Differences

This shows you the differences between two versions of the page.

toh:tp-link:tl-wdr4300 [2014/02/26 13:11]
joky
toh:tp-link:tl-wdr4300 [2014/10/17 04:30] (current)
buzz the latest stock firmware TL-WDR4300_v1_140916 no longer seems to have tftp enabled in the bootloader. I had to downgrade to 3.13.33 to get this feature
Line 1: Line 1:
======TP-Link TL-WDR4300====== ======TP-Link TL-WDR4300======
Dual Band (concurrent) and Gigabit Ethernet. Dual Band (concurrent) and Gigabit Ethernet.
-Advertised as 750 Mbps it is Dual-Stream (2x2) on the 2.4 Ghz Band and Triple-Stream (3x3) on the 5 Ghz Band. Same as the TL-WDR4310 Released earlier this year in China.+Advertised as 750 Mbps it is Dual-Stream (2x2) on the 2.4 Ghz Band and Triple-Stream (3x3) on the 5 Ghz Band. Same as the TL-WDR4310 Released earlier this year in China.
FCC ID = TE7WDR4300. FCC ID = TE7WDR4300.
-Manufacturer product page is [[http://www.tplink.com/en/products/details/?categoryid=2166&model=TL-WDR4300|here]], while the support download page is [[http://www.tplink.com/en/support/download/?model=TL-WDR4300&version=V1#tbl_j|here]].+Related to TL-WDR3600, which has only two instead of three antennas.
-The version 1.1 unit appears to use a SiGe SE2574L WFEs for 2.4 Ghz (20 dBm output) and SiGe SE5005L WFEs for 5 Ghz (18 dBm output) 
-{{:meta:icons:tango:dialog-warning.png?nolink |Warning!}}**WARNING:** Security warning: unpatched http/tftp backdoor in **original** firmware: [[http://sekurak.pl/tp-link-httptftp-backdoor/]]+Manufacturer product page is [[http://www.tplink.com/en/products/details/?categoryid=2166&model=TL-WDR4300|here]], while the support download page is [[http://www.tplink.com/en/support/download/?model=TL-WDR4300&version=V1#tbl_j|here]].
 +{{:meta:icons:tango:dialog-warning.png?nolink |Warning!}}**WARNING:** Security warning: unpatched http/tftp backdoor in **original** firmware: [[http://sekurak.pl/tp-link-httptftp-backdoor/]]
===== Supported Versions ===== ===== Supported Versions =====
-^ Version/Model ^ S/N ^ Release Date ^ OpenWrt Version Supported ^ Model Specific Notes ^ 
-| v1.0 | - | 2012/02 | trunk [[https://dev.openwrt.org/changeset/32683|r32683]]  | [[.:TL-WDR4310|TP-Link TL-WDR4310]].| 
-| v1.1 | - | 2012/06 | trunk [[https://dev.openwrt.org/changeset/32461|r32461]] | Similar to [[.:TL-WDR4310|TP-Link TL-WDR4310]]| 
-| v1.2 | - | 2012/11 | [[http://downloads.openwrt.org/attitude_adjustment/12.09-rc1/ar71xx/generic/|Attitude Adjustment 12.09 RC1]] | Similar to [[.:TL-WDR4310|TP-Link TL-WDR4310]]| 
-| v1.3 | - | 2012/11 | [[http://downloads.openwrt.org/attitude_adjustment/12.09-rc1/ar71xx/generic/|Attitude Adjustment 12.09 RC1]] and [[http://downloads.openwrt.org/attitude_adjustment/12.09/ar71xx/generic/|Attitude Adjustment 12.09 Final]] | Confirmed working with **Attitude Adjustment 12.09 Final**.\\ Similar to [[.:TL-WDR4310|TP-Link TL-WDR4310]]| 
-| v1.4 | - | 2013/04 | trunk [[https://dev.openwrt.org/changeset/36676|r36676]] | NEED to Toggle HW Wifi switch after first flash | 
-| v1.5 | - | 2013/? | trunk [[https://dev.openwrt.org/changeset/37374|r37374]] | NEED to Toggle HW Wifi switch after first flash. Similar to v1.4, released between 2013/04 & 2013/07 | 
-| v1.6 | - | 2013/08 | trunk [[https://dev.openwrt.org/changeset/37759|r37759]] and [[http://downloads.openwrt.org/attitude_adjustment/12.09/ar71xx/generic/|Attitude Adjustment 12.09 Final]] | Confirmed working with **Attitude Adjustment 12.09 Final**. | 
-| v1.7 | - | 2014/01 | trunk [[https://dev.openwrt.org/changeset/39422|r39422]] | **Attitude Adjustment** does not work. [[https://forum.openwrt.org/viewtopic.php?pid=224008#p224008|more info]].  [[https://forum.openwrt.org/viewtopic.php?id=48226|General discussion]].  [[http://downloads.openwrt.org/attitude_adjustment/12.09/ar71xx/generic/openwrt-ar71xx-generic-tl-wdr4300-v1-squashfs-factory.bin|Attitude Adjustment 12.09 Final SquashFS Factory]] works for me.  This appears to be a problem only some people are experiencing.| 
-The latest firmware available is the release build [[http://downloads.openwrt.org/attitude_adjustment/12.09/ar71xx/generic/|Attitude Adjustment 12.09 Final]] or the trunk build [[http://downloads.openwrt.org/snapshots/trunk/ar71xx/|Barrier Breaker]], with working ethernet and dual-band wireless (disabled by default). If your wireless cannot be enabled when using wide channel modes, this may be due to the friendly neighbour "feature" that prohibits operation of such a mode and you may have to use the standard modes before wireless can be enabled.+The latest firmware available is the release build of [[https://downloads.openwrt.org/barrier_breaker/14.07/ar71xx/generic/|Barrier Breaker 14.07]], with working ethernet and dual-band wireless (disabled by default), webUI, and support for all hardware revisions through at least 1.7. 
