This post is for all those people where none of the methods in the first two posts will work.
Be Warned! All the methods outlined below will wipe the current config within your router/gateway. They start out easy, and progressively get a little more difficult, but each one will mean resetting-up the router afterwards to be able to connect with your ISP (plus Wireless, etc. etc.). If you are going to do this, make sure NOW that you have ALL the info that you will later need.
Advice Before Changes:
All methods below reset the router to defaults. One of the main issues is to be able to re-connect to the gateway afterwards, since your ISP may have changed the defaults. Another--really irritating--issue is that Thomson themselves changed the defaults at r5.3.0 (main features also back-ported into v4 firmware at r4.3.2.6). The advised setup therefore changes according to the model of ST that you have, and the Firmware that it is about to run. Tech Support agents always advise a fixed IP on the computer, even though an active DHCP-server is standard on all Gateways (using a fixed IP removes yet another layer of uncertainty):
Quote:
Advised computer network setup before any changes:
r5.3+/r4.3+:
Fixed computer IP (do not use DHCP server on Gateway)
Computer IP: 192.168.1.64
Subnet Mask: 255.255.255.0
Default Gateway IP: 192.168.1.254
Earlier Firmware:
Fixed computer IP (do not use DHCP server on Gateway)
Computer IP: 10.0.0.1
Subnet Mask: 255.0.0.0
Default Gateway IP: 10.0.0.138
General setup advice before Firmware transfer:
Unplug the DSL line.
Disable/turn off ALL firewalls.
Disable/turn off ALL anti-virus.
Use Ethernet connection only.
On Switch models, only use Port 1.
Disconnect any USB connection to Gateway.
Current network info is most easily obtained under windows using the "ipconfig" command at a command prompt. Here is an example on my ST585v6 at home:
Code:
ipconfig /all
Windows IP Configuration
Host Name . . . . . . . . . . . . : david
Primary Dns Suffix . . . . . . . :
Node Type . . . . . . . . . . . . : Mixed
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No
DNS Suffix Search List. . . . . . : lan
Ethernet adapter Local Area Connection:
Connection-specific DNS Suffix . : lan
Description . . . . . . . . . . . : Intel(R) 82562V 10/100 Network Connection
Physical Address. . . . . . . . . : 00-19-D1-47-85-BE
Dhcp Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
IP Address. . . . . . . . . . . . : 192.168.1.64
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . . . . : 192.168.1.254
DHCP Server . . . . . . . . . . . : 192.168.1.254
DNS Servers . . . . . . . . . . . : 192.168.1.254
Lease Obtained. . . . . . . . . . : 03 January 2008 19:30:04
Lease Expires . . . . . . . . . . : 04 January 2008 19:30:04
Think of your SpeedTouch router/gateway as a specialised micro computer. The OS, program & config files are stored in Flash-ROM, and RAM becomes a working file-system on bootup. Modern r5.3+/r4.3+ routers have a single partition (earlier firmware was dual-partition). Single partition devices have a higher likelihood of corruption in use than dual-partition models, so if a later model gets stopped (including turned off or unplugged) during the boot-sequence, the next time it will start in "BootP"-mode. That means that it is waiting for a BootP-server to respond, and the router is ready to load new firmware. Loading new firmware will completely wipe all of the existing ISP setup and--assuming that you load generic Thomson firmware--will give default usernames & passwords (see top of the very first post). If the methods offered in the first two posts have failed, that is exactly what you want.
The ST Wizards for r5.3+/r4.3+ firmware are BootP- and tFTP-servers (Wizards for earlier firmware are not); the latest version at the time of writing is r4.4.21, and can be used with all r5.3+/r4.3+ firmware upto the latest r7 releases. Have a look under the 'Firmare' directory of your router in the Alcatel downloads directory. The wizards are either pre-packed with firmware, or empty (you can add your choice of firmware in either case). You will be asked to browse to select the firmware for upload during use; pre-packed Wizards have defaults within their setup files that make it easier to find the firmware file. If, for any reason, you do not want to/cannot use the Thomson Wizards, there are some generic BootP & tFTP servers here (pre-r5.3 firmware requires use of this 3rd-party server for the BootP method).
