Saturday, September 21, 2024

AREDN mesh firmware flashing and troubleshooting

 We ran into a lot of issues attempting to flash the AREDN firmware onto Mikrotik hAP ac3's and Ubiquiti Nanobeam 5AC Gen2's, but ultimately prevailed:

hAP ac3

  1. Downloaded TinyPXE Server from http://labalec.fr/erwan/?page_id=958
  2. Downloaded hAP stable firmware (Kernel and Sysupgrade) from https://downloads.arednmesh.org/afs/www/
  3. Left laptop's ethernet adapater to automatic IP address via DHCP
  4. Connected laptop to router (not its WAN port)
  5. Configured simple router:
    1. Disabled wireless (to decrease boot time)
    2. Programmed router's IP address to 192.168.1.253
    3. Programmed router's DHCP server IP pool for 192.168.1.2 to 192.168.1.100
  6. Without power to the hAP, connected the hAP's WAN port (port 1) to the router (not its WAN port)
  7. Confirmed TinyPXE Server's config.ini, [dhcp] section includes "rfc951=1"
  8. Copied the hAP's Kernel file into TinyPXE Server's files/rb.elf
    1. Mistake: I initially copied in the hAP aclite Kernel file instead, as I was updating my personal node. In a later step, flashing fails, as the hAP ac3 knows that it is incompatible with the aclite firmware.
  9. Ran TinyPXE Server and configured per AREDN configuration instructions:
    1. In Option 54 (DHCP Server), selected the IP address of my laptop's Ethernet adapter (192.168.1.2)
    2. Checked "Bind IP"
    3. Boot file, used the file picker to select "files/rb.elf"
    4. Boot file, unchecked "Filename if user-class=gPXE or iPXE"
    5. Clicked "Online"
  10. Held the ac3's Reset button and plugged it into its power supply. Released the Reset button once the "TFTPd: DoReadFile: rb.elf" message was displayed in TinyPXE.
    1. Waited until the messages stopped, including 2 ACKs.
  11. Disconnected the ac3 and laptop from the router. Plugged the laptop into the ac3 (not its WAN port this time).
  12. Navigated in Chrome to the ac3's webpage at http://localnode.local.mesh
  13. Fed it the Sysupgrade file, allowing it to upload to the ac3, reboot twice, and then return to http://localnode.local.mesh
  14. Set the node name (e.g., KK6SF-KIT01-HAP) and admin password
    1. Mistake, maybe: Save and reboot
    2. Correct move: Configure other settings (disable mesh RF, configure LAN access point) as well, save; Advanced Config, enable PoE passthrough, save; then reboot
    3. Bruce thought prior Cache was getting in the way. Earlier, setting changes weren't taking. After entering them and clicking Save, I would get a "site cannot be reached" error. Running in Incognito mode was successful though.

Nanobeam

  1. Confirmed that SCP and SSH were installed.
  2. Download the NanoBeam AC Gen2 (not the XC version) Factory file from https://downloads.arednmesh.org/afs/www/
    1. Issue: Had issues with the stable 3.24.6.0 version, so switched to the 20240921 nightly. Might not have been an issue with the version, and more of the process, in hindsight.
  3. Connected laptop to router (not its WAN port)
  4. Router was configured the same as for the ac3
  5. Connected the router (not its WAN port) to PoE injector's Ethernet port
  6. Connected the PoE injector's PoE Out port to the nanobeam, port 1
  7. Powered on the PoE injector, and thereby the nanobeam
  8. Mistake: attempted to flash the nanobeam via TFTP. It's not necessary and is the incorrect method.
  9. Navigated in Chrome to the nanobeam's webpage at http://192.168.1.20
    1. Confirmed location (United States) and language (English), and agreed to EULA.
    2. Set an admin username and password
    3. Mistake: Attempted to directly upload the AREDN firmware (initially stable 3.24.6.0, then 3.24.4.0, then nightly 20240921) via the Ubiquiti web UI within Setup
    4. Unnecessary: Downloaded updated Ubiquiti firmware 8.7.4 from https://ui.com/download/software/nbe-5ac-gen2 and updated from 8.7.1 via the Ubiquiti web UI within Setup
  10. Copied the AREDEN Factory file to the nanobeam via SCP
    1. Open Command Prompt
    2. Navigate to directory with AREDN firmware in it
    3. Run "scp aredn...factory.bin <user>@192.168.1.20:/tmp/factory.bin
    4. Accepted the identity fingerprint
    5. Mistake: For all but the first nanobeam, I had to delete the entry in "%HOMEPATH%\.ssh\known_hosts" before SCP
    6. Mistake: I configured the username as "root" on the nanobeam's webpage and then used username "admin" on SCP. They need to match, naturally.
    7. Mistake: I once forgot the ":/tmp/factory.bin" and SCP just copied the factory file within my local computer.
  11. Disabled the firmrware checksum and flashed the AREDN firmware
    1. Ran "ssh <user>@192.168.1.20
    2. Ran the sketchy hexdump per AREDN instructions
      1. hexdump -Cv /bin/ubntbox | sed 's/14 40 fe 27/00 00 00 00/g' | hexdump -R > /tmp/fwupdate.real
      2. chmod +x /tmp/fwupdate.real
      3. /tmp/fwupdate.real -m /tmp/factory.bin
    3. Mistake: I started typing in the "hexdump" instruction, but there was too much opportunity for a mistake, so I copied and pasted directly from Chrome into SSH instead.
    4. Wait until "Done" indication
  12. Unplug router from PoE injector, unplug laptop from router, and plug router into PoE injector's Ethernet port.
  13. Navigated in Chrome to http://localnode.local.mesh
  14. Set the node name (e.g., KK6SF-KIT01-DISH1) and admin password
    1. Configured other settings (disabled mesh RF, configured LAN access point, enabled PoE passthrough)
    2. Saved
    3. Rebooted the nanobeam

Posted by at
Labels:

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)