TP-Link CPE210/220 is a 2.4Ghz outdoor access point similar to Ubiquiti NanoStations. There is also a 5GHz Version of this AP, the TP-Link CPE510/520. The device has a built-in 9dBi 2×2 dual-polarized directional MIMO antenna with a beamwidth of 65° (H-Plane) and 35° (E-Plane).
Remove the cap at the lower back of the device. Underneath the sticker which labels “GND”, “LAN0”, “LAN1” and “RESET” in the lower left and lower right corner, there are two screws to remove. Afterwards, you can slide the whole board out of the case by applying some force. The v3 model has also glue applied in the area under the “Model”/“S/N” sticker. Stick in a knive between the both plastic case parts to losen it.
Front with one of the screws to remove (v1), Main PCB (v1), Antenna (v1), Side view (v1)
→ port.serial general information about the serial port, serial port cable, etc.
J1 is located near the LEDs on the board. Starting from left to right: 3.3V, GND, RX, TX (enlarge photo below)
TTL voltage, 115200 bps, 8N1.
GPIO 20 high for PoE Passthrough:
echo20>/sys/class/gpio/exportecho out >/sys/class/gpio/gpio20/direction
To make this persistent accross reboots, adding the above lines to /etc/rc.local before exit 0 does not work.
Instead you have to edit /etc/init.d/gpio_switch
config_get gpio_pin "$1" gpio_pin
config_get name "$1" name
config_get value "$1" value 0#change this value with 1
Access Flash With Flashrom
The flash chip usually holds the operating system, mac address and calibration data.
To get the binary blob from the flash chip, use a SPI programmer (CH341A in this case, or use a RasPi).
Attach a clamp on the flash chip and connecting it to the SPI programmer:
toh/tp-link/cpe210.txt · Last modified: 2020/04/24 23:13 by francescogmb