AP300 as wireless client.
After some searching support, and reading some posts here, I think there is a certain version of AP300 firmware that marks the login in the web ui as "hidden". It just says to use the Gateway Wireless Controller to configure the AP.
I'm sure with a handful of Linux tools, and 30 years programming experience on *nix machines, I can probably figure out how to open a port for tftp, and upload a new index.html to the AP, so the login is not hidden.
But who knows what's next? It might never end!
So, I want to configure the access point as a PC wireless adapter. Is there a way downgrade the AP firmware to a version prior to the web ui lockout? And, could I then configure it in client mode using the AP web ui?
Thanks for all the help. I'm an environmentalist, and electronics are some of the worst things to put in landfills! But if my idea is impossible, what are you gonna do?
I'm sure with a handful of Linux tools, and 30 years programming experience on *nix machines, I can probably figure out how to open a port for tftp, and upload a new index.html to the AP, so the login is not hidden.
But who knows what's next? It might never end!
So, I want to configure the access point as a PC wireless adapter. Is there a way downgrade the AP firmware to a version prior to the web ui lockout? And, could I then configure it in client mode using the AP web ui?
Thanks for all the help. I'm an environmentalist, and electronics are some of the worst things to put in landfills! But if my idea is impossible, what are you gonna do?
0
Best Answer
-
Perhaps this can help:
Command line access for legacy AP100, AP102, AP200, and AP300
https://techsearch.watchguard.com/KB?type=Article&SFDCID=kA10H000000g3APSAY&lang=en_US0
Sign In to comment.
Answers
But that only works with basic authentication.
Thanks again for the tip!
The link says to use SSH to access the AP.
https://en.wikipedia.org/wiki/Secure_Shell_Protocol
Uncanny. The first time I tapped your supplied link, it took me to a page describing how the license enforcement affects APs purchased before the policy went into effect.
Now, I've tapped it, and it takes me to instructions on using the AP CLI.
I think it's the same one in my bookmarks: https://techsearch.watchguard.com/KB?type=Article&SFDCID=kA10H000000g3APSAY&lang=en_US.
My only problem is, I didn't want to configure the AP connected to a firebox, but directly connected to an Ethernet adapter on a Linux box.
I guess the difference isn't that much time. But CLI doesn't appear to be very complete configuration utility. I'll try it, though.
Do you happen to know how to put the AP300 in client mode, so it's basically just an Ethernet wifi adapter that can be used with programs such as network-manager ?
No idea. I don't believe that this was the design goal of these APs.
From the AP300 Hardware Guide:
"WatchGuard AP devices are managed and controlled directly from a WatchGuard Firebox or XTM device to provide centralized, secure management and configuration of all WatchGuard wireless devices on your network."
https://www.watchguard.com/help/docs/hardware guides/AP300_Hardware_Guide.pdf
The Logon UI for the APs only ever allowed three things when it was exposed.
-The ability to set a pairing passphrase to something other than WGWAP (the default at the time.)
-The ability to statically set or set the IP/VLAN settings to DHCP
-The ability to upload a firmware image to the AP directly
The APs themselves never allowed the SSID settings, etc to be changed here, so even if you did downgrade them, you're not going to be able to get to anything of interest.
You can see the old UI here:
https://www.watchguard.com/help/docs/help-center/en-US/Content/en-US/Fireware/wireless/ap_web-ui_c.html
The WebUI was removed due to security concerns. Since (at the time) APs were managed exclusively by the firewall, the decision was made to discontinue the WebUI on the APs of that era as they didn't provide anything additional to the APs themselves. I wouldn't recommend trying to downgrade the APs to an older version, as anything that was configurable via the UI is configurable by SSH.
If you'd like to use an AP300 and don't have a WatchGuard firewall, if you set the AP up using a firewall that supports GWC (Gateway Wireless Controller) it'll continue to broadcast its SSID and function if you physically remove it from that firewall and put it elsewhere. I'd suggest looking into a newer AP, as an AP300 is only 802.11n and hasn't received software updates in quite some time.
-James Carson
WatchGuard Customer Support