...
[ #004 ] - Saving private OpenWRT", thanks freeRouter's TFTP server !
Expand |
---|
title | monitorLog into freeRouter |
---|
|
If you are familiar with Cisco operating system you will feel at home with this TFTP server. Code Block |
---|
language | bash |
---|
theme | Midnight |
---|
title | Log into freeRouter in config mode: |
---|
| __ ____ _
/ _|_ __ ___ ___| _ \ ___ _ _| |_ ___ _ __
| |_| '__/ _ \/ _ \ |_) / _ \| | | | __/ _ \ '__|
| _| | | __/ __/ _ < (_) | |_| | || __/ |
|_| |_| \___|\___|_| \_\___/ \__,_|\__\___|_|
_ __ ___ ___| | _____ | |
| '__/ _ \ / __| |/ / __| | |
| | | (_) | (__| <\__ \ |_|
|_| \___/ \___|_|\_\___/ (_)
welcome
line ready
mjolnir#conf t
mjolnir(cfg)#server tftp openwrt
mjolnir(cfg-server)#?
access-blackhole4 - propagate and check violating prefixes
access-blackhole6 - propagate and check violating prefixes
access-class - set access list
access-log - log dropped attemps
access-map - set route map
access-peer - per client session limit
access-policy - set route policy
access-prefix - set prefix list
access-rate - access rate for this server
access-startup - initial downtime for this server
access-subnet - per subnet session limit
access-total - session limit for this server
do - execute one exec command
end - close this config session
exit - go back to previous mode
interface - interface to bind to
no - negate a command
path - set root folder
port - set port to listen on
protocol - set lower protocols to use
readonly - set write protection
security - set security parameters
show - running system information
vrf - set vrf to use
|
|
Expand |
---|
title | TFTP server configuration |
---|
|
sdn6 is the port #6 connected from my SOHO router to OpenWRT router. Code Block |
---|
language | bash |
---|
theme | Midnight |
---|
title | TFTP server configuration |
---|
| sh run tftp
server tftp openwrt
path /rtr/owrt/
interface sdn6
vrf inet
exit
!
sh run sdn6
interface sdn6
description mjolnir@LAN6[08:00.0]
mtu 1500
macaddr 004c.7307.0a77
vrf forwarding inet
ipv4 address 192.168.136.1 255.255.255.0
ipv4 broadcast-multicast
no shutdown
no log-link-change
exit
!
...
|
So the LAN port of my OpenWRT router is like this: Code Block |
---|
language | bash |
---|
theme | Midnight |
---|
title | OpenWRT config (this can be done via Web GUI) |
---|
| ...
config interface 'lan'
option type 'bridge'
option proto 'static'
option ipaddr '192.168.136.2'
option netmask '255.255.255.0'
option broadcast '192.168.136.255'
option gateway '192.168.136.1'
option ip6assign '60'
list dns '192.168.254.1'
option ifname 'eth0 eth0.1 eth0.2 wlan0 wlan1'
...
|
Basic connectivity check (well techincally you could not ping as it is part if TFTP restore to factory process. Remember our box crashed ! ) Code Block |
---|
language | bash |
---|
theme | Midnight |
---|
title | ping OpenWRT |
---|
| ping 192.168.136.2 /vrf inet
pinging 192.168.136.2, src=null, vrf=inet, cnt=5, len=64, tim=1000, ttl=255, tos=0, sweep=false
!!!!!
result=100%, recv/sent/lost=5/5/0, rtt min/avg/max/total=0/1/2/5
...
|
|
Expand |
---|
title | Launch OpenWRT TFTP factory reset |
---|
|
So we are basically ready ... Code Block |
---|
language | bash |
---|
theme | Midnight |
---|
title | Initiate OpenWRT factory restore process via TFTP |
---|
| ===================================================================
MT7621 stage1 code 10:33:11 (ASIC)
CPU=50000000 HZ BUS=12500000 HZ
==================================================================
Change MPLL source from XTAL to CR...
do MEMPLL setting..
