TP-Link TL-ER6120 Bedienungsanleitung

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169

Zur Seite of

Richtige Gebrauchsanleitung

Die Vorschriften verpflichten den Verkäufer zur Übertragung der Gebrauchsanleitung TP-Link TL-ER6120 an den Erwerber, zusammen mit der Ware. Eine fehlende Anleitung oder falsche Informationen, die dem Verbraucher übertragen werden, bilden eine Grundlage für eine Reklamation aufgrund Unstimmigkeit des Geräts mit dem Vertrag. Rechtsmäßig lässt man das Anfügen einer Gebrauchsanleitung in anderer Form als Papierform zu, was letztens sehr oft genutzt wird, indem man eine grafische oder elektronische Anleitung von TP-Link TL-ER6120, sowie Anleitungsvideos für Nutzer beifügt. Die Bedingung ist, dass ihre Form leserlich und verständlich ist.

Was ist eine Gebrauchsanleitung?

Das Wort kommt vom lateinischen „instructio”, d.h. ordnen. Demnach kann man in der Anleitung TP-Link TL-ER6120 die Beschreibung der Etappen der Vorgehensweisen finden. Das Ziel der Anleitung ist die Belehrung, Vereinfachung des Starts, der Nutzung des Geräts oder auch der Ausführung bestimmter Tätigkeiten. Die Anleitung ist eine Sammlung von Informationen über ein Gegenstand/eine Dienstleistung, ein Hinweis.

Leider widmen nicht viele Nutzer ihre Zeit der Gebrauchsanleitung TP-Link TL-ER6120. Eine gute Gebrauchsanleitung erlaubt nicht nur eine Reihe zusätzlicher Funktionen des gekauften Geräts kennenzulernen, sondern hilft dabei viele Fehler zu vermeiden.

Was sollte also eine ideale Gebrauchsanleitung beinhalten?

Die Gebrauchsanleitung TP-Link TL-ER6120 sollte vor allem folgendes enthalten:
- Informationen über technische Daten des Geräts TP-Link TL-ER6120
- Den Namen des Produzenten und das Produktionsjahr des Geräts TP-Link TL-ER6120
- Grundsätze der Bedienung, Regulierung und Wartung des Geräts TP-Link TL-ER6120
- Sicherheitszeichen und Zertifikate, die die Übereinstimmung mit entsprechenden Normen bestätigen

Warum lesen wir keine Gebrauchsanleitungen?

Der Grund dafür ist die fehlende Zeit und die Sicherheit, was die bestimmten Funktionen der gekauften Geräte angeht. Leider ist das Anschließen und Starten von TP-Link TL-ER6120 zu wenig. Eine Anleitung beinhaltet eine Reihe von Hinweisen bezüglich bestimmter Funktionen, Sicherheitsgrundsätze, Wartungsarten (sogar das, welche Mittel man benutzen sollte), eventueller Fehler von TP-Link TL-ER6120 und Lösungsarten für Probleme, die während der Nutzung auftreten könnten. Immerhin kann man in der Gebrauchsanleitung die Kontaktnummer zum Service TP-Link finden, wenn die vorgeschlagenen Lösungen nicht wirksam sind. Aktuell erfreuen sich Anleitungen in Form von interessanten Animationen oder Videoanleitungen an Popularität, die den Nutzer besser ansprechen als eine Broschüre. Diese Art von Anleitung gibt garantiert, dass der Nutzer sich das ganze Video anschaut, ohne die spezifizierten und komplizierten technischen Beschreibungen von TP-Link TL-ER6120 zu überspringen, wie es bei der Papierform passiert.

Warum sollte man Gebrauchsanleitungen lesen?

In der Gebrauchsanleitung finden wir vor allem die Antwort über den Bau sowie die Möglichkeiten des Geräts TP-Link TL-ER6120, über die Nutzung bestimmter Accessoires und eine Reihe von Informationen, die erlauben, jegliche Funktionen und Bequemlichkeiten zu nutzen.

Nach dem gelungenen Kauf des Geräts, sollte man einige Zeit für das Kennenlernen jedes Teils der Anleitung von TP-Link TL-ER6120 widmen. Aktuell sind sie genau vorbereitet oder übersetzt, damit sie nicht nur verständlich für die Nutzer sind, aber auch ihre grundliegende Hilfs-Informations-Funktion erfüllen.

Inhaltsverzeichnis der Gebrauchsanleitungen

  • Seite 1

    TL-ER6120 Multi-W AN VPN Router Rev: 1.0.0 1910010516[...]

  • Seite 2

    -I- COPYRIGHT & TRADEMARKS Specifications are subjec t to change without notice. is a registered trademark of TP-LINK TECHNOLOGIES CO., L TD. Other brands and product names are trademarks of their respective holders. No part of the specificat ions may be reproduced in any form or by any means or used to make any derivative such as translation, [...]

  • Seite 3

    -II- CONTENTS Package Contents .................................................................................................................. 1 Chapter 1 About this Guide ................................................................................................... 2 1.1 Intended Readers ....................................................[...]

