TL-ER6020 SafeStreamTM Gigabit Dual-WAN VPN Router Rev: 1.0.0 1910010695
-5- Dual-WAN Ports + Providing two 10/100/1000M WAN ports for users to connect two Internet lines for bandwidth expansion. + Supporting multiple Lo
-95- Figure 3-63 L2TP/PPTP Tunnel The following items are displayed on this screen: General Enable VPN-to-Internet: Specify whether to enable VPN
-96- Account Name: Enter the account name of L2TP/PPTP tunnel. It should be configured identically on server and client. Password: Enter the passwo
-97- Remote Subnet: Enter the IP address range of your remote network. (It's always the IP address range of LAN on the remote peer of VPN tunnel
-98- In this table, you can view the information of IP Pools and edit them by the action buttons. 3.5.3.3 List of L2TP/PPTP Tunnel This page display
-99- Figure 3-66 General The following items are displayed on this screen: General PPPoE Server: Specify whether to enable the PPPoE Server funct
-100- Idle Timeout: Enter the maximum idle time. The session will be terminated after it has been inactive for this specified period. It can be 0-100
-101- Figure 3-67 IP Address Pool The following items are displayed on this screen: IP Address Pool Pool Name: Specify a unique name to the IP Ad
-102- Figure 3-68 Account The following items are displayed on this screen: Account Account Name: Enter the account name. This name should not be
-103- Description: Enter the description for management and search purposes. Up to 28 characters can be entered. Status: Activate or inactivate the e
-104- The following items are displayed on this screen: Exceptional IP IP Address Range: Specify the start and the end IP address to make an excep
-6- Supports Diagnostic (Ping/Tracert) and Online Detection VPN Supports IPsec VPN and provides up to 50 IPsec VPN tunnels Supports IPSec VP
-105- Figure 3-71 E-Bulletin The following items are displayed on this screen: General Enable E-Bulletin: Specify whether to enable electronic bu
-106- Content: Enter the content of the bulletin. Object: Select the object of this bulletin. Options include: ANY: The bulletin will be released
-107- latest IP address, the server will update the mappings between the domain name and IP address in DNS database. Therefore, the users can use the
-108- Domain Name: Enter the Domain Name that you registered with your DDNS service provider. DDNS Service: Activate or inactivate DDNS service here.
-109- Account Name: Enter the Account Name of your DDNS account. If you have not registered, click <Go to register> to go to the website of No-
-110- Figure 3-74 PeanutHull DDNS The following items are displayed on this screen: PeanutHull DDNS Account Name: Enter the Account Name of your
-111- Domain Name: Displays the domain names obtained from the DDNS server. Up to 16 domain names can be displayed here. List of PeanutHull Accoun
-112- DDNS Status: Displays the current status of DDNS service Offline: DDNS service is disabled. Connecting: client is connecting to the serve
-113- General UPnP Function: Enable or disable the UPnP function globally. List of UPnP Mapping After UPnP is enabled, all UPnP connection rul
-114- New User Name: Enter a new user name for the Router. New Password: Enter a new password for the Router. Confirm New Password: Re-enter the new
-7- LEDs LED Status Indication On The Router is powered on PWR Off The Router is powered off or power supply is abnormal Flashing The Router w
-115- Telnet Idle Timeout: Enter a timeout period that the Router will log the remote PCs out of the Web-based Utility after a specified period (Te
-116- Application Example Network Requirements Allow the IP address within 210.10.10.0/24 segment to manage the Router with IP address of 210.10.10.5
-117- Figure 3-81 Export and Import The following items are displayed on this screen: Configuration Version Displays the current Configuration ve
-118- Figure 3-82 Reboot Click the <Reboot> button to reboot the Router. The configuration will not be lost after rebooting. The Internet co
-119- Figure 3-84 License 3.7.4 Statistics 3.7.4.1 Interface Traffic Statistics Interface Traffic Statistics screen displays the detailed traffic
