Dual Band (concurrent) and Gigabit Ethernet. Advertised as 750 Mbps it is Dual-Stream (2x2) on the 2.4 Ghz Band and Triple-Stream (3x3) on the 5 Ghz Band. Same as the TL-WDR4310 Released earlier this year in China. FCC ID = TE7WDR4300.

Manufacturer product page is here, while the support download page is here.

The version 1.1 unit appears to use a SiGe SE2574L WFEs for 2.4 Ghz (20 dBm output) and SiGe SE5005L WFEs for 5 Ghz (18 dBm output)

WARNING: Security warning: unpatched http/tftp backdoor in original firmware: http://sekurak.pl/tp-link-httptftp-backdoor/

The latest firmware available is the release build Attitude Adjustment 12.09 or the trunk build Barrier Breaker, with working ethernet and dual-band wireless (disabled by default). If your wireless cannot be enabled when using wide channel modes, this may be due to the friendly neighbour "feature" that prohibits operation of such a mode and you may have to use the standard modes before wireless can be enabled.

1. obtain.firmware Download a pre-compiled release image Attitude Adjustment 12.09 or trunk image Barrier Breaker, look for openwrt-ar71xx-generic-tl-wdr4300-v1-squashfs-factory.bin. The precompiled images does not activate the wireless feature by default (you will have to use ethernet for the initial configuration), and does not include the web interface LuCI.
2. generic.flashing Now write this firmware-file onto the flash-chip of your device

(For a brand new router, you could just use the vendor web UI to flash the .bin image)

• To use wifi, you need to activate wifi in the configuration, see wireless configuration.
• The web interface LuCI can be installed and started via…

opkg update
opkg install luci
/etc/init.d/uhttpd enable
/etc/init.d/uhttpd start

• You can always build your own image based on Attitude Adjustment/ trunk. Choose Atheros AR71xx/AT7240/AR913x platform and use the "TP-LINK TL-WDR4300 board support" profile.

Images for the TP-Link 3600 are largely compatible with a simple modification to the header of the firmware image. The PCB for both models is identical, or close to identical. The third external antenna on the 4300 is on the PCB of the 3600, but not connected to an external antenna.

WARNING: Do not flash the sysupgrade firmware via the vendor firmware web interface - only the 'factory' images should be flashed from the vendor firmware.

If OpenWrt is already installed and you wish to upgrade to a newer version, you have two methods available:

1. Flash Overwrite
2. Generic Sysupgrade

• Login as root via SSH
• Check memory usage with the free or top commands. The image can be up to 8MB, so only proceed if you have as much free RAM as the image size plus 6-8MB; this should not be a problem on a device with 128 MB RAM.
• An easy way to free up some RAM is to delete the symlinks to /etc/modules.d/20-cfg80211, /etc/modules.d/21-mac80211, /etc/modules.d/2*-ath* and /etc/modules.d/[4-9]*-* and reboot. Drop caches can be useful too:

echo 3 > /proc/sys/vm/drop_caches

• wget or scp the new firmware build to /tmp/
• And finally:

cd /tmp
wget http://domain.tld/openwrt-ar71xx-generic-tl-wdr4300-v1-squashfs-factory.bin
mtd -r write /tmp/openwrt-ar71xx-generic-tl-wdr4300-v1-squashfs-factory.bin firmware

Alternately, you can follow the generic.sysupgrade procedure. Don't forget to populate your /etc/sysupgrade.conf first.

Please read the article Flash Layout for a better understanding. It contains a couple of explanations. Then let's have a quick view at flash layout of this particular device:

ART = Atheros Radio Test - it contains mac addresses and calibration data for the wifi (EEPROM). If it is missing or corrupt, ath9k won't come up anymore.

Power up your router. When the 'SYS' light starts to blink you have about 1 seconds to press the WPS/Reset button on the back-left of the router and hold it until the blinking gets faster.

For what you can do in failsafe, go to the OpenWrt Failsafe Mode page.

(untested)

DON'T TRY to flash wdr4300 with wdr4310 firmware and vice-versa!

