WR850G v1

From DD-WRT Wiki

(Difference between revisions)

Revision as of 14:51, 22 February 2006

This is work in progress. I will work on this page as often as my time allows. If items are missing, please don't hesitate to fill them in - but make sure they apply to hardware version 1 of the WR850G.

Aim of this document

The page Flash_Your_Motorola_WR850G gives a nice overview how to convert Motorola routers into DD-WRT boxes. Unfortunately, there are a few pitfalls if you own a hardware version 1 (the one with the AC/DC converter in the middle of the power cord, and no indication of the version on the label). See that page to get some idea first.
I'm no Windows user, and I know Linux quite well. If you don't understand what the commands below are doing, please check with a good Linux/Unix textbook first.
There is no warranty at all: it worked for me, but it may kill your cat or wife, smash your windows, or make your boss angry etc.

Starting point

I bought a WR850G, version 1, on e***. It came with firmware version 2.00 installed, and I - before and after making changes to its configuration, and resetting to defaults, make some config backups (which are encrypted in some way I don't understand yet, hopefully the GPL source of fw 5.13 will give me some clues: all bytes are with the MSB set, and all byte values between 128 and 255 do occur, I'm afraid it's some "base128" encoding. Suggestions welcome.), and started reading FAQs.

On (FIXME: fill in the URL of the Motorola download page) I found the GPL sources for 5.12, 5.13, and 6.1.4, and some firmware binaries released by Motorola as well: 4.03, 5.13, and 6.1.4.
(FIXME: fill in URL) mentions that there's an "easter egg" in the 4.03 firmware which can be used to get limited shell access (the frame_debug.asp page).
BATBOX is a nice tool that allows you to run a telnetd (and other nice stuff) on a WRT54G, exploiting the Ping.asp bug present in many Linksys firmwares; this one does not work on the Motorola though (I've got some ideas to make it work with fw 4.03 - but at the moment I'm too lazy).
Somehow I got DD-WRT (the mini_moto image) installed on the router, and I did a firmware reset - this is where trouble started. Having read the sources, I now know why: this particular hardware is not handled properly yet, and one will end up with wrong VLAN assignments and worse.
So it took only hours to brick my WR850Gv1 for the first time...
(What makes it really hard: 4.03, with more than 1000 NVRAM entries created by DD-WRT, doesn't allow to restore previous configuration backups anymore; 5.13 seems to behave the same.)
Fortunately, after installing DD-WRT, I had backed up all four mtd partitions, so together with the GPL'd source I had a starting point what to expect from hard resets.

Analysis of the CFE

As in virtually every CFE around, there's a small flash image embedded which will put into the NVRAM section when corruption is detected or the box gets reset "the hard way".
Mine (256KB in size, uncompressed) at an offset of 0x0400--0x2400 contains the following fixed settings:

boardtype=bcm94710dev
boardnum=2
clkfreq=125
sdram_init=0x0419
sdram_config=0x0000
sdram_refresh=0x8040
et0phyaddr=30
et0mdcport=0
et1phyaddr=0
et1mdcport=1
dl_ram_addr=a0001000
os_ram_addr=80001000
os_flash_addr=bfc40000
lan_ipaddr=192.168.10.1
lan_netmask=255.255.255.0
wan_ipaddr=192.168.10.1
wan_netmask=255.255.255.0
scratch=a0180000
boot_wait=off
watchdog=1000
GemtekPmonVer=9

Note that WAN and LAN addresses are set the same. This will allow to TFTP flash even if the port-vlan assignment is wrong for some reason.

In the subsequent code, at about 71% into the whole file, another settings are mentioned (obviously they will be inserted into the NVRAM image, there's a string "Starting to restore all default valus" (sic) just before):

DefaultEthPort  1
et0macaddr lan_hwaddr  00:11:22:33:44:55
et1macaddr wan_hwaddr  00:11:22:33:44:56

Since the v1 doesn't have a serial port (could not find a UART chip), I cannot check this by running a serial console, and the ordering of the strings is not necessarily related to their assignments, so be careful... (There is serial console suppport inside the CFE, up to 921600 baud!)

