TP-Link TL-ER6020 SafeStream Bedienungsanleitung

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168

Zur Seite of

Richtige Gebrauchsanleitung

Die Vorschriften verpflichten den Verkäufer zur Übertragung der Gebrauchsanleitung TP-Link TL-ER6020 SafeStream an den Erwerber, zusammen mit der Ware. Eine fehlende Anleitung oder falsche Informationen, die dem Verbraucher übertragen werden, bilden eine Grundlage für eine Reklamation aufgrund Unstimmigkeit des Geräts mit dem Vertrag. Rechtsmäßig lässt man das Anfügen einer Gebrauchsanleitung in anderer Form als Papierform zu, was letztens sehr oft genutzt wird, indem man eine grafische oder elektronische Anleitung von TP-Link TL-ER6020 SafeStream, sowie Anleitungsvideos für Nutzer beifügt. Die Bedingung ist, dass ihre Form leserlich und verständlich ist.

Was ist eine Gebrauchsanleitung?

Das Wort kommt vom lateinischen „instructio”, d.h. ordnen. Demnach kann man in der Anleitung TP-Link TL-ER6020 SafeStream die Beschreibung der Etappen der Vorgehensweisen finden. Das Ziel der Anleitung ist die Belehrung, Vereinfachung des Starts, der Nutzung des Geräts oder auch der Ausführung bestimmter Tätigkeiten. Die Anleitung ist eine Sammlung von Informationen über ein Gegenstand/eine Dienstleistung, ein Hinweis.

Leider widmen nicht viele Nutzer ihre Zeit der Gebrauchsanleitung TP-Link TL-ER6020 SafeStream. Eine gute Gebrauchsanleitung erlaubt nicht nur eine Reihe zusätzlicher Funktionen des gekauften Geräts kennenzulernen, sondern hilft dabei viele Fehler zu vermeiden.

Was sollte also eine ideale Gebrauchsanleitung beinhalten?

Die Gebrauchsanleitung TP-Link TL-ER6020 SafeStream sollte vor allem folgendes enthalten:
- Informationen über technische Daten des Geräts TP-Link TL-ER6020 SafeStream
- Den Namen des Produzenten und das Produktionsjahr des Geräts TP-Link TL-ER6020 SafeStream
- Grundsätze der Bedienung, Regulierung und Wartung des Geräts TP-Link TL-ER6020 SafeStream
- Sicherheitszeichen und Zertifikate, die die Übereinstimmung mit entsprechenden Normen bestätigen

Warum lesen wir keine Gebrauchsanleitungen?

Der Grund dafür ist die fehlende Zeit und die Sicherheit, was die bestimmten Funktionen der gekauften Geräte angeht. Leider ist das Anschließen und Starten von TP-Link TL-ER6020 SafeStream zu wenig. Eine Anleitung beinhaltet eine Reihe von Hinweisen bezüglich bestimmter Funktionen, Sicherheitsgrundsätze, Wartungsarten (sogar das, welche Mittel man benutzen sollte), eventueller Fehler von TP-Link TL-ER6020 SafeStream und Lösungsarten für Probleme, die während der Nutzung auftreten könnten. Immerhin kann man in der Gebrauchsanleitung die Kontaktnummer zum Service TP-Link finden, wenn die vorgeschlagenen Lösungen nicht wirksam sind. Aktuell erfreuen sich Anleitungen in Form von interessanten Animationen oder Videoanleitungen an Popularität, die den Nutzer besser ansprechen als eine Broschüre. Diese Art von Anleitung gibt garantiert, dass der Nutzer sich das ganze Video anschaut, ohne die spezifizierten und komplizierten technischen Beschreibungen von TP-Link TL-ER6020 SafeStream zu überspringen, wie es bei der Papierform passiert.

Warum sollte man Gebrauchsanleitungen lesen?

In der Gebrauchsanleitung finden wir vor allem die Antwort über den Bau sowie die Möglichkeiten des Geräts TP-Link TL-ER6020 SafeStream, über die Nutzung bestimmter Accessoires und eine Reihe von Informationen, die erlauben, jegliche Funktionen und Bequemlichkeiten zu nutzen.

Nach dem gelungenen Kauf des Geräts, sollte man einige Zeit für das Kennenlernen jedes Teils der Anleitung von TP-Link TL-ER6020 SafeStream widmen. Aktuell sind sie genau vorbereitet oder übersetzt, damit sie nicht nur verständlich für die Nutzer sind, aber auch ihre grundliegende Hilfs-Informations-Funktion erfüllen.

Inhaltsverzeichnis der Gebrauchsanleitungen

  • Seite 1

    TL-ER6020 Gigabit Dual-W AN VPN Router REV1.0.1 1910010852[...]

  • Seite 2

    -I- COPYRIGHT & TRADEMARKS Specifications are subjec t to change without notice. is a registered trademark of TP-LINK TECHNOLOGIES CO., L TD. Other brands and product names are trademarks of their respective holders. No part of the specificat ions may be reproduced in any form or by any means or used to make any derivative such as translation, [...]

  • Seite 3

    -II- CONTENTS Package Contents .................................................................................................................. 1 Chapter 1 About this Guide ................................................................................................... 2 1.1 Intended Re aders ...................................................[...]

  • Seite 4

    -III- 3.3.3 Session Li mit ........................................................................................................... 58 3.3.4 Load Balanc e ...........................................................................................................59 3.3.5 Routin g ...................................................................[...]

  • Seite 5

    -IV- 4.2 Network T opol ogy............................................................................................................... 128 4.3 Configur ations ................................................................................................................. ... 128 4.3.1 Internet Setting ..........................................[...]

  • Seite 6

    -1- Package Content s The following items should be found in your package:  One TL-ER6020 Router  One Power Cord  One Console Cable  Two mounting brackets and other fittings  Installation Guide  Resource CD Note: Make sure that the package contains the above items. If any of t he listed items is damaged or missing, please contact [...]

  • Seite 7

    -2- Chapter 1 About this Guide This User Guide contains information for se tup and management of TL-E R6020 Router . Please read this guide carefully before operation. 1.1 Intended Readers This Guide is intended for Network Engineer and Network Administrator. 1.2 Conventions In this Guide the following conventions are used:  The Router or TL-ER6[...]

  • Seite 8

    -3- Appendix A Hardwar e S pecifications Lists the hardware specific ations of this Router . Appendix B F AQ Provides the possible solutions to the problems that may occur during the installation and operation of the router . Appendix C Glossary Lists the glossary used in this guide.[...]

  • Seite 9

    -4- Chapter 2 Introduction Thanks for choosing the SafeS tream Gi gabit Dual-W AN VPN Router TL-ER6020. 2.1 Overview of the Router The SafeS tream Gigabit Dual-W AN VPN Router TL -ER6020 from TP-LINK possesses excellent data processing capability and multiple powerful functions including IPsec/PPTP/L2TP VPN, Load Balance, Access Control, Bandwidth [...]

  • Seite 10

    -5-  Dual-W AN Ports + Providing two 10/100/1000M WAN ports for use r s to connect two Internet lines for bandwidth expansion. + Supporting multiple Load Balance modes, including Bandwidth Based Balance Routing, Application Optimized Routing, and Polic y Routing to optimize bandwidth usage. + Featured Link Backup to switch all the new sessions f[...]

  • Seite 11

    -6-  Supports Diagnostic (Ping/T r acert) and Online Detection VPN  Supports IPsec VPN and provides up to 50 IPsec VPN tunnels  Supports IPSec VPN in LAN-to-LAN or Client-to-LAN  Provides DES, 3DES, AES128, AES152, AES 256 encryption, MD5, SHA1 authentication  Supports IKE Pre-Share Key and DH1/DH2/DH5 Key Exchanges  Supports PPTP[...]

