Page 80
List of Rules
You can view the information of the entries and edit them by the Action buttons.
3.4.4 Access Control
3.4.4.1URL Filtering
URL (Uniform Resource Locator) specifies where an identified resource is available and the mechanism for retrieving it. URL Filter functions to filter the Internet URL address, so as to provide a convenient way for controlling the access to Internet from LAN hosts.
Choose the menu Firewall→Access Control→URL Filtering to load the following page.
Figure 3-51 URL Filtering
The following items are displayed on this screen:
General
To control the access to Internet for hosts in your private network, you are recommended to check the box before Enable URL Filtering and select a filtering rule based on the actual situation.
URL Filtering Rule
Object: | Select the range in which the URL Filtering takes effect: |
| ANY: URL Filtering will take effect to all the users. |
| -75- |
Contents
TL-ER6020 Gigabit Dual-WAN VPN Router
REV1.0.1 1910010852
CE Mark Warning
COPYRIGHT & TRADEMARKS
FCC STATEMENT
CONTENTS
Chapter 1 About this Guide
Chapter 4 Application
Network Requirements
Chapter 5 CLI
Hardware Specifications
Glossary
Package Contents
One TL-ER6020 Router One Power Cord One Console Cable
Two mounting brackets and other fittings Installation Guide
The following items should be found in your package
Symbol
Chapter 1 About this Guide
1.1 Intended Readers
1.2 Conventions
Lists the hardware specifications of this Router
Specifications
Appendix B FAQ
Provides the possible solutions to the problems that may occur during
Powerful Data Processing Capability
Powerful Firewall
Chapter 2 Introduction
2.1 Overview of the Router
2.2 Features
Dual-WAN Ports
Easy-to-use
Hardware
2.3 Appearance
2.3.1 Front Panel
Traffic Control
Security
Reset button
LEDs
Status
Indication
Power Socket
2.3.2 Rear Panel
Grounding Terminal
Kensington Security Slot
Chapter 3 Configuration
3.1 Network
3.1.1 Status
3.1.2 System Mode
Figure 3-2 Network Topology - NAT Mode
Figure 3-3 Network Topology - Non-NAT Mode
NAT Mode
3.1.3 WAN
Non-NAT Mode
Classic Mode
1 Static IP
Static IP
2 Dynamic IP
Upstream Bandwidth
Downstream
Specify the bandwidth for receiving packets on the port
Dynamic IP
Dynamic IP Status
3 PPPoE
Figure 3-8 WAN - PPPoE
PPPoE Settings
on. The connection can be re-established automatically when it
576-1492. The default MTU is 1480. It is recommended to keep the
Enter the Account Name provided by your ISP. If you are not clear
Here allows you to configure the secondary connection. Dynamic IP
Dynamic IP is selected, the obtained subnet address of WAN port is
correct and your network is connected well. Consult your ISP if
PPPoE Status
4 L2TP
L2TP Settings
Figure 3-9 WAN - L2TP
Internet connection by the Connect or Disconnect button. It
L2TP Status
Figure 3-10 WAN - PPTP
PPTP Settings
5 PPTP
Account Name
Primary DNS Secondary DNS Upstream Bandwidth Downstream Bandwidth
PPTP Status Status
6 BigPond
BigPond Settings
BigPond Status
3.1.4 LAN
3.1.4.1 LAN
3.1.4.2 DHCP
LAN
DHCP Settings
3.1.4.3 DHCP Client
3.1.4.4 DHCP Reservation
List of Reserved Address
3.1.5 DMZ
DHCP Reservation
3.1.5.1 DMZ
3.1.6 MAC Address
DMZ
Set the MAC Address for LAN port
Set the MAC Address for WAN port
Set the MAC Address for DMZ port
MAC Address
3.1.7 Switch
3.1.7.1 Statistics
3.1.7.2 Port Mirror
Statistics
Mirroring Port
General
Port Mirror
3.1.7.3 Rate Control
Application Example
3.1.7.4 Port Config