 + 
 +^ Version/Model ^ S/N ^ Board ID ^ Release Date ^ OpenWrt Version Supported ^ Model Specific Notes ^ 
 +| v1.0 | - | - | 2012/02 | [[https://dev.openwrt.org/changeset/32683|r32683]]  | [[.:TL-WDR4310|TP-Link TL-WDR4310]].| 
 +| v1.1 | - | - | 2012/06 | [[https://dev.openwrt.org/changeset/32461|r32461]] | Similar to [[.:TL-WDR4310|TP-Link TL-WDR4310]]| 
 +| v1.2 | - | - | 2012/11 | - | - | 
 +| v1.3 | - | - | 2012/11 | - | - | 
 +| v1.4 | - | - | 2013/04 | [[https://dev.openwrt.org/changeset/36676|r36676]] | NEED to Toggle HW Wifi switch after first flash | 
 +| v1.5 | - | - | 2013/? | [[https://dev.openwrt.org/changeset/37374|r37374]] | NEED to Toggle HW Wifi switch after first flash. Similar to v1.4, released between 2013/04 & 2013/07 | 
 +| v1.6 | - | - | 2013/08 | [[https://dev.openwrt.org/changeset/37759|r37759]]| - | 
 +| v1.7 | - | 2050500272 rev 1.3 | 2014/01 | [[https://downloads.openwrt.org/barrier_breaker/14.07/ar71xx/generic/openwrt-ar71xx-generic-tl-wdr4300-v1-squashfs-factory.bin| Barrier Breaker - 14.07]] | - | 
 + 
 +**NOTE:** The ethernet switch in this device, AR8327N, is working fine with the OpenWRT default configuration. But some of the more advanced functions of the switch are is not yet fully supported by the driver in 12.09. Most notably, a port cannot be tagged in some VLAN's and untagged in another, see [[https://dev.openwrt.org/ticket/12181|Bug 12181]]. A patch exists, but is not yet included in Trunk due to compatibility issues with older hardware. 
 + 
 +If your wireless cannot be enabled when using wide channel modes, this may be due to the friendly neighbour "feature" that prohibits operation of such a mode and you may have to use the standard modes before wireless can be enabled
 + 
 +===== Quick Start Guide ===== 
 +Barrier Breaker 14.07 provides full support for this router and has Luci (webUI) built-in. 
 + 
 +  * Download [[https://downloads.openwrt.org/barrier_breaker/14.07/ar71xx/generic/openwrt-ar71xx-generic-tl-wdr4300-v1-squashfs-factory.bin| openwrt-ar71xx-generic-tl-wdr4300-v1-squashfs-**factory**.bin]] 
 +  * connect your PC to a LAN port of the TP-link via ethernet.  Login to the TP-link web administration webpage.  Under 'System Tools' select 'Firmware Upgrade'.  Browse to the previously downloaded *.bin file.  Click Upgrade. 
 +  * Connect to http://192.168.1.1 with your web browser 
 +  * Set your password and configure the router through the web UI.  [[http://wiki.openwrt.org/doc/howto/basic.config|Basic Config]] 
 + 
 +**Note**: Factory default IP address range is 192.168.0.1 while OpenWrt uses 192.168.1.1 by default. If you have trouble accessing your router after initial flash, check that you have a 192.168.1.x IP address on your PC.
