OpenWrt Forum Archive

I got some of these Dual-Band Radio AP's for cheap - the downside is that they are intended to be used with a controller and not standalone. I got access to the serial console and here is a normal bootlog of the AP trying do discover the controller on the Network:

 
ar531x rev 0x00005742 firmware startup...
SDRAM TEST...PASSED


Atheros AR5001AP default version 3.0.0.43A
Chantry Networks BootROM Software Version: 2.2.0


 0
auto-booting...

Attaching to TFFS... done.
Loading /fl/bp200.img...1707072
Starting at 0x804846e0...

/fl/  - Volume is OK
ru_image_signature_read: Image signature not set.
set_log_level:L40:set LOG_LEVEL to LOG_INFO.
ruMgmtGetBackupTunnel: No backup tunnel found
apCfgCountryCodeSet:L4542:SET REBOOT:countrycode:840
apCfgRadioChannelSet - Wlan0 - set value: 5300, AutoChanSelect: 0, channel: 5300
apCfgRadioChannelSet - Wlan1 - set value: 2437, AutoChanSelect: 0, channel: 2437
apCfgDhcpcModeSet - enabling ReAuthenticateFlag
Key Table (Static) now [16]
Key Table (Static) now [16]
apCfgAutoChanSelectSet - Wlan0 - AutoChanSelect: 1 rc 1040000, channel: 5300
apCfgAutoChanSelectSet - Wlan1 - AutoChanSelect: 1 rc 1040000, channel: 2437
Pre-parsing Configuration File "/fl/apcfg".
Configuration file checksum: 41b26 is good
Reading Configuration File "/fl/apcfg".
apCfgRadioChannelSet - Wlan0 - set value: 5320, AutoChanSelect: 0, channel: 5320
apCfgRadioChannelSet - Wlan1 - set value: 2432, AutoChanSelect: 0, channel: 2432
Key Table (Static) now [16]
apCfgAutoChanSelectSet - Wlan0 - AutoChanSelect: 0 rc 0, channel: 5320
apCfgAutoChanSelectSet - Wlan1 - AutoChanSelect: 0 rc 0, channel: 2432
Configuration file checksum: 41b26 is good
L|00:00:02.199|80fbfdf0|apcfg.c:4013|apCfgForeignAPSet|# foreignAP = 0
L|00:00:02.449|80fbfdf0|usrEndLib.c:96|usrEndLibInit|# Add interfaces B
wds notify eth: Can not send data through message queue, errno = d0003
L|00:00:04.149|80fbfdf0|datasocket.c:180|aeDataPathAttach|# Attaching tunnel protocol to ae0
clusters: 1152      free: 896       usage: 256
print_log_level:L50:Current LOG_LEVEL is LOG_INFO.
L|00:00:04.149|80fbfdf0|m2Task.c:146|m2WdgInit|# Initialize timer
L|00:00:04.149|80fbfdf0|m2Task.c:134|m2Dot1xCBInit|# Initialize
ar5212AttachRateTables - attching rate tables
apInit - Created Rate Set for radio: 0
Rate Set for Radio-0 OpBss-0: 6000(b) 9000 12000(b) 18000 24000(b) 36000 48000 54000
apVlanResetnetEvent: Starting tNetEvent...
 - Initializing all Vns's for wlan: 0
apSecurityInit - Wlan:0, Resetting Security Params for all Vns's
Static/BC Keys loaded OK
ar5212AttachRateTables - attching rate tables
apInit - Created Rate Set for radio: 1
Rate Set for Radio-1 OpBss-0: 1000(b) 2000(b) 5500(b) 11000(b)
apVlanReset - Initializing all Vns's for wlan: 1
apSecurityInit - Wlan:1, Resetting Security Params for all Vns's
Static/BC Keys loaded OK
Attaching interface lo0...done

Adding 11506 symbols for standalone.
ru_image_personality_check: AP startup role -1

AP SNMP Agent Initialization Started!!!