Rate Control
Port Config
3.1.7.5 Port Status
Port VLAN
3.2 User Group
3.1.7.6 Port VLAN
Group Config
3.2.1 Group
3.2.2 User
List of Group
User Config
View Config
3.2.3 View
List of User
3.3.1 NAT
3.3.1.1 NAT Setup
3.3 Advanced
3.3.1.2 One-to-One NAT
NAPT
NAT-DMZ
One-to-One NAT
Multi-Nets NAT
3.3.1.3 Multi-Nets NAT
List of Rules
list of Rules
Application Example Network Requirements
Configuration procedure
3.3.1.4 Virtual Server
Virtual Server
Protocol
3.3.1.5 Port Triggering
Port Triggering
Status
ALG
3.3.2 Traffic Control
3.3.1.6 ALG
General
3.3.2.1 Setup
Default Limit
3.3.2.2 Bandwidth Control
Interface Bandwidth
Bandwidth Control Rule
data flow might pass. Individual WAN port cannot be selected if
3.3.3 Session Limit
3.3.3.1 Session Limit
3.3.4.1 Configuration
3.3.4 Load Balance
3.3.3.2 Session List
Session Limit
3.3.4.2 Policy Routing
3.3.4.3 Link Backup
You can select Timing or Failover Mode
3.3.4.4 Protocol
Timing
Failover
Status :
3.3.5 Routing
3.3.5.1 Static Route
Protocol
List of Protocol
Static Route
3.3.5.2 RIP
Choose the menu Advanced→Routing→RIP to load the following page
3.3.5.3 Route Table
List of RIP
3.4.1.1 IP-MAC Binding
3.4 Firewall
3.4.1 Anti ARP Spoofing
IP-MAC Binding
3.4.1.2 ARP Scanning
3.4.2 Attack Defense
3.4.1.3 ARP List
Figure 3-49 Attack Defense
3.4.3 MAC Filtering
MAC Filtering
Enable Attack
Packet Anomaly
URL Filtering Rule
3.4.4 Access Control
3.4.4.1 URL Filtering
Configuration Procedure
Select the mode for URL Filtering. “Keyword’’ indicates that all the
3.4.4.2 Web Filtering
3.4.4.3 Access Rules
Access Rules
group on3.2.1 Group
Select the service for the entry. Only the service belonging to the
other service types can still pass through the Router. You can add
Select the Source IP Range for the entries, including the following
3.4.4.4 Service
Priority
Service
List of Service
Control Rules
3.4.5 App Control
3.4.5.1 Control Rules
3.4.5.2 Database
3.5 VPN
3.5.1 IKE
3.5.1.1 IKE Policy
IKE Policy
SA Lifetime Specify ISAKMP SA Lifetime in IKE negotiation
IKE Proposal
3.5.1.2 IKE Proposal
List of IKE Policy
3.5.2 IPsec
List of IKE Proposal
3.5.2.1 IPsec Policy
IPsec Policy
Policy Name
can be entered
IKE Mode
policy on VPN→IKE→IKE Policy page
which PCs on the remote network are covered by this policy. Its
Gateway of the remote peer should be set to the IP address of
Manual Mode
Phase2. As it is independent of the key created in Phase1, this
de-encrypted. Without PFS, the key in Phase2 is created based
de-encrypted, the key in Phase2 is easy to be de-encrypted, in
3.5.2.2 IPsec Proposal
List of IPsec Policy IPsec
IPsec Proposal
3.5.2.3 IPsec SA
List of IPsec Proposal
Authentication
3.5.3 L2TP/PPTP
3.5.3.1 L2TP/PPTP Tunnel
Protocol
L2TP/PPTP Tunnel
Enter the account name of L2TP/PPTP tunnel. It should be configured
Select the IP Pool Name to specify the address range for the servers
List of Configurations
3.5.3.2 IP Address Pool
IP Address Pool
List of IP Pool
3.6 Services
3.6.1 PPPoE Server
3.5.3.3 List of L2TP/PPTP Tunnel
3.6.1.1 General
Figure 3-66 General The following items are displayed on this screen
3.6.1.2 IP Address Pool
3.6.1.3 Account
Account
List of Account
is 48. If Enable Advanced Account Features is not selected, the
3.6.1.4 Exceptional IP
Exceptional IP
3.6.2 E-Bulletin
3.6.1.5 List of Account
E-Bulletin
Interval
Title
Specify the interval to release the bulletin
3.6.3 Dynamic DNS
List of E-Bulletin
3.6.3.1 DynDNS
Dyndns DDNS