===== Hardware Highlights ===== ===== Hardware Highlights =====
^ CPU ^ Flash ^ RAM ^ Network ^ WAN ^ USB ^ Serial ^ JTag ^ VLANs ^ ^ CPU ^ Flash ^ RAM ^ Network ^ WAN ^ USB ^ Serial ^ JTag ^ VLANs ^
| Atheros AR9344@560MHz  | 8MB | 128MB | 4x1 GigE | 1x1 GigE WAN| x2 v2.0| Yes | Yes | 128 | | Atheros AR9344@560MHz  | 8MB | 128MB | 4x1 GigE | 1x1 GigE WAN| x2 v2.0| Yes | Yes | 128 |
 +
===== Installation ===== ===== Installation =====
-  - [[doc:howto:obtain.firmware]] Download a pre-compiled release image [[http://downloads.openwrt.org/attitude_adjustment/12.09/ar71xx/generic/|Attitude Adjustment 12.09]] or trunk image [[http://downloads.openwrt.org/snapshots/trunk/ar71xx/|Barrier Breaker]], look for openwrt-ar71xx-generic-tl-wdr4300-v1-squashfs-factory.bin. The precompiled images does not activate the wireless feature by default (you will have to use ethernet for the initial configuration).+  - It is recommended to update to stock firmware 3.13.33(130617) before installation. This firmware features bootloader with handy TFTP recovery mode -> [[#flashing.via.tftp]], [[#de-brick.or.oem.installation.using.the.tftp.recovery]] 
 +  - [[doc:howto:obtain.firmware]] Download a pre-compiled release image [[http://downloads.openwrt.org/attitude_adjustment/12.09/ar71xx/generic/|Attitude Adjustment 12.09]], [[https://downloads.openwrt.org/barrier_breaker/14.07/ar71xx/generic/|Barrier Breaker 14.07]], or trunk image [[http://downloads.openwrt.org/snapshots/trunk/ar71xx/|Chaos Calmer]], look for openwrt-ar71xx-generic-tl-wdr4300-v1-squashfs-**factory**.bin. The precompiled images does not activate the wireless feature by default (you will have to use ethernet for the initial configuration).
**NOTE:** Trunk images dont have luci you must install manually [[doc:howto:luci.essentials]] **NOTE:** Trunk images dont have luci you must install manually [[doc:howto:luci.essentials]]
 +
 +**NOTE:** Images with "-il-" in the name is specialised for devices sold in Israel, e.g. openwrt-ar71xx-generic-tl-wdr4300-v1-il-squashfs-factory.bin. For devices in Israel, try flashing the original image first, in most cases it will work just fine. Devices that require the Israeli firmware will show a warning on the Firmware Update page. If you see this warning, fallback to the "-il-" image. The Israeli firmware differs only in the Hardware ID, in order to enable flashing from the original firmware interface. There is no difference between the images otherwise. See [[http://www.mail-archive.com/openwrt-devel@lists.openwrt.org/msg17573.html|this thread]] for details.
  - [[doc:howto:generic.flashing]] Now write this firmware-file onto the flash-chip of your device   - [[doc:howto:generic.flashing]] Now write this firmware-file onto the flash-chip of your device
(For a brand new router, you could just use the vendor web UI to flash the .bin image) (For a brand new router, you could just use the vendor web UI to flash the .bin image)
Line 39: Line 58:
**WARNING:** Do not flash the sysupgrade firmware via the vendor firmware web interface - only the 'factory' images should be flashed from the vendor firmware. **WARNING:** Do not flash the sysupgrade firmware via the vendor firmware web interface - only the 'factory' images should be flashed from the vendor firmware.
 +
 +==== Flashing via TFTP =====
 +
 +Pressing the WPS/Reset button during powerup makes the bootstrap loader enter the TFTP recovery mode. The procedure can be used to transfer a firmware image:
 +  - assign 192.168.0.66 to your local network interface (the router uses 192.168.0.86)
 +  - publish a firmware image via tftp: ''cp openwrt-ar71xx-generic-tl-wdr4300-v1-squashfs-factory.bin /srv/tftp/wdr4300v1_tp_recovery.bin''
 +  - configure your tftp server
 +  - wait for the firmware transfer and subsequent reboot
 +
==== Upgrading OpenWrt ==== ==== Upgrading OpenWrt ====
Line 125: Line 153:
  * in case the file name of this firmware file does not contain the word **//"boot"//** in it, you can simply revert back to original firmware. -> [[doc:howto:generic.uninstall]]   * in case the file name of this firmware file does not contain the word **//"boot"//** in it, you can simply revert back to original firmware. -> [[doc:howto:generic.uninstall]]
  * in case the file name of this firmware file does contain the word **//"boot"//** in it, you need to cut off parts of the image file //before// flashing it   * in case the file name of this firmware file does contain the word **//"boot"//** in it, you need to cut off parts of the image file //before// flashing it
-An example of an image file with the word "boot" in it is ''wdr4300v1_en_3_13_17_up_boot(120426).bin''. (Note: As of yet I only saw one firmware on their page and that was with boot)+An example of an image file with the word "boot" in it is ''wdr4300v1_en_3_13_17_up_boot(120426).bin''.
