14 Extreme Networks WS-AP3825I - How to flash with OpenWRT

steeb edited this page 2024-11-10 20:00:22 -07:00

Table of Contents

• OpenWRT Access Points
• Flashing process
• Before you begin
• The process
• IP address already taken
• Setting up the AP as a bridge
• Configuring the WiFi
• Disable DHCP, dnsmasq, and firewall
• And the others

OpenWRT Access Points

These units are compatible with OpenWRT and therefore a much better solution than the Ruckus R700 units I have that are extremely out of date.

Flashing process

Before you begin

First, we'll need a Cisco-compatible serial cable (RJ45 to USB). For simplicity's sake, go ahead and perform a factory reset on these before starting.

The process

1. Plug in the USB end of the serial cable. We want to open a terminal on ttyUSB0, (or whichever ttyUSB* device is available.

sudo picocom -b 115200 /dev/ttyUSB0

2. Once we know that we can see the cable, go ahead and power up the AP and connect the RJ45 end of the serial cable to the Console port and the PoE cable to the LAN2 port.

3. Press 'Enter' on your keyboard when the message Scanning JFFS2 FS: . comes up to drop into a BOOT mode

4. At this point, the picocom terminal should prompt for a login. Use admin for the username and new2day for the password.

5. In a new terminal window, create a temporary directory and move into it with

cd $(mktemp -d)

6. Still in the new terminal window, download the firmware image,

curl https://downloads.openwrt.org/releases/23.05.5/targets/mpc85xx/p1020/openwrt-23.05.5-mpc85xx-p1020-extreme-networks_ws-ap3825i-initramfs-kernel.bin -o ws-ap3825i-initramfs.bin

7. Finally, in that same new terminal window, start a TFTP server using

sudo dnsmasq -d --enable-tftp --port 0 --tftp-root $(pwd)

8. In the original ttyUSB0 terminal, run the following commands, being sure to enter the correct IP address for the TFTP server (the computer you're using) and the AP. Please be aware that you cannot ping the AP in its current state - find the IP assigned by DHCP after the initial factory reset and use that. (This step was crazymaking for me - just do it! If you used the LAN2 port, you WILL have a connection.)

setenv ramboot_openwrt "setenv ipaddr <access-point_ip>; setenv serverip <tftp-server_ip>; tftpboot 0x2000000 ws-ap3825i-initramfs.bin; interrupts off; bootm start 0x2000000; bootm loados; fdt resize; fdt boardsetup; fdt resize; fdt boardsetup; fdt chosen; fdt resize; fdt chosen; bootm prep; bootm go;"

setenv boot_openwrt "cp.b 0xEC000000 0x2000000 0x2000000; interrupts off; bootm start 0x2000000; bootm loados; fdt resize; fdt boardsetup; fdt resize; fdt boardsetup; fdt chosen; fdt resize; fdt chosen; bootm prep; bootm go;"

setenv bootcmd "run boot_openwrt";

saveenv

run ramboot_openwrt 

9. Press 'Enter' on your keyboard once done, and now you should be at the OpenWRT console. We're not done - the image isn't flashed to the system yet, we need to run a sysupgrade - but first, download the file:

wget https://downloads.openwrt.org/releases/23.05.5/targets/mpc85xx/p1020/openwrt-23.05.5-mpc85xx-p1020-extreme-networks_ws-ap3825i-squashfs-sysupgrade.bin -O sysupgrade.bin

(You may want to check if there's a newer version in the future, but this is accurate for now.)

And finally...

sysupgrade -n sysupgrade.bin

IP address already taken

In the event that the IP address of 192.168.1.1 is already taken on the network, run the following command to change the IP address without restarting the device and starting over again:

uci set network.lan.ipaddr=<ip address> && uci commit network && /etc/init.d/network restart 

Setting up the AP as a bridge

This devices do not need to serve out addresses. Follow this guide to set this up properly. Summary of our particular changes below.

Configuring the WiFi

Modify /etc/config/wireless with the following. Be sure to update the network key. Leave the wifi-device sections as is -- only update the wifi-iface entries.

config wifi-iface 'default_radio0'
	option device 'radio0'
	option network 'lan'
	option mode 'ap'
	option ssid 'crimsonFi'
	option encryption 'sae'
	option key '<encryption key>'

...

config wifi-iface 'default_radio1'
	option device 'radio1'
	option network 'lan'
	option mode 'ap'
	option ssid 'google how make internet work'
	option encryption 'psk2'
	option key '<encryption key>'

Disable DHCP, dnsmasq, and firewall

uci set dhcp.lan.ignore=1
uci commit dhcp
service dnsmasq disable
service dnsmasq stop
uci set dhcp.lan.dhcpv6=disabled
uci set dhcp.lan.ra=disabled
uci commit
/etc/init.d/firewall disable
/etc/init.d/firewall stop
/etc/init.d/network reload 

The final command to reload the network service should be enough, but if it seems like settings are not taking, a reboot would do the trick.

And the others

Be sure to update the hostname, NTP server, DNS and gateway addresses for all units. Once deployed, remember to update the wiki!