Lucky for you, I'm reconfiguring my whole network and the Zyxel NBG6817 is having a small break right now. I'll reproduce the TFTP method and give you more detailed steps. However, I remember having some issues getting the TFTP command at the right moment, as the time window is very tight (as @slh has noted, bootdelay is set to 3 seconds). Reporting back soon!
Edit: I couldn't get TFTP flash working with Windows built-in tool - not even a single time. Using tftpd64, this whole process gets foolproof! I had 100% success:
- Download tftpd64 from here: http://tftpd32.jounin.net/tftpd32_download.html (I prefer portable version) and extract it to a folder.
- Copy
ras.binto that folder. - Launch the program and choose
192.168.1.99as interface (which you've configured previously - IP address and netmask seems to be enough). The program is now completely set and doesn't require any user interaction from now on. - Press and hold WPS, power on router, don't let go of WPS. NBG6817 LEDs will be: 2.4GHz LED -> 5GHz LED -> Power LED -> all LEDs off. A few seconds later, tftpd64 will notify you about
ras.binbeeing sent to your router. Now, you're allowed to let go of WPS button. - Once flashed, Power LED and 2.4GHz LED will blink very fast. This indicates a successful flash. I've waited an additional 15 minutes, just to make sure everything is fine. Power off your router, wait a little while and power it on again.
- Your router should work again.
If this successfully brings back your router, I will update my guide above accordingly. Interesting find: I kept WPS pressed, and started tftpd32 roughly around 15 to 30 seconds later, TFTP recovery still worked. Guess that "bootdelay = 3" in zloader / uboot source is meant for something else. I've done this with a direct connection to the router (LAN4, but any LAN port should work I guess). Windows Firewall enabled, allowed tftp64 to operate in private and public (unknown) networks. Worked fine.