Visit www.gemtek.com for updates.

They are at www.gemtek.com.tw now (www.gemtek.com points to an environmental services company), and there's no download available - what did you expect?

Firmware reset in Motorola code

There's no GPL source for 4.03. Check 5.13 or 6.1.4 (the latter one may have some clues in src/router/rc/rc.c).

What one should avoid

The WR850Gv1 is such a nice toy, so why shouldn't I start playing with it? Set to firmware defaults, play with the gpio utility to switch on/off the LEDs, ...

No GPIO tricks please

Unfortunately, the v1 is a bit different in many cases, so don't expect it won't break/brick!
Polling the GPIO ports (0-7 seem to be connected, with a wraparound at 32) will return 01 for all ports, except port 1 which will alternate between 00 and 01 very rapidly.
By dis-/enabling ports, I found the following assignments:

gpio port	function
0	no change ?
1	no change ?
2	all LAN LEDs
3	red blinking POWER LED
4	DON'T TOUCH!!!
5	no change ?
6	DON'T TOUCH!!!
7	DON'T TOUCH!!!

Ports 4 and 6 are mentioned in resetbutton.c, and they obviously can do harm to your system.
Port 7 may be used for DMZ LED, be careful here as well. It at least reset my box. (Feedback welcome: I've got no use of this feature.)
You may brick your router by playing games with gpio. Even the system itself can.

No mtd tricks

As BrainSlayer also mentioned (FIXME: where?), NEVER EVER run mtd erase nvram on a WR850G. This is not limited to v1 hardware, and will assign strange MAC addresses.

No firmware defaults

Although this is recommended in most instructions, NEVER EVER reset a v1 to Firmware Defaults - DD-WRT firmware does not know about the specifics of a WR850Gv1 yet (checked with SVN code 2006-02-19)!

LEDs can be misleading

On my box, I found that the LED pattern may be misleading a lot.
With a fully functional WR850Gv1, I see:

POWER is blinking red
MODEM (which is connected via DHCP) shows "orange" (red and green) solid (XOR traffic)
WLAN is off all the time
LAN# are solid green (XOR traffic) if connected (interface up)

Don't take the blinking POWER light too seriously. It's DD-WRT, and BrainSlayer said (FIXME: link) there was no LED support for WR850G in DD-WRT at all, so they could be all off as well.

How to revive the dead beast

Now, you got a dead WR850Gv1, and want to revive it? Don't worry, there's no need for JTAG (sorry, HairyDairyMaid), and there's no need to open the box (which is a hard job) at all!

Prerequisites for debricking

Hardware

I own a laptop, running Linux, a wireless card (good old Avaya, with Orinoco chip), a switch (which is very important to have), and a WRT54G where I can run site surveys (a Kismet/*Stumbler box will also do).
With Linux, you may have an IP assigned by your DHCP server, and additional (aliased) addresses (use

ifconfig eth0:1 192.168.10.5
ifconfig eth0:2 192.168.1.5

to be able to access the default address 192.168.10.1 of a "virginized" WR850G, and the 192.168.1.1 assigned by DD-WRT.
The switch will keep your interface up even if the router is resetting its ports.
A wireless card will be needed if the wired interfaces become badly misconfigured.

Software

Get Motorola firmware

version 4.03 (FIXME: add download URL)
version 6.1.4 (FIXME: add download URL) - it's ugly, it lacks several features, but it's said to preserve the functionality of a few LEDs
DD-WRT mini_moto (FIXME: copy URL from WR850G document)

Using

dd if=firmware.trx bs=8 skip=1 of=firmware.bin

create versions that can be flashed via TFTP and/or DD-WRT firmware upgrade web page.