Some firmware releases come in both "file-system" & "bootp" varieties, whilst others only offer the bootp variant. From the previous paragraph it is obvious that what you want is the 'bootp' version. My experience with the Wizards & 585v6 bootp-firmware suggests that it also contains a copy of the file-system software. There is a topic in these forums with all the known firmware releases for every SpeedTouch Router or Gateway; each release is also linked to the download directory that contains it, which should make life easier.
Wizards for pre r5.3-firmware will upload it without regard to any device username/passwords. Wizards for r5.3+/r4.3+ password-protected routers insist on the password being entered before upgrade/downgrading firmware, which explains why the default username has no password.
Three Methods to Wipe the Current Config:
Finally, after that mass of advice, we can get to the methods on how to do it. As best as I can tell, with r5.3+/r4.3+ models Thomson uses identical base-firmware, and all ISP localisations are achieved via configuration changes, including default usernames & passwords. The aim, then, is simply to wipe out the current device configuration. There are 3 ways that this can be achieved, each of increasing difficulty. The ISP config can prevent access to the first method, but cannot stop the last two:
1 Reset the configuration from the Embedded Web-Pages:
Navigate to the Router reset-page, and click "Yes, reset my SpeedTouch" (the following are accurate for the ST585v6 with default r6.1.4.3 firmware):
Quote:
Software Reset:
Home > SpeedTouch > Configuration > Reset
http://192.168.1.254/cgi/b/info/reset/?ce=1&be=0&l0=0&l1=1&tid=RESET
http://speedtouch.lan/cgi/b/info/reset/?ce=1&be=0&l0=0&l1=1&tid=RESET
When complete, you will need to re-setup the router. It contains an "Easy Setup" Wizard to help you do this:
Home > SpeedTouch (click on 'Set Up' within "Pick a task...")
http://192.168.1.254/cgi/b/ST/?ce=1&be=0&l0=0&l1=-1
http://speedtouch.lan/cgi/b/ST/?ce=1&be=0&l0=0&l1=-1
2 Reset the configuration Mechanically:
Thomson refers to the above method as a "Software Reset", whilst this is referred to as a "Hardware Reset" - you can read about both methods within the r5.4 User Guide (p103). Both Software- and Hardware-Resets achieve the same end-result (wiping the current config & restoring to factory defaults). There are 2 varieties of hardware-reset:
Routers with a 'reset' hole at the rear of the device (like mine - see the previous link), usually tucked amongst all the connection sockets.
Routers without a 'reset' hole - check your model User-Guide for the precise method.
Quote:
Hardware Reset:
Devices with a 'reset' hole (see ST-585v6 r5.4 User Guide p103):
Make sure the SpeedTouch is turned on.
Use a pen or an unfolded paperclip to push the recessed reset button on the back panel. Push it until the power LED lights red - this will take about 7 seconds.
Release the reset button.
The SpeedTouch restarts in default configuration.
Devices without a 'reset' hole (check your model for the method; an example is ST510/530v4 r4.3:
Make sure the SpeedTouch is powered on.
Power off the SpeedTouch by pressing the power button until all LEDs turn off.
Press the power button once again (shortly).
As soon as the Power/System LED is flashing green, press the power button once more (shortly).
The Power/System LED stops flashing to become solid green. After six seconds, it starts flashing green again. Press the power button once more (shortly).
All LEDs flash green once.
The SpeedTouch reboots and will come online with factory default settings.
When complete, you will need to re-setup the router, exactly as with the 'Software Reset' above.
3 Use BootP to load default Firmware:
This has been devised by Thomson as a last-gasp method to get a device operational again that is otherwise utterly FOOBAR-ed. If you consider that your ST is (actually or effectively) totally FOOBAR, and none of the steps above work, this is the one for you.
In Thomson's words, from the r4.2.7 ST510/530v4 Setup and User’s Guide:
Quote:
'BootP' is "a standard mechanism used for booting diskless stations".
You will therefore understand that the BootP-state for the Gateway occurs before transfer of control to the on-board firmware, and that neatly escapes from the catch-22 of needing to know the password with r5.3+/r4.3+ devices before you can upload the firmware.