-120- Interface: Displays the interface. Rate Rx: Displays the rate for receiving data frames. Rate Tx: Displays the rate for transmitting data fram
-121- Figure 3-86 IP Traffic Statistics The following items are displayed on this screen: General Enable IP Traffic Statistics: Allows you to ena
-122- Figure 3-87 Diagnostics The following items are displayed on this screen: Ping Destination IP/Domain: Enter destination IP address or Doma
-123- of destination automatically. After clicking the <Start> button, the Router will send Tracert packets to test the connectivity of the gat
-124- WAN Status: Display the detecting results. 3.7.6 Time System Time is the time displayed while the Router is running. On this page you can con
-8- 2.3.2 Rear Panel The rear panel of TL-ER6020 is shown as the following figure. Power Socket Connect the female connector of the power cord to
-125- Note: ● If Get GMT function cannot be used properly, please add an entry with UDP port of 123 to the firewall software of the PC. ● The tim
-126- The Logs of switch are classified into the following eight levels. Severity Level Description Emergency 0 The system is unusable. Alert 1 Act
-127- Chapter 4 Application 4.1 Network Requirements The company has established the server farms in the headquarters to provide the Web, Mail and
-128- 4.2 Network Topology 4.3 Configurations You can configure the Router via the PC connected to the LAN port of this Router. To log in to the R
-129- 4.3.1.1 System Mode Set the system mode of the Router to the NAT mode. Choose the menu Network→System Mode to load the following page. Select
-130- Figure 4-3 Link Backup 4.3.2 VPN Setting To enable the hosts in the remote branch office (WAN: 116.31.85.133, LAN: 172.31.10.1) to access the
-131- Authentication: MD5 Encryption: 3DES DH Group: DH2 Click the <Add> button to apply. Figure 4-4 IKE Proposal IKE Policy Choose the me
-132- Figure 4-5 IKE Policy Tips: For the VPN Router in the remote branch office, the IKE settings should be the same as the Router in the headquart
-133- ESP Encryption: 3DES Click the <Save> button to apply. Figure 4-6 IPsec Proposal IPsec Policy Choose the menu VPN→IPsec→IPsec Policy
-134- Figure 4-7 IPsec Policy Tips: For the VPN Router in the remote branch office, the IPsec settings should be consistent with the Router in the h
-9- Chapter 3 Configuration 3.1 Network 3.1.1 Status The Status page shows the system information, the port connection status and other informatio
-135- L2TP/PPTP Tunnel Choose the menu VPN→L2TP/PPTP→L2TP/PPTP Tunnel to load the following page. Check the box of Enable VPN-to-Internet to allo
-136- 4.3.3 Network Management To manage the enterprise network effectively and forbid the Hosts within the IP range of 192.168.0.30-192.168.0.50 t
-137- Choose the menu User Group→User to load the configuration page. Click the <Batch> button to enter the batch processing screen. Then cont
-138- Application: Click the <Application List> button and select the applications desired to be blocked on the popup window.Status: Activat
-139- Figure 4-12 Bandwidth Setup 2) Interface Bandwidth Choose the menu Network→WAN→WAN1 to load the configuration page. Configure the Upstream Ban
-140- Figure 4-14 Bandwidth Control Rule 4.3.3.4 Session Limit Choose the menu Advanced→Session Limit→Session Limit to load the configuration page.
-141- 4.3.4.1 LAN ARP Defense You can configure IP-MAC Binding manually or by ARP Scanning. For the first time configuration, please bind most of th
-142- Choose the menu Firewall→Anti ARP Spoofing→IP-MAC Binding to load the configuration page. To add the host with IP address of 192.168.1.20 and M
-143- 4.3.4.3 Attack Defense Choose the menu Firewall→Attack Defense→Attack Defense to load the configuration page. Select the options desired to be
-144- Figure 4-21 Port Mirror 2) Statistics Choose the menu Maintenance→Statistics to load the page. Load the Interface Traffic Statistics page to v
-10- Figure 3-2 Network Topology - NAT Mode If your Router is connecting the two networks of different areas in a large network environment with a n
-145- Figure 4-23 IP Traffic Statistics After all the above steps, the enterprise network will be operated based on planning.