Check what's left

Run a Site Survey on another router, or Kismet, or another WLAN detection tool to check whether the wireless interface of the WR850G is still up. Remember that you cannot trust the LEDs.
While power cycling the WR850G, run ping 192.168.10.1. Remember that you have to set your wired interface to a 192.168.10.xxx address.
Connect the cable to the WAN port, and repeat the previous step.
If you got any response, then there's a lot of hope for you! If not, you may have to keep the Reset Button on the back of the router pressed while powering it on. With DD-WRT flashed, you will probably not see anything. This doesn't necessarily mean that nothing happens. To check whether you succeeded, go back to the beginning of this section.

WLAN is there, but no wired access

Check the WLAN MAC address shown by your WLAN detector. It should be the one you can read off the label, it may be off by one though.
Remove the aliases from your wired interface, and check:

ifconfig eth0:1 down
ifconfig eth0:2 down
ifconfig -a

Then insert your wireless card, and check with iwconfig whether it can see the access point. Do not "up" the interface yet!
Now try to get an address via DHCP (how to do this depends on your Linux distribution - on Debian you'd have to edit /etc/network/interfaces). If you don't succeed, assign an address by hand. (You may have to try twice, once for the network the router belonged to before, and once for 192.168.10.xxx.)
Flush your ARP cache often by running a broadcast ping.
Try to connect to the HTTP port of the router. (You may also run nmap to check which ports are there.) If you are successful, proceed to "Flash back from Web" below.

Wired access works

Try to get a DHCP address. Then connect to the HTTP port. Don't forget to flush your ARP cache.

No Web access to the router

If you cannot manage to get a DHCP address, and assigning a fixed address from the (hopefully correct) adddress range doesn't give you access to the Web pages either,
but you may have seen a short response to the ping before
you may TFTP a firmware to the router directly. This has been described may times before, but repetition doesn't hurt:

Unplug the router.
On your Linux box, connected by wire to one of the LAN ports, run
```
tftp 192.168.10.1
bin
trace
put firmware403.bin
```
(make sure you use the stripped version of the 4.03 firmware here, it's the only one that will allow you to fix things!) and at almost the same time you press ENTER, plug in the router power.
Continue with "Restore virginity" below.

Flash back from Web

... FIXME: to be written yet ... (use *.bin on DD-WRT, *.trx on Moto FW)

Restore virginity

(This may not be necessary, but it at least defines the state of the router.)
Let the LEDs come to a rest.
Power off the router.
Hold Reset, power on, let the router cycle through its reset twice (look at the red power light), then release.
Let things settle down a bit.
Power cycle the router.

Fix MAC addresses and more

Login into the router, you may have to try a few username/password combinations (root/admin, root/motorola, root/your_previously_set_password).
Do NOT try to restore old config backups. There's a bug in 4.03 (and 5.13 as well) firmware which will hang the HTTP server if you go to the config page.
Go to the frame_debug.asp page. (This is a hidden feature, you will have to enter the URL by hand.)
Type
```
nvram show | grep ..:..:
```
into the input field and don't press ENTER - click APPLY instead!
The output window will show some lines:
```
et0macaddr=00:11:22:33:44:55
et1macaddr=00:11:22:33:44:56
lan_hwaddr=...
wan_hwaddr=...
wan0_hwaddr=...
wl0_hwaddr=...
```
- the et*macaddr values may be different, depending on how you got here (00:0C:10:21:32:0x have been encountered as well).
Get the two MAC addresses that are printed on the label of the router (WAN and WLAN, they usually differ by two in hex maths).
Now comes the tricky part: use the lowest number for LAN, the next for WAN, and keep the WLAN address. Don't ask me why the routers have been shipped with the wrong order: both the CFE, and DD-WRT do it right. Trust me.
Now set all addresses to proper values, by entering the following commands one by one (replace the MAC addresses by your own values) and sending them by APPLY:
```
nvram set et0macaddr=00:0C:E5:46:00:3E
nvram set et1macaddr=00:0C:E5:46:00:3F
nvram set lan_hwaddr=00:0C:E5:46:00:3E
nvram set wan_hwaddr=00:0C:E5:46:00:3F
nvram set wan0_hwaddr=00:0C:E5:46:00:3F
nvram set wl0_hwaddr=00:0C:E5:46:00:40
```
Note that there is no il0macaddr setting! Check again:
```
nvram show | grep ..:..:
```
and if everything is correct, then
```
nvram commit
```
Do not reset the router yet!
I have discovered that in rare cases, the port-to-VLAN mapping may be wrong. Check:
```
nvram show | grep vlan
```
and confirm you've got
```
vlan0ports=0 1 2 3 5*
vlan1ports=4 5
```
- if you have different settings you will have to
```
nvram set vlan0ports="0 1 2 3 5*"
```
(quotation marks!), and similarly for vlan1ports. Check the values of port*vlan as well!
If all changes have been reviewed, and committed, reboot (power cycle).

