TL-ER6020 Gigabit Dual-WAN VPN Router
REV1.0.1 1910010852
COPYRIGHT & TRADEMARKS
FCC STATEMENT
CE Mark Warning
CONTENTS
Chapter 1 About this Guide
Chapter 4 Application
Network Requirements
Hardware Specifications
Glossary
Chapter 5 CLI
Two mounting brackets and other fittings Installation Guide
Package Contents
One TL-ER6020 Router One Power Cord One Console Cable
The following items should be found in your package
1.1 Intended Readers
Symbol
Chapter 1 About this Guide
1.2 Conventions
Appendix B FAQ
Lists the hardware specifications of this Router
Specifications
Provides the possible solutions to the problems that may occur during
Chapter 2 Introduction
Powerful Data Processing Capability
Powerful Firewall
2.1 Overview of the Router
Easy-to-use
2.2 Features
Dual-WAN Ports
Hardware
Traffic Control
2.3 Appearance
2.3.1 Front Panel
Security
Status
Reset button
LEDs
Indication
Grounding Terminal
Power Socket
2.3.2 Rear Panel
Kensington Security Slot
3.1 Network
Chapter 3 Configuration
3.1.2 System Mode
3.1.1 Status
Figure 3-2 Network Topology - NAT Mode
Figure 3-3 Network Topology - Non-NAT Mode
NAT Mode
3.1.3 WAN
Non-NAT Mode
Classic Mode
1 Static IP
Static IP
Downstream
2 Dynamic IP
Upstream Bandwidth
Specify the bandwidth for receiving packets on the port
Dynamic IP
Dynamic IP Status
3 PPPoE
Figure 3-8 WAN - PPPoE
576-1492. The default MTU is 1480. It is recommended to keep the
PPPoE Settings
on. The connection can be re-established automatically when it
Enter the Account Name provided by your ISP. If you are not clear
Here allows you to configure the secondary connection. Dynamic IP
Dynamic IP is selected, the obtained subnet address of WAN port is
PPPoE Status
4 L2TP
correct and your network is connected well. Consult your ISP if
L2TP Settings
Figure 3-9 WAN - L2TP
The following items are displayed on this screen
Internet connection by the Connect or Disconnect button. It
Secondary DNS
L2TP Status
Primary DNS
Upstream Bandwidth
Figure 3-10 WAN - PPTP
PPTP Settings
5 PPTP
The following items are displayed on this screen
Account Name
PPTP Status Status
6 BigPond
Primary DNS Secondary DNS Upstream Bandwidth Downstream Bandwidth
BigPond Settings
IP Address
BigPond Status
Status
Subnet Mask
3.1.4.2 DHCP
3.1.4 LAN
3.1.4.1 LAN
LAN
DHCP Settings
3.1.4.3 DHCP Client
3.1.4.4 DHCP Reservation
3.1.5 DMZ
DHCP Reservation
List of Reserved Address
3.1.5.1 DMZ
3.1.6 MAC Address
DMZ
Tips
Set the MAC Address for DMZ port
Set the MAC Address for LAN port
Set the MAC Address for WAN port
MAC Address
3.1.7 Switch
3.1.7.1 Statistics
3.1.7.2 Port Mirror
Statistics
Tips
Mode
General
Port Mirror
Mirroring Port
3.1.7.3 Rate Control
Application Example
3.1.7.4 Port Config
Rate Control
Port Config
3.1.7.5 Port Status
Port VLAN
3.2 User Group
3.1.7.6 Port VLAN
Tips
3.2.2 User
Group Config
3.2.1 Group
List of Group
3.2.3 View
User Config
View Config
List of User
3.3.1.1 NAT Setup
3.3 Advanced
3.3.1 NAT
NAT-DMZ
3.3.1.2 One-to-One NAT
NAPT
One-to-One NAT
3.3.1.3 Multi-Nets NAT
List of Rules
Multi-Nets NAT
list of Rules
Application Example Network Requirements
Configuration procedure
3.3.1.4 Virtual Server
Protocol
Virtual Server
Interface
Status
3.3.1.5 Port Triggering
Port Triggering
List of Rules
Status
List of Rules
3.3.2 Traffic Control
3.3.1.6 ALG
ALG
3.3.2.1 Setup
Default Limit
General
3.3.2.2 Bandwidth Control
Interface Bandwidth
