PoE voltage on Zyxel NR7101

Hi, i got my hand on a NR7101 5G antenna/router/modem.

I was wondering what operating voltage it has.


For me it seems like 12V is what the modem itself operates on. So can i inject 12v from my car before the step down converter?
Or should I put it straight into the missing 12v connectors soldering points?

possible workaround: https://community.ui.com/questions/PoE-adapter-on-12v-car-RV-system/ef7c93d7-f545-40e3-b798-85cf836eb859#answer/ae8aa910-7d22-4334-ac7c-ae502a8eba83 make sure you pick the correct injector.

I assume you don't need the DC power plugs.

1 Like

According to the manufacturer, it's IEEE standard af/at PoE with a maximum consumption of 16 W, so any af or higher system can power it. They are selling this as a business-class device so it is expected the customer will have 802.11af equipment.

So use an af injector or switch. Using a passive injector on an af device (that isn't also rated for passive) can damage the device.

1 Like

Thanks for useful input.
I just guessed that the operating voltage of the unit is 12v (red arrow)

And that the area in the green rectangle is just a step down converter

Will do some hands one testing, its still in the mail :wink:

I found this, but its a bit expensive if the antenna just converts it back to 12v again :joy:

Yes, it can be powered directly by 12V delivered where the barrel connector is missing. A colleague of mine does that for his battery powered NR7101 :slight_smile: He's traveling at the moment, but I'll see if I can get some more info later.

Regarding the PoE - this is a standard af/at device. I don't think you can power it with passive PoE. At least it does proper negotiation with my switches.

As for the business-class device expectations - it comes with a "Standard 802.3af/at Power over Ethernet (PoE) injector" according to that link. But yes, it can be powered by any af/at switch. And I don't think you really need at. I haven't made it use more than around 10W in worst case. It's usually around 5W

2 Likes

Tusen takk Bjørn :smiley:
That sounds perfect, just as I thought!

A bit interested to know if he connected the battery directly or with a voltage regulator. Three 18650 batteries, a regulator and charging circuit and i have my new hotspot :smiley:

I'm conducting online courses and this summer I'd love to have proper internet during the summer. So then I can work from anywhere...

Typically you'll need a bit more in the way of power circuitry to regulate, manage, and charge Li-Ion cells. Presumably you can tie directly into the 12V input pads, but make sure your power source is properly regulated.

There may be a simpler solution, though... more on that in a minute..

In your work-from-anywhere scenario, what is your upstream connection? Ethernet? Public Wifi? Cellular? And what are your requirements when using this AP in terms of bandwidth, range, number of devices, and uplink capabilities?

The simpler path, IMO, is to use a purpose built "travel router" device. Most of these devices are very small and have low power consumption requirements. They typically work with a USB power source, meaning that you can use a simple USB power bank type device to power it for many hours without needing any special circuitry or other customizations. Your existing device, which expects PoE or a mains power adapter, is not designed for low power (battery sourced) operation, so it will not be as efficient and it will certainly be more complicated to use in a portable situation (the unit you have is really designed for a permanent installation).

Thanks again for valuable input! I knew this was the rigt place :smiley:

I tried tethering with my telephone last summer but my phone overheated and the connection was so and so. That happened after an hour on Zoom (videoconference).

Coverage in Norway is scattered, and we are freecamping this summer. Preferrably it'll be in my campervan, so i have 12v power.

I also have a 4G gateway (Teltonika TRB-140) for connecting with cable to my computer (and a travel router in case i need Wi-Fi).
The Zyxel is more like an experiment to have 5G connection :wink:

I'm not able to connect to the router:

And i dont have the wifi password as the POE injector was missing from the antenna.
My wifi is named Zyxel_EADF (solved with WPS)

(I dont have a sim inserted yet, so that might cause a problem?)

Did your PC get that IP by DHCP? The device page says the IP would be 172.17.1.1/20, in which case you would set the PC to something like 172.17.1.2.

Also on the device page is a link to software that will compute the password.

Hmmm, the router don't want to give me DHCP.
Not by LAN, nor by WiFi.

Running on the 12v input directly on the board:

If this is a telenor branded device the admin interfaces are blocked. In short this is what you need to do:

Get serial console
Get the password for the supervisor account which also is the root password
Use the serial console to log in as root
Disable the iptables rules blocking ssh and http
Log in using ssh
Backup the device partitions
Set the bootloder debug mode active
Login to the web interface with supervisor/password from earlier step
Flash openwrt or stock firmware.

