Manuals / TP-Link / Computer Equipment / Network Router

TP-Link TL-ER6020 About this Guide, Intended Readers, Conventions, Overview of this Guide, Symbol

Models: TL-ER6020

1 168

Download 168 pages 1.21 Kb

Page 7

Chapter 1 About this Guide

This User Guide contains information for setup and management of TL-ER6020 Router. Please read this guide carefully before operation.

1.1 Intended Readers

This Guide is intended for Network Engineer and Network Administrator.

1.2 Conventions

In this Guide the following conventions are used:

The Router or TL-ER6020 mentioned in this Guide stands for TL-ER6020 SafeStream Gigabit Dual-WAN VPN Router without any explanation.

Menu Name→Submenu Name→Tab page indicates the menu structure. Advanced→NAT

→Basic NAT means the Basic NAT page under the NAT menu option that is located under the Advanced menu.

Bold font indicates a toolbar icon, menu or menu item.

<Font> indicate a button.

Symbols in this Guide:

	Symbol	Description

	Note:	Ignoring this type of note might result in a malfunction or damage to the
	Note:	device.

	Tips:	This format indicates important information that helps you make better use of
	Tips:	your device.

1.3 Overview of this Guide

Chapter 1 About This Guide		Introduces the guide structure and conventions.
Chapter 2	Introduction	Introduces the features and appearance of TL-ER6020 router.
Chapter 3	Configurations	Introduces how to configure the Router via Web management page.
Chapter 4 Application		Introduces the practical application of the Router on the enterprise
		network.
Chapter5 CLI		Introduces how to log in and set up the Router using CLI commands by
		console port.

-2-

Image 7

TP-Link TL-ER6020 About this Guide, Intended Readers, Conventions, Overview of this Guide, Symbol, Description, device