Upgrade to 6.1.4

Don't go to the configuration backup/restore page, the httpd will hang!
Use the Firmware Upgrade page to flash 6.1.4 (the trx file).
When ready, click the RESTART button already winking at you.
The router will automatically restart and show its main page.
Click "Restore Factory Configuration". This is the last chance to safely do this. Let me repeat: DD-WRT does not know about proper factory/firmware settings.

Upgrade to DD-WRT

Using the Firmware tab, flash mini_moto.trx.
In Firefox, a window pops up asking me what to do with upgrade.cgi. I chose to open it in a text editor: It contains three lines of text before some proper HTTP:
```
WR found
Mem: 14950400
Motorola CRC correct...
HTTP/1.0 200 Ok
Server: httpd
...
```
Since it told you it'd be rebooting, it's now time to flush the ARP cache again, and possibly restart your network interface as well.
Reconnect to the router, and you will get the status page in Cyan.
Reboot the router. Possibly restart eth0, and flush the ARP cache once more.
The username/password pair is now "root/motorola".
Make backups of your configuration, and tag them with dates. Disk space is cheap these days, you may need each one of them.

Congratulations!

You've done it. You got what you deserve! A hard day's night, it was... Now: Enjoy, and avoid the pitfalls.

Last edit: Stephen 15:51, 22 Feb 2006 (CET)

Retrieved from "http://wiki.dd-wrt.com/wiki/index.php/WR850G_v1"