-146- Chapter 5 CLI TL-ER6020 provides a Console port for CLI (Command Line Interface) configuration, which enables you to configure the Router by a
-147- Figure 5-2 Connection Description 4. Select the port (The default port is COM1) to connect in Figure 5-3, and click OK. Figure 5-3 Select th
-148- Figure 5-4 Port Settings 6. Choose File → Properties → Settings on the Hyper Terminal window as Figure 5-5 shows, then choose VT100 or Auto de
-149- 7. The DOS prompting “TP-LINK>” will appear after pressing the Enter button in the Hyper Terminal window as Figure 5-6 shows. Figure 5-6 L
-150- Mode Accessing Path Prompt Logout or Access the next mode User EXEC Mode Primary mode once it is connected with the Router. TP-LINK > Use
-151- enable - Enter the privileged mode exit - Exit the CLI (only for telnet) history - Show command history ip - Display or Set the IP
-152- 5.4 Command Introduction TL-ER6020 provides a number of CLI commands for users to manage the Router and user information. For better understan
-153- 5.4.3 sys The sys command is used for system management, including Backup and Restore, Factory Default, Reboot, Firmware Upgrade and so on. T
-154- ● Pay special attention that the specified account must be with appropriate permissions since the functions such as export, import and firmwar
-11- Figure 3-4 Network Topology – Classic Mode Choose the menu Network→System Mode to load the following page. Figure 3-5 System Mode You can sele
-155- TP-LINK > user get Username: admin Password: admin Query the user name and password of the current Guest. TP-LINK > user set passwor
-156- TP-LINK > history 1. history 2. sys show 3. history View the history command. TP-LINK > history clear 1. history 2. sys show 3
-157- Appendix A Hardware Specifications Standards IEEE 802.3, IEEE 802.3u, IEEE 802.3ab, IEEE 802.3x, TCP/ IP, DHCP, ICMP, NAT、PPPoE, SNTP, HTTP, DN
-158- Appendix B FAQ Q1. What can I do if I cannot access the web-based configuration page? 1. For the first login, please try the following steps:
-159- Q3: What can I do if the Router with the remote management function enabled cannot be accessed by the remote computer? 1. Make sure that t
-160- Appendix C Glossary Glossary Description DSL (Digital Subscriber Line) A technology that allows data to be sent or received over existing tr
-161- Glossary Description H.323 H.323 allows dissimilar communication devices to communicate with each other by using a standardized communicatio
-162- Glossary Description MAC address(Media Access Control address) Standardized data link layer address that is required for every port or devic
-163- Glossary Description Telnet(Telecommunication Network protocol) Telnet is used for remote terminal connection, enabling users to log in to r
-12- Non-NAT Mode In this mode, the Router functions as the traditional Gateway and forwards the packets via routing protocol. The Hosts in differ
-13- Figure 3-6 WAN – Static IP The following items are displayed on this screen: Static IP Connection Type: Select Static IP if your ISP has a
-14- Upstream Bandwidth: Specify the bandwidth for transmitting packets on the port. Downstream Bandwidth: Specify the bandwidth for receiving packet
-I- COPYRIGHT & TRADEMARKS Specifications are subject to change without notice. is a registered trademark of TP-LINK TECHNOLOGIES CO., LTD. Oth
-15- Dynamic IP Connection Type: Select Dynamic IP if your ISP assigns the IP address automatically. Click <Obtain> to get the IP address
-16- Dynamic IP Status Status: Displays the status of obtaining an IP address from your ISP. “Disabled” indicates that the Dynamic IP connectio
-17- Figure 3-8 WAN - PPPoE
-18- The following items are displayed on this screen: PPPoE Settings Connection Type: Select PPPoE if your ISP provides xDSL Virtual Dial-up co
-19- ISP Address: Optional. Enter the ISP address provided by your ISP. It's null by default. Service Name: Optional. Enter the Service Name pro
-20- PPPoE Status Status: Displays the status of PPPoE connection. “Disabled” indicates that the PPPoE connection type is not applied. “Co
-21- Figure 3-9 WAN - L2TP The following items are displayed on this screen: L2TP Settings Connection Type: Select L2TP if your ISP provides a
-22- Account Name: Enter the Account Name provided by your ISP. If you are not clear, please consult your ISP. Password: Enter the Password provided
-23- Primary DNS/ Secondary DNS: If Static IP is selected, configure the DNS. If Dynamic IP is selected, the obtained DNS is displayed. Upstream Ba
-24- 5) PPTP If your ISP (Internet Service Provider) has provided the account information for the PPTP connection, please choose the PPTP connection
-II- CONTENTS Package Contents...1 Cha
-25- <Disconnect> to disconnect the Internet connection and release the current IP address. Account Name: Enter the Account Name provided by
-26- Primary DNS/ Secondary DNS: If Static IP is selected, configure the DNS. If Dynamic IP is selected, the obtained DNS is displayed. Upstream Ba
-27- Figure 3-11 WAN – Bigpond The following items are displayed on this screen: BigPond Settings Connection Type: Select BigPond if your ISP p
-28- Auth Domain: Enter the domain name of authentication server. It's only required when the address of Auth Server is a server name. Auth Mode
-29- Default Gateway: Displays the IP address of the default gateway assigned by your ISP. Note: To ensure the BigPond connection re-established norm
-30- Choose the menu Network→LAN→DHCP to load the following page. Figure 3-13 DHCP Settings The following items are displayed on this screen: D