Most of these steps are described in the wiki.

Hopefully you should have access to the web interface now and can setup your device.

3 Likes

Use the serial console to log in as root

I have a usb-tty (Bus 001 Device 009: ID 067b:2303 Prolific Technology, Inc. PL2303 Serial Port)

When connecting i just get this:

$ picocom /dev/ttyUSB0
picocom v3.1

port is : /dev/ttyUSB0
flowcontrol : none
baudrate is : 9600
parity is : none
databits are : 8
stopbits are : 1
escape is : C-a
local echo is : no
noinit is : no
noreset is : no
hangup is : no
nolock is : no
send_cmd is : sz -vv
receive_cmd is : rz -vv -E
imap is :
omap is :
emap is : crcrlf,delbs,
logfile is : none
initstring : none
exit_after is : not set
exit is : no

Type [C-a] [C-h] to see available commands
Terminal ready

I'm really new to serial interface.
I power the modem from the main power, not serial.
Have tried to let it boot, no response.
Have tried to turn on while the serial adapter is connected, and then the modem does not boot at all. I'm stuck :wink:

Hmm, the RX and TX pins were switched on the Wiki:

[o] GND (black)
[ ] key - no pin
[o] RX (orange) - my TX
[o] TX (red) - my RX
[o] 3.3V Vcc (brown)

NR7101 login: root
Password: 


BusyBox v1.20.1 (2021-10-15 14:58:21 CST) built-in shell (ash)
Enter 'help' for a list of built-in commands.

  _______         ___ ___  _______  _____   
 |__     |.--.--.|   |   ||    ___||     |_ 
 |     __||  |  ||-     -||    ___||       |
 |_______||___  ||___|___||_______||_______|
          |_____|  
 -------------------------------------------
    Product: NR7101
    Version: 1.00(ABUV.4)b3_D0
 Build Date: 2021/10/15
 -------------------------------------------
root@NR7101:~# 

I made it :smiley:
Now what?