Warning! This section describes actions that might damage your device or firmware. Proceed with care!

The stock firmware is obtained from the OEM: http://www.tplink.com/en/support/download/?model=TL-WDR4300 As with the WR1043ND router, there is a also a catch with the WDR4300!!

• in case the file name of this firmware file does not contain the word "boot" in it, you can simply revert back to original firmware. → generic.uninstall
• in case the file name of this firmware file does contain the word "boot" in it, you need to cut off parts of the image file before flashing it

An example of an image file with the word "boot" in it is wdr4300v1_en_3_13_17_up_boot(120426).bin. (Note: As of yet I only saw one firmware on their page and that was with boot)

Cut the first 0x20200 (that is 131,584 = 257*512) Bytes from original firmware: (1*512 Vendor-info + 256*512 U-Boot)

wget or scp the stock firmware file to /tmp/
cd /tmp
dd if=orig.bin of=tplink.bin skip=257 bs=512

Other caveats (from vendor web UI):

• If the firmware path is too short, it will fail with the incorrect error 'firmware path too long'. For instance, flashing c:\openwrt.bin will not work.
• If the firmware path is too long, it will fail with the error 'firmware path too long'.

Now follow → generic.uninstall

If you want to de-brick/upgrade your router using TFTP you follow these steps:

Pre-requisits:

• serial RS232 connected from your machine to TL-WDR4300 & terminal program (e.g. minicom, screen) set to 115200 8N1, no flow control, 3,3V
• copy a working & full OpenWrt firmware image into your tftp server folder (e.g: openwrt-ar71xx-generic-tl-wdr4300-v1-squashfs-factory.bin)

(in case you want to flash the original TPLink firmware it migth needed to delete the first 200 Bytes from this firmware bevor flashing, plz check Video Flash Steps!)

• start a tftpd server on your local machine on LAN address 192.168.1.100/24 and connect your LAN-port to one of the routers LAN ports

Video Flash Procedure: How to debrick TL-WDR4300

Written Flash Procedure:

1. router should be unplugged & your serial line connected & terminal open & tftp server installed not yet running
2. copy your desired openwrt image for the tplink-4300 into your tftp server folder and rename it into openwrt.bin (to save some typing within the flash procedure)
3. first goal is to get the command prompt from the u-boot bootloader on your router
4. plug in your router and be ready to type tpl & hit ENTER after you see the line Autobooting in 1 seconds:

U-Boot 1.1.4 (Apr 25 2012 - 18:29:12)

U-boot DB120


DRAM:  128 MB
id read 0x100000ff
flash size 8MB, sector count = 128
Flash:  8 MB
Using default environment

In:    serial
Out:   serial
Err:   serial
Net:   ag934x_enet_initialize...
No valid address in Flash. Using fixed address
 wasp  reset mask:c03300 
WASP  ----> S17 PHY *
: cfg1 0x7 cfg2 0x7114
eth0: ba:be:fa:ce:08:41
athrs17_reg_init: complete
eth0 up
eth0
Autobooting in 1 seconds

1. in case you failed the right timing just reboot again until the prompt appears

db12x>

1. now lets check what kind of parameters the u-boot loader expects (e.g file name of firmware via TFPT & Load Adress)
2. type tftpboot & press ENTER …

db12x> tftpboot

dup 1 speed 1000
 Warning: no boot file name; using '6F01A8C0.img'
Using eth0 device
TFTP from server 192.168.1.100; our IP address is 192.168.1.111
Filename '6F01A8C0.img'.
Load address: 0x81000000
Log: *
TFTP error: 'Access violation' (2)
Starting again

