REV1.0.1 1910010852
TL-ER6020 Gigabit Dual-WAN VPN Router
COPYRIGHT & TRADEMARKS
FCC STATEMENT
CE Mark Warning
Chapter 1 About this Guide
CONTENTS
Network Requirements
Chapter 4 Application
Hardware Specifications
Glossary
Chapter 5 CLI
One TL-ER6020 Router One Power Cord One Console Cable
Package Contents
Two mounting brackets and other fittings Installation Guide
The following items should be found in your package
Chapter 1 About this Guide
Symbol
1.1 Intended Readers
1.2 Conventions
Specifications
Lists the hardware specifications of this Router
Appendix B FAQ
Provides the possible solutions to the problems that may occur during
Powerful Firewall
Powerful Data Processing Capability
Chapter 2 Introduction
2.1 Overview of the Router
Dual-WAN Ports
2.2 Features
Easy-to-use
Hardware
2.3.1 Front Panel
2.3 Appearance
Traffic Control
Security
LEDs
Reset button
Status
Indication
2.3.2 Rear Panel
Power Socket
Grounding Terminal
Kensington Security Slot
3.1.2 System Mode
Chapter 3 Configuration
3.1 Network
3.1.1 Status
Figure 3-3 Network Topology - Non-NAT Mode
Figure 3-2 Network Topology - NAT Mode
NAT Mode
Classic Mode
Non-NAT Mode
3.1.3 WAN
1 Static IP
Static IP
Upstream Bandwidth
2 Dynamic IP
Downstream
Specify the bandwidth for receiving packets on the port
Dynamic IP
3 PPPoE
Dynamic IP Status
Figure 3-8 WAN - PPPoE
on. The connection can be re-established automatically when it
PPPoE Settings
576-1492. The default MTU is 1480. It is recommended to keep the
Enter the Account Name provided by your ISP. If you are not clear
Dynamic IP is selected, the obtained subnet address of WAN port is
Here allows you to configure the secondary connection. Dynamic IP
PPPoE Status
4 L2TP
correct and your network is connected well. Consult your ISP if
L2TP Settings
Figure 3-9 WAN - L2TP
The following items are displayed on this screen
Internet connection by the Connect or Disconnect button. It
Primary DNS
L2TP Status
Secondary DNS
Upstream Bandwidth
5 PPTP
PPTP Settings
Figure 3-10 WAN - PPTP
The following items are displayed on this screen
Account Name
PPTP Status Status
6 BigPond
Primary DNS Secondary DNS Upstream Bandwidth Downstream Bandwidth
BigPond Settings
Status
BigPond Status
IP Address
Subnet Mask
3.1.4.1 LAN
3.1.4 LAN
3.1.4.2 DHCP
LAN
DHCP Settings
3.1.4.4 DHCP Reservation
3.1.4.3 DHCP Client
3.1.5 DMZ
DHCP Reservation
List of Reserved Address
3.1.5.1 DMZ
3.1.6 MAC Address
DMZ
Tips
Set the MAC Address for WAN port
Set the MAC Address for LAN port
Set the MAC Address for DMZ port
MAC Address
3.1.7.1 Statistics
3.1.7 Switch
3.1.7.2 Port Mirror
Statistics
Tips
Port Mirror
General
Mode
Mirroring Port
Application Example
3.1.7.3 Rate Control
Rate Control
3.1.7.4 Port Config
3.1.7.5 Port Status
Port Config
3.1.7.6 Port VLAN
3.2 User Group
Port VLAN
Tips
3.2.1 Group
Group Config
3.2.2 User
List of Group
View Config
User Config
3.2.3 View
List of User
3.3.1.1 NAT Setup
3.3 Advanced
3.3.1 NAT
NAPT
3.3.1.2 One-to-One NAT
NAT-DMZ
One-to-One NAT
3.3.1.3 Multi-Nets NAT
List of Rules
Multi-Nets NAT
Application Example Network Requirements
list of Rules
Configuration procedure
3.3.1.4 Virtual Server
Interface
Virtual Server
Protocol
Status
3.3.1.5 Port Triggering
Port Triggering
List of Rules
List of Rules
Status
3.3.2 Traffic Control
3.3.1.6 ALG
ALG
3.3.2.1 Setup
Default Limit
General
Interface Bandwidth
3.3.2.2 Bandwidth Control
