How to created multiple Wifi AccessPoints connecting (WDS Wifi Bridge) to one central Internet-Wifi-AccessPoint – Difference between TL-WA901N and TL-WA901ND

where the Chinese and especially TP-Link and Huawai are very strong is data over radio (4G/LTE/5G/Wifi…) especially the TP-Link products have proven to work pretty well, but they are using Qualcomm Atheros, which is US-technology (Headquarters in San Jose, CA, so those TP-Link WIFI routers are a US-China-cooperation).

there is the EAP110-Outdoor (300Mbps) and the “pro” version: EAP225-Outdoor version (mu mmo, more speed, lenovo t440 reports 866MBit/s / 8 = 108.25 MByte/sec)

(this is – of course – the theoretically possible maximum bandwidth)

the EAP225 creates two wifis (2.4Ghz and 5Ghz) that can be ssid-named independently

the EAP225 is the “pro” meaning “enterprise” version of the TP-Link-Outdoor-WIFI APs because it comes with “Omada” an very very extensive cloud enhanced WIFI management software for large multinational companies, checkout the tutorial (WARNING! LOUD DRUM & BASS MUSIC!)

# nice script to monitor link speed
cat /scripts/ 
while true; do iwconfig; sleep 1; clear; done;
wlp3s0    IEEE 802.11  ESSID:"SSID_OF_AP"  
          Mode:Managed  Frequency:5.18 GHz  Access Point: C0:C9:E3:A3:32:XX   
          Bit Rate=866.7 Mb/s   Tx-Power=22 dBm   
          Retry short limit:7   RTS thr:off   Fragment thr:off
          Encryption key:off
          Power Management:on
          Link Quality=70/70  Signal level=-30 dBm  
          Rx invalid nwid:0  Rx invalid crypt:0  Rx invalid frag:0
          Tx excessive retries:0  Invalid misc:1   Missed beacon:0

default ip 0.254

it has  no dhcp enabled (has no dhcp server?)

the hardware

Model Version SoC CPU MHz Flash MB RAM MB WLAN Hardware WLAN2.4 WLAN5.0 100M ports Gbit ports
EAP225 v3 Qualcomm Atheros QCA9563 775 16 128 Qualcomm Atheros QCA9563, Qualcomm Atheros QCA9886 b/g/n a/n/ac 1
EAP225-Outdoor v1 Qualcomm Atheros QCA9563 750 16 128 Qualcomm Atheros QCA9563, Qualcomm Atheros QCA9886 b/g/n a/n/ac 1
EAP225-Wall v2 Qualcomm Atheros QCA9561 775 16 128 Qualcomm Atheros QCA9561, Qualcomm Atheros QCA9886 b/g/n a/n/ac 4
# 128MB of RAM
free -m
             total         used         free       shared      buffers
Mem:           123           65           58            0            4
-/+ buffers:                 60           63
Swap:            0            0            0

it has a lot of network interfaces…

OpenWRT support?

OpenWRT supports that device:

seems to be possible to TFTP upload a firmware there (UNTESTED!)

“the issue with the TP-Link EAP Series of business access points was that they use signed firmware images, so they would be difficult to / never officially supported by OpenWRT using factory images.”

ssh? nice!

but no root (yet)

the troubles: something important is missing…

while this devices is loaded with features, one very important feature (that cheaper TP-Link routers like the tl-wr841nd v11 (though not recommended for OpenWRT because of small 4MByte Flash ROM)

has gone missing: very important to build a mesh or mesh-like structure

  • no WDS bridging mode?


in WDS briding mode the AP acts like a wifi client, connecting to an existing network while at the same time acting as a repeater or relay.

this sucks! X-D

Q3: Does Mesh network require Omada Controller to keep running?

Yes, all the Mesh related configuration should be done in the Omada Controller. And if you want to use Mesh network, please keep your Omada Controller running. To build Mesh network, you’ll need Omada Controller 2.7.0 or higher version.

this is bad and a bit unexpected.

TP-Link should at least allow the setup of a “manual mesh” with WDS bridging without the need for that “Omada Controller” software (giving control up to “the cloud” whoever is running “the cloud”)

(it is even available for GNU Linux Debian/Ubuntu Omada_SDN_Controller_V4.3.5_linux_x64.deb)

but it seems to be a hazzle to setup up (Java & MongoDB)

WLAN AdHoc Client Bridge with tp-link tl-wr841nd v11 – use wifi router as wifi usb adapter

to the extend that this AP might be useless in the currently targeted scenario (uplink via WIFI, running a cable not an option until fiber-switches become cheaper X-D)

more about wds:

from the help of the TL-WA901ND router:

Operation Mode – Several Operation Modes are supported, including: (1)Access Point (2)Multi-SSID (3)Client (4)WDS Repeater (5)Universal Repeater (6)Bridge with AP.

The available setting options are different in various operation modes, and they are explained below.

Access Point – This operation mode allows wireless stations to access.

Multi-SSID – AP can support up to 4 SSID.

