aep_to_ttn_mlinux is used to configure a MultiTech Conduit with AEP firmware that is in commissioning mode. It configures the Conduit for use with the IthacaThings administration system by Jeff Honig.
The steps in the process are as follows. All are automated.
Look at the gateways you went to configure. The supported models are MTCDT 200 series ("blue boxes") and the MTCAP series ("white boxes").
Download the mLinux firmware image(s) you need and put them in a convenient directory. On Linux, /tmp is a particularly convenient place, because that's where the script looks. At time of writing, the images could be downloaded with the following commands:
# change to wherever you want to put the images. /tmp is convenient but
# is reset after each boot.
cd /tmp
# get the MTCDT images
wget https://ttni.tech/mlinux/images/mtcdt/5.3.31/ttni-base-image-mtcdt-upgrade.bin
# get the MTCAP image
wget https://ttni.tech/mlinux/images/mtcap/5.3.31/ttni-base-image-mtcap-upgrade.binWe assume use of USB Ethernet adapters, so (1) you must attach at least one, and (2) you need to remove them from Network Manager's scope of control.
We follow instructions from Redhat.
All our USB Ethernet adapters are ASIX-based, so we can simply remove any ASIX-based adapter from the list by matching, using the OUI to reduce the chance of mismatch.
All our USB Ethernet adapters have a common OUI, 000ec6, so we can match the patern enx000ec6* in the instructions that make them manually configured.
-
Create a file
/etc/NetworkManager/conf.d/99-unmanaged-asix-000ec6.conf, containing:[keyfile] unmanaged-devices=interface-name:enx000ec6*
-
Restart network manager:
sudo systemctl reload NetworkManager
-
Verify using
nmcli, as shown below.$ nmcli device status DEVICE TYPE STATE CONNECTION wlp3s0 wifi connected 1140 Office Suites lo loopback connected (externally) lo enp0s25 ethernet unavailable -- enx000ec645f41e ethernet unmanaged -- enx000ec64601bc ethernet unmanaged -- enx000ec64601f0 ethernet unmanaged -- enx000ec6460681 ethernet unmanaged -- enx000ec646073d ethernet unmanaged -- enx000ec646174d ethernet unmanaged -- enx000ec6461879 ethernet unmanaged -- enx000ec683120d ethernet unmanaged -- $ # note the "unmanaged" ^^^^^^^^^
Connect a gateway via Ethernet to a USB NIC. For the USB NICs I use, I have the addresses printed on the side; but most NICs have the address somewhere on the manufacturer's label.
In this case, the adapter is labeled 00-0e-c6-46-17-4d, which means that the corresponding Linux name is enx000ec646174d.
We manually set the IPv4 address of that NIC using ifconfig.
sudo ifconfig enx000ec646174d inet 192.168.2.200 netmask 255.255.255.0If you want to set up multiple gateways concurrently, you can do so using VRF; see below.
This is the recommended approach, as it doesn't require making any global environment changes other than installing python3. We tested with Python 3.12.3.
git clone [email protected]:things-nyc/aep_to_ttn_mlinux
cd aep_to_ttn_mlinux
# after cloning, create the .venv
python3 -m venv .venv
# set up the virtual environment
source .venv/bin/activate
# get the remaining requirements into the virtual environment
python3 -m pip install -r requirements.txt
# make sure the script is functional
python3 -m aep_to_ttn_mlinux --helpBoot up the AEP gateway, and connect its networking port to your USB Ethernet adapter.
# make sure you've activated the venv, then:
python -m aep_to_ttn_mlinux --password choose-a-passw0rd --verboseWe normally use a different password than choose-a-passw0rd. Note that AEP wants a password containing lower case letters, digits, and punctuation.
If the Conduit has not already been given an administrative login and password, this script will set them (using the values of --username and --password).
The script then uses the commissioning API to enable SSH (if not already enabled.) When enabling ssh, a reboot is forced, and the script waits for the reboot to complete.
Then the script uses ssh to download the appropriate image for the Conduit being configured.
Finally, the script triggers a firmware update.
The script does not wait for the firmware update to complete.
Thus, you'll normally observe two reboots of the Conduit -- the first time to enable SSH, and the second time to do the firmware update.
We relied on this Redhat documentation to help figure out how to do this.
# set up VRFs
sudo ip link add vrf-usb1 type vrf table 10
sudo ip link set dev vrf-usb1 up
sudo route add table 10 unreacable default metric 4278198272
sudo route add table 10 unreachable default metric 4278198272
sudo ip link add vrf-usb2 type vrf table 11
sudo ip link set dev vrf-usb2 up
sudo ip route add table 10 unreachable default metric 4278198272
sudo ip route add table 11 unreachable default metric 4278198272
# .. and so forth.
# then put each USB interface into its own VRF
sudo ip link set dev enx000ec646174d master vrf-usb1
# ...
# show what is up (example).
sudo ip -d link show master vrf-usb1
sudo ip -d link show vrf vrf-usb1
sudo ip neigh show vrf vrf-usb1
sudo ip addr show vrf vrf-usb1
# demo that we can't reach a Conduit normally
ssh [email protected]
# demo that we *can* reach it with ip vrf exec
sudo ip vrf exec vrf-usb1 ssh [email protected]
# run the provisioning script
sudo ip vrf exec vrf-usb1 python -m aep_to_ttn_mlinux --password choose-a-passw0rd --verbose