1. as you can see, uboot expects a firmware image file name "6F01A8C0.img" at tftp server address 192.168.1.100
2. just change you local ip into 192.168.1.100 and start your tftp server
3. start the uboots tftpclient to download the image from your local machine by typing: tftpboot 0x81000000 openwrt.bin + ENTER

db12x> tftpboot 0x81000000 openwrt.bin

Using eth0 device
TFTP from server 192.168.1.100; our IP address is 192.168.1.111
Filename 'openwrt.bin'.
Load address: 0x81000000
Lg: #################################################################
         #################################################################
         #################################################################
         #################################################################
         #################################################################
         #################################################################
         #################################################################
         #################################################################
         #################################################################
         #################################################################
         #################################################################
         #################################################################
         #################################################################
         #################################################################
         #################################################################
         #################################################################
         #################################################################
         #################################################################
         #################################################################
         #################################################################
         #################################################################
         #################################################################
         #################################################################
         #################################################################
         ############################
done
Bytes transferred = 8126464 (7c0000 hex)

1. the last line needs to show a size of 7c0000 hex otherwise your image is unsuitable
2. now we need to erase parts of the flash memory to be able to copy your fresh loaded firmware into it
3. just type in the promt erase 0x9f020000 +7c0000 and wait for the promt to come back

db12x> erase 0x9f020000 +7c0000

First 0x2 last 0x7d sector size 0x10000                                                                                                                                                                                                  125
Erased 124 sectors

1. now just copy the image to the rigth place by typing cp.b 0x81000000 0x9f020000 0x7c0000

db12x> cp.b 0x81000000 0x9f020000 0x7c0000

Copy to Flash... write addr: 9f020000
done

1. so .. you, in case your image is the correct one, your are just a single reboot away from having a working TL-WRD4300 back on your desk
2. type reset or just un-plug and re-plug the power of your router and watch the boot process

db12x> reset

The TL-WDR4300 DE (v1.1) comes bundled with the following PSU:

Specifications:

The task was to make ext-root without using the default ports.

It turns out that the GL850G chipset used by the TP-Link in WDR3600/4300/4900 models can handle up to four ports.

Analysing the router's PCB it appears that pins 8(D-), 9(D+), 11(D-) and 12(D+) are unused. Aditionaly each factory USB port has separate power section.

GND is at the TP7 pin point. +5 V was taken directly from the MOSFET.

Remove the 4 screws on the bottom of the case.

The top is clipped to the bottom of the case at 9 attachment points: 3 on each side of the case, 1 on the back, and 2 on the front. Each attachment point consists of two pins which fit into holes in tabs which protrude from the other half of the case. All of the tabs are on the bottom of the case, with the exception of the case back, where the single tab is in the center of the top of the case.

One method known to work, once, is to start at one of the rear corners. The corner by the ethernet ports seems to work best. Gently flex the case and slightly separate the top from the bottom at the corner by lifting on, or inserting a fingernail or other thin object into, the crack above the antenna. While doing this insert the tip of a knife blade (upward, given the geometry as the unit normally sits) into the crack between the two halves along the side of the case toward the rear. This will force the pins in the top of the case outward, flex the tab protruding from the bottom of the case inward, and free the pins from the tab. If necessary the knife tip may be levered slightly toward the case interior after insertion. Due to the force separating the top of the case from the bottom near the antenna, the pins should pop out of the tab located on the case side near the rear, lift slightly upward, and remain free.

Continue to free the other tabs, first working from the rear corner toward the front of the case, then across the front of the case, and finally from the front of the case toward the rear along the opposite side. The two halves of the case will then separate without having to work at freeing the last attachment point at the rear of the case.

With care, this method leaves no marks on the case.

A developing guide covering recommended configuration, design and implementation of common features on the TL-WDR4300.

Those evaluating the possible use of OpenWrt on the TL-WDR4300 may wish to review the data sheet, which details the verified hardware and software features of OpenWrt 12.09-rc1 on this platform.

The guide is written specifically for 12.09-rc1, which is the latest stable build of OpenWrt. While there is no reason that much of the content could not apply to development snapshots, there is no guarantee that the content will be applicable.

The guide is structured around a central contents page.

https://forum.openwrt.org/viewtopic.php?id=36534

• Installing packages into the USB storage

• Adding a USB wireless adapter to the router

Tested with |http over nginx|←wan-|wdr4300|←lan-|Client|