TP-Link TL-ER6120 manual Firewall, Anti ARP Spoofing, IP-MAC Binding

Page 75

Destination:

The Destination of route entry.

Gateway:

The Gateway of route entry.

Flags:

The Flags of route entry. The Flags describe certain characteristics of the

 

route.

Logical Interface:

The logical interface of route entry.

Physical

The physical interface of route entry.

Interface:

 

Metric

The Metric of route entry.

3.4 Firewall

3.4.1 Anti ARP Spoofing

ARP (Address Resolution Protocol) is used to analyze and map IP addresses to the corresponding MAC addresses so that packets can be delivered to their destinations correctly.

ARP functions to translate the IP address into the corresponding MAC address and maintain an ARP Table, where the latest used IP address-to-MAC address mapping entries are stored. ARP protocol can facilitate the Hosts in the same network segment to communicate with one another or access to external network via Gateway. However, since ARP protocol is implemented with the premise that all the Hosts and Gateways are trusted, there are high security risks during ARP Implementation Procedure in the actual complex network.

The attacker may send the ARP spoofing packets with false IP address-to-MAC address mapping entries, and then the device will automatically update the ARP table after receiving wrong ARP packets, which results in a breakdown of the normal communication. Thus, ARP defense technology is generated to prevent the network from this kind of attack.

3.4.1.1IP-MAC Binding

IP-MAC Binding functions to bind the IP address, MAC address of the host together and only allows the Hosts matching the bound entries to access the network.

Choose the menu Firewall→Anti ARP Spoofing→IP-MAC Binding to load the following page.

-70-

Page 74 Page 76
Image 75
Page 74 Page 76
Contents TL-ER6120 Multi-WAN VPN Router Copyright & Trademarks FCC Statement Contents III Application 128Hardware Specifications 158 159Glossary 161 Package Contents Intended Readers ConventionsOverview of this Guide Page Overview of the Router Hardware FeaturesMulti-WAN Ports Easy-to-useSecurity AppearanceFront Panel Traffic ControlInterface Description Reset buttonLEDs Status IndicationPower Socket Rear PanelGrounding Terminal Status NetworkStatus System ModePage Non-NAT Mode NAT Mode3 WAN WAN ModeClassic Mode ¾ WAN ModeStatic IP 3.2 WAN1Subnet Mask Default GatewayConnection Type IP Address¾ Dynamic IP WAN Dynamic IP Following items are displayed on this screenServer Get IP Address byUnicast Use the following DNSPPPoE WAN PPPoE Following items are displayed on this screen ¾ PPPoE SettingsService Name PasswordActive Mode SettingsSubnet Address Downstream Bandwidth¾ PPPoE Status L2TP 10 WAN L2TP Following items are displayed on this screen ¾ L2TP SettingsServer IP SecondaryConnections Primary DNS/Secondary DNS Upstream Bandwidth Downstream ¾ L2TP StatusStatus IP Address Primary DNS Secondary DNS 11 WAN Pptp Following items are displayed on this screen ¾ Pptp SettingsAccount Name BigPond PrimaryDNS/Secondary DNS ¾ Pptp Status¾ BigPond Settings ¾ BigPond Status 4.1 LAN 4 LANDhcp ¾ Dhcp SettingsDhcp Reservation Dhcp Client¾ List of Reserved Address ¾ Dhcp Reservation5.1 DMZ 5 DMZMAC Address ¾ DMZMode ¾ MAC Address Set the MAC Address for LAN portSet the MAC Address for WAN port Set the MAC Address for DMZ portSwitch Statistics¾ Statistics Port Mirror ¾ Port Mirror ¾ GeneralApplication Example Rate Control¾ Rate Control Port ConfigPort Status ¾ Port ConfigUser Group Port Vlan¾ Port Vlan ¾ List of Group ¾ Group ConfigGroup UserGroup Name Select the name of the desired Group ¾ User ConfigView ¾ List of UserNAT Setup Advanced1 NAT DMZ Forwarding One-to-One NATMapping IP Address Interface¾ Multi-Nets NAT Multi-Nets NATApplication Example Network Requirements Configuration procedure Virtual Server ¾ Virtual ServerProtocol Port Triggering ¾ Port Triggering 1.6 ALG323 ALG SetupTraffic Control ¾ ALG¾ Interface Bandwidth UseBandwidth Control Bandwidth Up Limited Bandwidth GuaranteedDirection GroupSession Limit Session Limit¾ Session Limit ConfigurationLoad Balance Session List39 Policy Routing Policy RoutingWAN Link Backup40 Link Backup Following items are displayed on this screen Failover BackupProtocol Timing¾ List of Protocol RoutingStatic Route ¾ ProtocolMetric Description Status ¾ Static RouteApplication Example 43 RIP Following items are displayed on this screen 5.2 RIP¾ List of RIP Route TableFirewall Anti ARP SpoofingIP-MAC Binding ¾ IP-MAC Binding 46 ARP Scanning ARP ScanningARP List Attack Defense¾ General MAC Filtering Not sure¾ MAC Filtering URL Filtering Access ControlObject ¾ URL Filtering RuleWeb Filtering Access Rules¾ Access Rules ServicePolicy Priority SourceGroup on3.2.1 Group Destination53 Service ServiceDest. Port App ControlControl Rules NameApplication ¾ Control RulesDatabase VPNIKE Policy 1 IKE¾ IKE Policy 57 IKE Policy Following items are displayed on this screen¾ List of IKE Policy IKE Proposal¾ IKE Proposal 58 IKE Proposal Following items are displayed on this screenIPsec IPsec Policy¾ List of IKE Proposal Policy Name ¾ IPsec PolicyIKE Mode Key-In Manual ModeIPsec Proposal Incoming SPI¾ List of IPsec Policy IPsec IPsec ProposalOutgoing SPI Key-Out¾ IPsec Proposal ¾ List of IPsec Proposal IPsec SAProtocol Media Tunnel Length of Header Authentication 3 L2TP/PPTP3.1 L2TP/PPTP Tunnel VPN-to-Internet Hello Interval¾ L2TP/PPTP Tunnel Page Remote Subnet ¾ List of ConfigurationsIP Address Pool IP Pool¾ List of IP Pool ServicesPPPoE Server List of L2TP/PPTP TunnelMax Sessions GeneralPPPoE User Isolation Primary/SecondaryIP Address Pool Account Pool NameIP Address Range Expiration Date ¾ Account¾ Exceptional IP Status MAC Binding MAC Address Session TimeoutExceptional IP ¾ List of AccountBulletin List of AccountIP Address Range Description Status ¾ E-Bulletin Enable E-BulletinEnable Logs IntervalContent Object Effective Time Publisher Description Status Dynamic DNS¾ List of E-Bulletin Domain Name Ddns ServiceDynDNS ¾ Dyndns DdnsNo-IP ¾ List of DynDNS Account¾ No-IP Ddns PeanutHull ¾ List of No-IP Account¾ PeanutHull Ddns Comexe ¾ List of PeanutHull Account¾ Comexe Ddns ¾ List of Comexe Account UPnP¾ List of UPnP Mapping MaintenanceAdmin Setup Administrator¾ Administrator Login ParameterApplication Example Network Requirements ¾ Remote Management Factory DefaultsManagement Remote Management¾ Export Reboot¾ Configuration Version Export and ImportLicense Firmware UpgradeStatistics Interface Traffic Statistics¾ Interface Traffic Statistics Interface Displays the interface IP Fragment Rx IP Traffic StatisticsDisplays the rate for receiving data frames ¾ Advanced WAN InformationSorted by DiagnosticsDiagnostics ¾ IP Traffic Statistics¾ Ping 86 Diagnostics Following items are displayed on this screenOnline Detection ¾ TracertDetecting System Time TimePort Displays the detected WAN port Detection WAN Status Display the detecting resultsSynchronize With LogsGet GMT ManualLevel Description Send System LogsNetwork Requirements ApplicationInternet Setting Network Topology ConfigurationsInternet Connection System ModeLink Backup 131 IPsec VPN VPN SettingDPD IPsec Setting IPsec ProposalIPsec Policy WAN WAN1 Pptp VPN Setting IP Address PoolL2TP/PPTP Tunnel Network Management User GroupGroup View UserApp Control Enable Bandwidth ControlBandwidth Control Rule Interface Bandwidth16 Bandwidth Control Rule Network SecurityLAN ARP Defense Scan and import the entries to ARP ListSet IP-MAC Binding Entry Manually Set Attack Defense WAN ARP DefenseAttack Defense Traffic MonitoringPort Mirror Statistics 23 Port MirrorPage CLI ConfigurationPage Connection Properties Settings 149 Mode Accessing Path Prompt Logout or Access the next Interface ModeOnline Help AdminGet Get the ip configuration Command IntroductionIp-mac 1 ip3 sys TP-LINK # sys restore TP-LINK # sys import config History TP-LINK user set password Enter old passwordExit Transmission Medium PowerStandards PortsAppendix B FAQ Page Glossary Description Appendix C GlossaryAllows dissimilar communication devices to communicate By the Ieee Glossary Description
Related manuals
Manual 28 pages 33.55 Kb