Bandwidth Control Rule
List of Rules
data flow might pass. Individual WAN port cannot be selected if
3.3.3 Session Limit
3.3.3.1 Session Limit
General
3.3.4 Load Balance
3.3.4.1 Configuration
3.3.3.2 Session List
Session Limit
3.3.4.2 Policy Routing
3.3.4.3 Link Backup
General
List of Rules
General
You can select Timing or Failover Mode
Timing
3.3.4.4 Protocol
Failover
Status :
3.3.5.1 Static Route
3.3.5 Routing
Protocol
List of Protocol
List of Rules
Static Route
Application Example
3.3.5.2 RIP
General
Choose the menu Advanced→Routing→RIP to load the following page
List of RIP
3.3.5.3 Route Table
3.4 Firewall
3.4.1 Anti ARP Spoofing
3.4.1.1 IP-MAC Binding
General
IP-MAC Binding
IP Address
Status
3.4.1.2 ARP Scanning
3.4.1.3 ARP List
3.4.2 Attack Defense
Figure 3-49 Attack Defense
The following items are displayed on this screen
General
MAC Filtering
3.4.3 MAC Filtering
Enable Attack
Packet Anomaly
3.4.4.1 URL Filtering
3.4.4 Access Control
URL Filtering Rule
List of Rules
Select the mode for URL Filtering. “Keyword’’ indicates that all the
Configuration Procedure
List of Rules
Application Example Network Requirements
3.4.4.3 Access Rules
Access Rules
3.4.4.2 Web Filtering
Select the service for the entry. Only the service belonging to the
group on3.2.1 Group
other service types can still pass through the Router. You can add
Select the Source IP Range for the entries, including the following
3.4.4.4 Service
Priority
List of Rules
List of Service
Service
3.4.5.1 Control Rules
3.4.5 App Control
Control Rules
General
List of Rules
3.4.5.2 Database
3.5.1 IKE
3.5 VPN
IKE Policy
3.5.1.1 IKE Policy
SA Lifetime Specify ISAKMP SA Lifetime in IKE negotiation
3.5.1.2 IKE Proposal
List of IKE Policy
IKE Proposal
List of IKE Proposal
3.5.2 IPsec
IPsec Policy
3.5.2.1 IPsec Policy
General
Policy Name
policy on VPN→IKE→IKE Policy page
IKE Mode
which PCs on the remote network are covered by this policy. Its
Gateway of the remote peer should be set to the IP address of
Phase2. As it is independent of the key created in Phase1, this
Manual Mode
de-encrypted. Without PFS, the key in Phase2 is created based
de-encrypted, the key in Phase2 is easy to be de-encrypted, in
3.5.2.2 IPsec Proposal
List of IPsec Policy IPsec
Tips
IPsec Proposal
List of IPsec Proposal
3.5.2.3 IPsec SA
3.5.3 L2TP/PPTP
Authentication
3.5.3.1 L2TP/PPTP Tunnel
Protocol
General
L2TP/PPTP Tunnel
Protocol
Mode
Select the IP Pool Name to specify the address range for the servers
Enter the account name of L2TP/PPTP tunnel. It should be configured
3.5.3.2 IP Address Pool
List of Configurations
IP Address Pool
List of IP Pool
3.6.1 PPPoE Server
3.6 Services
3.5.3.3 List of L2TP/PPTP Tunnel
3.6.1.1 General
General
Figure 3-66 General The following items are displayed on this screen
3.6.1.2 IP Address Pool
3.6.1.3 Account
IP Address Pool
List of IP Pool
Account
is 48. If Enable Advanced Account Features is not selected, the
3.6.1.4 Exceptional IP
List of Account
3.6.1.5 List of Account
3.6.2 E-Bulletin
Exceptional IP
List of Account
General
E-Bulletin
Interval
Title
3.6.3 Dynamic DNS
List of E-Bulletin
Tips
Dyndns DDNS
3.6.3.1 DynDNS
3.6.3.2 No-IP
List of DynDNS Account
No-IP DDNS
List of No-IP Account
3.6.3.3 PeanutHull
PeanutHull DDNS
3.6.3.4 Comexe
List of PeanutHull Account
Comexe DDNS
List of Comexe Account
3.6.4 UPnP
3.7.1 Admin Setup
3.7 Maintenance
3.7.1.1 Administrator
