REV1.0.1 1910010852
TL-ER6020 Gigabit Dual-WAN VPN Router
FCC STATEMENT
COPYRIGHT & TRADEMARKS
CE Mark Warning
Chapter 1 About this Guide
CONTENTS
Network Requirements
Chapter 4 Application
Glossary
Hardware Specifications
Chapter 5 CLI
The following items should be found in your package
Package Contents
One TL-ER6020 Router One Power Cord One Console Cable
Two mounting brackets and other fittings Installation Guide
1.2 Conventions
Symbol
Chapter 1 About this Guide
1.1 Intended Readers
Provides the possible solutions to the problems that may occur during
Lists the hardware specifications of this Router
Specifications
Appendix B FAQ
2.1 Overview of the Router
Powerful Data Processing Capability
Powerful Firewall
Chapter 2 Introduction
Hardware
2.2 Features
Dual-WAN Ports
Easy-to-use
Security
2.3 Appearance
2.3.1 Front Panel
Traffic Control
Indication
Reset button
LEDs
Status
Kensington Security Slot
Power Socket
2.3.2 Rear Panel
Grounding Terminal
3.1.1 Status
Chapter 3 Configuration
3.1.2 System Mode
3.1 Network
Figure 3-3 Network Topology - Non-NAT Mode
Figure 3-2 Network Topology - NAT Mode
NAT Mode
1 Static IP
Non-NAT Mode
Classic Mode
3.1.3 WAN
Static IP
Specify the bandwidth for receiving packets on the port
2 Dynamic IP
Upstream Bandwidth
Downstream
Dynamic IP
3 PPPoE
Dynamic IP Status
Figure 3-8 WAN - PPPoE
Enter the Account Name provided by your ISP. If you are not clear
PPPoE Settings
on. The connection can be re-established automatically when it
576-1492. The default MTU is 1480. It is recommended to keep the
Dynamic IP is selected, the obtained subnet address of WAN port is
Here allows you to configure the secondary connection. Dynamic IP
4 L2TP
PPPoE Status
correct and your network is connected well. Consult your ISP if
Figure 3-9 WAN - L2TP
L2TP Settings
The following items are displayed on this screen
Internet connection by the Connect or Disconnect button. It
Upstream Bandwidth
L2TP Status
Primary DNS
Secondary DNS
The following items are displayed on this screen
PPTP Settings
5 PPTP
Figure 3-10 WAN - PPTP
Account Name
6 BigPond
PPTP Status Status
Primary DNS Secondary DNS Upstream Bandwidth Downstream Bandwidth
BigPond Settings
Subnet Mask
BigPond Status
Status
IP Address
LAN
3.1.4 LAN
3.1.4.1 LAN
3.1.4.2 DHCP
DHCP Settings
3.1.4.4 DHCP Reservation
3.1.4.3 DHCP Client
DHCP Reservation
3.1.5 DMZ
List of Reserved Address
3.1.5.1 DMZ
DMZ
3.1.6 MAC Address
Tips
MAC Address
Set the MAC Address for LAN port
Set the MAC Address for WAN port
Set the MAC Address for DMZ port
3.1.7.1 Statistics
3.1.7 Switch
Statistics
3.1.7.2 Port Mirror
Tips
Mirroring Port
General
Port Mirror
Mode
Application Example
3.1.7.3 Rate Control
Rate Control
3.1.7.4 Port Config
3.1.7.5 Port Status
Port Config
Tips
3.2 User Group
3.1.7.6 Port VLAN
Port VLAN
List of Group
Group Config
3.2.1 Group
3.2.2 User
List of User
User Config
View Config
3.2.3 View
3.3 Advanced
3.3.1.1 NAT Setup
3.3.1 NAT
One-to-One NAT
3.3.1.2 One-to-One NAT
NAPT
NAT-DMZ
List of Rules
3.3.1.3 Multi-Nets NAT
Multi-Nets NAT
Application Example Network Requirements
list of Rules
Configuration procedure
3.3.1.4 Virtual Server
Status
Virtual Server
Interface
Protocol
Port Triggering
3.3.1.5 Port Triggering
List of Rules
List of Rules
Status
3.3.1.6 ALG
3.3.2 Traffic Control
ALG
Default Limit
3.3.2.1 Setup
General
Interface Bandwidth
3.3.2.2 Bandwidth Control
List of Rules