 middle of the power cord, and no indication of the version on the label). See that page to get some idea first.<br>
 I'm no Windows user, and I know Linux quite well. If you don't understand what the commands below are doing, please check with a good Linux/Unix textbook first.<br>
-There is no warranty at all: it worked for me, but it may kill your cat or wife, smash your window, or make your boss angry etc.
+There is no warranty at all: it worked for me, but it may kill your cat or wife, smash your windows, or make your boss angry etc.
 =Starting point=
 changes to its configuration, and resetting to defaults, make some config backups (which are encrypted in some way
 I don't understand yet, hopefully the GPL source of fw 5.13 will give me some clues: all bytes are with the MSB set,
-and all byte values between 128 and 255 do occur, I'm afraid it's some "base128" encoding.), and started reading
+and all byte values between 128 and 255 do occur, I'm afraid it's some "base128" encoding. Suggestions welcome.), and started reading FAQs.<br>
-FAQs.<br>
 On (FIXME: fill in the URL of the Motorola download page)
 mentions that there's an "easter egg" in the 4.03 firmware which can be used to get limited shell access (the
 <code>frame_debug.asp</code> page).<br>
-http://www.batbox.org/wrt54g/ has a nice tool that allows you to run a telnetd (and other nice stuff) on a WRT54G,
+[http://www.batbox.org/wrt54g/ BATBOX] is a nice tool that allows you to run a telnetd (and other nice stuff) on a WRT54G,
-exploiting the Ping.asp bug present in many Linksys firmwares; this one does not work on the Motorola though (I've
+exploiting the <code>Ping.asp</code> bug present in many Linksys firmwares; this one does not work on the Motorola though (I've
-got some ideas to make it work with fw 4.03 though - but at the moment I'm too lazy).<br>
+got some ideas to make it work with fw 4.03 - but at the moment I'm too lazy).<br>
 Somehow I got DD-WRT (the mini_moto image) installed on the router, and I did a firmware reset - this is where
 trouble started. Having read the sources, I now know why: this particular hardware is not handled properly yet,
 and one will end up with wrong VLAN assignments and worse.<br>
 So it took only hours to brick my WR850Gv1 for the first time...<br>
-Fortunately, after installing DD-WRT, I had backed up all four mtd partitions, so I had a starting point what to
+(What makes it really hard: 4.03, with more than 1000 NVRAM entries created by DD-WRT, doesn't allow to restore previous configuration backups anymore; 5.13 seems to behave the same.)<br>
-expect from hard resets.
+Fortunately, after installing DD-WRT, I had backed up all four mtd partitions, so together with the GPL'd source I had a starting point what to expect from hard resets.
 =Analysis of the CFE=
 et1macaddr wan_hwaddr  00:11:22:33:44:56
 </pre>
-Since the v1 doesn't have a serial port (could not find a UART chip) I cannot check this by running a serial console, and the ordering of the strings is not necessarily related to their assignments, so be careful...
+Since the v1 doesn't have a serial port (could not find a UART chip), I cannot check this by running a serial console, and the ordering of the strings is not necessarily related to their assignments, so be careful...
 (There is serial console suppport inside the CFE, up to 921600 baud!)<br>
 Visit www.gemtek.com for updates.
 </pre>
-They are at www.gemtek.com.tw now, and there's no download available - what did you expect?<br>
+They are at www.gemtek.com.tw now (www.gemtek.com points to an environmental services company), and there's no download available - what did you expect?<br>
+=Firmware reset in Motorola code=
+There's no GPL source for 4.03. Check 5.13 or 6.1.4 (the latter one may have some clues in src/router/rc/rc.c).
 =What one should avoid=
-The WR850G v1 is such a nice toy, so why shouldn't I start playing with it? Set to firmware defaults, play with
+The WR850Gv1 is such a nice toy, so why shouldn't I start playing with it? Set to firmware defaults, play with
 the <code>gpio</code> utility to switch on/off the LEDs, ...<br>
 ==No GPIO tricks please==
 Unfortunately, the v1 is a bit different in many cases, so don't expect it won't break/brick!<br>
-Polling the GPIO ports (0--7) will return 01 for all ports, except port 1 which will alternate between 00 and 01 very rapidly.<br>