  • Seite 12

    -7-  LEDs LED Status Indication On The Router is powered on PWR Off The Router is powered off or power supply is abnormal Flashing The Router works properly SYS On/Off The Router works improperly On There is a device link ed to the corresponding port Off There is no device linked to the corresponding port Link/Act Flashing The corresponding port[...]

  • Seite 13

    -8- 2.3.2 Rear Panel The rear panel of TL-ER6020 is shown as the following figure.  Power Socket Connect the female connector of the power cord to this power socket, and the male connector to the AC power outlet. Please make sure the voltage of the pow er supply meets the requirement of the input voltage (100-240V~ 50/60Hz).  Grounding Termin[...]

  • Seite 14

    -9- Chapter 3 Configuration 3.1 Network 3.1.1 S t atus The S tatus page shows the system information, the port connection st atus and other information related to this Router . Choose the menu Network → Stat us to load the following page. Figure 3-1 S t atus 3.1.2 System Mode The TL-ER6020 Router can work in three modes: NA T , Non-NA T and Class[...]

  • Seite 15

    -10- Figure 3-2 Network T opology - NA T Mode If your Router is connecting the two networks of di fferent areas in a large network environment with a network topology as the Figure 3-3 shown, and forwards the packets betwe en these two networks by the Routing rules, you can set it to Non-NA T mode. Figure 3-3 Network T opology – Non-NA T Mode If [...]

  • Seite 16

    -1 1- Figure 3-4 Network T opology – Classic Mode Choose the menu Network → System Mode to load the following page. Figure 3-5 System Mode Y ou can select a System Mode for your R outer according to your network need.  NA T Mode NA T (Network Address T r anslation) mode allows the Router to translate private IP addresses within internal netw[...]

  • Seite 17

    -12-  Non-NA T Mode In this mode, the Router functi ons as the traditional Gateway and fo rwards the packets via routing protocol. The Hosts in dif ferent subnets can co mm unicate with one another via the routing rules whereas no NA T is employed. For ex ample: If the DMZ port of the Rout er is in WAN mode, the Hosts in the subnet of DMZ port c[...]

  • Seite 18

    -13- Figure 3-6 W AN – S tatic IP The following items are displayed on this screen:  St atic IP Connection T ype: Select S tatic IP if your ISP has assigned a static IP address for your computer . IP Address: Enter the IP address assigned by your ISP . If you are not clear , please consult your ISP . Subnet Mask: Enter the Subnet Mask assigned[...]

  • Seite 19

    -14- Up stream Bandwidth: S pecify the b andwidth for transmitting p acket s on the port. Downstream Bandwidth: S pecify the b andwidth for receiving p ackets on the port. 2) Dynamic IP If your ISP (Internet Service Provider) assigns the IP address automatic ally , please choose the Dynamic IP connection type to obt ain the parameters for W AN port[...]

  • Seite 20

    -15-  Dyn am ic I P Connection T ype: Select Dynamic IP if your ISP assigns the IP address automatically . Click <Obt ain> to get the IP address from your ISP’s server . Click <Release> to release the current IP address of W AN port. Host Name: Optional. This field allows you to give a name for the Router . It's blank by defau[...]

  • Seite 21

    -16-  Dynamic IP S t atus Statu s: Displays the status of obt aining an IP address from your ISP .  “Disabled” indicates that the Dy namic IP connection type is not applied.  “Connecting” indicates that t he Router is obtaining the IP parameters from your ISP .  “Connected” indicates that the Router has successfully obtained[...]

  • Seite 22

    -17- Figure 3-8 W AN - PPPoE[...]

  • Seite 23

    -18- The following items are displayed on this screen:  PPPoE Settings Connection T ype: Select PPPoE if your ISP provides xDSL Vir tual Dial-up connection. Click <Connect> to dial-up to the Internet and obtain the IP address. Click <Disconnect> to disconnec t the Internet connection and release the current IP address. Account Name: [...]

  • Seite 24

    -19- ISP Address: Optional. Enter the ISP address provided by your ISP . It's null by default. Service Name: Optional. Enter the Service Name prov ided by your ISP . It's null by default. Primary DNS: Enter the IP address of y our ISP’s Primary DNS. Secondary DNS: Optional. Enter the IP address of your ISP’ s Secondary DNS. Secondary [...]

  • Seite 25

    -20-  PPPoE St atus Statu s: Displays the status of PPPoE connection.  “Disabled” indicates that t he PPPoE connection type is not applied.  “Connecting” indicates that t he Router is obtaining the IP parameters from your ISP .  “Connected” indicates that the Router has successfully obtained the IP parameters from your ISP .[...]

  • Seite 26

    -21- Figure 3-9 W AN - L2TP The following items are displayed on this screen:  L2TP Settings Connection T ype: Select L2TP if your ISP provides a L2TP connection. Click <Connect> to dial-up to the Internet and obtain the IP address. Click <Disconnect> to disconnect the In ternet connection and release the current IP address.[...]

  • Seite 27

    -22- Account Name: Enter the Account Name provided by your ISP . If you are not clear , please consult your ISP . Password: Enter the Password provided by your IS P . Server IP: Enter the Server IP provided by your ISP . MTU: MTU (Maximum T ransmission Unit) is the maximum data unit transmitted by the physical network . It can be set in the range o[...]

  • Seite 28

    -23- Primary DNS/ Secondary DNS: If S tatic IP is selected, configure the DNS. If Dynamic IP is selected, the obtained DNS is displayed. Up stream Bandwidth: S pecify the b andwidth for transmitting p acket s on the port. Downstream Bandwidth: S pecify the b andwidth for receiving p ackets on the port.  L2TP S t atus Statu s: Displays the status[...]

  • Seite 29

    -24- 5) PPTP If your ISP (Internet Service Provider) has provi ded the account informati on for the PPTP connection, please choose the PPTP connection type. Figure 3-10 W AN - PPTP The following items are displayed on this screen:  PPTP Settings Connection T ype: Select PPTP if your ISP prov ides a PPTP connection. Click <Connect> to dial-[...]

  • Seite 30

    -25- <Disconnect> to disconnect the In ternet connection and release the current IP address. Account Name: Enter the Account Name provided by your ISP . If you are not clear , please consult your ISP . Password: Enter the Password provided by your IS P . Server IP: Enter the Server IP provided by your ISP . MTU: MTU (Maximum T ransmission Uni[...]

  • Seite 31

    -26- Primary DNS/ Secondary DNS: If S tatic IP is selected, configure the DNS. If Dynamic IP is selected, the obtained DNS is displayed. Up stream Bandwidth: S pecify the b andwidth for transmitting p acket s on the port. Downstream Bandwidth: S pecify the b andwidth for receiving p ackets on the port.  PP TP Stat us Statu s: Displays the status[...]

  • Seite 32

    -27- Figure 3-1 1 W AN – Bigpond The following items are displayed on this screen:  BigPond Settings Connection T ype: Select BigPond if your ISP prov ides a BigPond connection. Click <Connect> to dial-up to the Internet and obtain the IP address. Click <Disconnect> to disconnect the Inte rnet connection and release the current IP [...]

  • Seite 33

    -28- Auth Domain: Enter the domain name of authentic ation server . It's only required when the address of Auth Server is a server name. Auth Mode: Y ou can select the proper Active mode according to your need.  Manual: Select this option to manually activate or terminate the Internet connection by the <Con nect> or <Disconnect>[...]