Cut the first 0x20200 (that is 131,584 = 257*512) Bytes from original firmware: (1*512 Vendor-info + 256*512 U-Boot) Cut the first 0x20200 (that is 131,584 = 257*512) Bytes from original firmware: (1*512 Vendor-info + 256*512 U-Boot)
 +
 +
 +If you want to find an image that does not contain the word "boot" from the OEM, try downloading smaller zip-files first.
<code> <code>
wget or scp the stock firmware file to /tmp/ wget or scp the stock firmware file to /tmp/
Line 140: Line 171:
Now follow -> [[doc:howto:generic.uninstall]] Now follow -> [[doc:howto:generic.uninstall]]
 +
 +==== de-brick or OEM installation using the TFTP recovery ====
 +
 +The stock firware (3.13.33(130617)) features a TFTP recovery client in bootloader. To activate it press and hold WPS/Reset Button during powering on until WPS LED turns on. Connect computer to LAN1. Using TCPdump, you should see ARP requests from router having address 192.168.0.86 looking for address 192.168.0.66.
 +
 +<code># tcpdump -ni eth0 arp
 +ARP, Request who-has 192.168.0.66 tell 192.168.0.86, length 46</code>
 +
 +Set up your computer to address 192.168.0.66, netmask /24 (255.255.255.0).
 +
 +<code>
 +# ip addr add dev eth0 192.168.0.66/24
 +</code>
 +
 +Using TCPdump, you should now see request for new firmware image:
 +
 +<code>
 +# tcpdump -npi eth0 udp
 +IP 192.168.0.86.2195 > 192.168.0.66.69:  44 RRQ "wdr4300v1_tp_recovery.bin" octet timeout 5
 +</code>
 +
 +Rename factory image to given name and put it into TFTP server root.
 +-> [[doc:howto:generic.flashing.tftp]]
 +
 +:!: In case you are flashing back original firmware, make sure original firmware image name does not contain word ''**boot**'' -> [[#back.to.original.firmware]].
 +
 +<code># cp openwrt-ar71xx-generic-tl-wdr4300-v1-squashfs-factory.bin wdr4300v1_tp_recovery.bin
 +# atftpd --no-fork --daemon .</code>
 +
 +After downloading, the flashing starts immediately. After cca. 1 minute, the router reboots automatically.
==== de-brick or OEM installation using the TFTP and RS232 (serial) method ==== ==== de-brick or OEM installation using the TFTP and RS232 (serial) method ====
Line 157: Line 218:
  - copy your desired openwrt image for the tplink-4300 into your tftp server folder and rename it into openwrt.bin (to save some typing within the flash procedure)   - copy your desired openwrt image for the tplink-4300 into your tftp server folder and rename it into openwrt.bin (to save some typing within the flash procedure)
  - first goal is to get the command prompt from the u-boot bootloader on your router   - first goal is to get the command prompt from the u-boot bootloader on your router
 +  - you should only plug in the serial into the router's serial port AFTER it initialises for a split second after powering on BUT BEFORE Autobooting starts otherwise it might hang at the initialisation process
  - plug in your router and be ready to type ''tpl'' & hit ENTER after you see the line ''Autobooting in 1 seconds'':   - plug in your router and be ready to type ''tpl'' & hit ENTER after you see the line ''Autobooting in 1 seconds'':
Line 313: Line 375:
  * Discussion about this project on [[https://forum.openwrt.org/viewtopic.php?id=43237|OpenWrt forum]]   * Discussion about this project on [[https://forum.openwrt.org/viewtopic.php?id=43237|OpenWrt forum]]
