TP-Link TL-ER6020 manual 3.1.3 WAN,  Non-NAT Mode,  Classic Mode, Static IP, Tips

Page 17
Non-NAT Mode

Non-NAT Mode

In this mode, the Router functions as the traditional Gateway and forwards the packets via routing protocol. The Hosts in different subnets can communicate with one another via the routing rules whereas no NAT is employed. For example: If the DMZ port of the Router is in WAN mode, the Hosts in the subnet of DMZ port can access the servers in Internet only when the Static Router rules permit.

Classic Mode Note:

In Non-NAT mode, all the NAT forwarding rules will be disabled.

Classic Mode

It's the combined mode of NAT mode and Non-NAT mode. In Classic mode, the Router will first transport the packets which are compliant with NAT forwarding rules and then match the other packets to the static routing rules. The matched packets will be transmitted based on the static routing rules and the unmatched ones will be dropped. In this way, the Router can implement NAT for the packets without blocking the packets in the different subnet of the ports.

3.1.3 WAN

TL-ER6020 provides the following six Internet connection types: Static IP, Dynamic IP, PPPoE/Russian PPPoE, L2TP/Russian L2TP, PPTP/Russian PPTP and BigPond. To configure the WAN, please first select the type of Internet connection provided by your ISP (Internet Service Provider).

Tips:

It’s allowed to set the IP addresses of both the WAN ports within the same subnet. However, to guarantee a normal communication, make sure that the WAN ports can access the same network, such as Internet or a local area network.

Choose the menu Network→WAN to load the configuration page.

1)Static IP

If a static IP address has been provided by your ISP, please choose the Static IP connection type to configure the parameters for WAN port manually.