Bandwidth Control Rule
List of Rules
data flow might pass. Individual WAN port cannot be selected if
3.3.3 Session Limit
3.3.3.1 Session Limit
General
3.3.3.2 Session List
3.3.4.1 Configuration
3.3.4 Load Balance
Session Limit
3.3.4.2 Policy Routing
3.3.4.3 Link Backup
General
List of Rules
You can select Timing or Failover Mode
General
Failover
3.3.4.4 Protocol
Timing
Status :
Protocol
3.3.5 Routing
3.3.5.1 Static Route
List of Protocol
Static Route
List of Rules
3.3.5.2 RIP
Application Example
Choose the menu Advanced→Routing→RIP to load the following page
General
3.3.5.3 Route Table
List of RIP
3.4 Firewall
3.4.1 Anti ARP Spoofing
3.4.1.1 IP-MAC Binding
IP Address
IP-MAC Binding
General
Status
3.4.1.2 ARP Scanning
3.4.2 Attack Defense
3.4.1.3 ARP List
Figure 3-49 Attack Defense
The following items are displayed on this screen
General
Enable Attack
3.4.3 MAC Filtering
MAC Filtering
Packet Anomaly
URL Filtering Rule
3.4.4 Access Control
3.4.4.1 URL Filtering
List of Rules
List of Rules
Configuration Procedure
Select the mode for URL Filtering. “Keyword’’ indicates that all the
Application Example Network Requirements
3.4.4.3 Access Rules
Access Rules
3.4.4.2 Web Filtering
other service types can still pass through the Router. You can add
group on3.2.1 Group
Select the service for the entry. Only the service belonging to the
Select the Source IP Range for the entries, including the following
3.4.4.4 Service
Priority
List of Rules
Service
List of Service
Control Rules
3.4.5 App Control
3.4.5.1 Control Rules
General
3.4.5.2 Database
List of Rules
3.5 VPN
3.5.1 IKE
3.5.1.1 IKE Policy
IKE Policy
SA Lifetime Specify ISAKMP SA Lifetime in IKE negotiation
3.5.1.2 IKE Proposal
List of IKE Policy
IKE Proposal
3.5.2 IPsec
List of IKE Proposal
General
3.5.2.1 IPsec Policy
IPsec Policy
Policy Name
which PCs on the remote network are covered by this policy. Its
IKE Mode
policy on VPN→IKE→IKE Policy page
Gateway of the remote peer should be set to the IP address of
de-encrypted. Without PFS, the key in Phase2 is created based
Manual Mode
Phase2. As it is independent of the key created in Phase1, this
de-encrypted, the key in Phase2 is easy to be de-encrypted, in
3.5.2.2 IPsec Proposal
List of IPsec Policy IPsec
Tips
IPsec Proposal
3.5.2.3 IPsec SA
List of IPsec Proposal
3.5.3.1 L2TP/PPTP Tunnel
Authentication
3.5.3 L2TP/PPTP
Protocol
Protocol
L2TP/PPTP Tunnel
General
Mode
Enter the account name of L2TP/PPTP tunnel. It should be configured
Select the IP Pool Name to specify the address range for the servers
IP Address Pool
List of Configurations
3.5.3.2 IP Address Pool
List of IP Pool
3.5.3.3 List of L2TP/PPTP Tunnel
3.6 Services
3.6.1 PPPoE Server
3.6.1.1 General
Figure 3-66 General The following items are displayed on this screen
General
3.6.1.2 IP Address Pool
3.6.1.3 Account
IP Address Pool
List of IP Pool
Account
is 48. If Enable Advanced Account Features is not selected, the
3.6.1.4 Exceptional IP
List of Account
Exceptional IP
3.6.2 E-Bulletin
3.6.1.5 List of Account
List of Account
Interval
E-Bulletin
General
Title
3.6.3 Dynamic DNS
List of E-Bulletin
Tips
3.6.3.1 DynDNS
Dyndns DDNS
3.6.3.2 No-IP
List of DynDNS Account
No-IP DDNS
3.6.3.3 PeanutHull
List of No-IP Account
PeanutHull DDNS
3.6.3.4 Comexe
List of PeanutHull Account
Comexe DDNS
3.6.4 UPnP
List of Comexe Account
3.7.1.1 Administrator
3.7 Maintenance
3.7.1 Admin Setup
