How to created multiple Wifi AccessPoints connecting (WDS Wifi Bridge) to one central Internet-Wifi-AccessPoint – Difference between TL-WA901N and TL-WA901ND
where the Chinese and especially TP-Link and Huawai are very strong is data over radio (4G/LTE/5G/Wifi…) especially the TP-Link products have proven to work pretty well, but they are using Qualcomm Atheros, which is US-technology (Headquarters in San Jose, CA, so those TP-Link WIFI routers are a US-China-cooperation).
there is the EAP110-Outdoor (300Mbps) and the “pro” version: EAP225-Outdoor version (mu mmo, more speed, lenovo t440 reports 866MBit/s / 8 = 108.25 MByte/sec)
(this is – of course – the theoretically possible maximum bandwidth)
the EAP225 creates two wifis (2.4Ghz and 5Ghz) that can be ssid-named independently
the EAP225 is the “pro” meaning “enterprise” version of the TP-Link-Outdoor-WIFI APs because it comes with “Omada” an very very extensive cloud enhanced WIFI management software for large multinational companies, checkout the tutorial (WARNING! LOUD DRUM & BASS MUSIC!)
# nice script to monitor link speed cat /scripts/loop_wifi.sh while true; do iwconfig; sleep 1; clear; done; wlp3s0 IEEE 802.11 ESSID:"SSID_OF_AP" Mode:Managed Frequency:5.18 GHz Access Point: C0:C9:E3:A3:32:XX Bit Rate=866.7 Mb/s Tx-Power=22 dBm Retry short limit:7 RTS thr:off Fragment thr:off Encryption key:off Power Management:on Link Quality=70/70 Signal level=-30 dBm Rx invalid nwid:0 Rx invalid crypt:0 Rx invalid frag:0 Tx excessive retries:0 Invalid misc:1 Missed beacon:0
default ip 0.254
it has no dhcp enabled (has no dhcp server?)
|↓ Model||Version||SoC||CPU MHz||Flash MB||RAM MB||WLAN Hardware||WLAN2.4||WLAN5.0||100M ports||Gbit ports|
|EAP225||v3||Qualcomm Atheros QCA9563||775||16||128||Qualcomm Atheros QCA9563, Qualcomm Atheros QCA9886||b/g/n||a/n/ac||–||1|
|EAP225-Outdoor||v1||Qualcomm Atheros QCA9563||750||16||128||Qualcomm Atheros QCA9563, Qualcomm Atheros QCA9886||b/g/n||a/n/ac||–||1|
|EAP225-Wall||v2||Qualcomm Atheros QCA9561||775||16||128||Qualcomm Atheros QCA9561, Qualcomm Atheros QCA9886||b/g/n||a/n/ac||4||–|
TP-Link EAP-225 Outdoor
# 128MB of RAM free -m total used free shared buffers Mem: 123 65 58 0 4 -/+ buffers: 60 63 Swap: 0 0 0
it has a lot of network interfaces…
OpenWRT supports that device: https://openwrt.org/toh/tp-link/eap225
seems to be possible to TFTP upload a firmware there (UNTESTED!)
“the issue with the TP-Link EAP Series of business access points was that they use signed firmware images, so they would be difficult to / never officially supported by OpenWRT using factory images.”
but no root (yet)
the troubles: something important is missing…
while this devices is loaded with features, one very important feature (that cheaper TP-Link routers like the tl-wr841nd v11 (though not recommended for OpenWRT because of small 4MByte Flash ROM)
has gone missing: very important to build a mesh or mesh-like structure
in WDS briding mode the AP acts like a wifi client, connecting to an existing network while at the same time acting as a repeater or relay.
this sucks! X-D
Q3: Does Mesh network require Omada Controller to keep running?
Yes, all the Mesh related configuration should be done in the Omada Controller. And if you want to use Mesh network, please keep your Omada Controller running. To build Mesh network, you’ll need Omada Controller 2.7.0 or higher version.
this is bad and a bit unexpected.