Bandwidth Control Rule
data flow might pass. Individual WAN port cannot be selected if
3.3.3.1 Session Limit
3.3.3 Session Limit
General
Session Limit
3.3.4.1 Configuration
3.3.4 Load Balance
3.3.3.2 Session List
3.3.4.2 Policy Routing
General
3.3.4.3 Link Backup
List of Rules
General
You can select Timing or Failover Mode
Status :
3.3.4.4 Protocol
Timing
Failover
List of Protocol
3.3.5 Routing
3.3.5.1 Static Route
Protocol
List of Rules
Static Route
Application Example
3.3.5.2 RIP
General
Choose the menu Advanced→Routing→RIP to load the following page
List of RIP
3.3.5.3 Route Table
3.4.1 Anti ARP Spoofing
3.4 Firewall
3.4.1.1 IP-MAC Binding
Status
IP-MAC Binding
General
IP Address
3.4.1.2 ARP Scanning
3.4.1.3 ARP List
3.4.2 Attack Defense
The following items are displayed on this screen
Figure 3-49 Attack Defense
General
Packet Anomaly
3.4.3 MAC Filtering
MAC Filtering
Enable Attack
List of Rules
3.4.4 Access Control
3.4.4.1 URL Filtering
URL Filtering Rule
Application Example Network Requirements
Configuration Procedure
Select the mode for URL Filtering. “Keyword’’ indicates that all the
List of Rules
Access Rules
3.4.4.3 Access Rules
3.4.4.2 Web Filtering
Select the Source IP Range for the entries, including the following
group on3.2.1 Group
Select the service for the entry. Only the service belonging to the
other service types can still pass through the Router. You can add
Priority
3.4.4.4 Service
List of Rules
List of Service
Service
General
3.4.5 App Control
3.4.5.1 Control Rules
Control Rules
List of Rules
3.4.5.2 Database
3.5.1 IKE
3.5 VPN
IKE Policy
3.5.1.1 IKE Policy
SA Lifetime Specify ISAKMP SA Lifetime in IKE negotiation
List of IKE Policy
3.5.1.2 IKE Proposal
IKE Proposal
List of IKE Proposal
3.5.2 IPsec
Policy Name
3.5.2.1 IPsec Policy
IPsec Policy
General
Gateway of the remote peer should be set to the IP address of
IKE Mode
policy on VPN→IKE→IKE Policy page
which PCs on the remote network are covered by this policy. Its
de-encrypted, the key in Phase2 is easy to be de-encrypted, in
Manual Mode
Phase2. As it is independent of the key created in Phase1, this
de-encrypted. Without PFS, the key in Phase2 is created based
List of IPsec Policy IPsec
3.5.2.2 IPsec Proposal
Tips
IPsec Proposal
List of IPsec Proposal
3.5.2.3 IPsec SA
Protocol
Authentication
3.5.3 L2TP/PPTP
3.5.3.1 L2TP/PPTP Tunnel
Mode
L2TP/PPTP Tunnel
General
Protocol
Select the IP Pool Name to specify the address range for the servers
Enter the account name of L2TP/PPTP tunnel. It should be configured
List of IP Pool
List of Configurations
3.5.3.2 IP Address Pool
IP Address Pool
3.6.1.1 General
3.6 Services
3.6.1 PPPoE Server
3.5.3.3 List of L2TP/PPTP Tunnel
General
Figure 3-66 General The following items are displayed on this screen
3.6.1.2 IP Address Pool
IP Address Pool
3.6.1.3 Account
List of IP Pool
Account
3.6.1.4 Exceptional IP
is 48. If Enable Advanced Account Features is not selected, the
List of Account
List of Account
3.6.2 E-Bulletin
3.6.1.5 List of Account
Exceptional IP
Title
E-Bulletin
General
Interval
List of E-Bulletin
3.6.3 Dynamic DNS
Tips
Dyndns DDNS
3.6.3.1 DynDNS
List of DynDNS Account
3.6.3.2 No-IP
No-IP DDNS
List of No-IP Account
3.6.3.3 PeanutHull
PeanutHull DDNS
List of PeanutHull Account
3.6.3.4 Comexe
Comexe DDNS
List of Comexe Account
3.6.4 UPnP
Administrator
3.7 Maintenance
3.7.1 Admin Setup