Administrator
3.7.1.2 Login Parameter
Re-enter the new password for confirmation
General
3.7.1.3 Remote Management
Remote Management
List of Subnet
3.7.2 Management
3.7.2.1 Factory Defaults
3.7.2.2 Export and Import
Configuration Procedure
Configuration Version
3.7.2.3 Reboot
Export
Import
3.7.3 License
3.7.2.4 Firmware Upgrade
3.7.4 Statistics
3.7.4.1 Interface Traffic Statistics
Interface Traffic Statistics
Advanced WAN Information
3.7.4.2 IP Traffic Statistics
3.7.5.1 Diagnostics
3.7.5 Diagnostics
Traffic Statistics
IP Traffic Statistics
Tracert
Ping
List of WAN status
3.7.5.2 Online Detection
Displays whether the Online Detection is enabled
General
Config
3.7.6 Time
Current Time
3.7.7 Logs
List of Logs
Config
Error conditions
Level
Description
Severity
4.1 Network Requirements
Chapter 4 Application
4.2 Network Topology 4.3 Configurations
4.3.1 Internet Setting
Tips
4.3.1.1 System Mode
4.3.1.3 Link Backup
4.3.1.2 Internet Connection
1 IKE Setting
4.3.2 VPN Setting
Settings
4.3.2.1 IPsec VPN
IKE Policy
AuthenticationMD5 Encryption3DES
Settings
IPsec Proposal
2 IPsec Setting
Settings
Tips
IPsec Policy
Settings
proposalIPsec1 you just created
4.3.2.2 PPTP VPN Setting
IP Address Pool
Tips
L2TP/PPTP Tunnel
Settings
L2TP/PPTPEnable ProtocolPPTP ModeServer UsernamePPTP Passwordabcdefg
4.3.3.1 User Group
4.3.3 Network Management
Group
User
View
4.3.3.2 App Control
Settings
Settings
4.3.3.3 Bandwidth Control
1 Enable Bandwidth Control
3 Bandwidth Control Rule
2 Interface Bandwidth
Settings
Keep the default value
4.3.4 Network Security
4.3.3.4 Session Limit
Settings
4.3.4.1 LAN ARP Defense
1 Scan and import the entries to ARP List
2 Set IP-MAC Binding Entry Manually
3 Set Attack Defense
4.3.4.2 WAN ARP Defense
Settings
00-11-22-33-44-aa
4.3.4.3 Attack Defense
4.3.4.4 Traffic Monitoring
1 Port Mirror
2 Statistics
Figure 4-23 IP Traffic Statistics
Chapter 5 CLI
5.1 Configuration
Figure 5-3 Select the port to connect
Figure 5-2 Connection Description
Figure 5-5 Connection Properties Settings 148
Figure 5-4 Port Settings
5.2 Interface Mode
Logout or Access the next mode
Accessing Path
enable
admin
Enter the privileged mode
enable
Show command history
IP configuration
TP-LINK ip-mac get mode
5.4 Command Introduction
Ip-mac Bind Mode normal
TP-LINK # ip-mac set mode restrict
TP-LINK # sys restore
TP-LINK # sys reboot This command will reboot system, Continue?Y/N
This command will restore system, Continue?Y/N
TP-LINK # sys export config
Try to get the configuration file config.bin
Password admin File name config.bin
Get configuration file config bin succeed, file size is 7104 bytes
TP-LINK sys show CPU Used Rate 1% TP-LINK # sys update
TP-LINK user set password Enter old password
TP-LINK user get Username admin Password admin
Enter new password Confirm new password
TP-LINK # user get Username admin Password admin
5.4.6 exit
View the history command
TP-LINK history
1. history 2. sys show 3. history
Power
Appendix A Hardware Specifications
Standards
Ports
Appendix B FAQ
4. Make sure that the NAT DMZ service is disabled
Glossary
Appendix C Glossary
AH(Authentication Header)
data authentication, and anti-replay services. ESP encapsulates
for services such as IPSec that require keys. Before any IPSec
Glossary
Description
Description
Glossary
Description
Glossary
Telnet is used for remote terminal connection, enabling users to
enterprise