+Polling the GPIO ports (0-7 seem to be connected, with a wraparound at 32) will return 01 for all ports, except port 1 which will alternate between 00 and 01 very rapidly.<br>
 By dis-/enabling ports, I found the following assignments:
 <table>
 </table>
 Ports 4 and 6 are mentioned in <code>resetbutton.c</code>, and they obviously can do harm to your system.<br>
-<b>You may brick your router by playing games with gpio.</b><br>
+Port 7 may be used for DMZ LED, be careful here as well. It at least reset my box. (Feedback welcome: I've got no use of this feature.)<br>
+<b>You may brick your router by playing games with gpio.</b> Even the system itself can.<br>
 ==No mtd tricks==
 As BrainSlayer also mentioned (FIXME: where?), <b> NEVER EVER </b> run <code>mtd erase nvram</code> on a WR850G.
-This is not limited to v1 hardware, and will assign strange MAC addresses.<br>
+<b>This is not limited to v1 hardware, and will assign strange MAC addresses.</b><br>
 ==No firmware defaults==
-Although this is recommended in most instructions, <b> NEVER EVER </b> reset a v1 to Firmware Defaults - DD-WRT firmware does not know about the specifics of a WR850G v1 yet (checked with SVN code 2006-02-19)!<br>
+Although this is recommended in most instructions, <b> NEVER EVER </b> reset a v1 to Firmware Defaults - <b>DD-WRT firmware does not know about the specifics of a WR850Gv1 yet</b> (checked with SVN code 2006-02-19)!<br>
 =LEDs can be misleading=
 On my box, I found that the LED pattern may be misleading a lot.<br>
-I see:
+With a fully functional WR850Gv1, I see:
 <ul>
 <li>POWER is blinking red
 <li>LAN# are solid green (XOR traffic) if connected (interface up)
 </ul>
-Don't take the blinking POWER light too seriously. It's DD-WRT, and BrainSlayer said there was no LED support for
+Don't take the blinking POWER light too seriously. It's DD-WRT, and BrainSlayer said (FIXME: link) there was no LED support for WR850G in DD-WRT at all, so they could be all off as well.
-WR850G in DD-WRT at all, so they could be all off as well.
+=How to revive the dead beast=
+Now, you got a dead WR850Gv1, and want to revive it? Don't worry, there's no need for JTAG (sorry, HairyDairyMaid), and there's no need to open the box (which is a hard job) at all!<br>
 =Prerequisites for debricking=
 ==Hardware==
 I own a laptop, running Linux, a wireless card (good old Avaya, with Orinoco chip), a switch (which is very
-important to have), and a WRT54G where I can run site surveys.<br>
+important to have), and a WRT54G where I can run site surveys (a Kismet/*Stumbler box will also do).<br>
 With Linux, you may have an IP assigned by your DHCP server, and additional (aliased) addresses (use
 <pre>
 <li>DD-WRT mini_moto (FIXME: copy URL from WR850G document)
 </ul>
-Using <code>dd if=<i>firmware</i>.trx bs=8 skip=1 of=<i>firmware</i>.bin</code>, create versions that can be flashed via TFTP and/or DD-WRT firmware upgrade web page.
+Using
+<pre>
-=How to revive the dead beast=
+dd if=firmware.trx bs=8 skip=1 of=firmware.bin
-Now, you got a dead WR850Gv1, and want to revive it? Don't worry, there's no need for JTAG (sorry, HairyDairyMaid), and there's no need to open the box (which is a hard job) at all!<br>
+</pre>
+create versions that can be flashed via TFTP and/or DD-WRT firmware upgrade web page.
-==Check what's left==
+=Check what's left=
 Run a Site Survey on another router, or Kismet, or another WLAN detection tool to check whether the wireless interface of the WR850G is still up. Remember that you cannot trust the LEDs.<br>
-While power cycling the WR850G, run <code>ping 192.168.10.1</code>. Remember that you have to set you wired
+While power cycling the WR850G, run <code>ping 192.168.10.1</code>. Remember that you have to set your wired
 interface to a 192.168.10.xxx address.<br>
 Connect the cable to the WAN port, and repeat the previous step.<br>
 bin
 trace
-put <i>firmware403</i>.bin
+put firmware403.bin
 </pre>
 (make sure you use the stripped version of the 4.03 firmware here, it's the only one that will allow you to fix things!) and at almost the same time you press ENTER, plug in the router power.<br>
+Continue with "Restore virginity" below.
+==Flash back from Web==
+... FIXME: to be written yet ... (use *.bin on DD-WRT, *.trx on Moto FW)
+==Restore virginity==
+(This may not be necessary, but it at least defines the state of the router.)<br>
 Let the LEDs come to a rest.<br>