AP SNMP Agent Initialization Done!!!
SUPP1X: EAP INFO Initialized EAP
SUPP1X: EAP INFO Created EAP Instance
SUPP1X: EAP INFO Initialized EAP1X
SUPP1X: MSS MAJOR supp1x new state disconnected/failure
SUPP1X: MSS MAJOR supp1x new state init
L|00:00:06.349|80fbfdf0|wds_chantry.c:314|WDS_init|# Initializing WDS objects
L|00:00:06.349|80fbfdf0|m2Task.c:177|m2AddDot1xCallBack|# Adding CB
apCservInit - Initializing Connection Services
RM(0) [6366 ms] - Radio Manager Task Running.
RM(0) [6366 ms] - Disabling Radio Service on radio: 0
RM(1) [6366 ms] - Radio Manager Task Running.
RM(1) [6366 ms] - Disabling Radio Service on radio:   dot1xTask - Dot1x task started
1
dot1xTask - radio: 0, resetting vlans: 0 1 2 3 4 5 6 7
dot1xTask - radio: 1, resetting vlans: 0 1 2 3 4 5 6 7
radmanInit: Radio Manager Initialized
wlan1 Ready
wlan0 Ready
Ready
Cserv Task Started
ru_mgmt start waiting for dot1x authentication to proceed
ru_mgmt finish waiting for dot1x authentication to proceed
ru_random_delay - delay for approx: 1 S (scaledDelay 2 reRegister 0- force 0)
STEP<0> (1/1) @ 0:00.000: Initialization,
STEP<1> (1/1) @ 0:00.000: Read AP initial config file,
TLV_DICT out of date, updating...
  Serial No.: '100000606D081328'
read_init_config  Model: 'AL350-2e'
  Software version: 'V5R3.10903.0 (5.0.3.09.00003)'
STEP<2> (1/3) @ 0:00.017: Setup AP ethernet interface,
 apBuildDefaultHostName : Addr 0x8041ca80 Addr 0x8041ca80 do dhcp static 0
No Host Name in apCFG
 Cfg   New AL350-100000606D081328 size 25
The Host Name for DHCP Discovery is: AL350-100000606D081328
  Awaiting dhcpBind ... 30,29,28, Done.
  IPaddr: 192.168.0.111
  DNS  1: 192.168.0.10
  DNS  2: 192.168.0.63
  Domain: 'HOME.local'.
   Gateway: 192.168.0.63
STEP<3> (1/1) @ 0:03.067: Read saved AC info conf file,
STEP<7> (1/1) @ 0:03.067: Check for static AC IP addresses,
STEP<8> (1/3) @ 0:03.067: Discover DA via Unicast SLP,
  Finding AC managers for service='extreme'
  Awaiting dhcpcInformGet... 3, Done.
  Finding RU managers for service='extreme'
  Awaiting dhcpcInformGet... 3, Done.
Step<8>: Delay for 1250 mili seconds...
STEP<8> (2/3) @ 0:04.733: Discover DA via Unicast SLP,
  Finding AC managers for service='extreme'
  Awaiting dhcpcInformGet... 3, Done.
  Finding RU managers for service='extreme'
  Awaiting dhcpcInformGet... 3, Done.
Step<8>: Delay for 1250 mili seconds...
STEP<8> (3/3) @ 0:06.400: Discover DA via Unicast SLP,
  Finding AC managers for service='extreme'
  Awaiting dhcpcInformGet... 3, Done.
  Finding RU managers for service='extreme'
  Awaiting dhcpcInformGet... 3, Done.
Step<8>: Delay for 1250 mili seconds...
STEP<9> (1/3) @ 0:08.067: Discover DA via DNS,
 Configured hostname is blank.  Using default of 'ext-summitwm-connect-1'.
 Using DHCP provided DomainSuffix of 'HOME.local'.
Requesting "ext-summitwm-connect-1.HOME.local" from 192.168.0.10
Requesting "ext-summitwm-connect-1.HOME.local" from 192.168.0.63
Step<9>: Delay for 1250 mili seconds...
STEP<9> (2/3) @ 0:09.233: Discover DA via DNS,
 Configured hostname is blank.  Using default of 'ext-summitwm-connect-1'.
 Using DHCP provided DomainSuffix of 'HOME.local'.
Requesting "ext-summitwm-connect-1.HOME.local" from 192.168.0.10
Requesting "ext-summitwm-connect-1.HOME.local" from 192.168.0.63
Step<9>: Delay for 1250 mili seconds...
STEP<9> (3/3) @ 0:10.400: Discover DA via DNS,
 Configured hostname is blank.  Using default of 'ext-summitwm-connect-1'.
 Using DHCP provided DomainSuffix of 'HOME.local'.
Requesting "ext-summitwm-connect-1.HOME.local" from 192.168.0.10
Requesting "ext-summitwm-connect-1.HOME.local" from 192.168.0.63
Step<9>: Delay for 1250 mili seconds...
STEP<10> (1/3) @ 0:11.567: Discover DA via Multicast SLP,
  Finding AC managers for service='extreme'
  Finding RU managers for service='extreme'
Step<10>: Delay for 1250 mili seconds...
STEP<10> (2/3) @ 0:24.733: Discover DA via Multicast SLP,
  Finding AC managers for service='extreme'
  Finding RU managers for service='extreme'

Some info I gathered from the Bootloader / VxWorks:

ar531x rev 0x00005742 firmware startup...
SDRAM TEST...PASSED


Atheros AR5001AP default version 3.0.0.43A
Chantry Networks BootROM Software Version: 2.2.0


 2

oot]: ?