Contents

REV1.0.1 1910010852 TL-ER6020 Gigabit Dual-WAN VPN RouterFCC STATEMENT COPYRIGHT & TRADEMARKSCE Mark Warning Chapter 1 About this Guide CONTENTSNetwork Requirements Chapter 4 ApplicationGlossary Hardware SpecificationsChapter 5 CLI The following items should be found in your package Package Contents One TL-ER6020 Router  One Power Cord  One Console Cable  Two mounting brackets and other fittings  Installation Guide1.2 Conventions SymbolChapter 1 About this Guide 1.1 Intended ReadersProvides the possible solutions to the problems that may occur during Lists the hardware specifications of this RouterSpecifications Appendix B FAQ2.1 Overview of the Router  Powerful Data Processing Capability Powerful Firewall Chapter 2 IntroductionHardware 2.2 Features Dual-WAN Ports  Easy-to-useSecurity 2.3 Appearance2.3.1 Front Panel Traffic ControlIndication  Reset button LEDs Status Kensington Security Slot  Power Socket2.3.2 Rear Panel  Grounding Terminal3.1.1 Status Chapter 3 Configuration3.1.2 System Mode 3.1 NetworkFigure 3-3 Network Topology - Non-NAT Mode Figure 3-2 Network Topology - NAT Mode NAT Mode 1 Static IP  Non-NAT Mode Classic Mode 3.1.3 WAN Static IP Specify the bandwidth for receiving packets on the port 2 Dynamic IPUpstream Bandwidth Downstream Dynamic IP 3 PPPoE  Dynamic IP StatusFigure 3-8 WAN - PPPoE Enter the Account Name provided by your ISP. If you are not clear  PPPoE Settingson. The connection can be re-established automatically when it 576-1492. The default MTU is 1480. It is recommended to keep theDynamic IP is selected, the obtained subnet address of WAN port is Here allows you to configure the secondary connection. Dynamic IP4 L2TP  PPPoE Statuscorrect and your network is connected well. Consult your ISP if Figure 3-9 WAN - L2TP  L2TP SettingsThe following items are displayed on this screen Internet connection by the Connect or Disconnect button. It Upstream Bandwidth  L2TP StatusPrimary DNS Secondary DNSThe following items are displayed on this screen  PPTP Settings5 PPTP Figure 3-10 WAN - PPTPAccount Name 6 BigPond  PPTP Status StatusPrimary DNS Secondary DNS Upstream Bandwidth Downstream Bandwidth  BigPond Settings Subnet Mask  BigPond StatusStatus IP Address LAN 3.1.4 LAN3.1.4.1 LAN 3.1.4.2 DHCP DHCP Settings 3.1.4.4 DHCP Reservation 3.1.4.3 DHCP Client DHCP Reservation 3.1.5 DMZ List of Reserved Address 3.1.5.1 DMZ  DMZ 3.1.6 MAC AddressTips  MAC Address Set the MAC Address for LAN portSet the MAC Address for WAN port Set the MAC Address for DMZ port3.1.7.1 Statistics 3.1.7 Switch Statistics 3.1.7.2 Port MirrorTips Mirroring Port GeneralPort Mirror ModeApplication Example 3.1.7.3 Rate Control Rate Control 3.1.7.4 Port Config3.1.7.5 Port Status  Port ConfigTips 3.2 User Group3.1.7.6 Port VLAN  Port VLAN List of Group  Group Config3.2.1 Group 3.2.2 User List of User  User Config View Config 3.2.3 View3.3 Advanced 3.3.1.1 NAT Setup3.3.1 NAT  One-to-One NAT 3.3.1.2 One-to-One NAT NAPT  NAT-DMZ List of Rules 3.3.1.3 Multi-Nets NAT Multi-Nets NAT Application Example Network Requirements  list of RulesConfiguration procedure 3.3.1.4 Virtual Server Status  Virtual ServerInterface Protocol Port Triggering 3.3.1.5 Port Triggering List of Rules  List of Rules Status3.3.1.6 ALG 3.3.2 Traffic Control ALG  Default Limit 3.3.2.1 Setup General  Interface Bandwidth 3.3.2.2 Bandwidth Control List of Rules  Bandwidth Control Ruledata flow might pass. Individual WAN port cannot be selected if 3.3.3.1 Session Limit 3.3.3 Session Limit General  Session Limit 3.3.4.1 Configuration3.3.4 Load Balance 3.3.3.2 Session List3.3.4.2 Policy Routing  General 3.3.4.3 Link Backup List of Rules  General You can select Timing or Failover ModeStatus ： 3.3.4.4 ProtocolTiming Failover List of Protocol 3.3.5 Routing3.3.5.1 Static Route  Protocol List of Rules  Static RouteApplication Example 3.3.5.2 RIP General Choose the menu Advanced→Routing→RIP to load the following page List of RIP 3.3.5.3 Route Table3.4.1 Anti ARP Spoofing 3.4 Firewall3.4.1.1 IP-MAC Binding Status  IP-MAC Binding General IP Address3.4.1.2 ARP Scanning 3.4.1.3 ARP List 3.4.2 Attack DefenseThe following items are displayed on this screen Figure 3-49 Attack Defense General Packet Anomaly 3.4.3 MAC Filtering MAC Filtering Enable Attack List of Rules 3.4.4 Access Control3.4.4.1 URL Filtering  URL Filtering RuleApplication Example Network Requirements Configuration ProcedureSelect the mode for URL Filtering. “Keyword’’ indicates that all the  List of Rules Access Rules 3.4.4.3 Access Rules3.4.4.2 Web Filtering Select the Source IP Range for the entries, including the following group on3.2.1 GroupSelect the service for the entry. Only the service belonging to the other service types can still pass through the Router. You can addPriority 3.4.4.4 Service List of Rules  List of Service  Service General 3.4.5 App Control3.4.5.1 Control Rules  Control Rules List of Rules 3.4.5.2 Database3.5.1 IKE 3.5 VPN IKE Policy 3.5.1.1 IKE PolicySA Lifetime Specify ISAKMP SA Lifetime in IKE negotiation  List