  • Seite 34

    -29- Default Gateway: Displays the IP address of the default gateway assigned by your ISP . Note: T o ensure the BigPond connection re-established norma lly , please restart the connection at least 5 seconds after the connection is of f. 3.1.4 LAN 3.1.4.1 LAN On this page, you can configure the p a rameters for LAN port of this router . Choose the [...]

  • Seite 35

    -30- Choose the menu Network → LAN → DHCP to load the following page. Figure 3-13 DHCP Settings The following items are displayed on this screen:  DHCP Settings DHCP Server: Enable or disable the DHCP server on your Router . T o enable the Router to assign the TCP/IP paramete rs to the computers in the LAN automatically , please select Enabl[...]

  • Seite 36

    -31- Primary DNS: Optional. Enter the Primary DNS server address provided by your ISP . It is recommended to enter the IP address of the LAN port of the Router . Secondary DNS: Optional. If a Secondary DNS Server address is available, enter it. 3.1.4.3 DHCP Client On this page, you can view the information about all the DHCP clients c onnected to t[...]

  • Seite 37

    -32-  DHCP Reservation MAC Address: Enter the MAC address of the computer for which you want to reserve the IP address. IP Address: Enter the reserved IP address. Description: Optional. Enter a description for the entry . Up to 28 characters can be entered. Statu s: Activate or Inactivate the corresponding entry .  List of Reserved Address In[...]

  • Seite 38

    -33- Figure 3- 16 DMZ – Public Mode In Private mode, the DMZ port allows the Hosts in DMZ to access Internet via NA T mode which translates private IP addresses within DMZ to pub lic IP addresses for trans port over Internet. The Hosts in DMZ can directly communicate with LAN us ing the private IP addresses within the different subnet of LAN. Fig[...]

  • Seite 39

    -34- Figure 3-18 DMZ The following items are displayed on this screen:  DMZ Statu s: Activate or inactivate this entry . The DMZ port functions as a normal LAN port when it’s disabled. Mode: Select the mode for DMZ port to control the connection way among DMZ, LAN and Internet. Options include: Public and Private. IP Address: Enter the IP addr[...]

  • Seite 40

    -35- Set the MAC Address for LAN port: In a complex network topology with all the ARP bound devices, if you want to use TL-ER6020 instead of the current router in a network node, you c an just set the MAC address of TL-ER6020‘s LAN port the same to the MAC address of the previous r outer , which can avoid all the devices under this network node t[...]

  • Seite 41

    -36- MAC Clone: It’s only available for W AN port. Cl ick the <Restore Factory MAC> button to restore the MAC address to the factory default value or click the <Clone Current PC’s MAC> button to clone the MAC address of the PC you are currently using to con figure the Router . Then click <Save> to apply . Note: T o avoid a con[...]

  • Seite 42

    -37- The following items are displayed on this screen:  St atistics Unicast: Displays the number of normal unica st packet s received or transmitted on the port. Broadcast: Displays the number of normal broadcast packet s received or transmitted on the port. Pause: Displays the number of flow contro l frames received or transmitted on the port. [...]

  • Seite 43

    -38- Choose the menu Network → Sw itc h → Port Mirror to load the following page. Figure 3-21 Port Mirror The following items are displayed on this screen:  General Enable Port Mirror: Check the box to enable the Port Mirr or function. If unchecked, it will be disabled. Mode: Select the mode for the port mirror function. Options include: [...]

  • Seite 44

    -39- The entry in Figure 3-21 indicates: The outgoing packets sent by port 1, port 2, port 3 and port 5 (mirrored ports) will be copied to port 4 (mirroring port). Application Example: T o monitor all the traffic and analyze the network abnormity for an ent erprise’s network, please set the Port Mirror function as below: 1) Check the box before E[...]

  • Seite 45

    -40- Figure 3-22 Rate Control The following items are displayed on this screen:  Rate Control Port: Displays the port number . Ingress Limit: S pecify whether to enable t he Ingress Limit feature. Ingress Rate: S pecify the limit rate for the ingress packet s. Egress Limit: S pecify whether to enable Egress Limit feature. Egress Rate: S pecify t[...]

  • Seite 46

    -41- Figure 3-23 Port Config The following items are displayed on this screen:  Port Config Statu s: S pecify whether to enable the port. The packet s can be transported via this port after being enabled. Flow Control: Allows you to enable/disable the Flow Control function. Negotiation Mode: Select the Negotiation Mode for the port. All Port s: [...]

  • Seite 47

    -42- 3.1.7.6 Port VLAN A VLAN (Virtual Local Area Network) is a network topology configured accord ing to a logical scheme rather than the physical layout, which allows you to divide the physical LAN into multiple logical LANs so as to control the communication among the ports . The VLAN function can prevent t he broadcast storm in LANs and enhance[...]

  • Seite 48

    -43- 3.2.1 Group On this page you can define the group for management. Choose the menu User Group → Group to load the following page. Figure 3-26 Group Configuration The following items are displayed on this screen:  Group Config Group Name: S pecify a unique name for the group. Description: Give a description for the group. It's optional[...]

  • Seite 49

    -44-  User Config User Name: S pecify a unique name for the user . IP Address: Enter the IP Address of the user . It cannot be the network address or broadcast address of the port. Description: Give a description to the user fo r identification. It's optional.  List of User In this table, you can view the information of the Users and edi[...]

  • Seite 50

    -45- User Name: Select the name of the desired User . A vailable Group: Displays the Groups that the User can join. Selected Group: Displays the Groups to which this User belongs. Group Name: Select the name of the desired Group. Group Structure: Click this button to view the tree struct ure of this group. All the members of this group will be disp[...]

  • Seite 51

    -46- The following items are displayed on this screen:  NAPT Source Port Range: Enter the source port range between 2049 and 65000, the span of which must be not less than 100.  NA T -DMZ NA T -DMZ: Enable or disable NA T -DMZ. NA T DM Z is a special service of NA T application, which can be considered as a default forwardin g rule. When NA T[...]

  • Seite 52

    -47- Interface: Select an interface for forwarding data packe ts. DMZ Forwarding: Enable or disable DMZ Forwarding. The packets transmitted to the T ranslated IP Address will be forwarded to the host of Original IP if DMZ Forwarding is enabled. Description: Give a description for the entry . Statu s: Activate or inactivate the entry .  List of R[...]

  • Seite 53

    -48- Subnet/Mask: Enter the subnet/mask to make the address range for the entry . Interface: Select the interface for the entry . Y ou can select LAN or DMZ port. Description: Give a description for the entry . Statu s: Activate or inactivate the entry .  list of Rules Y ou can view the informati on of the entries and edit t hem by the Action bu[...]

  • Seite 54

    -49- Configuration procedure 1. Establish the Multi-Nets NA T entries with Subnet/Mask of VLAN2 and VLAN3. The configured entries are as follows: 2. Then set the corresponding S tatic Route entry , en ter the IP address of t he interface connecting the Router and the three layer swit ch into the Next Hop field.[...]

  • Seite 55

    -50- Choose the menu Advanced → Routi ng → S t atic Route to load the following page. The S t atic Route entry is as follows: 3.3.1.4 V irtual Server Virtual server set s up public services in your private network, such as DN S, Email and FTP , and defines a service port. All the serv ice requests to this port will be transmitted to the LAN ser[...]

  • Seite 56

    -51- Figure 3-32 Virtual Server The following items are displayed on this screen:  Virtual Server Name: Enter a name for Virtual Server ent ries. Up to 28 characters can be entered. Interface: Select an interface for forwarding data packe ts. External Port: Enter the service port or port range the Router provided for accessing external network. [...]

  • Seite 57

    -52- Note: ● The External port and Internal Port should be set in the range of 1-65535. ● The extern al ports of dif ferent entries should be different, whereas the internal ports can be the same.  List of Rules In this table, you can view the information of the entries and edit them by the Action buttons. The first entry in Figure 3-32 indi[...]