root@NR7101:~# iptables -S
-P INPUT ACCEPT
-P FORWARD ACCEPT
-P OUTPUT ACCEPT
-N BAD_PING
-N FORWARD_CF
-N FORWARD_DMZ
-N FORWARD_DOS
-N FORWARD_GENERAL
-N FORWARD_GUESTAP
-N FORWARD_INTBLCK
-N FORWARD_IPPASS1
-N FORWARD_NAT
-N FORWARD_PARENTAL
-N FORWARD_PM
-N FORWARD_PM_UPNP
-N FORWARD_POLICY
-N FORWARD_PT
-N FORWARD_SESS_LIMIT
-N FORWARD_SRV
-N ICMP_REDIRECT
-N INPUT_CF
-N INPUT_CWMP
-N INPUT_DOS
-N INPUT_GENERAL
-N INPUT_GUESTAP
-N INPUT_IPPASS1
-N INPUT_REMOMGMT
-N INPUT_RIP
-N INPUT_SP_DOMAIN
-N INPUT_SRV
-N INPUT_TEST
-N LevelLow
-N NAT_LOOPBACK
-N OUTPUT_GENERAL
-N OUTPUT_SRV
-N PING_DEATH
-N PORT_SCAN
-N PR_IPPASS_CWMP1
-N PR_IPPASS_GENERAL1
-N PR_IPPASS_REMOMGMT
-N PR_IPPASS_REMOMGMT1
-N SP_LAN_PART
-N SP_TRUST_DOMAIN
-N SYN_FLOODING
-N Service_FTP
-N Service_HTTP
-N Service_HTTPS
-N Service_PING
-N Service_SSH
-N Service_TELNET
-N TRUST_DOMAIN
-N V4_PORT_REDIRECT
-A INPUT -j PR_IPPASS_CWMP1
-A INPUT -j PR_IPPASS_REMOMGMT1
-A INPUT -j PR_IPPASS_GENERAL1
-A INPUT -j INPUT_IPPASS1
-A INPUT -j V4_PORT_REDIRECT
-A INPUT -i lo -j ACCEPT
-A INPUT -j INPUT_TEST
-A INPUT -i br+ -m mark --mark 0x8/0x8 -j INPUT_GUESTAP
-A INPUT -j INPUT_DOS
-A INPUT -j INPUT_SRV
-A INPUT -j INPUT_SP_DOMAIN
-A INPUT -j INPUT_CWMP
-A INPUT -j INPUT_REMOMGMT
-A INPUT -j INPUT_CF
-A INPUT -j INPUT_GENERAL
-A INPUT -j INPUT_RIP
-A INPUT ! -i br+ -j DROP
-A FORWARD -j FORWARD_IPPASS1
-A FORWARD -j FORWARD_DMZ
-A FORWARD -i br+ -m mark --mark 0x8/0x8 -j FORWARD_GUESTAP
-A FORWARD -i br+ -j FORWARD_PARENTAL
-A FORWARD -j FORWARD_INTBLCK
-A FORWARD -j FORWARD_CF
-A FORWARD -j FORWARD_GENERAL
-A FORWARD -j FORWARD_DOS
-A FORWARD -j FORWARD_SRV
-A FORWARD -j FORWARD_NAT
-A FORWARD -j FORWARD_PM_UPNP
-A FORWARD -j FORWARD_POLICY
-A OUTPUT -j OUTPUT_GENERAL
-A OUTPUT -j OUTPUT_SRV
-A FORWARD_GENERAL -m state --state RELATED,ESTABLISHED -j ACCEPT
-A FORWARD_GUESTAP -i br+ -o wwan+ -j DROP
-A FORWARD_NAT -j FORWARD_PM
-A FORWARD_NAT -j FORWARD_SESS_LIMIT
-A FORWARD_NAT -j FORWARD_PT
-A FORWARD_POLICY -j LevelLow
-A FORWARD_SRV -i br+ -p tcp -m multiport --dports 23,21,20,80,443,25,53,110,995,220,143,993 -j ACCEPT
-A FORWARD_SRV -i br+ -p udp -m multiport --dports 80,443,53,110,995,220,143,993 -j ACCEPT
-A FORWARD_SRV -i br+ -p udp -m udp --dport 123 -j ACCEPT
-A FORWARD_SRV -i br+ -p udp -m udp --sport 67:68 --dport 67:68 -j ACCEPT
-A INPUT_GENERAL ! -i br+ -p tcp -m tcp --dport 53 -j DROP
-A INPUT_GENERAL ! -i br+ -p udp -m udp --dport 53 -j DROP
-A INPUT_GENERAL -i lo -p udp -m udp --dport 53 -j ACCEPT
-A INPUT_GENERAL ! -i br+ -p tcp -m tcp --dport 1900 -j DROP
-A INPUT_GENERAL ! -i br+ -p udp -m udp --dport 1900 -j DROP
-A INPUT_GENERAL ! -i br+ -p icmp -m icmp --icmp-type 13 -j DROP
-A INPUT_GENERAL -m state --state RELATED,ESTABLISHED -j ACCEPT
-A INPUT_GENERAL -i lo -j ACCEPT
-A INPUT_GENERAL -s 127.0.0.0/8 ! -i lo -j DROP
-A INPUT_REMOMGMT -j TRUST_DOMAIN
-A INPUT_REMOMGMT -p tcp -m tcp --dport 80 -j Service_HTTP
-A INPUT_REMOMGMT -p tcp -m tcp --dport 443 -j Service_HTTPS
-A INPUT_REMOMGMT -p tcp -m tcp --dport 21 -j Service_FTP
-A INPUT_REMOMGMT -p tcp -m tcp --dport 23 -j Service_TELNET
-A INPUT_REMOMGMT -p tcp -m tcp --dport 22022 -j Service_SSH
-A INPUT_REMOMGMT -p icmp -m icmp --icmp-type 8 -j Service_PING
-A INPUT_SRV -i br+ -p udp -m udp --dport 123 -j ACCEPT
-A INPUT_SRV ! -i br+ -p udp -m udp --dport 68 -j ACCEPT
-A INPUT_SRV -i br+ -p udp -m udp --dport 67 -j ACCEPT
-A LevelLow -i br+ -j ACCEPT
-A LevelLow ! -i br+ -j DROP
-A OUTPUT_GENERAL -o lo -j ACCEPT
-A OUTPUT_GENERAL -d 127.0.0.0/8 ! -o lo -j DROP
-A PR_IPPASS_REMOMGMT1 -i wwan0 -p tcp -m tcp --dport 80 -j DROP
-A PR_IPPASS_REMOMGMT1 -i eth+ -p tcp -m tcp --dport 80 -j DROP
-A PR_IPPASS_REMOMGMT1 -i wwan0 -p tcp -m tcp --dport 443 -j DROP
-A PR_IPPASS_REMOMGMT1 -i eth+ -p tcp -m tcp --dport 443 -j DROP
-A PR_IPPASS_REMOMGMT1 -i wwan0 -p tcp -m tcp --dport 21 -j DROP
-A PR_IPPASS_REMOMGMT1 -i eth+ -p tcp -m tcp --dport 21 -j DROP
-A PR_IPPASS_REMOMGMT1 -i wwan0 -p tcp -m tcp --dport 23 -j DROP
-A PR_IPPASS_REMOMGMT1 -i eth+ -p tcp -m tcp --dport 23 -j DROP
-A PR_IPPASS_REMOMGMT1 -i wwan0 -p tcp -m tcp --dport 22022 -j DROP
-A PR_IPPASS_REMOMGMT1 -i eth+ -p tcp -m tcp --dport 22022 -j DROP
-A PR_IPPASS_REMOMGMT1 -i eth+ -p icmp -j ACCEPT
-A SP_LAN_PART -j TRUST_DOMAIN
-A SP_LAN_PART -j DROP
-A Service_FTP -j DROP
-A Service_HTTP -j DROP
-A Service_HTTPS ! -i br+ -p tcp -m tcp --dport 443 -j ACCEPT
-A Service_HTTPS -j DROP
-A Service_PING -p icmp -j ACCEPT
-A Service_PING -j DROP
-A Service_SSH ! -i br+ -p tcp -m tcp --dport 22022 -j ACCEPT
-A Service_SSH -j DROP
-A Service_TELNET -j DROP