No-IP DDNS
3.6.3.2 No-IP
List of DynDNS Account
3.6.3.3 PeanutHull
List of No-IP Account
PeanutHull DDNS
Comexe DDNS
3.6.3.4 Comexe
List of PeanutHull Account
3.6.4 UPnP
List of Comexe Account
3.7 Maintenance
3.7.1 Admin Setup
3.7.1.1 Administrator
Administrator
3.7.1.2 Login Parameter
Re-enter the new password for confirmation
List of Subnet
3.7.1.3 Remote Management
Remote Management
3.7.2.2 Export and Import
3.7.2.1 Factory Defaults
3.7.2 Management
3.7.2.3 Reboot
Configuration Version
Export
Import
3.7.2.4 Firmware Upgrade
3.7.3 License
Interface Traffic Statistics
3.7.4 Statistics
3.7.4.1 Interface Traffic Statistics
3.7.4.2 IP Traffic Statistics
Advanced WAN Information
3.7.5 Diagnostics
3.7.5.1 Diagnostics
Traffic Statistics
IP Traffic Statistics
Ping
Tracert
Displays whether the Online Detection is enabled
3.7.5.2 Online Detection
List of WAN status
Current Time
Config
3.7.6 Time
3.7.7 Logs
List of Logs
Level
Error conditions
Severity
The system is unusable
Chapter 4 Application
4.1 Network Requirements
4.2 Network Topology 4.3 Configurations
4.3.1 Internet Setting
4.3.1.2 Internet Connection
4.3.1.3 Link Backup
4.3.1.1 System Mode
4.3.2 VPN Setting
1 IKE Setting
Settings
4.3.2.1 IPsec VPN
IKE Policy
AuthenticationMD5 Encryption3DES
proposalIPsec1
2 IPsec Setting
IPsec Proposal
IPsec Policy
proposalIPsec1 you just created
4.3.2.2 PPTP VPN Setting
IP Address Pool
L2TP/PPTP Tunnel
L2TP/PPTPEnable ProtocolPPTP ModeServer UsernamePPTP Passwordabcdefg
4.3.3 Network Management
4.3.3.1 User Group
Group
User
4.3.3.2 App Control
View
1 Enable Bandwidth Control
4.3.3.3 Bandwidth Control
Keep the default value
2 Interface Bandwidth
3 Bandwidth Control Rule
4.3.4 Network Security
4.3.3.4 Session Limit
2 Set IP-MAC Binding Entry Manually
4.3.4.1 LAN ARP Defense
1 Scan and import the entries to ARP List
00-11-22-33-44-aa
4.3.4.2 WAN ARP Defense
3 Set Attack Defense
1 Port Mirror
4.3.4.3 Attack Defense
4.3.4.4 Traffic Monitoring
2 Statistics
Figure 4-23 IP Traffic Statistics
5.1 Configuration
Chapter 5 CLI
Figure 5-2 Connection Description
Figure 5-3 Select the port to connect
Figure 5-4 Port Settings
Figure 5-5 Connection Properties Settings 148
5.2 Interface Mode
Accessing Path
Logout or Access the next mode
enable
admin
enable
Show command history
IP configuration
IP mac bind configuration
5.4 Command Introduction
5.4.2 ip-mac
5.4.1 ip
TP-LINK ip get lan Lan Ip Lan Mask
TP-LINK # sys reboot This command will reboot system, Continue?Y/N
TP-LINK # sys restore
This command will restore system, Continue?Y/N
TP-LINK # sys export config
Password admin File name config.bin
Try to get the configuration file config.bin
Get configuration file config bin succeed, file size is 7104 bytes
TP-LINK sys show CPU Used Rate 1% TP-LINK # sys update
TP-LINK user get Username admin Password admin
TP-LINK user set password Enter old password
Enter new password Confirm new password
TP-LINK # user get Username admin Password admin
View the history command
5.4.6 exit
TP-LINK history
1. history 2. sys show 3. history
Appendix A Hardware Specifications
Power
Standards
Ports
Appendix B FAQ
4. Make sure that the NAT DMZ service is disabled
Appendix C Glossary
Glossary
AH(Authentication Header)
data authentication, and anti-replay services. ESP encapsulates
for services such as IPSec that require keys. Before any IPSec
Glossary
Telnet is used for remote terminal connection, enabling users to
enterprise