binding cannot yet be used for address
stored in U-boot partition, because it expects the colons as delimiters,
which this address lacks. Addresses found in ART partition are used
instead.
- Due to using kmod-owl-loader, the device will lack wireless interfaces
while in initramfs, unless you compile it in.
- The device heats up A LOT on the bottom, even when idle. It even
contains a warning sticker there.
- Stock firmware uses a fully read-write filesystem for its rootfs.
- Stock firmware loads a lot of USB-serial converter drivers for use
with built-in host, probably meant for hosting modem devices.
- U-boot build of the device is stripped of all branding, despite that
evidence of it (obviously) being U-boot can be found in the binary.
- The user can break into hidden U-boot shell using key "K" after
breaking boot sequence. The password is "1" (without quotes).
- Telnet is available by default, with login "admin", without password.
The same is true for serial console, both drop straight to the Busybox
shell.
- The web interface drops to the login page again, after successfull
login.
- Whole image authentication boils down to comparing a device ID against
one stored in U-boot.
- And this device is apparently made by a security company.
Big thanks for Michael Pratt for providing support for FAP-221-B, which
shares the entirety of image configuration with this device, this saved
me a ton of work.
Signed-off-by: Lech Perczak <lech.perczak@gmail.com>
2023-07-22 16:44:20 +00:00
|
|
|
|
2023-11-16 16:17:32 +00:00
|
|
|
cal_art_5000: calibration@5000 {
|
|
|
|
reg = <0x5000 0xeb8>;
|
|
|
|
};
|
ath79: support Fortinet FAP-220-B
Fortinet FAP-220-B is a dual-radio, dual-band 802.11n enterprise managed
access point with PoE input and single gigabit Ethernet interface.
Hardware highlights:
Power: 802.3af PoE input on Ethernet port, +12V input on 5.5/2.1mm DC jack.
SoC: Atheros AR7161 (MIPS 24kc at 680MHz)
RAM: 64MB DDR400
Flash: 16MB SPI-NOR
Wi-Fi 1: Atheros AR9220 2T2R 802.11abgn (dual-band)
Wi-Fi 2: Atheros AR9223 2T2R 802.11bgn (single-band)
Ethernet: Atheros AR8021 single gigabit Phy (RGMII)
Console: External RS232 port using Cisco 8P8C connector (9600-8-N-1)
USB: Single USB 2.0 host port
LEDs: Power (single colour, green), Wi-Fi 1, Wi-Fi 2, Ethernet, Mode, Status
(dual-colour, green and yellow)
Buttons: reset button hidden in bottom grill,
in the top row, 2nd column from the right.
Label MAC address: eth0
FCC ID: TVE-220102
Serial port pinout:
3 - TxD
4 - GND
6 - RxD
Installation: The same methods apply as for already supported FAP-221-B.
For both methods, a backup of flash partitions is recommended, as stock firmware
is not freely available on the internet.
(a) Using factory image:
1. Connect console cable to the console port
2. Connect Ethernet interface to your PC
3. Start preferred terminal at 9600-8-N-1
4. Have a TFTP server running on the PC.
5. Put the "factory" image in TFTP root
6. Power on the device
7. Break boot sequence by pressing "Ctrl+C"
8. Press "G". The console will ask you for device IP, server IP, and filename.
Enter them appropriately.
The defaults are:
Server IP: 192.168.1.1 # Update accordingly
Device IP: 192.168.1.2 # Update accordingly
Image file: image.out # Use for example: openwrt-ath79-generic-fortinet_fap-220-b-squashfs-factory.bin
9. The device will load the firmware over TFTP, and verify it. When
verification passes, press "D" to continue installation. The device
will reboot on completion.
(b) Using initramfs + sysupgrade
1. Connect console cable to the console port
2. Connect Ethernet interface to your PC
3. Start preferred terminal at 9600-8-N-1
4. Have a TFTP server running on the PC.
5. Put the "initramfs" image in TFTP root
6. Power on the device.
7. Break boot sequence by pressing "Ctrl+C"
8. Enter hidden U-boot shell by pressing "K". The password is literal "1".
9. Load the initramfs over TFTP:
> setenv serverip 192.168.1.1 # Your PC IP
> setenv ipaddr 192.168.1.22 # Device IP, both have to share a subnet.
> tftpboot 81000000 openwrt-ath79-generic-fortinet_fap-220-b-initramfs-kernel.bin
> bootm 81000000
10. (Optional) Copy over contents of at least "fwconcat0", "loader", and "fwconcat1"
partitions, to allow restoring factory firmware in future:
# cat /dev/mtd1 > /tmp/mtd1_fwconcat0.bin
# cat /dev/mtd2 > /tmp/mtd2_loader.bin
# cat /dev/mtd3 > /tmp/mtd3_fwconcat1.bin
and then SCP them over to safety at your PC.
11. When the device boots, copy over the sysupgrade image, and execute
normal upgrade:
# sysupgrade openwrt-ath79-generic-fortinet_fap-220-b-squashfs-sysupgrade.bin
Return to stock firmware:
1. Boot initramfs image as per initial installation up to point 9
2. Copy over the previously backed up contents over network
3. Write the backed up contents back:
# mtd write /tmp/mtd1_fwconcat0.bin fwconcat0
# mtd write /tmp/mtd2_loader.bin loader
# mtd write /tmp/mtd3_fwconcat1.bin fwconcat1
4. Erase the reserved partition:
# mtd erase reserved
5. Reboot the device
Quirks and known issues:
- The power LED blinking pattern is disrupted during boot, probably due
to very slow serial console, which prints a lot during boot compared
to stock FW.
- "mac-address-ascii" device tree binding cannot yet be used for address
stored in U-boot partition, because it expects the colons as delimiters,
which this address lacks. Addresses found in ART partition are used
instead.
- Due to using kmod-owl-loader, the device will lack wireless interfaces
while in initramfs, unless you compile it in.
- The device heats up A LOT on the bottom, even when idle. It even
contains a warning sticker there.
- Stock firmware uses a fully read-write filesystem for its rootfs.
- Stock firmware loads a lot of USB-serial converter drivers for use
with built-in host, probably meant for hosting modem devices.
- U-boot build of the device is stripped of all branding, despite that
evidence of it (obviously) being U-boot can be found in the binary.
- The user can break into hidden U-boot shell using key "K" after
breaking boot sequence. The password is "1" (without quotes).
- Telnet is available by default, with login "admin", without password.
The same is true for serial console, both drop straight to the Busybox
shell.
- The web interface drops to the login page again, after successfull
login.
- Whole image authentication boils down to comparing a device ID against
one stored in U-boot.
- And this device is apparently made by a security company.
Big thanks for Michael Pratt for providing support for FAP-221-B, which
shares the entirety of image configuration with this device, this saved
me a ton of work.
Signed-off-by: Lech Perczak <lech.perczak@gmail.com>
2023-07-22 16:44:20 +00:00
|
|
|
};
|
|
|
|
};
|