 Power off the router.<br>
 Hold Reset, power on, let the router cycle through its reset twice (look at the red power light), then release.<br>
 Let things settle down a bit.<br>
-Power cycle the router.<br>
+Power cycle the router.
-Continue with "Fix MAC addresses and more" below.
-==Flash back from Web==
 ==Fix MAC addresses and more==
 Login into the router, you may have to try a few username/password combinations (root/admin, root/motorola,
 root/your_previously_set_password).<br>
-Go to the <code>framw_debug.asp</code> page. (This is a hidden feature, you will have to enter the URL by hand.)<br>
+<b>Do NOT try to restore old config backups.</b> There's a bug in 4.03 (and 5.13 as well) firmware which will hang
+the HTTP server if you go to the config page.<br>
+Go to the <code>frame_debug.asp</code> page. (This is a hidden feature, you will have to enter the URL by hand.)<br>
 Type
 <pre>
 nvram show | grep ..:..:
 </pre>
-into the input field and <b>don't press ENTER</b>. Click APPLY instead.<br>
+into the input field and <b>don't press ENTER</b> - click <b>APPLY</b> instead!<br>
 The output window will show some lines:
 <pre>
 wl0_hwaddr=...
 </pre>
-- the et<i>x</i>macaddr values may be different, depending on how you got here.<br>
+- the et*macaddr values may be different, depending on how you got here (00:0C:10:21:32:0x have been encountered as well).<br>
 Get the two MAC addresses that are printed on the label of the router (WAN and WLAN, they usually differ by two in hex maths).<br>
-Now comes the tricky part: use the lowest number for LAN, the next for WAN, and keep the WLAN address. Don't ask me why the routers have been shipped with the wrong order: both the CFE, and DD-WRT do it right. Trust me.<br>
+Now comes the tricky part: use the <b>lowest number for LAN</b>, the next for WAN, and keep the WLAN address. Don't ask me why the routers have been shipped with the wrong order: both the CFE, and DD-WRT do it right. Trust me.<br>
-Now set <b>all</b> addresses, by entering the following commands one by one (replace the MAC addresses by your
+Now set <b>all</b> addresses to proper values, by entering the following commands one by one (replace the MAC addresses by your own values) and sending them by <b>APPLY</b>:
-own values) and sending them by APPLY:
 <pre>
 nvram set et0macaddr=00:0C:E5:46:00:3E
 vlan1ports=4 5
 </pre>
-- if you have <code>vlan0ports=1 2 3 4 5*</code> you will have to
+- if you have different settings you will have to
 <pre>
 nvram set vlan0ports="0 1 2 3 5*"
 </pre>
-(quotation marks!), and similarly for vlan1ports. Check the values of <code>port<i>x</i>vlan</code> as well!<br>
+(quotation marks!), and similarly for vlan1ports. Check the values of port*vlan as well!<br>
 If all changes have been reviewed, and committed, reboot (power cycle).
 ==Upgrade to 6.1.4==
+<b>Don't go to the configuration backup/restore page, the httpd will hang!</b><br>
+Use the Firmware Upgrade page to flash 6.1.4 (the trx file).<br>
+When ready, click the RESTART button already winking at you.<br>
+The router will automatically restart and show its main page.<br>
+Click "Restore Factory Configuration".
+<b>This is the last chance to safely do this.</b> Let me repeat: DD-WRT does not know about proper factory/firmware settings.
 ==Upgrade to DD-WRT==
+Using the Firmware tab, flash <code>mini_moto.trx</code>.<br>
+In Firefox, a window pops up asking me what to do with <code>upgrade.cgi</code>. I chose to open it in a text editor: It contains three lines of text before some proper HTTP:
+<pre>
+WR found
+Mem: 14950400
+Motorola CRC correct...
+HTTP/1.0 200 Ok
+Server: httpd
+...
+</pre>
+Since it told you it'd be rebooting, it's now time to <b>flush the ARP cache again</b>, and possibly restart your network interface as well.<br>
+Reconnect to the router, and you will get the status page in Cyan.<br>
+Reboot the router. Possibly restart eth0, and flush the ARP cache once more.<br>
+The username/password pair is now "root/motorola".<br>
+<b>Make backups of your configuration, and tag them with dates.</b> Disk space is cheap these days, you may need each one of them.
 =Congratulations!=
-You've done it. You got what you deserve! Enjoy, and avoid the pitfalls.
+You've done it. You got what you deserve! A hard day's night, it was... Now: Enjoy, and avoid the pitfalls.
+----
+Last edit: [[User:Stephen|Stephen]] 15:51, 22 Feb 2006 (CET)