-12-

Image 17
Contents REV1.0.1 1910010852 TL-ER6020 Gigabit Dual-WAN VPN RouterCE Mark Warning COPYRIGHT & TRADEMARKSFCC STATEMENT Chapter 1 About this Guide CONTENTSNetwork Requirements Chapter 4 ApplicationChapter 5 CLI Hardware SpecificationsGlossary  One TL-ER6020 Router  One Power Cord  One Console Cable Package Contents Two mounting brackets and other fittings  Installation Guide The following items should be found in your packageChapter 1 About this Guide Symbol1.1 Intended Readers 1.2 ConventionsSpecifications Lists the hardware specifications of this RouterAppendix B FAQ Provides the possible solutions to the problems that may occur during Powerful Firewall  Powerful Data Processing CapabilityChapter 2 Introduction 2.1 Overview of the Router Dual-WAN Ports 2.2 Features Easy-to-use Hardware2.3.1 Front Panel 2.3 AppearanceTraffic Control Security LEDs  Reset buttonStatus Indication2.3.2 Rear Panel  Power Socket Grounding Terminal  Kensington Security Slot3.1 Network Chapter 3 Configuration3.1.1 Status 3.1.2 System ModeFigure 3-3 Network Topology - Non-NAT Mode Figure 3-2 Network Topology - NAT Mode NAT Mode  Non-NAT Mode 3.1.3 WAN Classic Mode 1 Static IP Static IP Upstream Bandwidth 2 Dynamic IPDownstream Specify the bandwidth for receiving packets on the port Dynamic IP 3 PPPoE  Dynamic IP StatusFigure 3-8 WAN - PPPoE on. The connection can be re-established automatically when it  PPPoE Settings576-1492. The default MTU is 1480. It is recommended to keep the Enter the Account Name provided by your ISP. If you are not clearDynamic IP is selected, the obtained subnet address of WAN port is Here allows you to configure the secondary connection. Dynamic IPcorrect and your network is connected well. Consult your ISP if  PPPoE Status4 L2TP Figure 3-9 WAN - L2TP  L2TP SettingsInternet connection by the Connect or Disconnect button. It  L2TP Status Figure 3-10 WAN - PPTP  PPTP Settings5 PPTP Account Name Primary DNS Secondary DNS Upstream Bandwidth Downstream Bandwidth  PPTP Status Status6 BigPond  BigPond Settings  BigPond Status 3.1.4.1 LAN 3.1.4 LAN3.1.4.2 DHCP  LAN DHCP Settings 3.1.4.4 DHCP Reservation 3.1.4.3 DHCP Client List of Reserved Address 3.1.5 DMZ DHCP Reservation 3.1.5.1 DMZ  DMZ 3.1.6 MAC AddressSet the MAC Address for WAN port Set the MAC Address for LAN portSet the MAC Address for DMZ port  MAC Address3.1.7.1 Statistics 3.1.7 Switch Statistics 3.1.7.2 Port MirrorMirroring Port GeneralPort Mirror Application Example 3.1.7.3 Rate Control Rate Control 3.1.7.4 Port Config3.1.7.5 Port Status  Port Config Port VLAN 3.2 User Group3.1.7.6 Port VLAN 3.2.1 Group  Group Config3.2.2 User  List of Group View Config  User Config3.2.3 View  List of User3.3.1 NAT 3.3.1.1 NAT Setup3.3 Advanced  NAPT 3.3.1.2 One-to-One NAT NAT-DMZ  One-to-One NAT Multi-Nets NAT 3.3.1.3 Multi-Nets NAT List of Rules Application Example Network Requirements  list of RulesConfiguration procedure 3.3.1.4 Virtual Server Protocol  Virtual Server Port Triggering 3.3.1.5 Port Triggering List of Rules  ALG 3.3.2 Traffic Control3.3.1.6 ALG  General 3.3.2.1 Setup Default Limit  Interface Bandwidth 3.3.2.2 Bandwidth Controldata flow might pass. Individual WAN port cannot be selected if  Bandwidth Control Rule3.3.3.1 Session Limit 3.3.3 Session Limit3.3.4 Load Balance 3.3.4.1 Configuration3.3.3.2 Session List  Session Limit3.3.4.2 Policy Routing 3.3.4.3 Link Backup You can select Timing or Failover Mode Timing 3.3.4.4 ProtocolFailover Status :3.3.5.1 Static Route 3.3.5 Routing Protocol  List of Protocol Static Route 3.3.5.2 RIP Choose the menu Advanced→Routing→RIP to load the following page  List of RIP 3.3.5.3 Route Table3.4.1.1 IP-MAC Binding 3.4 Firewall3.4.1 Anti ARP Spoofing  IP-MAC Binding 3.4.1.2 ARP Scanning 3.4.1.3 ARP List 3.4.2 Attack DefenseFigure 3-49 Attack Defense  MAC Filtering 3.4.3 MAC FilteringEnable Attack Packet Anomaly URL Filtering Rule 3.4.4 Access Control3.4.4.1 URL Filtering Select the mode for URL Filtering. “Keyword’’ indicates that all the Configuration Procedure3.4.4.2 Web Filtering 3.4.4.3 Access Rules Access Rules Select the service for the entry. Only the service belonging to the group on3.2.1 Groupother service types can still pass through the Router. You can add Select the Source IP Range for the entries, including the followingPriority 3.4.4.4 Service List of Service  Service Control Rules 3.4.5 App Control3.4.5.1 Control Rules 3.4.5.2 Database 3.5.1 IKE 3.5 VPN IKE Policy 3.5.1.1 IKE PolicySA Lifetime Specify ISAKMP SA Lifetime in IKE negotiation  IKE Proposal 3.5.1.2 IKE Proposal List of IKE Policy  List of IKE Proposal 3.5.2 IPsec IPsec Policy 3.5.2.1 IPsec PolicyPolicy Name can be enteredpolicy on VPN→IKE→IKE Policy page  IKE Modewhich PCs on the remote network are covered by this policy. Its Gateway of the remote peer should be set to the IP address ofPhase2. As it is independent of the key created in Phase1, this  Manual Modede-encrypted. Without PFS, the key in Phase2 is created based de-encrypted, the key in Phase2 is easy to be de-encrypted, in List of IPsec Policy IPsec 3.5.2.2 IPsec Proposal IPsec Proposal  List of IPsec Proposal 3.5.2.3 IPsec SA3.5.3 L2TP/PPTP Authentication3.5.3.1 L2TP/PPTP Tunnel Protocol L2TP/PPTP Tunnel Select the IP Pool Name to specify the address range for the servers Enter the account name of L2TP/PPTP tunnel. It should be configured3.5.3.2 IP Address Pool  List of Configurations IP Address Pool  List of IP Pool3.6.1 PPPoE Server 3.6 Services3.5.3.3 List of L2TP/PPTP Tunnel 3.6.1.1 GeneralFigure 3-66 General The following items are displayed on this screen 3.6.1.2 IP Address Pool 3.6.1.3 Account  Account  List of Account is 48. If Enable Advanced Account Features is not selected, the3.6.1.4 Exceptional IP  Exceptional IP 3.6.2 E-Bulletin3.6.1.5 List of Account Interval  E-BulletinTitle Specify the interval to release the bulletin List of E-Bulletin 3.6.3 Dynamic DNS Dyndns DDNS 3.6.3.1 DynDNS No-IP DDNS 3.6.3.2 No-IP List of DynDNS Account  List of No-IP Account 3.6.3.3 PeanutHull PeanutHull DDNS  Comexe DDNS 3.6.3.4 Comexe List of PeanutHull Account  List of Comexe Account 3.6.4 UPnP3.7.1 Admin Setup 3.7 Maintenance3.7.1.1 Administrator  AdministratorRe-enter the new password for confirmation 3.7.1.2 Login Parameter List of Subnet 3.7.1.3 Remote Management Remote Management 3.7.2.2 Export and Import 3.7.2.1 Factory Defaults3.7.2 Management  Configuration Version 3.7.2.3 Reboot Export  Import3.7.3 License 3.7.2.4 Firmware Upgrade Interface Traffic Statistics 3.7.4 Statistics3.7.4.1 Interface Traffic Statistics  Advanced WAN Information 3.7.4.2 IP Traffic Statistics3.7.5.1 Diagnostics 3.7.5 Diagnostics Traffic Statistics  IP Traffic Statistics Tracert  PingDisplays whether the Online Detection is enabled 3.7.5.2 Online Detection List of WAN status  Current Time  Config3.7.6 Time  List of Logs 3.7.7 LogsError conditions LevelSeverity The system is unusable4.1 Network Requirements Chapter 4 Application4.3.1 Internet Setting 4.2 Network Topology 4.3 Configurations4.3.1.2 Internet Connection 4.3.1.3 Link Backup4.3.1.1 System Mode 1 IKE Setting 4.3.2 VPN SettingSettings 4.3.2.1 IPsec VPNAuthenticationMD5 Encryption3DES  IKE PolicyproposalIPsec1 2 IPsec Setting IPsec Proposal proposalIPsec1 you just created  IPsec Policy IP Address Pool 4.3.2.2 PPTP VPN SettingL2TP/PPTPEnable ProtocolPPTP ModeServer UsernamePPTP Passwordabcdefg  L2TP/PPTP Tunnel4.3.3.1 User Group 4.3.3 Network Management Group  User View 4.3.3.2 App Control4.3.3.3 Bandwidth Control 1 Enable Bandwidth ControlKeep the default value 2 Interface Bandwidth3 Bandwidth Control Rule 4.3.3.4 Session Limit 4.3.4 Network Security2 Set IP-MAC Binding Entry Manually 4.3.4.1 LAN ARP Defense1 Scan and import the entries to ARP List 00-11-22-33-44-aa 4.3.4.2 WAN ARP Defense3 Set Attack Defense 1 Port Mirror 4.3.4.3 Attack Defense4.3.4.4 Traffic Monitoring 2 Statistics Figure 4-23 IP Traffic Statistics Chapter 5 CLI 5.1 ConfigurationFigure 5-3 Select the port to connect Figure 5-2 Connection DescriptionFigure 5-5 Connection Properties Settings 148 Figure 5-4 Port Settings5.2 Interface Mode Logout or Access the next mode Accessing Pathenable adminShow command history enableIP configuration IP mac bind configuration5.4.2 ip-mac 5.4 Command Introduction5.4.1 ip TP-LINK ip get lan Lan Ip Lan MaskTP-LINK # sys restore TP-LINK # sys reboot This command will reboot system, Continue?Y/NThis command will restore system, Continue?Y/N TP-LINK # sys export configTry to get the configuration file config.bin Password admin File name config.binGet configuration file config bin succeed, file size is 7104 bytes TP-LINK sys show CPU Used Rate 1% TP-LINK # sys updateTP-LINK user set password Enter old password TP-LINK user get Username admin Password adminEnter new password Confirm new password TP-LINK # user get Username admin Password admin5.4.6 exit View the history commandTP-LINK history 1. history 2. sys show 3. historyPower Appendix A Hardware SpecificationsStandards PortsAppendix B FAQ 4. Make sure that the NAT DMZ service is disabled Glossary Appendix C GlossaryAH(Authentication Header) data authentication, and anti-replay services. ESP encapsulatesfor services such as IPSec that require keys. Before any IPSec Description enterprise Telnet is used for remote terminal connection, enabling users to
Related manuals
Manual 28 pages 30.84 Kb