  • Seite 58

    -53- Name: Enter a name for Port Triggering entri es. Up to 28 characters can be entered. Interface: Select an interface for forwarding data packe ts. T rigger Port: Enter the trigger port number or the rang e of port. Only when the trigger port initiates connection w ill all the corresponding incoming ports open and provide service for the applica[...]

  • Seite 59

    -54- 3.3.1.6 ALG Some special protocols such as FTP , H.323, SIP , IPsec and PPTP will work properly only when ALG (Application Layer Gatewa y) service is enabled. Choose the menu Advanced → NA T → ALG to load the following p age. Figure 3-34 ALG The following items are displayed on this screen:  ALG FTP ALG: Enable or disable FTP ALG . The [...]

  • Seite 60

    -55- 3.3.2.1 Setup Choose the menu Advanced → T raffic Control → Setup to load the following p age. Figure 3-35 Configuration The following items are displayed on this screen:  General Disable Bandwidth Control: Select this option to disable Bandwidth Control. Enable Bandwidth Control all the time: Select this option to enable Bandwidth Cont[...]

  • Seite 61

    -56-  Interface Bandwidth Interface: Displays the current enabled W AN port(s). The T otal bandwid th is equal to the sum of bandwidth of the enabled W AN port s. Up stream Bandwidth: Displays the bandwidth of each W A N port for transmitting dat a. The Upstream Bandwid th of W AN port can be configured on W AN page. Downstream Bandwidth: Displa[...]

  • Seite 62

    -57-  Bandwidth Control Rule Direction: Select the data stream direction for the entry . The direction of arrowhead indicates the data stream direction The DMZ port displays in the drop-down list only when the DMZ port is enabled. W AN-ALL means all W AN port s through which the data flow might pass. Individual W AN port cannot be selected if W [...]

  • Seite 63

    -58- Note: ● The premise for single r ule taking ef fect is that the bandwidth of the interface for this rule is sufficient and not used up. ● It is impossible to satisfy all the guaranteed bandw idth if the tot al guaranteed bandwidth specified by all Bandwidth Control rules for certain in terface exceeds the physical bandwid th of this interf[...]

  • Seite 64

    -59-  Session Limit Group: Select a group to define the controlled users. Max. Sessions: Enter the max. Sessions for the users. Description: Give a description for the entry . Statu s: Activate or inactivate the entry .  List of Session Limit Y ou can view the informati on of the entries and edit t hem by the Action buttons. The first entry i[...]

  • Seite 65

    -60- Figure 3-39 Configuration With the box before Enable Application Optimized Routing checked, the Router will consider the source IP address and destination IP address of the packet s as a whole and record the W AN port they pass through. And then the p acket s with the sa me source IP address and destination IP address or destination port will [...]

  • Seite 66

    -61- The following items are displayed on this screen:  General Protocol: Select the protocol for the entry in the drop-down list. If the protocol you want to set is not in the lis t, you can add it to the list on 3.3.4.4 Protocol page. Source IP: Enter the source IP range for the entry . 0.0.0.0 - 0.0.0.0 means any IP is acceptable. Destination[...]

  • Seite 67

    -62- On this page, you can configur e the Link Backup function based on actual need to reduce the traffic burden of W AN port and improve the network efficie ncy . Choose the menu Advanced → Load Balance → Li nk Backup to load the following p age. Figure 3-41 Link Backup The following items are displayed on this screen:  General W AN Ports: [...]

  • Seite 68

    -63- Timing: Link Backup will be enabled if the spec ified effective time is reached. All the traf fic on the primary W AN will switch to the backup W AN at the beginning of the effective time; t he traf fic on the backup W AN will switch to the primary W AN at the ending of the ef fective time. Failover: S pecify the premise for Failover Mode. The[...]

  • Seite 69

    -64- Figure 3-42 Protocol The following items are displayed on this screen:  Protocol Name: Enter a name to indicate a protocol. The name will display in the drop-down list of Protocol on Access Rule page. Number: Enter the Number of the prot ocol in the range of 0-255.  List of Protocol Y ou can view the informati on of the entries and edit [...]

  • Seite 70

    -65- Choose the menu Advanced → Routi ng → S t atic Route to load the following page. Figure 3-43 Static Route The following items are displayed on this screen:  St atic Route Destination: Enter the destination hos t the route leads to. Subnet Mask: Enter the Subnet Mask of the destination network. Next Hop: Enter the gateway IP address to w[...]

  • Seite 71

    -66- The first entry in Figure 3-43 indicates: If there are packets being sent to a device with IP address of 21 1.162.1.0 and subnet mask of 255.255.255.0, the Rout er will forward the packet s from W A N1 port to the next hop of 21 1.200.1.1. Application Example There is a network topology as the following figure shown: If the LAN port of TL-ER60[...]

  • Seite 72

    -67- The distance of RIP refers to the hop count s that a data p acket p asses through before reaching its destination, the value range of wh ich is 1–15. It means the destination cannot be reac hed if the value is more than 15. Optimal path indicates the p ath wi th the fewest hop counts. RIP exchanges the route information every 30 seconds by b[...]

  • Seite 73

    -68- Authentication: network situation, and the password s hould not be more than 15 characters. All Interfaces: Here you can operate all the interfaces in bulk. All the interfaces will not apply RIP if “Enable” option for All Interfaces is selected.  List of RIP After RIP is enabled, the information of RIP forw arding the packets received b[...]

  • Seite 74

    -69- Flags: The Flags of route entry . The Flags describe certain characteristics of the route. Logical Interface: The logical interface of route entry . Physical Interface: The physical interface of route entry . Metric The Metric of route entry . 3.4 Firewall 3.4.1 Anti ARP S poofing ARP (Address Resolution Protocol) is used for analyzing and map[...]

  • Seite 75

    -70- Figure 3-46 IP-MAC Binding The following items are displayed on this screen:  General It is recommended to check all the options. Y ou s hould import the IP and MAC address of the host to IP-MAC Binding List and enable the corresponding entr y before enabling “Permit the packet s matching the IP-MAC Binding entries only”. When suffered [...]

  • Seite 76

    -71- Y ou can view the informati on of the entries and edit t hem by the Action buttons. The first entry in Figure 3-46 indicates: The IP address of 192.168.1.101 and MAC address of 00-1 9-66-83-53-CF have been bound and this entry is activated. Note: If all the entries in the binding list are disabled and “Permit the packets of IP-MAC Binding en[...]

  • Seite 77

    -72- Indicates that the IP and MAC addres s of this entry are already bound. T o bind the entries in the list, check these entri es and click the <Import> button, then the settings will take ef fect if the entries do not c onflict with the existed entries. Note: If the local hosts suffered from ARP attack, you cannot add IP-MAC Binding entrie[...]

  • Seite 78

    -73- Figure 3-49 Attack Defense The following items are displayed on this screen:  General Flood Defense: Flood attack is a commonly used DoS (Denial of Service) att ack, including TCP SYN, UDP , ICMP and so on. It is recommended to select all the Flood Defens e options and specify the corresponding thresholds. Keep the def ault settings if you [...]

  • Seite 79

    -74- Packet Anomaly Defense: Packet Anomaly refers to the abnormal p ackets. It is recommended to select all the Packet Anomaly Defense options. Enable Att ack Defense Logs: With this box checked, the Rout er will record the defense logs. 3.4.3 MAC Filtering On this page, you can control the Internet access of local hosts by spec ifying their MAC a[...]