  * An article (in Polish) about one of the first version of this project on [[http://www.tech-blog.pl/2013/03/29/zmodyfikowany-u-boot-dla-routerow-tp-link-z-atheros-ar9331-z-trybem-aktualizacji-oprogramowania-przez-www-i-konsola-sieciowa-netconsole/|www.tech-blog.pl]]   * An article (in Polish) about one of the first version of this project on [[http://www.tech-blog.pl/2013/03/29/zmodyfikowany-u-boot-dla-routerow-tp-link-z-atheros-ar9331-z-trybem-aktualizacji-oprogramowania-przez-www-i-konsola-sieciowa-netconsole/|www.tech-blog.pl]]
 +
 +==== Original bootloader settings ====
 +(for 1.7, at least)
 +<code>
 +db12x> printenv
 +bootargs=console=ttyS0,115200 root=31:02 rootfstype=squashfs init=/sbin/init mtdparts=ath-nor0:256k(u-boot),64k(u-boot-env),6336k(rootfs),1408k(uImage),64k(mib0),64k(ART)
 +bootcmd=bootm 0x9f020000
 +bootdelay=1
 +baudrate=115200
 +ethaddr=0xXX:0xXX:0xXX:0xXX:0xXX:0xXX
 +ipaddr=192.168.1.111
 +serverip=192.168.1.100
 +dir=
 +lu=tftp 0x80060000 ${dir}u-boot.bin&&erase 0x9f000000 +$filesize;cp.b $fileaddr 0x9f000000 $filesize
 +lf=tftp 0x80060000 ${dir}db12x${bc}-jffs2&&erase 0x9f050000 +0x630000;cp.b $fileaddr 0x9f050000 $filesize
 +lk=tftp 0x80060000 ${dir}vmlinux${bc}.lzma.uImage&&erase 0x9f680000 +$filesize;cp.b $fileaddr 0x9f680000 $filesize
 +stdin=serial
 +stdout=serial
 +stderr=serial
 +ethact=eth0
 +
 +Environment size: 686/65532 bytes
 +db12x>
 +</code>
 +
 +Changing variables through '''setenv''' doesn't seem to make the changes stick, unfortunately.
===== Hardware ===== ===== Hardware =====
Line 402: Line 490:
{{:media:tplinkwrd3600-usbmod-small.jpg|}} {{:media:tplinkwrd3600-usbmod-small.jpg|}}
{{:media:tplinkwrd3600-usbmod1-small.jpg|}} {{:media:tplinkwrd3600-usbmod1-small.jpg|}}
 +
 +
 +
Line 438: Line 529:
With care, this method leaves no marks on the case. With care, this method leaves no marks on the case.
 +
 +
 +
 +==== de-brick using in-system-programming ====
 +
 +{{:meta:icons:tango:dialog-warning.png?nolink |Warning!}}**WARNING:** risk of frying your hardware. only do this when you understand basic electric engineering.
 +
 +
 +----
 +
 +
 +When the bootloader was trashed as well, and none of the above recovery methods work, you can de-brick the thing using flashrom,
 +see [[http://flashrom.org/ISP|http://flashrom.org/ISP]].
 +
 +
 +If you don't have one of those fancy SOIC clips, desolder the flash chip (google for SOIC desoldering for your favorite method){{:media:wdr4300-desoldered-flash.jpg|}}
 +
 +
 +
 +
 +
 +
 +===== Serial console =====
 +
 +Serial console is available on the J1 (1.7) connector, 3.3v signals.
 +
 +1 = TX out \\
 +2 = RX in \\
 +3 = GND \\
 +4 = VCC 3.3V \\
 +**DO NOT CONNECT VCC**. Use only TX/RX/GND.
 +
 +Baud Rate: 115200\\
 +Data Bits: 8\\
 +Parity: No\\
 +Stop Bits: 1\\
 +
 +To break bootstrap sequence, type '''tpl''' during the 1-second boot delay.
 +
 +Factory firmware login credentials are not known at this time (it's not root/5up as with other tp-link models).
===== TP-Link TL-WDR4310 Version 1.0 forum thread ===== ===== TP-Link TL-WDR4310 Version 1.0 forum thread =====
Line 453: Line 584:
| ~400 | routed | | ~400 | routed |
| ~300 | nat | | ~300 | nat |
 +
===== Tags ===== ===== Tags =====
{{tag>GigabitEthernet 2NIC 2WNIC 5Port USB 2USB JTAG 802.11bgn ath9k AR9344 AR9580 802.11abgn_simultan 3Ant DetachableAntenna 128RAM 8Flash MIPS MIPS32 74Kc DB120}} {{tag>GigabitEthernet 2NIC 2WNIC 5Port USB 2USB JTAG 802.11bgn ath9k AR9344 AR9580 802.11abgn_simultan 3Ant DetachableAntenna 128RAM 8Flash MIPS MIPS32 74Kc DB120}}

Back to top

toh/tp-link/tl-wdr4300.1393416699.txt.bz2 · Last modified: 2014/02/26 13:11 by joky