of IKE Policy 3.5.1.2 IKE Proposal IKE Proposal  List of IKE Proposal 3.5.2 IPsecPolicy Name 3.5.2.1 IPsec Policy IPsec Policy  GeneralGateway of the remote peer should be set to the IP address of  IKE Modepolicy on VPN→IKE→IKE Policy page which PCs on the remote network are covered by this policy. Itsde-encrypted, the key in Phase2 is easy to be de-encrypted, in  Manual ModePhase2. As it is independent of the key created in Phase1, this de-encrypted. Without PFS, the key in Phase2 is created based List of IPsec Policy IPsec 3.5.2.2 IPsec ProposalTips  IPsec Proposal  List of IPsec Proposal 3.5.2.3 IPsec SAProtocol Authentication3.5.3 L2TP/PPTP 3.5.3.1 L2TP/PPTP TunnelMode  L2TP/PPTP Tunnel General ProtocolSelect the IP Pool Name to specify the address range for the servers Enter the account name of L2TP/PPTP tunnel. It should be configured List of IP Pool  List of Configurations3.5.3.2 IP Address Pool  IP Address Pool3.6.1.1 General 3.6 Services3.6.1 PPPoE Server 3.5.3.3 List of L2TP/PPTP Tunnel General Figure 3-66 General The following items are displayed on this screen3.6.1.2 IP Address Pool  IP Address Pool 3.6.1.3 Account List of IP Pool  Account 3.6.1.4 Exceptional IP is 48. If Enable Advanced Account Features is not selected, the List of Account  List of Account 3.6.2 E-Bulletin3.6.1.5 List of Account  Exceptional IPTitle  E-Bulletin General Interval List of E-Bulletin 3.6.3 Dynamic DNSTips  Dyndns DDNS 3.6.3.1 DynDNS List of DynDNS Account 3.6.3.2 No-IP No-IP DDNS  List of No-IP Account 3.6.3.3 PeanutHull PeanutHull DDNS  List of PeanutHull Account 3.6.3.4 Comexe Comexe DDNS  List of Comexe Account 3.6.4 UPnP Administrator 3.7 Maintenance3.7.1 Admin Setup 3.7.1.1 AdministratorRe-enter the new password for confirmation 3.7.1.2 Login Parameter General  Remote Management 3.7.1.3 Remote Management List of Subnet Configuration Procedure 3.7.2.1 Factory Defaults3.7.2 Management 3.7.2.2 Export and Import Import 3.7.2.3 Reboot Configuration Version  Export3.7.3 License 3.7.2.4 Firmware Upgrade3.7.4.1 Interface Traffic Statistics 3.7.4 Statistics Interface Traffic Statistics  Advanced WAN Information 3.7.4.2 IP Traffic Statistics IP Traffic Statistics 3.7.5 Diagnostics3.7.5.1 Diagnostics  Traffic Statistics Tracert  Ping General 3.7.5.2 Online Detection List of WAN status Displays whether the Online Detection is enabled3.7.6 Time  Config Current Time  List of Logs 3.7.7 Logs Config Severity LevelError conditions Description4.1 Network Requirements Chapter 4 Application4.3.1 Internet Setting 4.2 Network Topology 4.3 ConfigurationsTips 4.3.1.3 Link Backup 4.3.1.1 System Mode4.3.1.2 Internet Connection 4.3.2.1 IPsec VPN 4.3.2 VPN Setting1 IKE Setting SettingsAuthenticationMD5 Encryption3DES  IKE PolicySettings Tips 2 IPsec Setting IPsec Proposal SettingsSettings  IPsec PolicyproposalIPsec1 you just created  IP Address Pool 4.3.2.2 PPTP VPN SettingTips Settings  L2TP/PPTP TunnelL2TP/PPTPEnable ProtocolPPTP ModeServer UsernamePPTP Passwordabcdefg  User 4.3.3 Network Management4.3.3.1 User Group  GroupSettings 4.3.3.2 App Control View Settings4.3.3.3 Bandwidth Control 1 Enable Bandwidth ControlKeep the default value 2 Interface Bandwidth3 Bandwidth Control Rule Settings4.3.3.4 Session Limit 4.3.4 Network SecuritySettings 1 Scan and import the entries to ARP List 4.3.4.1 LAN ARP Defense2 Set IP-MAC Binding Entry Manually 00-11-22-33-44-aa 4.3.4.2 WAN ARP Defense3 Set Attack Defense Settings4.3.4.4 Traffic Monitoring 4.3.4.3 Attack Defense1 Port Mirror 2 Statistics Figure 4-23 IP Traffic Statistics Chapter 5 CLI 5.1 ConfigurationFigure 5-3 Select the port to connect Figure 5-2 Connection DescriptionFigure 5-5 Connection Properties Settings 148 Figure 5-4 Port Settings5.2 Interface Mode admin Accessing PathLogout or Access the next mode enableIP configuration enableEnter the privileged mode Show command historyTP-LINK # ip-mac set mode restrict 5.4 Command IntroductionTP-LINK ip-mac get mode Ip-mac Bind Mode normalTP-LINK # sys export config TP-LINK # sys reboot This command will reboot system, Continue?Y/NTP-LINK # sys restore This command will restore system, Continue?Y/NTP-LINK sys show CPU Used Rate 1% TP-LINK # sys update Password admin File name config.binTry to get the configuration file config.bin Get configuration file config bin succeed, file size is 7104 bytesTP-LINK # user get Username admin Password admin TP-LINK user get Username admin Password adminTP-LINK user set password Enter old password Enter new password Confirm new password1. history 2. sys show 3. history View the history command5.4.6 exit TP-LINK historyPorts Appendix A Hardware SpecificationsPower StandardsAppendix B FAQ 4. Make sure that the NAT DMZ service is disabled data authentication, and anti-replay services. ESP encapsulates Appendix C GlossaryGlossary AH（Authentication Header）Glossary for services such as IPSec that require keys. Before any IPSecDescription Description Glossaryenterprise GlossaryDescription Telnet is used for remote terminal connection, enabling users to