  • Seite 80

    -75-  List of Rules Y ou can view the informati on of the entries and edit t hem by the Action buttons. 3.4.4 Access Control 3.4.4.1 URL Filtering URL (Uniform Resource Locator) specifies wher e an identified resource is available and the mechanism for retrieving it. URL Filt er functions to filter the Internet URL address, so as to provide a co[...]

  • Seite 81

    -76-  Group: URL Filtering will take ef fect to all the users in group. Mode: Select the mode for URL Filtering. “Keyword’’ indicates that all the URL addresses including the specif ied keywords will be filtered. “URL Path” indicates that the URL address will be filtered only when it exactly matches the specified URL. Description: Give[...]

  • Seite 82

    -77- 3.4.4.2 Web Filtering On this page, you can filter the desired web components. Choose the menu Firewall → Access Control → Web Filtering to load the following p age. Figure 3-52 Web Filtering Check the box before Enable Web Filt ering and select the web components to be filtered. 3.4.4.3 Access Rules Choose the menu Firewall → Access Con[...]

  • Seite 83

    -78- Policy: Select a policy for the entry:  Block: When this option is selected, the packet s obeyed the rule will not be permitted to pass through the Router .  Allow: When this option is selected, the packet s obeyed the rule will be allowed to pass through the Router . Service: Select the service for the entry . Only the service belonging[...]

  • Seite 84

    -79- Priority: Select this option to specify the priority for the added entries. The latest enabled entry will be displa yed at the end of the list by default.  List of Rules Y ou can view the information of the entries and edit them by the Action butt ons. The smaller the valu e is, the higher the priority is. The first entry in Figure 3-53 ind[...]

  • Seite 85

    -80- Figure 3-54 Service The following items are displayed on this screen:  Service Name: Enter a name for the service. T he name should not be more than 28 characters. The name will display in the drop-down list of Protocol on Access Rule page. Protocol: Select the protocol for the servic e. The system predefined protocols include TCP , UDP and[...]

  • Seite 86

    -81- 3.4.5 App Control 3.4.5.1 Control Rules On this page, you can enable t he Application Rules function. Choose the menu Firewall → App Control → Control Rules to load the following page. Figure 3-55 Application Rules The following items are displayed on this screen:  General Check the box before Enable Application Control to make the Appl[...]

  • Seite 87

    -82- Application: Click the <Application List> button to select applications from the popup checkbox. The applications include IM , Web IM, SNS, P2P , Media, Basic and Proxy . The default setting is to limit all the applications in the application list except for Basic and Proxy . Effective Time: S pecify the t ime for the entry to take e ffe[...]

  • Seite 88

    -83- 3.5 VPN VPN (Virtual Private Network) is a private network established via the public network, generally via the Internet. However , the private network is a logical network without any physical network lines, so it is called Virtual Private Network. With the wide application of the Internet, more and more data are needed to be shared through [...]

  • Seite 89

    -84- 3.5.1.1 IKE Policy On this page you can configure the rela ted parameters for IKE negotiation. Choose the menu VPN → IKE → IKE Policy to load the following p age. Figure 3-58 IKE Policy The following items are displayed on this screen:  IKE Policy Policy Name: S pecify a u nique name to the I KE policy for identification and management [...]

  • Seite 90

    -85- Exchange Mode: Select the IKE Exchange M ode in phase 1, and ensure the remote VPN peer uses the same mode.  Main: Main mode provides i dentity protection and exchanges more information, which applies to the scenarios with higher requirement for i dentity protection.  Aggressive: Aggressive Mode establishes a faster connection but with l[...]

  • Seite 91

    -86- DPD Interval: Enter the interval after wh ich the DPD is triggered.  List of IKE Policy In this table, you can view the information of IKE Policies and edit them by the action buttons. 3.5.1.2 IKE Proposal On this page, you can define and edit the IKE Proposal. Choose the menu VPN → IKE → IKE Proposal to load the following page. Figure [...]

  • Seite 92

    -87- Encryption: S pecify the encryption algorithm for IKE negotiation. Options include:  DES: DES (Data Encryption S tandard) encrypts a 64-bit block of plain text with a 56-bit key .  3DES: T riple DES, encrypts a plain text with 168-bit key .  AES128: Uses the AES algor ithm and 128-bit key for encryption.  AES192: Uses the AES algor[...]

  • Seite 93

    -88- 3.5.2.1 IPsec Policy On this page, you can defi ne and edit the IPsec policy . Choose the menu VPN → IPsec → IPsec Policy to load the following page. Figure 3-60 IPsec Policy The following items are displayed on this screen:  General Y ou can enable/disable IPsec func tion for the Router here.  IPsec Policy Policy Name: S pecify a un[...]

  • Seite 94

    -89- Mode: Select the network mode for IP sec policy . Options include:  LAN-to-LAN: Select this option when the client is a network.  Cl ie nt -to -L AN : Select th is option when the clien t is a host. Local Subnet: S pecify IP address range on your local LAN to identify which PCs on your LAN are covered by this policy . It's formed by[...]

  • Seite 95

    -90- Phase2. As it is independent of the key created in Phase1, this key can be secure even when the key in Phase1 is de-encrypted. Without PFS, t he key in Phase2 is created based on the key in Phase1 and thus once the key in Phase1 is de-encrypted, the key in Phase2 is easy to be de-encrypted, in this case, the communication secrecy is threatened[...]

  • Seite 96

    -91- AH Authentication Key-Out: S pecify the outbound AH Authent ication Key manually if AH protocol is used in the co rresponding IPsec Proposal. The outbound key here must match the inbound AH a uthentication key at the other end of t he tunnel, and vice versa. ESP Authentication Key-Out: S pecify the outbound ESP Authent ication Key manually if [...]

  • Seite 97

    -92- Figure 3-61 IPsec Proposal The following items are displayed on this screen:  IPsec Proposal Proposal Name: S pecify a u nique name to the IPse c Proposal for identification and management purposes. The IPsec proposal can be applied to IPsec policy . Security Protocol: Select the security protocol to be used. Options include:  AH: AH (Au[...]

  • Seite 98

    -93- ESP Authentication: Select the algorithm used to verify the integrity of the data for ESP authentication. Options include:  MD5: MD5 (Message Digest Algo rithm) takes a message of arbitrary length and generates a 128-bi t message digest.  SHA: SHA (Secure Hash Algorithm) takes a message less than the 64th power of 2 in bits and generates[...]

  • Seite 99

    -94- outgoing SPI value are different. However , the Incoming SPI value must match the Outgoing SPI value at the other end of the tunnel, and vi ce versa. The connection statu s on the remote end point of this tunnel is as the following figur e shows. The SPI value is obt ained via auto-negotiation. 3.5.3 L2TP/PPTP Layer 2 VPN tunneling protocol c [...]

  • Seite 100

    -95- Figure 3-63 L2TP/PPTP T unnel The following items are displayed on this screen:  General Enable VPN-to-Internet: S pecify whether to enable VPN-to-In ternet function. If enabled, the VPN client is permitted to access t he LAN of the server and Internet. Hello Interval: S pecify the interval to send hello p acket s.  L2TP/PPTP T unnel Pro[...]

  • Seite 101

    -96- Account Name: Enter the account nam e of L2TP/PPTP tunnel. It should be configured identically on server and client. Password: Enter the password of L2TP/PPT P tunnel. It should be configured identically on server and client. T unnel: Select the network mode for the tunnel. Options include:  LAN-to-LAN: Select this option w hen the L2TP/PPT[...]

  • Seite 102

    -97- Remote Subnet: Enter the IP address range of your remote network. (It's always the IP address range of LAN on the remote peer of VPN tunnel.) It’ s the combination of IP address and subnet mask. Statu s Activate or inactivate the entry .  List of Configurations In this table, you can view your configurations of the tunnels and edit t[...]