Administrator
3.7.1.2 Login Parameter
Re-enter the new password for confirmation
General
3.7.1.3 Remote Management
Remote Management
List of Subnet
3.7.2.2 Export and Import
3.7.2.1 Factory Defaults
3.7.2 Management
Configuration Procedure
Export
3.7.2.3 Reboot
Configuration Version
Import
3.7.2.4 Firmware Upgrade
3.7.3 License
3.7.4 Statistics
3.7.4.1 Interface Traffic Statistics
Interface Traffic Statistics
3.7.4.2 IP Traffic Statistics
Advanced WAN Information
Traffic Statistics
3.7.5 Diagnostics
3.7.5.1 Diagnostics
IP Traffic Statistics
Ping
Tracert
Displays whether the Online Detection is enabled
3.7.5.2 Online Detection
List of WAN status
General
Config
3.7.6 Time
Current Time
3.7.7 Logs
List of Logs
Config
Description
Level
Error conditions
Severity
Chapter 4 Application
4.1 Network Requirements
4.2 Network Topology 4.3 Configurations
4.3.1 Internet Setting
Tips
4.3.1.1 System Mode
4.3.1.3 Link Backup
4.3.1.2 Internet Connection
Settings
4.3.2 VPN Setting
1 IKE Setting
4.3.2.1 IPsec VPN
IKE Policy
AuthenticationMD5 Encryption3DES
Settings
Settings
2 IPsec Setting
IPsec Proposal
Tips
IPsec Policy
Settings
proposalIPsec1 you just created
4.3.2.2 PPTP VPN Setting
IP Address Pool
Tips
L2TP/PPTP Tunnel
Settings
L2TP/PPTPEnable ProtocolPPTP ModeServer UsernamePPTP Passwordabcdefg
Group
4.3.3 Network Management
4.3.3.1 User Group
User
Settings
4.3.3.2 App Control
View
Settings
1 Enable Bandwidth Control
4.3.3.3 Bandwidth Control
Settings
2 Interface Bandwidth
3 Bandwidth Control Rule
Keep the default value
4.3.4 Network Security
4.3.3.4 Session Limit
Settings
4.3.4.1 LAN ARP Defense
1 Scan and import the entries to ARP List
2 Set IP-MAC Binding Entry Manually
Settings
4.3.4.2 WAN ARP Defense
3 Set Attack Defense
00-11-22-33-44-aa
4.3.4.3 Attack Defense
4.3.4.4 Traffic Monitoring
1 Port Mirror
2 Statistics
Figure 4-23 IP Traffic Statistics
5.1 Configuration
Chapter 5 CLI
Figure 5-2 Connection Description
Figure 5-3 Select the port to connect
Figure 5-4 Port Settings
Figure 5-5 Connection Properties Settings 148
5.2 Interface Mode
enable
Accessing Path
Logout or Access the next mode
admin
Show command history
enable
Enter the privileged mode
IP configuration
Ip-mac Bind Mode normal
5.4 Command Introduction
TP-LINK ip-mac get mode
TP-LINK # ip-mac set mode restrict
This command will restore system, Continue?Y/N
TP-LINK # sys reboot This command will reboot system, Continue?Y/N
TP-LINK # sys restore
TP-LINK # sys export config
Get configuration file config bin succeed, file size is 7104 bytes
Password admin File name config.bin
Try to get the configuration file config.bin
TP-LINK sys show CPU Used Rate 1% TP-LINK # sys update
Enter new password Confirm new password
TP-LINK user get Username admin Password admin
TP-LINK user set password Enter old password
TP-LINK # user get Username admin Password admin
TP-LINK history
View the history command
5.4.6 exit
1. history 2. sys show 3. history
Standards
Appendix A Hardware Specifications
Power
Ports
Appendix B FAQ
4. Make sure that the NAT DMZ service is disabled
AH(Authentication Header)
Appendix C Glossary
Glossary
data authentication, and anti-replay services. ESP encapsulates
for services such as IPSec that require keys. Before any IPSec
Glossary
Description
Glossary
Description
Telnet is used for remote terminal connection, enabling users to
Glossary
Description
enterprise