TP-Link should at least allow the setup of a “manual mesh” with WDS bridging without the need for that “Omada Controller” software (giving control up to “the cloud” whoever is running “the cloud”)
(it is even available for GNU Linux Debian/Ubuntu Omada_SDN_Controller_V4.3.5_linux_x64.deb)
but it seems to be a hazzle to setup up (Java & MongoDB)
WLAN AdHoc Client Bridge with tp-link tl-wr841nd v11 – use wifi router as wifi usb adapter
to the extend that this AP might be useless in the currently targeted scenario (uplink via WIFI, running a cable not an option until fiber-switches become cheaper X-D)
more about wds: https://superuser.com/questions/1129828/wds-difference-between-active-wds-passive-wds
from the help of the TL-WA901ND router:
Operation Mode – Several Operation Modes are supported, including: (1)Access Point (2)Multi-SSID (3)Client (4)WDS Repeater (5)Universal Repeater (6)Bridge with AP.
The available setting options are different in various operation modes, and they are explained below.
Access Point – This operation mode allows wireless stations to access.
Multi-SSID – AP can support up to 4 SSID.
- Enable VLAN – Check this box to enable the VLAN function. The AP supports up to 4 VLANs. All wireless PCs in the VLANs are able to access this AP. The AP can also work with an IEEE 802.1Q Tag VLAN supporting Switch. If this Switch enables the Tag VLAN function, besides all wireless PCs, only the PCs in the VLAN same with SSID1 are able to access the AP. If a PC is directly connected to the LAN port of the AP, please make sure that its adapter supports Tag function, or this PC will not be able to access the AP.
- SSID – Enter a value of up to 32 characters. The same Name (SSID) must be assigned to all wireless devices in your network. In Multi-SSID operation mode, enter SSID for each BSS in the field “SSID1” ~ “SSID4”.
- VLAN ID – The ID of a VLAN. Only in the same VLAN, can a Wireless PC and a wired PC communicate with each other. The value can be between 1 and 4094. If the VLAN function is enabled, when AP forwards packets, the packets out from the LAN port will be added with an IEEE 802.1Q VLAN Tag, whose VLAN ID is just the ID of the VLAN where the sender belongs.
- Channel – This field determines which operating frequency will be used. It is not necessary to change the wireless channel unless you notice interference problems with another nearby access point.
- Mode -This field determines the wireless mode which the AP works on.
- Channel Width – The bandwidth of the wireless channel.
- Max Tx Rate – You can limit the maximum tx rate of the AP through this field.
- Enable Wireless Radio – The wireless radio of the AP can be enabled or disabled to allow or deny wireless stations to access. If enabled, the wireless stations will be able to access the AP, otherwise, wireless stations will not be able to access the AP.
- Enable SSID Broadcast – If you select the Enable SSID Broadcast checkbox, the AP will broadcast its name (SSID) on the air.
Client – This device will act as a wireless station to enable wired host(s) to access AP.
- Enable WDS – The AP client can connect to AP with WDS enabled or disabled. If WDS is enabled, all traffic from wired networks will be forwarded in the format of WDS frames consisting of four address fields. If WDS is disabled, three address frames are used. If your AP supports WDS well, please enable this option.
- Wireless Name of Root AP – Enter the SSID of AP that you want to access.
- MAC Address of Root AP – Enter the MAC address of AP that you want to access.
WDS Repeater – In WDS Repeater mode, the AP with WDS enabled will relay data to an associated root AP. AP function is enabled meanwhile. The wireless repeater relays signal between its stations and the root AP for greater wireless range. Please input the MAC address of root AP in the field “MAC Address of Root AP”.
Universal Repeater – In Universal Repeater mode, the AP with WDS disabled will relay data to an associated root AP. AP function is enabled meanwhile. The wireless repeater relays signal between its stations and the root AP for greater wireless range. Please input the MAC address of root AP in the field “MAC Address of Root AP”.
Bridge with AP – In Bridge with AP mode, this device can be used to combine multiple local networks in distant hard-to-wire distant together to the same one via wireless connections. While bridging with other APs, this device can also act as an access point at the same time to create a local wireless network for all Wi-Fi devices.