  • Seite 103

    -98- In this table, you can view the information of IP Pools and edit them by the action buttons. 3.5.3.3 List of L2TP/PPTP T unnel This page displays the informat ion and status of the tunnels. Choose the menu VPN → L2TP/PPTP → List of L2TP/PPTP T unnel to load the following page. Figure 3-65 List of L2TP/PPTP T unnel Figure 3-65 displays the [...]

  • Seite 104

    -99- Figure 3-66 General The following items are displayed on this screen:  General PPPoE Server: S pecify whether to enable t he PPPoE Server function. Dial-up Access Only: S pecify whether to enable the Dial-up Access Only func tion. If enabled, only the Dial-in Users and the user with Excepti onal IP can access the Internet. PPPoE User Isolat[...]

  • Seite 105

    -100- Idle Timeou t: Enter the maximum idle time. The session will be terminated af ter it has been inactive for this specified period. It can be 0-10080 minutes. If you want your Internet connection to remain on at all times, enter 0 in the Idle T imeout field. The default value is 30. Authentication: Select the Authentication type. It can be Loca[...]

  • Seite 106

    -101- Figure 3-67 IP Address Pool The following items are displayed on this screen:  IP Address Pool Pool Name: S pecify a unique name to the IP A ddress Pool for identification and management purposes. IP Address Range: S pecify the start and the end IP address for IP Pool. The start IP address should not exceed the end address and the IP addre[...]

  • Seite 107

    -102- Figure 3-68 Account The following items are displayed on this screen:  Account Account Name: Enter the account name. This name should not be the same with the one in L2TP/PPTP connection settings. Password: Enter the password. IP Address Assigned Mode: Select the IP Address Assigned Mode for IP assignment.  S tatic: Select this option t[...]

  • Seite 108

    -103- Description: Enter the description for management and search purposes. Up to 28 characters can be entered. Statu s: Activate or inactivate the entry . MAC Binding: Select a MAC Binding type from t he pull-down list. Options include:  Disable: Select this option to disable the MAC Binding function.  Manual: Select this option to bi nd th[...]

  • Seite 109

    -104- The following items are displayed on this screen:  Exceptional IP IP Address Range: S pecify the st art and the end IP address to make an exceptional IP address range. This range should be in the sa me IP range with LAN port or DMZ port of the Router . The start IP addr ess should not exceed the end address and the IP address ranges must n[...]

  • Seite 110

    -105- Figure 3-71 E-Bulletin The following items are displayed on this screen:  General Enable E-Bulletin: S pecify whether to enable el ectronic bulletin function . Interval: S pecify the interval to release the bulletin. Enable Logs: S pecify whether to log the E-Bulletin.  E-Bulletin Tit le : Enter a title for the bulletin.[...]

  • Seite 111

    -106- Content: Enter the content of the bulletin. Object: Select the object of this bulletin. Options include:  ANY: The bulletin will be released to all the users and the PCs on the LAN.  Group: The bulletin will be released to the users in the selected group. You can click < > button to add a group to the selected group and click <[...]

  • Seite 112

    -107- latest IP add ress, the server will update the mappings between the domai n name and IP address in DNS database. Therefore, the users can use the same domain name to ac cess the DDNS client even if the IP address of the DDNS cli ent has changed. DDNS is usually us ed for the Internet users to access the private website and FTP server , both o[...]

  • Seite 113

    -108- Domain Name: Enter the Domain Name that you r egistered with your DDNS service provider . DDNS Service: Activate or inactivate DDNS service here. W AN Port: Displays the W AN port for which Dyndns DDNS is selected. DDNS St atus: Displays the current status of DDNS service  Offline: DDNS service is disabled.  Connecting: client is connec[...]

  • Seite 114

    -109- Account Name: Enter the Account Name of y our DDNS account. If you have not registered, click <Go to register> to go to the website of No-IP for register . Password: Enter the password of your DDNS account. Domain Name: Enter the Domain Name that you r egistered with your DDNS service provider . DDNS Service: Activate or inactivate DDNS[...]

  • Seite 115

    -1 10- Figure 3-74 PeanutHull DDNS The following items are displayed on this screen:  PeanutHull DDNS Account Name: Enter the Account Name of y our DDNS account. If you have not registered, click <Go to register> to go to the website of PeanutHull for register . Password: Enter the password of your DDNS account. DDNS Service: Activate or i[...]

  • Seite 116

    - 111 - Domain Name: Displays the domain names obtained from the DDNS server . Up to 16 domain names can be displayed here.  List of PeanutHull Account In this table, you can view the existing DDNS entries or edit them by the Action button. 3.6.3.4 Comexe On this page you can configure Comexe DDNS client. Choose the menu Services → Dynamic DNS[...]

  • Seite 117

    -1 12- DDNS St atus: Displays the current status of DDNS service  Offline: DDNS service is disabled.  Connecting: client is connecting to the server.  Online: DDNS works normally.  Authorization fails: The Account Name or Password is incorrect. Please check and enter it again. Domain Name: Displays the domain names obtained from the DDN[...]

  • Seite 118

    -1 13-  General UPnP Funct ion: Enable or disable the UPnP function globally .  List of UPnP Mappin g After UPnP is enabled, all UPnP connection rules will be displayed in the list of UPnP Mapping. Up to 64 UPnP service connections are supported in TL-ER6020. The NO.1 entry in Figure 3-76 indicates: TCP d ata received on port 12856 of the W A[...]

  • Seite 119

    -1 14- New User Name: Enter a new user name for the Router . New Password: Enter a new password for the Router . Confirm New Password: Re-enter the new password for confirmation. Note: ● The factory default passw ord and user name are both admin. ● Y ou should enter the new user name and password when next login if t he current username and pas[...]

  • Seite 120

    -1 15- T elnet Idle T imeout: Enter a timeout period that t he Router will log the remote PCs out of the Web-based Utilit y after a specified period (T elnet Idle T imeout) of inactivity . Note: ● The default Web Management Port is 80. If t he port is changed, you should type in the new address, such as http://192.168.0.1:XX (“XX” is the new [...]

  • Seite 121

    -1 16- Application Example Network Requirements Allow the IP address within 210. 10.10.0/24 segment to manage t he Router with IP address of 210.10.10.50 remotely . Configuration Procedure T ype 210.10. 10.0/24 in the Subnet/Mask field on Remo te Management page and enable the entry as the following figure shows. Then type the corresponding port nu[...]

  • Seite 122

    -1 17- Figure 3-81 Export and Import The following items are displayed on this screen:  Configuration V ersion Displays the current Configur ation version of the Router .  Export Click the <Export> button to save the current conf iguration a s a file to your computer . Y ou are suggested to take this measure before upgrading or modifyin[...]

  • Seite 123

    -1 18- Figure 3-82 Reboot Click the <Reboot> button to reboot the Router . The configuration will not be lost after rebooting. The Internet connection will be temporarily interrupted while rebooting. Note: T o avoid damage, please don't turn off the device while rebooting. 3.7.2.4 Firmware Upgrade Choose the menu Maintenance → Manageme[...]

  • Seite 124

    -1 19- Figure 3-84 License 3.7.4 S t atistics 3.7.4.1 Interface T raffic St atistics Interface T raf fic S tatistics screen displays the det ailed traf fic information of each port and extra information of W AN ports. Choose the menu Maintenance → St atistics → Interface T raffic Statistics to load the following p age. Figure 3-85 Interface T r[...]