The basic procedure is as follows:
Have an assembly of:
combo BootP+tFTP-server
firmware
...prepared ready on a computer attached by ethernet to the router/gateway.
Put the router into BootP mode.
Watch the firmware transfer across the wire, and the router restart.
(sounds easy, huh?)
As with some of the other methods, this one varies according to model & firmware:
With pre-r5.3/r4.3 models:
A 3rd-party BootP & tFTP server is needed, since the Alcatel/Thomson Wizard will not work.
The router MAC address is needed (for the bootp-server) (update: not with Jounin, see following).
The method to get the gateway into BootP-mode differs from later firmware (again, check the User-Manual for your model for the precise method).
With r5.3+/r4.3+ models:
3rd-party BootP & tFTP servers will work if the Thomson Wizard fails.
The Wizard is reliably reported to be a BootP-server.
The method to get the gateway into BootP-mode differs to earlier firmware, and is not documented by Thomson anywhere (except indirectly).
Revs Per Min reports that the Jounin tFTP server does not need a MAC address. Here is his report on how to upgrade a bricked ST536v5 using Jounin:
Quote:
Download a tftp server. I used tftpd32.exe from tftpd32.jounin.net
Free and very neat. It has a bootp server in it. No install just start the exe.
I used the v3 beta but earlier version should be ok.
Plug in the modem no phone connection. Set a static ip on the pc ethernet of 10.0.0.10.
Now start the tftpd32 and go to the DHCP server tab.
Start address 10.0.0.138
pool size 1
bootfile zztxaa5334.bin (put the firmware file in same directory as the tftpd32 and use whatever one you have.)
wins blank
default router blank
mask 255.0.0.0
Then click the save.
Check the server interface is set to 10.0.0.10.
Go to the Event viewer. Start the modem again in bootp mode.
You should see the requests for ip, the ip passed to the modem and immediately start to download the firmware into the modem.
DO NOT SHUT OFF THE MODEM.
During the upload the power light will go to solid red and the ethernet flash. Once the transfer is made it will flash red to green. You don't need to do anything. The speedtouch will check the file and load it into flash and reboot itself. The modem should just come up with green power light.
Then change your ethernet back to auto.
Go through the gui and fill out the setup wizard.
This was the event viewer log.
Rcvd BootP Msg for IP 0.0.0.0, Mac 00:0E:50:CA:55:C2 [26/05 17:28:15.001]
DHCP: proposed address 10.0.0.138 [26/05 17:28:15.011]
Rcvd BootP Msg for IP 0.0.0.0, Mac 00:0E:50:CA:55:C2 [26/05 17:28:15.992]
DHCP: proposed address 10.0.0.138 [26/05 17:28:16.002]
Read request for file <zztxaa540e.bin>. Mode octet [26/05 17:28:16.233]
Using local port 1143 [26/05 17:28:16.233]
Rcvd DHCP Rqst Msg for IP 0.0.0.0, Mac 00:11:D8:BA:DB:D5 [26/05 17:28:18.736]
<zztxaa540e.bin>: sent 4100 blks, 2098763 bytes in 25 s. 0 blk resent [26/05 17:28:41.629]
If you need the MAC address:
Quote:
One obvious place to look is the label on the ST (usually fixed to the base of the device); on my 585v6 it is at the top LHS, underneath the 2nd bar-code.
Another place to confirm it is from the embedded web-pages:
Pre-r5.3/r4.3 models (the example comes from the r4.2.7 ST510/530v4 Setup and User’s Guide p47):
Home > System tab (Physical Address)
http://10.0.0.138/
The Physical Address shown is described by Thomson as "The unique Medium Access Control (MAC) address of your SpeedTouch" (I thought that it was "Media Access Control").
r5.3+/r4.3+ models: It cannot be found on the web-pages (humph).
The MAC address is one of the environment variables (_MACADDR) & can be found with the CLI command "env list".