3.7.1.1 Administrator
Re-enter the new password for confirmation
3.7.1.2 Login Parameter
General
Remote Management
3.7.1.3 Remote Management
List of Subnet
Configuration Procedure
3.7.2.1 Factory Defaults
3.7.2 Management
3.7.2.2 Export and Import
Import
3.7.2.3 Reboot
Configuration Version
Export
3.7.3 License
3.7.2.4 Firmware Upgrade
3.7.4.1 Interface Traffic Statistics
3.7.4 Statistics
Interface Traffic Statistics
Advanced WAN Information
3.7.4.2 IP Traffic Statistics
IP Traffic Statistics
3.7.5 Diagnostics
3.7.5.1 Diagnostics
Traffic Statistics
Tracert
Ping
General
3.7.5.2 Online Detection
List of WAN status
Displays whether the Online Detection is enabled
3.7.6 Time
Config
Current Time
List of Logs
3.7.7 Logs
Config
Severity
Level
Error conditions
Description
4.1 Network Requirements
Chapter 4 Application
4.3.1 Internet Setting
4.2 Network Topology 4.3 Configurations
Tips
4.3.1.3 Link Backup
4.3.1.1 System Mode
4.3.1.2 Internet Connection
4.3.2.1 IPsec VPN
4.3.2 VPN Setting
1 IKE Setting
Settings
AuthenticationMD5 Encryption3DES
IKE Policy
Settings
Tips
2 IPsec Setting
IPsec Proposal
Settings
Settings
IPsec Policy
proposalIPsec1 you just created
IP Address Pool
4.3.2.2 PPTP VPN Setting
Tips
Settings
L2TP/PPTP Tunnel
L2TP/PPTPEnable ProtocolPPTP ModeServer UsernamePPTP Passwordabcdefg
User
4.3.3 Network Management
4.3.3.1 User Group
Group
Settings
4.3.3.2 App Control
View
Settings
4.3.3.3 Bandwidth Control
1 Enable Bandwidth Control
Keep the default value
2 Interface Bandwidth
3 Bandwidth Control Rule
Settings
4.3.3.4 Session Limit
4.3.4 Network Security
Settings
1 Scan and import the entries to ARP List
4.3.4.1 LAN ARP Defense
2 Set IP-MAC Binding Entry Manually
00-11-22-33-44-aa
4.3.4.2 WAN ARP Defense
3 Set Attack Defense
Settings
4.3.4.4 Traffic Monitoring
4.3.4.3 Attack Defense
1 Port Mirror
2 Statistics
Figure 4-23 IP Traffic Statistics
Chapter 5 CLI
5.1 Configuration
Figure 5-3 Select the port to connect
Figure 5-2 Connection Description
Figure 5-5 Connection Properties Settings 148
Figure 5-4 Port Settings
5.2 Interface Mode
admin
Accessing Path
Logout or Access the next mode
enable
IP configuration
enable
Enter the privileged mode
Show command history
TP-LINK # ip-mac set mode restrict
5.4 Command Introduction
TP-LINK ip-mac get mode
Ip-mac Bind Mode normal
TP-LINK # sys export config
TP-LINK # sys reboot This command will reboot system, Continue?Y/N
TP-LINK # sys restore
This command will restore system, Continue?Y/N
TP-LINK sys show CPU Used Rate 1% TP-LINK # sys update
Password admin File name config.bin
Try to get the configuration file config.bin
Get configuration file config bin succeed, file size is 7104 bytes
TP-LINK # user get Username admin Password admin
TP-LINK user get Username admin Password admin
TP-LINK user set password Enter old password
Enter new password Confirm new password
1. history 2. sys show 3. history
View the history command
5.4.6 exit
TP-LINK history
Ports
Appendix A Hardware Specifications
Power
Standards
Appendix B FAQ
4. Make sure that the NAT DMZ service is disabled
data authentication, and anti-replay services. ESP encapsulates
Appendix C Glossary
Glossary
AH(Authentication Header)
Glossary
for services such as IPSec that require keys. Before any IPSec
Description
Description
Glossary
enterprise
Glossary
Description
Telnet is used for remote terminal connection, enabling users to