  • Seite 125

    -120- Interface: Displays the interface. Rate Rx : Displays the rate for receiving data frames. Rate Tx: Displays the rate for transmitting data frames. Packets Rx: Displays the number of packet s received on the interface. Packets Tx: Displays the number of packet s transmitted on the interface. Bytes Rx: Displays the bytes of packet s received [...]

  • Seite 126

    -121- Figure 3-86 IP T raf fic S tatistics The following items are displayed on this screen:  General Enable IP T raffic St atistics: Allows you to enable or disable IP T raf fic S tatistics. Enable Auto-refresh: Allows you to enable/disable refreshing the IP T raf fic S tatistics automatically . The default refr esh interval is 10 seconds.  [...]

  • Seite 127

    -122- Figure 3-87 Diagnostics The following items are displayed on this screen:  Ping Destination IP/Domain: Enter destination IP address or Domain name here. Then select a port for testing, if you select “A uto”, the Router will select the interface of destination automatically . After clickin g <S tart> button, the Router will send P[...]

  • Seite 128

    -123- of destination automatically . After clicking the <S tart> button, the Router will send T racert pa ckets to test the connectivity of the gateways during the journey from th e source to destination of the test data and the result s will be displayed in the box below . 3.7.5.2 Online Detection On this page, you can detect the W AN port i[...]

  • Seite 129

    -124- W AN St atus: Display the detecting results. 3.7.6 Ti me System T ime is the time displayed while the Rout er is running. On this page you can configure the system time and the settings here will be used for ot her time-based functions like Access Rule, PPPoE and Logs. Choose the menu Maintenance → Tim e → Ti me to load the following p ag[...]

  • Seite 130

    -125- Note: ● If Get GMT function cannot be used properly , pl ease add an entry with UDP port of 123 to the firewall software of the PC. ● The time will be lost when the Router is restar ted. The Router will obtai n GMT time automatically from Internet. 3.7.7 Logs The Log system of Router can record, classify and manage the system information [...]

  • Seite 131

    -126- The Logs of switch are classified into the following eight levels. Severity Level Description Emergency 0 The system is unusable. Alert 1 Action must be taken imme diately . Critical 2 Critical conditions Error 3 Error conditions W arning 4 W arnings conditions Notice 5 Normal but significant conditions Informational 6 Informational messages [...]

  • Seite 132

    -127- Chapter 4 Application 4.1 Network Requirement s The company has established the server farms in the headquarters to provide the Web, Mail and FTP services for all the staf f in the headquarters an d the branch offices, and to transmit the commercial confidential data to it s p artners. The dedicated line access service wa s used by this comp [...]

  • Seite 133

    -128- 4.2 Network T opology 4.3 Configurations Y ou can configure the Router via th e PC connected to the LAN port of this Router . T o log in to the Router , the IP address of your PC should be in the same subnet of the LAN por t of this Router . (The default subnet of LAN port is 192.168.0.0/24.). The IP ad dress of your PC can be obtained automa[...]

  • Seite 134

    -129- 4.3.1.1 System Mode Set the system mode of the Router to the NA T mode. Choose the menu Netw ork → System Mode to load the following p age. Select the NA T mode and the <Save> button to apply . Figure 4-1 System Mode 4.3.1.2 Internet Connection Configure the St atic IP connection type for the W A N1 and W AN2 ports of the Router . Cho[...]

  • Seite 135

    -130- Figure 4-3 Link Backup 4.3.2 VPN Setting T o enable the hosts in the remote branch of fice (W AN: 1 16.31.85.133, LAN: 172.31.10.1) to access the servers in the headquarters, you can create the VPN tunnel via the TP-LINK VPN routers between t he headquarters and the remote branch office to guar antee a secured communication. The following tak[...]

  • Seite 136

    -131- Authentication: MD5 Encryption: 3DES DH Group: DH2 Click the <Add> button to apply . Figure 4-4 IKE Proposal  IKE Policy Choose the menu VPN → IKE → IKE Policy to load the configuration p age. Settings: Policy Name: IKE_1 Exchange Mode: Main IKE Proposal: proposal_I KE_1 (you just created) Pre-shared Key: aabbccddee SA Lifetime: [...]

  • Seite 137

    -132- Figure 4-5 IKE Policy Tips: For the VPN Router in the remote branch office, t he IKE settings should be the same as the Router in the headquarters. 2) IPsec Setting T o configure the IPsec function, you sh ould create an IPsec Proposal firstly .  IPsec Proposal Choose the menu VPN → IPsec → IPsec Proposal to load the following page. Se[...]

  • Seite 138

    -133- ESP Encryption: 3DES Click the <Save> button to apply . Figure 4-6 IPsec Proposal  IPsec Policy Choose the menu VPN → IPsec → IPsec Policy to load the configuration p age. Settings: IPsec: Enable Policy Name: IPsec_1 S tatus: Activate Mode LAN-to-LAN Local Subnet: 192.168.0.0/24 Remote Subnet: 172.31.10.0/24 WA N : WA N1 Remote G[...]

  • Seite 139

    -134- Figure 4-7 IPsec Policy Tips: For the VPN Router in the remote branch office, the IPsec settings should be consistent with the Router in the headquarters. The Remote Gateway of the remote Router should be set to the IP address of the Router in the headquarters. After the IPsec VPN tunnel of the two peers is est ablished successfully , y ou ca[...]

  • Seite 140

    -135-  L2TP/PPTP T unnel Choose the menu VPN → L2TP/PPTP → L2TP/PPTP T unnel to load the following page. Check the box of Enable VPN-to-Internet to allow the PPTP clients to access the local enterprise network and the Internet. Then continue with the following settings for the PPTP T unnel. Settings: L2TP/PPTP: Enable Protocol: PPTP Mode: Se[...]

  • Seite 141

    -136- 4.3.3 Network Management T o manage the enterprise network ef fectively and forbid the Hosts within the IP range of 192.168.0.30-192.168.0.50 to use IM/P2P application, you can set up a User Group and specify the network bandwidth limit and session limit for this group. The det ailed configur ations are as follows. 4.3.3.1 User Group Create a[...]

  • Seite 142

    -137- Choose the menu User Group → User to load the configuration page. Click the <Batch> button to enter the batch processing screen. Th en continue with the following settings: Settings: Action: Add S tart IP Address: 192.168.0.30 End IP Address: 192.168.0.50 Prefix Username: User S tart No.: 1 S tep: 1 Click the OK button to add the User[...]

  • Seite 143

    -138- Application: Click the <Application List> button and select the applications desired to be blocked on the popup window . S tatus: Activate Figure 4-1 1 App Rules 4.3.3.3 Bandwid th Control T o enable Bandwidth Control, you s hould configure the total bandwid th of interfaces and the detailed bandwidth control rule first. 1) Enable Bandw[...]

  • Seite 144

    -139- Figure 4-12 Bandwidth Setup 2) Interface Bandw id th Choose the menu Network → WA N → WA N 1 to load the configurat ion page. Configure the Upstream Bandwidth and Do wnstream Bandw id th of the interface as Figur e 4-13 shows. The entered bandwidth value should be c onsistent with the ac tual bandwidth value. 3) Bandwidth Control Rule Cho[...]

  • Seite 145

    -140- Figure 4-14 Bandwidth Control Rule 4.3.3.4 Session Limit Choose the menu Advanced → Session Limit → Session Limit to load the confi guration page. Check the box before Enable Session Limit and click the <Save> button to apply . Then continue with the following settings: Settings: Group: group1 Max. Sessions: 250 S tatus: Activate Cl[...]

  • Seite 146

    -141- 4.3.4.1 LAN ARP Defense Y ou can configure IP-MAC Binding manually or by ARP Scanning. For the first time configuration, please bind most of the ARP information by AR P Scanning. For some spec ial items not bound, you can bind them manually . 1) Scan and import the entries to ARP List S pecify ARP Scanning range. Choose the menu Firewall → [...]