 ?                     - print this list
 @                     - boot (load and go)
 p                     - print boot params
 c                     - change boot params
 e                     - print fatal exception
 v                     - print version
 B                     - change board data
 S                     - show board data
 C                     - change Chantry parameters
 P                     - show Chantry parameters
 E                     - erase Chantry parameters
 G                     - get Chantry hardware version
 H                     - set Chantry hardware version
 n netif               - print network interface device address
 $dev(0,procnum)host:/file h=# e=# b=# g=# u=usr [pw=passwd] f=#
                           tn=targetname s=script o=other
 boot device: tffs=drive,removable     file name: /tffs0/vxWorks
 Boot flags:
   0x02  - load local system symbols
   0x04  - don't autoboot
   0x08  - quick autoboot (no countdown)
   0x20  - disable login security
   0x40  - use bootp to get boot parameters
   0x80  - use tftp to get boot image
   0x100 - use proxy arp

available boot devices:Enhanced Network Devices
 ae0 tffs
[Boot]: p

boot device          : tffs:
unit number          : 0
processor number     : 0
file name            : /fl/bp200.img
inet on ethernet (e) : 192.168.0.111:ffffff00
gateway inet (g)     : 192.168.0.63
flags (f)            : 0x0

[Boot]: v
CPU: Atheros AR5001AP default
BSP version: 3.0.0.43A
Chantry Networks BootROM Software Version: 2.2.0
Creation date: Nov 24 2004, 17:06:01

[Boot]: S
name:    Atheros AR5001AP default
magic:   35333131
cksum:   1b7d
rev:     3
major:   1
minor:   0
pciid:   0013
wlan0:   yes 00:04:96:29:f7:50
wlan1:   yes 00:04:96:29:f7:58
enet0:   yes 00:04:96:28:54:45
enet1:   no  ff:ff:ff:ff:ff:ff
uart0:   yes
sysled:  no, gpio 0
factory: no, gpio 0
serclk:  internal
cpufreq: calculated 220000000 Hz
sysfreq: calculated 55000000 Hz
memcap:  disabled
watchdg: enabled
[Boot]: P

Checksum                      : 0x0001892d
Pattern                       : BP2X
Structure Version             : 5
FLASH Size (bytes)            : 8388608
Watchdog Timeout Count        : 0
Watchdog Timeout Limit        : 5
Serial Number (16 digits)     : 100000606D081328
Boot ROM S/W Version Major    : 2
Boot ROM S/W Version Minor    : 2
Boot ROM S/W Version Patch    : 0
Login Checksum                : 0x000038f4
Hardware Version              : 0x00000002
Application Load Status       : 0x00000000
Chantry Boot S/W Ver. String  : 2.2.0
Atheros Boot S/W Ver. String  : 3.0.0.43A
Login (max. 32 chars)         : admin
Password (max. 32 chars)      : e~=2.718
Encrypt Key Checksum          : 0x0000e738
Encrypt Key Area Format       : 0x00000020
Encrypt Key Area (hex)        : 653863626362346564396166613965316430353433393531393635356335313200ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff

[Boot]:


[Boot]: c

'.' = clear field;  '-' = go to previous field;  ^D = quit

boot device          : tffs:0
processor number     : 0
host name            :
file name            : /fl/bp200.img
inet on ethernet (e) : 192.168.0.111:ffffff00
inet on backplane (b):
host inet (h)        :
gateway inet (g)     : 192.168.0.63
user (u)             :
ftp password (pw) (blank = use rsh):
flags (f)            : 0x0
target name (tn)     :
startup script (s)   :
other (o)            :

After some slight modifications of this guide I was able to tftp-boot the Trendnet firmware and everything appears to be working. Of course after a Reboot everything is gone - unfortunately. But this tells me that these AR531x based AP's / routers are somehow generic. So my question is now how to get OpenWrt running on this device? Especially since I am not an expert for VxWorks and programming in general. Any help is welcome