mirror of
https://git.openwrt.org/openwrt/openwrt.git
synced 2026-03-14 23:09:45 +01:00
0c47bdb902
Fortinet FAP-220-B is a dual-radio, dual-band 802.11n enterprise managed
access point with PoE input and single gigabit Ethernet interface.
Hardware highlights:
Power: 802.3af PoE input on Ethernet port, +12V input on 5.5/2.1mm DC jack.
SoC: Atheros AR7161 (MIPS 24kc at 680MHz)
RAM: 64MB DDR400
Flash: 16MB SPI-NOR
Wi-Fi 1: Atheros AR9220 2T2R 802.11abgn (dual-band)
Wi-Fi 2: Atheros AR9223 2T2R 802.11bgn (single-band)
Ethernet: Atheros AR8021 single gigabit Phy (RGMII)
Console: External RS232 port using Cisco 8P8C connector (9600-8-N-1)
USB: Single USB 2.0 host port
LEDs: Power (single colour, green), Wi-Fi 1, Wi-Fi 2, Ethernet, Mode, Status
(dual-colour, green and yellow)
Buttons: reset button hidden in bottom grill,
in the top row, 2nd column from the right.
Label MAC address: eth0
FCC ID: TVE-220102
Serial port pinout:
3 - TxD
4 - GND
6 - RxD
Installation: The same methods apply as for already supported FAP-221-B.
For both methods, a backup of flash partitions is recommended, as stock firmware
is not freely available on the internet.
(a) Using factory image:
1. Connect console cable to the console port
2. Connect Ethernet interface to your PC
3. Start preferred terminal at 9600-8-N-1
4. Have a TFTP server running on the PC.
5. Put the "factory" image in TFTP root
6. Power on the device
7. Break boot sequence by pressing "Ctrl+C"
8. Press "G". The console will ask you for device IP, server IP, and filename.
Enter them appropriately.
The defaults are:
Server IP: 192.168.1.1 # Update accordingly
Device IP: 192.168.1.2 # Update accordingly
Image file: image.out # Use for example: openwrt-ath79-generic-fortinet_fap-220-b-squashfs-factory.bin
9. The device will load the firmware over TFTP, and verify it. When
verification passes, press "D" to continue installation. The device
will reboot on completion.
(b) Using initramfs + sysupgrade
1. Connect console cable to the console port
2. Connect Ethernet interface to your PC
3. Start preferred terminal at 9600-8-N-1
4. Have a TFTP server running on the PC.
5. Put the "initramfs" image in TFTP root
6. Power on the device.
7. Break boot sequence by pressing "Ctrl+C"
8. Enter hidden U-boot shell by pressing "K". The password is literal "1".
9. Load the initramfs over TFTP:
> setenv serverip 192.168.1.1 # Your PC IP
> setenv ipaddr 192.168.1.22 # Device IP, both have to share a subnet.
> tftpboot 81000000 openwrt-ath79-generic-fortinet_fap-220-b-initramfs-kernel.bin
> bootm 81000000
10. (Optional) Copy over contents of at least "fwconcat0", "loader", and "fwconcat1"
partitions, to allow restoring factory firmware in future:
# cat /dev/mtd1 > /tmp/mtd1_fwconcat0.bin
# cat /dev/mtd2 > /tmp/mtd2_loader.bin
# cat /dev/mtd3 > /tmp/mtd3_fwconcat1.bin
and then SCP them over to safety at your PC.
11. When the device boots, copy over the sysupgrade image, and execute
normal upgrade:
# sysupgrade openwrt-ath79-generic-fortinet_fap-220-b-squashfs-sysupgrade.bin
Return to stock firmware:
1. Boot initramfs image as per initial installation up to point 9
2. Copy over the previously backed up contents over network
3. Write the backed up contents back:
# mtd write /tmp/mtd1_fwconcat0.bin fwconcat0
# mtd write /tmp/mtd2_loader.bin loader
# mtd write /tmp/mtd3_fwconcat1.bin fwconcat1
4. Erase the reserved partition:
# mtd erase reserved
5. Reboot the device
Quirks and known issues:
- The power LED blinking pattern is disrupted during boot, probably due
to very slow serial console, which prints a lot during boot compared
to stock FW.
- "mac-address-ascii" device tree binding cannot yet be used for address
stored in U-boot partition, because it expects the colons as delimiters,
which this address lacks. Addresses found in ART partition are used
instead.
- Due to using kmod-owl-loader, the device will lack wireless interfaces
while in initramfs, unless you compile it in.
- The device heats up A LOT on the bottom, even when idle. It even
contains a warning sticker there.
- Stock firmware uses a fully read-write filesystem for its rootfs.
- Stock firmware loads a lot of USB-serial converter drivers for use
with built-in host, probably meant for hosting modem devices.
- U-boot build of the device is stripped of all branding, despite that
evidence of it (obviously) being U-boot can be found in the binary.
- The user can break into hidden U-boot shell using key "K" after
breaking boot sequence. The password is "1" (without quotes).
- Telnet is available by default, with login "admin", without password.
The same is true for serial console, both drop straight to the Busybox
shell.
- The web interface drops to the login page again, after successfull
login.
- Whole image authentication boils down to comparing a device ID against
one stored in U-boot.
- And this device is apparently made by a security company.
Big thanks for Michael Pratt for providing support for FAP-221-B, which
shares the entirety of image configuration with this device, this saved
me a ton of work.
Signed-off-by: Lech Perczak <lech.perczak@gmail.com>
|
||
|---|---|---|
| .. | ||
| airoha | ||
| apm821xx | ||
| archs38 | ||
| armsr | ||
| at91 | ||
| ath25 | ||
| ath79 | ||
| bcm27xx | ||
| bcm47xx | ||
| bcm53xx | ||
| bcm63xx | ||
| bcm4908 | ||
| bmips | ||
| gemini | ||
| generic | ||
| imx | ||
| ipq40xx | ||
| ipq806x | ||
| ixp4xx | ||
| kirkwood | ||
| lantiq | ||
| layerscape | ||
| malta | ||
| mediatek | ||
| mpc85xx | ||
| mvebu | ||
| mxs | ||
| octeon | ||
| octeontx | ||
| omap | ||
| oxnas | ||
| pistachio | ||
| qoriq | ||
| qualcommax | ||
| ramips | ||
| realtek | ||
| rockchip | ||
| sifiveu | ||
| sunxi | ||
| tegra | ||
| uml | ||
| x86 | ||
| zynq | ||
| Makefile | ||