- Wireless Name of Remote AP – The ssid of the AP your device is going to connect to as a client. You can also use the search function to select the ssid to join.
- MAC Address of Remote AP – The bssid of the AP your device is going to connect to as a client. You can also use the search function to select the bssid to join.
- Survey – Click this button, you can search the AP which runs in the current channel.
- WDS Mode – This field determines which WDS Mode will be used. It is not necessary to change the WDS Mode unless you notice network communication problems with root AP. If you select Auto, then Router will choose the appropriate WDS Mode automatically.
- Key type – This option should be chosen according to the AP’s security configuration.It is recommended that the security type is the same as your AP’s security type.
- Auth Type – This option indicates the authorization type of the Root AP.
- Key Format – You can select ASCII or Hexadecimal format. ASCII Format stands for any combination of keyboard characters in the specified length. Hexadecimal format stands for any combination of hexadecimal digits (0-9, a-f, A-F) in the specified length.
- WEP Index – This option should be chosen if the key type is WEP(ASCII) or WEP(HEX).It indicates the index of the WEP key.
- Password – If the AP your Router is going to connect needs password, you need to fill the password in this blank.
what outdoor AP can do wds briding?
it is said that CPE520, CPE510 and CPE210 (untested) can do WDS briding. (src: community.tp-link.com)
(if localed in EU/Europe get it here https://www.pollin.de/p/wlan-access-point-tp-link-pharos-serie-cpe510-outdoor-740757)
Client/Bridge/Repeater/AP Client Router mode:
ssh root? (from latest firmware (2021-06))
sha512sum 2021_06_EAP225-Outdoor\(EU\)_V1_5.0.3\ Build\ 20210316.zip ffb0080fed98828d6d79da03512e35ea91a6677526ceee0976a99c74fab8ff855e2e0b90e3a15b2537ab7a5b6d3980837ccf1d1f492c20ee0c497ec294573518 2021_06_EAP225-Outdoor(EU)_V1_5.0.3 Build 20210316.zip # with binwalker it is possible to unpack the img binwalk -e EAP225-OUTDOORv1_5.0.3_\[20210316-rel67358\]_up_signed.bin # the root pwd in the hashed shadow file cat 2021_06_EAP225-Outdoor(EU)_V1_5.0.3 Build 20210316/_EAP225-OUTDOORv1_5.0.3_[20210316-rel67358]_up_signed.bin.extracted/squashfs-root/etc/shadow root:$1$$zZDeYPLChILP8Yf3nwYY.1:10933:0:99999:7::: guest:$1$$gJI3E66lrQXVLEwBMJKAM1:10933:0:99999:7:::
TP-Link and security?
- WAN exploitable security problem in TP-Link TL-WDR4300 with Firmware from 2012
- so would a Linksys AP be “better”? (more secure, less backdoors)
- “The company was purchased by Cisco in 2003, and sold to Belkin in 2013. Belkin was acquired by Foxconn, the largest provider of electronics manufacturing services, in 2018.” (src: Wiki, LinkSys is by now effectively a Taiwanese company that does manufacturing in China)
- Foxconn also produced:
- BlackBerry, iPad, iPhone, iPod, Kindle, Nintendo 3DS, Nintendo Switch, Nintendo Switch Lite, Nokia devices, Xiaomi devices, PlayStation 3, PlayStation 4, Wii U, Xbox 360, Xbox One,
- alternative router firmware: https://dd-wrt.com/
- supported devices database: https://dd-wrt.com/support/router-database/
- alternative router firmware: https://advancedtomato.com/
- supported devices database: https://advancedtomato.com/downloads
- so would a Linksys AP be “better”? (more secure, less backdoors)
liked this article?
- only together we can create a truly free world
- plz support dwaves to keep it up & running!
- (yes the info on the internet is (mostly) free but beer is still not free (still have to work on that))
- really really hate advertisement
- contribute: whenever a solution was found, blog about it for others to find!
- talk about, recommend & link to this blog and articles
- thanks to all who contribute!