TL-ER6120 specifications

The TP-Link TL-ER6120 is a robust and versatile gigabit router designed for small to medium-sized businesses, offering high-performance routing capabilities while ensuring secure network management. This device stands out for its user-friendly configuration, affordability, and rich feature set tailored for business needs.

One of the key features of the TL-ER6120 is its advanced routing capabilities. It supports load balancing and failover, ensuring reliable internet connectivity by distributing traffic across multiple WAN ports. This helps to maintain optimal performance even during high-traffic periods. The router can accommodate up to three WAN ports, providing flexibility in terms of connection options and redundancy.

Security is paramount in any business network, and the TL-ER6120 does not disappoint. It includes a robust firewall with stateful packet inspection, preventing unauthorized access and safeguarding sensitive data. The router also supports various VPN protocols, including PPTP, L2TP, and IPSec, enabling secure remote access for employees working from remote locations. This feature is particularly beneficial as remote work becomes more prevalent.

In addition to its security features, the TL-ER6120 offers support for VLAN configuration, allowing businesses to segment their networks for better performance and security. Dynamic Routing Protocols such as RIP v1/v2, and static routing are also supported, ensuring seamless data exchange across different network segments.

Another significant aspect of the TL-ER6120 is its Quality of Service (QoS) functionality. This feature enables users to prioritize bandwidth for critical applications, ensuring that services like VoIP and video conferencing maintain optimal performance. By managing the flow of data, businesses can enhance their operational efficiency.

The TL-ER6120 is equipped with several advanced management features, including a web-based user interface that simplifies network configuration and monitoring. Users can easily manage their network settings, view traffic statistics, and troubleshoot issues without advanced technical knowledge.

In conclusion, the TP-Link TL-ER6120 is an excellent choice for businesses seeking a reliable, feature-rich router. Its combination of security, performance, and ease of use makes it an ideal solution for managing business networks efficiently. Whether for load balancing, secure remote access, or network segmentation, the TL-ER6120 meets diverse business needs with sophistication and reliability.
Top Page Image Contents