Then I cleared iptables and connected LAN:

root@NR7101:~# iptables -L
Chain INPUT (policy ACCEPT)
target     prot opt source               destination

Chain FORWARD (policy ACCEPT)
target     prot opt source               destination

Chain OUTPUT (policy ACCEPT)
target     prot opt source               destination

root@NR7101:~# [ 1313.212000] ESW: Link Status Changed - Port2 Link UP
[ 1313.212000] Port2 speed: 10 Mbps.
updateLinkStatus 327: receiving Kernel event !!
[ESMD]: interface: eth2, status: UP
zcmdTr181MtParmAttrSet: obj 38112, 1,0,0,0,0,0 MaxBitRate attr 0x90
zcmdTr181MtParmAttrSet: obj 38112, 1,0,0,0,0,0 DuplexMode attr 0x90
[ 1314.520000] ESW: Link Status Changed - Port2 Link Down
updateLinkStatus 327: receiving Kernel event !!
[ESMD]: interface: eth2, status: DOWN
[ 1317.456000] ESW: Link Status Changed - Port2 Link UP
[ 1317.456000] Port2 speed: 1000 Mbps.
updateLinkStatus 327: receiving Kernel event !!
[ESMD]: interface: eth2, status: UP
****  json_util.c line 174, json_object_to_file_ext() : write /data/zcfg_tr98_map.json to flash successfully
****  json_util.c line 174, json_object_to_file_ext() : write /data/zcfg_tr181_map.json to flash successfully
[ 1323.252000] Data buffer not 16 bytes aligned: 814f83c8
[ 1323.268000] Data buffer not 16 bytes aligned: 814f8048
****  json_util.c line 174, json_object_to_file_ext() : write /data/zcfg_config.json to flash successfully
[ 1353.220000] Data buffer not 16 bytes aligned: 8cbf01c8

Still no connection via lan on 192.168.1.1 or 172.17.1.1
Nor SSH

Seems like there is no DHCP running on NR7101, this is the output on connecting WiFi, my phone tries to obtain ip-address but fails:

[  726.604000] AP SETKEYS DONE - WPA2, AuthMode(7)=WPA2PSK, WepStatus(6)=AES, GroupWepStatus(6)=AES
[  726.604000]
[  726.708000] Rcv Wcid(1) AddBAReq
[  726.716000] Start Seq = 00000001
[  726.724000] Rcv Wcid(1) AddBAReq
[  726.732000] Start Seq = 00000000
[  753.672000] rtmp_chk_rx_err, CM

Is the router in bridge mode?