TL-ER6020 specifications

The TP-Link TL-ER6020 is a robust and efficient router designed for small to medium-sized businesses seeking reliable network performance and advanced features. Combining dual WAN capability with comprehensive security features, it ensures that businesses can maintain consistent and secure internet connectivity, even during peak usage times or in the event of a failure from one ISP.

One of the primary features of the TL-ER6020 is its dual WAN support, which allows users to connect two different internet sources. This not only enhances reliability through load balancing but also ensures redundancy. In cases where the primary WAN connection fails, the router can seamlessly switch to the secondary connection, minimizing downtime and maintaining business operations.

Security is a critical aspect of any network appliance, and the TL-ER6020 does not disappoint. It comes equipped with multiple security features, including advanced firewall capabilities, IP/MAC/URL filtering, and DoS attacks prevention. These tools work together to provide a secure network environment, safeguarding sensitive business data from unauthorized access and potential threats.

The router also supports VLAN (Virtual Local Area Network) technology, which allows businesses to segment their networks for better performance and security. By creating separate networks for different departments or functions, companies can enhance their network management and control traffic flow more efficiently.

Additionally, the TL-ER6020 features quality of service (QoS) capabilities that prioritize network traffic based on user needs. This ensures that critical applications, such as VoIP or video conferencing, receive the bandwidth they require for optimal performance, while less critical traffic is deprioritized during peak times.

For user management, the TL-ER6020 includes an intuitive web-based interface that simplifies configuration and monitoring. Administrators can easily manage network settings, view statistics, and troubleshoot issues without the need for extensive technical expertise.

In terms of physical specifications, the TL-ER6020 is built with reliability in mind, featuring cooling vents to prevent overheating and an efficient power supply. Its compact design allows for easy placement in various environments, whether in a server room or on a desk.

Overall, the TP-Link TL-ER6020 is a solid choice for businesses looking to build a secure, versatile, and high-performance network. Its combination of dual WAN capabilities, strong security features, VLAN support, and QoS make it a comprehensive solution for modern networking needs.