MEMPLL Config : 0x11100000
3PLL mode + External loopback
=== XTAL-40Mhz === DDR-1200Mhz ===
PLL2 FB_DL: 0x9, 1/0 = 567/457 25000000
PLL3 FB_DL: 0xc, 1/0 = 596/428 31000000
PLL4 FB_DL: 0x11, 1/0 = 560/464 45000000
do DDR setting..[00320381]
Apply DDR3 Setting...(use customer AC)
0 8 16 24 32 40 48 56 64 72 80 88 96 104 112 120
--------------------------------------------------------------------------------
0000:| 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0
0001:| 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0
0002:| 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0
0003:| 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0
0004:| 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0
0005:| 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0
0006:| 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0
0007:| 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0
0008:| 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0
0009:| 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0
000A:| 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0
000B:| 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0
000C:| 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0
000D:| 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 1
000E:| 0 0 0 0 0 0 0 0 0 1 1 1 1 1 1 1
000F:| 0 0 0 0 1 1 1 1 1 1 1 1 1 1 0 0
0010:| 1 1 1 1 1 1 1 1 1 0 0 0 0 0 0 0
0011:| 1 1 1 0 0 0 0 0 0 0 0 0 0 0 0 0
0012:| 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0
0013:| 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0
0014:| 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0
0015:| 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0
0016:| 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0
0017:| 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0
0018:| 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0
0019:| 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0
001A:| 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0
001B:| 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0
001C:| 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0
001D:| 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0
001E:| 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0
001F:| 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0
rank 0 coarse = 15
rank 0 fine = 72
B:| 0 0 0 0 0 0 0 0 0 0 1 1 1 0 0 0
opt_dle value:11
DRAMC_R0DELDLY[018]=00001F1F
==================================================================
RX DQS perbit delay software calibration
==================================================================
1.0-15 bit dq delay value
==================================================================
bit| 0 1 2 3 4 5 6 7 8 9
--------------------------------------
0 | 10 7 9 9 7 7 8 7 3 6
10 | 6 7 7 9 6 9
--------------------------------------
==================================================================
2.dqs window
x=pass dqs delay value (min~max)center
y=0-7bit DQ of every group
input delay:DQS0 =31 DQS1 = 31
==================================================================
bit DQS0 bit DQS1
0 (1~61)31 8 (1~56)28
1 (1~58)29 9 (1~61)31
2 (1~60)30 10 (1~59)30
3 (1~58)29 11 (1~57)29
4 (1~57)29 12 (1~60)30
5 (1~61)31 13 (1~60)30
6 (1~58)29 14 (1~61)31
7 (1~62)31 15 (1~61)31
==================================================================
3.dq delay value last
==================================================================
bit| 0 1 2 3 4 5 6 7 8 9
--------------------------------------
0 | 10 9 10 11 9 7 10 7 6 6
10 | 7 9 8 10 6 9
==================================================================
==================================================================
TX perbyte calibration
==================================================================
DQS loop = 15, cmp_err_1 = ffff0000
dqs_perbyte_dly.last_dqsdly_pass[0]=15, finish count=1
dqs_perbyte_dly.last_dqsdly_pass[1]=15, finish count=2
DQ loop=15, cmp_err_1 = ffff0080
dqs_perbyte_dly.last_dqdly_pass[1]=15, finish count=1
DQ loop=14, cmp_err_1 = ffff0000
dqs_perbyte_dly.last_dqdly_pass[0]=14, finish count=2
byte:0, (DQS,DQ)=(8,8)
byte:1, (DQS,DQ)=(8,8)
20,data:88
[EMI] DRAMC calibration passed
===================================================================
MT7621 stage1 code done
CPU=50000000 HZ BUS=12500000 HZ
===================================================================
U-Boot 1.1.3 (Apr 17 2017 - 17:00:02)
Board: Ralink APSoC DRAM: 256 MB
Power on memory test. Memory size= 256 MB...OK!
relocate_code Pointer at: 8ffac000
Config XHCI 40M PLL
******************************
Software System Reset Occurred
******************************
Allocate 16 byte aligned buffer: 8ffdffd0
Enable NFI Clock
# MTK NAND # : Use HW ECC
NAND ID [C8 D1 80 95 42]
Device not found, ID: c8d1
Not Support this Device!
chip_mode=00000001
Support this Device in MTK table! c8d1
select_chip
[NAND]select ecc bit:4, sparesize :64 spare_per_sector=16
Signature matched and data read!
load_fact_bbt success 1023
load fact bbt success
[mtk_nand] probe successfully!
mtd->writesize=2048 mtd->oobsize=64, mtd->erasesize=131072 devinfo.iowidth=8
..============================================
Ralink UBoot Version: 5.0.0.0
--------------------------------------------
ASIC MT7621A DualCore (MAC to MT7530 Mode)
DRAM_CONF_FROM: Auto-Detection
DRAM_TYPE: DDR3
DRAM bus: 16 bit
Xtal Mode=5 OCP Ratio=1/4
Flash component: NAND Flash
Date:Apr 17 2017 Time:17:00:02
============================================
icache: sets:256, ways:4, linesz:32 ,total:32768
dcache: sets:256, ways:4, linesz:32 ,total:32768
##### The CPU freq = 880 MHZ ####
estimate memory size =256 Mbytes
#Reset_MT7530
set LAN/WAN LWLLL
Please choose the operation:
1: Load system code to SDRAM via TFTP.
2: Load system code then write to Flash via TFTP.
3: Boot system code via Flash (default).
4: Entr boot command line interface.
7: Load Boot Loader code then write to Flash via Serial.
9: Load Boot Loader code then write to Flash via TFTP.
4
You choosed 2
0
2: System Load Linux Kernel then write to Flash via TFTP.
Warning!! Erase Linux in Flash then burn new one. Are you sure?(Y/N)
Please Input new ones /or Ctrl-C to discard
Input device IP (192.168.31.1) ==:192.168.31.1
Input server IP (192.168.31.100) ==:192.168.31.2
Input Linux Kernel filename () ==: <my_factory_router_image>
...
|
And ... Voilà ! |
Tip |
---|
|
Keep in mid that one battle is over, but this is not the end of the war. After having restored genuine official vendor image, we need to re-install OpenWRT with the latest 19.07.4 image and configure OpenWRT so that it can acts as a "dummy Wifi Access Point". DHCP, DNS will be served by the SOHO router. |
Discussion
You can deploy freeRouter manually in a VM or container and bind it to a linux interface if you need a TFTP server in order to apply configuration to all your equipment. When final staging are done in a secure Out of Band management network context having a TFTP server is a blessing as it correspond to a gain of time in a production environment. Imaging hundreds of people working in a SP environment and working at the same time.
...