-31- Primary DNS: Optional. Enter the Primary DNS server address provided by your ISP. It is recommended to enter the IP address of the LAN port of t
-32- DHCP Reservation MAC Address: Enter the MAC address of the computer for which you want to reserve the IP address. IP Address: Enter the res
-33- Figure 3-16 DMZ – Public Mode In Private mode, the DMZ port allows the Hosts in DMZ to access Internet via NAT mode which translates private IP
-34- Figure 3-18 DMZ The following items are displayed on this screen: DMZ Status: Activate or inactivate this entry. The DMZ port functions a
-III- 3.3.3 Session Limit ...58 3.3.4 Load
-35- Set the MAC Address for LAN port: In a complex network topology with all the ARP bound devices, if you want to use TL-ER6020 instead of the curr
-36- MAC Clone: It’s only available for WAN port. Click the <Restore Factory MAC> button to restore the MAC address to the factory default valu
-37- The following items are displayed on this screen: Statistics Unicast: Displays the number of normal unicast packets received or transmitted o
-38- Choose the menu Network→Switch→Port Mirror to load the following page. Figure 3-21 Port Mirror The following items are displayed on this screen
-39- The entry in Figure 3-21 indicates: The outgoing packets sent by port 1, port 2, port 3 and port 5 (mirrored ports) will be copied to port 4 (mi
-40- Figure 3-22 Rate Control The following items are displayed on this screen: Rate Control Port: Displays the port number. Ingress Limit: Spe
-41- Figure 3-23 Port Config The following items are displayed on this screen: Port Config Status: Specify whether to enable the port. The packet
-42- 3.1.7.6 Port VLAN A VLAN (Virtual Local Area Network) is a network topology configured according to a logical scheme rather than the physical l
-43- 3.2.1 Group On this page you can define the group for management. Choose the menu User Group→Group to load the following page. Figure 3-26 G
-44- User Config User Name: Specify a unique name for the user. IP Address: Enter the IP Address of the user. It cannot be the network address or
-IV- 4.2 Network Topology...128 4.3 Con
-45- User Name: Select the name of the desired User. Available Group: Displays the Groups that the User can join. Selected Group: Displays the Groups
-46- The following items are displayed on this screen: NAPT Source Port Range: Enter the source port range between 2049 and 65000, the span of whi
-47- Interface: Select an interface for forwarding data packets. DMZ Forwarding: Enable or disable DMZ Forwarding. The packets transmitted to the Tra
-48- Subnet/Mask: Enter the subnet/mask to make the address range for the entry. Interface: Select the interface for the entry. You can select LAN or
-49- Configuration procedure 1. Establish the Multi-Nets NAT entries with Subnet/Mask of VLAN2 and VLAN3. The configured entries are as follows:
-50- Choose the menu Advanced→Routing→Static Route to load the following page. The Static Route entry is as follows: 3.3.1.4 Virtual Server Virtua
-51- Figure 3-32 Virtual Server The fo layed Virtual Server entries. Up to 28 characters can be Interface: Select an interface for forwarding dat
-52- Note: ● The External port and Internal Port should be set in the range of 1-65535. ● The external ports of different entries should be diffe
-53- p to 28 characters can be entered. Interface: Select an interface for forwarding data packets. Trigger Port: Enter the trigger port number or th
-54- 3.3.1.6 Some special protocols such as (Application Layer Gateway) service is enabled. Choose the menu Advanced→NAT→ALG to load the following p
-1- Package Contents The following items should be found in your package: One TL-ER6020 Router One Power Cord One Console Cable Two mounti
-55- 3.3.2.1 Setup Choose the menu Advanced→Traffic Control→Setup to load the following page. Figure 3-35 Configuration The following items are dis
-56- Interface B ndwidth Interface: tal bandwidth is equal to Bandwidth: e Downstream Bandwidth of WAN port can be configured on WAN page. aDispla
-57- Band Rule Direction: WAN port cannot be selected if Mode: h user equals to the current addresses d Bandwidth Specify the Guaranteed Upstrea
-58- Note: ● The premise for single rule taking effect is that the bandwidth of the interface for this rule is sufficient and not used up. ● It i
-59- Session Limit ion: Status: Activate or inactivate the entry. ssions for the hosts within group1 ed. Limit. Choose the menu Advanced→Sessio
-60- Figure 3-39 Configuration With the box before Enable Application Optimized Routing checked, the Router will consider the source IP address and
-61- The following items are displa is screen: Generalyed on th Protocol: Select the protocol for the entry in the drop-down list. If the protoco
-62- On this page, you can configure the Link Backup function based on actual need to reduce the traffic burden of WAN port and improve the network e
-63- Timing: Link Backup will be enabled if the specified effective time is reached. All the traffic on the primary WAN will switch to the backup WAN
-64- Figure 3-42 Protocol The following items are displayed on this screen: Protocol Name: Enter a name to indicate a protocol. The name will di
-2- Chapter 1 About this Guide This User Guide contains information for setup and management of TL-ER6020 Router. Please read this guide carefully b
-65- Choose the menu Advanced→Routing→Static Route to load the following page. Figure 3-43 Static Route The following items are displayed on this sc
-66- The first entry in Figure 3-43 indicates: If there are packets being sent to a device with IP address of 211.162.1.0 and subnet mask of 255.255.