  • Enable VLAN – Check this box to enable the VLAN function. The AP supports up to 4 VLANs. All wireless PCs in the VLANs are able to access this AP. The AP can also work with an IEEE 802.1Q Tag VLAN supporting Switch. If this Switch enables the Tag VLAN function, besides all wireless PCs, only the PCs in the VLAN same with SSID1 are able to access the AP. If a PC is directly connected to the LAN port of the AP, please make sure that its adapter supports Tag function, or this PC will not be able to access the AP.
  • SSID – Enter a value of up to 32 characters. The same Name (SSID) must be assigned to all wireless devices in your network. In Multi-SSID operation mode, enter SSID for each BSS in the field “SSID1” ~ “SSID4”.
  • VLAN ID – The ID of a VLAN. Only in the same VLAN, can a Wireless PC and a wired PC communicate with each other. The value can be between 1 and 4094. If the VLAN function is enabled, when AP forwards packets, the packets out from the LAN port will be added with an IEEE 802.1Q VLAN Tag, whose VLAN ID is just the ID of the VLAN where the sender belongs.
  • Channel – This field determines which operating frequency will be used. It is not necessary to change the wireless channel unless you notice interference problems with another nearby access point.
  • Mode -This field determines the wireless mode which the AP works on.
  • Channel Width – The bandwidth of the wireless channel.
  • Max Tx Rate – You can limit the maximum tx rate of the AP through this field.
  • Enable Wireless Radio – The wireless radio of the AP can be enabled or disabled to allow or deny wireless stations to access. If enabled, the wireless stations will be able to access the AP, otherwise, wireless stations will not be able to access the AP.
  • Enable SSID Broadcast – If you select the Enable SSID Broadcast checkbox, the AP will broadcast its name (SSID) on the air.

Client – This device will act as a wireless station to enable wired host(s) to access AP.

  • Enable WDS – The AP client can connect to AP with WDS enabled or disabled. If WDS is enabled, all traffic from wired networks will be forwarded in the format of WDS frames consisting of four address fields. If WDS is disabled, three address frames are used. If your AP supports WDS well, please enable this option.
  • Wireless Name of Root AP – Enter the SSID of AP that you want to access.
  • MAC Address of Root AP – Enter the MAC address of AP that you want to access.

WDS Repeater – In WDS Repeater mode, the AP with WDS enabled will relay data to an associated root AP. AP function is enabled meanwhile. The wireless repeater relays signal between its stations and the root AP for greater wireless range. Please input the MAC address of root AP in the field “MAC Address of Root AP”.

Universal Repeater – In Universal Repeater mode, the AP with WDS disabled will relay data to an associated root AP. AP function is enabled meanwhile. The wireless repeater relays signal between its stations and the root AP for greater wireless range. Please input the MAC address of root AP in the field “MAC Address of Root AP”.

Bridge with AP – In Bridge with AP mode, this device can be used to combine multiple local networks in distant hard-to-wire distant together to the same one via wireless connections. While bridging with other APs, this device can also act as an access point at the same time to create a local wireless network for all Wi-Fi devices.

  • Wireless Name of Remote AP – The ssid of the AP your device is going to connect to as a client. You can also use the search function to select the ssid to join.
  • MAC Address of Remote AP – The bssid of the AP your device is going to connect to as a client. You can also use the search function to select the bssid to join.
  • Survey – Click this button, you can search the AP which runs in the current channel.
  • WDS Mode – This field determines which WDS Mode will be used. It is not necessary to change the WDS Mode unless you notice network communication problems with root AP. If you select Auto, then Router will choose the appropriate WDS Mode automatically.
  • Key type – This option should be chosen according to the AP’s security configuration.It is recommended that the security type is the same as your AP’s security type.
  • Auth Type – This option indicates the authorization type of the Root AP.
  • Key Format – You can select ASCII or Hexadecimal format. ASCII Format stands for any combination of keyboard characters in the specified length. Hexadecimal format stands for any combination of hexadecimal digits (0-9, a-f, A-F) in the specified length.
  • WEP Index – This option should be chosen if the key type is WEP(ASCII) or WEP(HEX).It indicates the index of the WEP key.
  • Password – If the AP your Router is going to connect needs password, you need to fill the password in this blank.

what outdoor AP can do wds briding?

it is said that CPE520, CPE510 and CPE210 (untested) can do WDS briding. (src:

(if localed in EU/Europe get it here

Client/Bridge/Repeater/AP Client Router mode:

ssh root? (from latest firmware (2021-06))

sha512sum 2021_06_EAP225-Outdoor\(EU\)_V1_5.0.3\ Build\ 
ffb0080fed98828d6d79da03512e35ea91a6677526ceee0976a99c74fab8ff855e2e0b90e3a15b2537ab7a5b6d3980837ccf1d1f492c20ee0c497ec294573518  2021_06_EAP225-Outdoor(EU)_V1_5.0.3 Build

# with binwalker it is possible to unpack the img
binwalk -e EAP225-OUTDOORv1_5.0.3_\[20210316-rel67358\]_up_signed.bin 

# the root pwd in the hashed shadow file
cat 2021_06_EAP225-Outdoor(EU)_V1_5.0.3 Build 20210316/_EAP225-OUTDOORv1_5.0.3_[20210316-rel67358]_up_signed.bin.extracted/squashfs-root/etc/shadow 

TP-Link and security?