  • Seite 147

    -142- Choose the menu Firewall → Anti ARP S poofing → IP-MAC Binding to load the configuration p age. T o add the host with IP address of 192.168.1.20 a nd MAC address of 00-1 1-22-33-44-aa to the list, you can follow the settings below: Settings: IP Address: 192.168.0.20 MAC Address: 00-1 1-22-33-44-aa S tatus: Activate Click the <Add> b[...]

  • Seite 148

    -143- 4.3.4.3 Att ack Defense Choose the menu Firewall → Att ack Defense → Att ack De fense to load the configuration p age. Select the options desired to be enabled as Figure 4-20 shows, and then click the <Save> button. Figure 4-20 Att ack Defense 4.3.4.4 T raffic Monitoring 1) Port Mirror Choose the menu Network → Sw itch → Port Mi[...]

  • Seite 149

    -144- Figure 4-21 Port Mirror 2) St atistics Choose the menu Maintenance → St atistics to load the page. Load the Interface T raffic S t atistics p age to view the traffic st atistics of each physical interface of the Router as Figure 4-22 shows. Figure 4-22 Interface T raf fic S tatistics Load the IP T raffic St atistics p age, and Check the box[...]

  • Seite 150

    -145- Figure 4-23 IP T raf fic S tatistics After all the above step s, the enterpris e network will be operated based on planning.[...]

  • Seite 151

    -146- Chapter 5 CLI TL-ER6020 provides a Console po rt for CLI (Comm and Line Interface) confi guration, which enables you to configure the Router by accessing the CLI from c onsole (such as Hyper T ermi nal) or T elnet. The following part will introduce the step s to a ccess CLI via Hyper T erminal and some common CLI commands. 5.1 Configuration T[...]

  • Seite 152

    -147- Figure 5-2 Connection Description 4. Select the port (The default port is COM1) to connect in Figure 5-3 , and click OK . Figure 5-3 Select the port to connect 5. Configure the port selected in the ste p above as the following Figure 5-4 shows. Configure Bit s per second as 1 15200, Dat a bit s as 8, Parity as None, Stop bit s as 1, Flow cont[...]

  • Seite 153

    -148- Figure 5-4 Port Settings 6. Choose File → Properties → Settings on the Hyp er T erminal window as Figure 5-5 shows, then choose VT100 or Auto detect for Emulation and click OK . Figure 5-5 Connection Properties Settings[...]

  • Seite 154

    -149- 7. The DOS prompting “TP-LINK>” will appea r after pressing the Enter button in the Hyper T erminal window as Figure 5-6 shows. Figure 5-6 Log in the Router 5.2 Interface Mode The CLI of TL-ER6020 offers two command mode s: User EXEC Mode and Privileged EXEC Mode. User EXEC Mode only allows users to do some si mple operations such as v[...]

  • Seite 155

    -150- Mode Accessing Path Prompt Logout or Access the next mode User EXEC Mode Primary mode once it is connected with the Router . TP-LINK > Use the exit command to disconnect the Router (except t hat the Router is connected through the Console port). Use the enable command to access Privileged EXEC mode. Privileged EXEC Mode Use the enable comm[...]

  • Seite 156

    -151- enable - Enter the privileged mode exit - Exit the CLI (only for telnet) history - Show command history ip - Display or Set the IP configuration ip-mac - Display or Set the IP mac bind configuration sys - System manager user - User configuration 2) T ype a command and a question mark separated by space. If there are keywords in this command, [...]

  • Seite 157

    -152- 5.4 Command Introduction TL-ER6020 provides a number of CLI commands for users to manage the Router and user information. For better understanding, each command is followed by note which is the meaning of the command. 5.4.1 ip The ip command is used to view or configure the IP address and subnet mask of the interfaces. V iew command can be us[...]

  • Seite 158

    -153- 5.4.3 sys The sys command is used for system management, incl uding Backup and Restore, Factory Default, Reboot, Firmware Upgrade and so on. TP-LINK # sys reboot This command will r eboot system, Continue?[Y/N] Reboot the system. Y me ans YES, N means NO. TP-LINK # sys restore This command will restore system, Continue?[Y/N] Restore to factor[...]

  • Seite 159

    -154- ● Pay special attention t hat the specified a ccount must be with approp riate permissions since the functions such as export, import and firmwa re upgrade require read-wri te operation on FTP server . TP-LINK # sys import config Server address: [192.168.1.101] Username: [admin] Password: [admin] File name: [config.bin] Import the configura[...]

  • Seite 160

    -155- TP-LINK > user get Username: admin Password: admin Query the user name and password of the current Guest. TP-LINK > user set password Enter old password: Enter new password: Confirm new password: Modify the password of the Guest. TP-LINK # user get Username: admin Password: admin Query the user name and password of the Administrator . T[...]

  • Seite 161

    -156- TP-LINK > history 1. history 2. sys show 3. history View the history command. TP-LINK > history clear 1. history 2. sys show 3. history 4. history clear Clear the history command. 5.4.6 exit The exit command is used to exit the syst em when logging in by T elnet. TP-LINK > exit Exit CLI.[...]

  • Seite 162

    -157- Appendix A Hardware S pecifications St andards IEEE 802.3, IEEE 802.3u, IEEE 802.3ab, IEEE 802.3x, TCP/ IP , DHCP , ICMP , NA T 、 PPPoE, SNTP , HTTP , DNS, L2TP , PPTP , IPsec T wo 10/100/1000M Auto-Negotiation W AN RJ45 port (Auto MDI/MDIX) T wo 10/100/1000M Auto-Negotiation LA N RJ45 ports (Auto MDI/MDIX) One 10/100/1000M Auto- Negotiatio[...]

  • Seite 163

    -158- Appendix B F AQ Q1. What can I do if I cannot access the web-based configuration page? 1. For the first login, pl ease try the following steps: 1) Make sure the cable is well connected to t he LAN port of the Router . The corresponding LED should flash or be solid light. 2) Make sure the IP address of your PC is set in the same subnet address[...]

  • Seite 164

    -159- Q3: What can I do if the Router with the re mote management function enabled cannot be accessed by the remote computer? 1. Make sure that the IP address of the remote com puter is in the subnet allowed to remotely access the router . 2. If the router ’s management por t has been modified, please log in to the Router with the new address, su[...]

  • Seite 165

    -160- Appendix C Glossary Glossary Description DSL (Digital Subscriber Line) A technology that allows data to be sent or received over existing traditional phone lines. ALG ( Application Layer Gateway ) Application Level Gateway (A LG) is application specifi c translation agent that allows an application on a host in one address realm to connec[...]

  • Seite 166

    -161- Glossary Description H.323 H.323 allows dissimilar communica tion devices to communicate with each other by using a standardized communication protocol. H.323 defines a comm on set of CODECs, call setup and negotiating procedures, and basic data transport methods. H HTTP ( Hyp ertext T ransfer Protocol ) The protocol used by Web browsers [...]

  • Seite 167

    -162- Glossary Description MAC address ( Media Access Control address ) S tandardized data link layer address that is required for every port or device that connects to a LAN. Other devices in th e network use these addresses to lo cate specific ports in the network and to create and update routing tables and data structures. MAC addresses are [...]

  • Seite 168

    -163- Glossary Description T elnet ( T elecommunication Network protocol ) T elnet is used for remote terminal connection, ena bling users to log in to remote systems and us e resources as if they we re connected to a local system. UDP ( User Datagram Protocol ) UDP is a simple protocol that exchanges datagram without acknowledgments or gua[...]