Let me just clarify some points.

There is no DHCP by default. Check the ip of the router (one of the bridge devices) while logged through serial console using ifconfig. On my device it was 192.168.2.1. Then set a similar ip manually on the computer you are using, for example 192.168.2.2.

There are two iptables rules to remove, the one that rejects http and the one that rejects ssh. The rest can stay. This is what I did

-D Service_HTTP -j DROP
-D service_SSH -j DROP
-A service_HTTP -j ACCEPT
-A service_SSH -j ACCEPT

I also added an extra account to the web interface before flashing, just in case the default password would change or the account disabled. After updating I also managed to find the "admin" password using the "copy the encrypted password in the config file to the ddns section and push the "eye" button in the webinterface".

I´ll try to do a proper writeup at some point.

Thank you Per :smiley:
Tusen takk.

I removed all of the rules in iptables...


root@NR7101:~# iptables -P INPUT ACCEPT
root@NR7101:~# iptables -P FORWARD ACCEPT
root@NR7101:~# iptables -P OUTPUT ACCEPT
root@NR7101:~# iptables -t nat -F
root@NR7101:~# iptables -t mangle -F
root@NR7101:~# iptables -F
root@NR7101:~# iptables -X

I.m in. But what is the password on WEB admin :joy:

I.m in. But what is the password on WEB admin :joy:

Did this and it worked:

image

So, i have OpenWrt installed and have root:

BusyBox v1.33.2 (2022-04-16 12:59:34 UTC) built-in shell (ash)

  _______                     ________        __
 |       |.-----.-----.-----.|  |  |  |.----.|  |_
 |   -   ||  _  |  -__|     ||  |  |  ||   _||   _|
 |_______||   __|_____|__|__||________||__|  |____|
          |__| W I R E L E S S   F R E E D O M
 -----------------------------------------------------
 OpenWrt 21.02.3, r16554-1d4dea6d4f
 -----------------------------------------------------
root@OpenWrt:~# ifconfig
br-lan    Link encap:Ethernet  HWaddr 08:26:97:84:EA:DE
          inet addr:192.168.1.1  Bcast:192.168.1.255  Mask:255.255.255.0
          inet6 addr: fd20:8c19:34d8::1/60 Scope:Global
          inet6 addr: fe80::a26:97ff:fe84:eade/64 Scope:Link
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:8684 errors:0 dropped:0 overruns:0 frame:0
          TX packets:6214 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000
          RX bytes:767011 (749.0 KiB)  TX bytes:1434291 (1.3 MiB)

eth0      Link encap:Ethernet  HWaddr 08:26:97:84:EA:DE
          inet6 addr: fe80::a26:97ff:fe84:eade/64 Scope:Link
          UP BROADCAST RUNNING MULTICAST  MTU:1504  Metric:1
          RX packets:8694 errors:0 dropped:0 overruns:0 frame:0
          TX packets:6479 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000
          RX bytes:924103 (902.4 KiB)  TX bytes:1503148 (1.4 MiB)
          Interrupt:21

lan       Link encap:Ethernet  HWaddr 08:26:97:84:EA:DE
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:8694 errors:0 dropped:4 overruns:0 frame:0
          TX packets:6214 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000
          RX bytes:767611 (749.6 KiB)  TX bytes:1434187 (1.3 MiB)

lo        Link encap:Local Loopback
          inet addr:127.0.0.1  Mask:255.0.0.0
          inet6 addr: ::1/128 Scope:Host
          UP LOOPBACK RUNNING  MTU:65536  Metric:1
          RX packets:696 errors:0 dropped:0 overruns:0 frame:0
          TX packets:696 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000
          RX bytes:55668 (54.3 KiB)  TX bytes:55668 (54.3 KiB)

How do i get my sim-card up and running?

And try to install picocom without internet...
image
Wrong architecture. Tried all mips* variants

Temporarily run a wifi client on the NR7101 radio as wan, or make the Ethernet part of your LAN so that OpenWrt can download from the Internet directly. It's complicated installing offline especially where there are dependencies.