To put the Router/Gateway into BootP mode:
Quote:
Varies by Firmware (possibly by model - check your User Guide):
Pre-r5.3/r4.3 models with reset (the example comes from the r5.2.7 ST510/530/516/536/546v5 Setup and User’s Guide p73, and is largely mirrored by a copy of a post from a NZ SpeedTouch Rep in the Whirlpool Forums):
Start with the SpeedTouch switched off.
Use a pencil to press and hold the recessed reset button on the SpeedTouch rear panel.
While holding the reset button, push in the power button to switch on the SpeedTouch. You will notice that the power LED is solid red.
Keep holding the reset button for at least twelve seconds until the power LED turns solid green.
Release the reset button as soon as the power LED turned solid green. This indicates that the SpeedTouch entered BOOTP mode and is sending BOOTP requests.
Pre-r5.3/r4.3 models without reset (the example comes from the r4.2.7 ST510/530v4 Setup and User’s Guide p68):
Start with the SpeedTouch switched off.
Press the SpeedTouch power button and hold it until the Power/System LED flashes amber (approximately six seconds). This indicates that the SpeedTouch entered BOOTP mode and is sending BOOTP requests.
r5.3+/r4.3+ models: Not directly documented (humph).
The r6.2.F Release Notes contain a clue (p14):
Quote:
If the ST is shut down during boot, it gets stuck in BOOTP mode. This is actually not a restriction as such, but the normal result of a feature. When the ST changed from dual to single partition routers, a backup plan was necessary in case the active (and only) build would get corrupted, or in case the modem couldn't start. The BootP mechanism was implemented to recover from such a situation. This mode allows the routers to be always recoverable, by having the router entering BootP mode. The router then expects a BootP server, with a TFTP server to upload a new build.
To succeed, the router must be able to detect when the booting has failed. If the modem detects that it did not finish its boot sequence completely, it will enter BootP mode. A side-effect of this mechanism is that, if you unplug (or turn off in any way) a router during it's boot sequence, it will start in BootP the next time.
The following is pure theory; at this moment I cannot persuade my ST585v6 to do it!:
Quote:
r5.3+/r4.3+ models:
Start with the SpeedTouch switched off.
Press the SpeedTouch power button.
Press and switch OFF the router whilst the Power/System LED still shows red (or amber, the User Guides vary).
On next startup the Power/System LED will display solid red (or flashing amber, the User Guides vary). This indicates that the SpeedTouch entered BOOTP mode and is sending BOOTP requests.
Now run the SpeedTouch firmware upgrade wizard.
Sat update: this is how to put a ST-585v6 into BootP mode:
Quote:
Start with the SpeedTouch switched off.
Use the end of a paperclip to press and hold the recessed reset button on the SpeedTouch rear panel.
While holding the reset button, push in the power button to switch on the SpeedTouch. You will notice that the power LED is solid red.
Keep holding the reset button for at least ?? seconds until the power LED turns solid orange.
Now release the reset button. The router is in BootP mode and is sending BootP requests.
This was the sequence with Jounin to send ZZQIAA6.2F5.bli to the router:
Quote:
(Before switching the 585v6 into BootP mode):
Put all 3 files from Jounin into it's own directory, including 'tftpd32.exe' (no installation required) + the bootp-firmware-file.
Setup the computer for a static IP as top of this post (Properties on TCP/IP within Network Adapter Properties).
Start the tftpd32 and go to the DHCP server tab:
IP Pool starting address: 192.168.1.254
Size of pool: 1
Boot File: ZZQIAA6.2F5.bli
Mask: 255.255.255.0
Everything else blank.
Click 'Save'.
Make sure "Server interfaces" says '192.168.1.64'.
Close Jounin (when my 585 started BootP-mode it threw an exception on the computer, and I had to restart it)
(Dec 2008 update: the latest v3.28 is trouble-free, so there is no need to shutdown/restart Jounin).
(do the sequence as above to start BootP-mode with the router)
Restart Jounin.
Watch the file transfer.
Router restarts; power-LED stays orange for a long time (do NOT switch it off now!!!)
Router restarts again, with a normal sequence this time.
Router has factory defaults & will require upload of previous-saved config file, or use of embedded Wizard.
2008-12-11 edit: added Jounin image + news on v3.28 update
_________________
Alex Kemp
Home 