-67- The distance of RIP refers to the hop counts that a data packet passes through before reaching its destination, the value range of which is 1–15
-68- Authentication: network situation, and the password should not be more than 15 characters. All Interfaces: Here you can operate all the interfac
-69- Flags: The Flags of route entry. The Flags describe certain characteristics of the route. Logical Interface: The logical interface of route entr
-70- Figure 3-46 IP-MAC Binding The following items are displayed on this screen: General It is recommended to check all the options. You should
-71- You can view the information of the entries and edit them by the Action buttons. The first entry in Figure 3-46 indicates: The IP address of 192
-72- Indicates that the IP and MAC address of this entry are already bound. To bind the entries in the list, check these entries and click the <I
-73- Figure 3-49 Attack Defense The following items are displayed on this screen: General Flood Defense: Flood attack is a commonly used DoS (De
-74- Packet Anomaly Defense: Packet Anomaly refers to the abnormal packets. It is recommended to select all the Packet Anomaly Defense options. Enabl
-3- Appendix A Hardware Specifications Lists the hardware specifications of this Router. Appendix B FAQ Provides the possible solutions to the prob
-75- List of Rules You can view the information of the entries and edit them by the Action buttons. 3.4.4 Access Control 3.4.4.1 URL Filtering
-76- Group: URL Filtering will take effect to all the users in group.Mode: Select the mode for URL Filtering. “Keyword’’ indicates that all the UR
-77- 3.4.4.2 Web Filtering On this page, you can filter the desired web components. Choose the menu Firewall→Access Control→Web Filtering to load th
-78- Policy: Select a policy for the entry: Block: When this option is selected, the packets obeyed the rule will not be permitted to pass through
-79- Priority: Select this option to specify the priority for the added entries. The latest enabled entry will be displayed at the end of the list by
-80- Figure 3-54 Service The following items are displayed on this screen: Service Name: Enter a name for the service. The name should not be mo
-81- 3.4.5 App Control 3.4.5.1 Control Rules On this page, you can enable the Application Rules function. Choose the menu Firewall→App Control→Cont
-82- Application: Click the <Application List> button to select applications from the popup checkbox. The applications include IM, Web IM, SNS,
-83- 3.5 VPN VPN (Virtual Private Network) is a private network established via the public network, generally via the Internet. However, the private
-84- 3.5.1.1 IKE Policy On this page you can configure the related parameters for IKE negotiation. Choose the menu VPN→IKE→IKE Policy to load the
-4- Chapter 2 Introduction Thanks for choosing the SafeStreamTM Gigabit Dual-WAN VPN Router TL-ER6020. 2.1 Overview of the Router The SafeStreamTM
-85- Exchange Mode: Select the IKE Exchange Mode in phase 1, and ensure the remote VPN peer uses the same mode. Main: Main mode provides identity
-86- DPD Interval: Enter the interval after which the DPD is triggered. List of IKE Policy In this table, you can view the information of IKE Poli
-87- Encryption: Specify the encryption algorithm for IKE negotiation. Options include: DES: DES (Data Encryption Standard) encrypts a 64-bit bloc
-88- 3.5.2.1 IPsec Policy On this page, you can define and edit the IPsec policy. Choose the menu VPN→IPsec→IPsec Policy to load the following pag
-89- Mode: Select the network mode for IPsec policy. Options include: LAN-to-LAN: Select this option when the client is a network. Client-to-LA
-90- Phase2. As it is independent of the key created in Phase1, this key can be secure even when the key in Phase1 is de-encrypted. Without PFS, the
-91- AH Authentication Key-Out: Specify the outbound AH Authentication Key manually if AH protocol is used in the corresponding IPsec Proposal. The o
-92- Figure 3-61 IPsec Proposal The following items are displayed on this screen: IPsec Proposal Proposal Name: Specify a unique name to the IP
-93- ESP Authentication: Select the algorithm used to verify the integrity of the data for ESP authentication. Options include: MD5: MD5 (Message
-94- outgoing SPI value are different. However, the Incoming SPI value must match the Outgoing SPI value at the other end of the tunnel, and vice ver
Kommentare zu diesen Handbüchern