  • Seite 4

    -III- 3.3.3 Session Limit ...........................................................................................................59 3.3.4 Load Balance ...........................................................................................................60 3.3.5 Routing .......................................................................[...]

  • Seite 5

    -IV- 4.2 Network T opology ...............................................................................................................129 4.3 Configurations .................................................................................................................... 129 4.3.1 Internet Setting .............................................[...]

  • Seite 6

    -1- Package Content s The following items should be found in your box: ¾ One TL-ER6120 Router ¾ One power cord ¾ One console cable ¾ One ground cable ¾ Two mounting brackets and other fittings ¾ I nstallation Guide ¾ Resource CD for TL-ER6120 Router , including: • This User Guide • Other Helpful Information Note: Make sure that the packa[...]

  • Seite 7

    -2- Chapter 1 About this Guide This User Guide contains information for se tup and management of TL-E R6120 Router . Please read this guide carefully before operation. 1.1 Intended Readers This Guide is intended for Network Engineer and Network Administrator. 1.2 Conventions In this Guide the following conventions are used: ¾ The Router or TL-ER61[...]

  • Seite 8

    -3- Appendix A Hardwar e S pecifications Lists the hardware specific ations of this Router . Appendix B F AQ Provides the possible solutions to the problems that may occur during the installation and operation of the router . Appendix C Glossary Lists the glossary used in this guide.[...]

  • Seite 9

    -4- Chapter 2 Introduction Thanks for choosing the SafeS tream TM Multi-WAN VPN Router TL-ER6120. 2.1 Overview of the Router The SafeS tream TM Multi-W AN VPN Router TL-ER612 0 fr om TP-LINK po ssesses excellent data processing capability and multiple powerful functions including IPsec/PPTP/L2TP VPN, Load Balance, Access Control, Bandwidth Control,[...]

  • Seite 10

    -5- z Multi-W AN Ports + Providing three adjustable 10/100/1000M W AN/LAN ports for users to configure the amount of W AN ports based on need and connect multiple Internet lines for bandwid th expansion. + Supporting multiple Load Balance modes, including Bandwidth Based Balance Routing, Application Optimized Routing, and Polic y Routing to optimiz[...]

  • Seite 11

    -6- ¾ Supports to change the MAC address of LAN, W AN, DMZ port ¾ Supports Logs, S tatistics, T ime setting ¾ Supports Remote and Web management ¾ Supports Diagnostic (Ping/T r acert) and Online Detection VPN ¾ Supports IPsec VPN and provides up to 100 IPsec VPN tunnels ¾ Supports IPSec VPN in LAN-to-LAN or Client-to-LAN ¾ Provides DES, 3DES[...]

  • Seite 12

    -7- z LEDs LED Status Indication On The Router is powered on PWR Off The Router is powered off or power supply is abnormal Flashing The Router works properly SYS On/Off The Router works improperly On There is a device link ed to the corresponding port Off There is no device linked to the corresponding port Link/Act Flashing The corresponding port i[...]

  • Seite 13

    -8- press and hold the Reset button (about 4~5 seconds). After the SYS LED goes out, release the Reset button. If the SYS LED is flashing with a high frequency about two or th ree seconds, it means the Router is restored successfully. 2.3.2 Rear Panel The rear panel of TL-ER6120 is shown as the following figure. z Power Socket Connect the female co[...]

  • Seite 14

    -9- Chapter 3 Configuration 3.1 Network 3.1.1 S t atus The S tatus page shows the system information, the port connection st atus and other information related to this Router . Choose the menu Network → Stat us to load the following page.[...]

  • Seite 15

    -10- Figure 3-1 S t atus 3.1.2 System Mode The TL-ER6120 Router can work in three modes: NA T , Non-NA T and Classic. If your Router is hosting your loca l network’s connection to the Internet with a network topology as the Figure 3-2 shown, you can set it to NA T mode.[...]

  • Seite 16

    -1 1- Figure 3-2 Network T opology - NA T Mode If your Router is connecting the two networks of di fferent areas in a large network environment with a network topology as the Figure 3-3 shown, and forwards the packets between these two networks by the Routing rules, you can set it to Non-NA T mode. Figure 3-3 Network T opology – Non-NA T Mode If [...]

  • Seite 17

    -12- Figure 3-4 Network T opology – Classic Mode Choose the menu Network → System Mode to load the following page. Figure 3-5 System Mode Y ou can select a System Mode for your R outer according to your network need. z NA T Mode NA T (Network Address T r anslation) mode allows the Router to translate private IP addresses within internal network[...]

  • Seite 18

    -13- In this mode, the Router functi ons as the traditional Gateway and fo rwards the packets via routing protocol. The Hosts in dif ferent subnets can co mm unicate with one another via the routing rules whereas no NA T is employed. For ex ample: If the DMZ port of the Rout er is in WAN mode, the Hosts in the subnet of DMZ port can access the serv[...]

  • Seite 19

    -14- Note: 1) By default, TL-ER6120 is set to work in the mode of dual W AN ports. 2) Any change to the number of W AN port s may lead to a loss of current configurations. Ple ase be sure to backup your configurations in advance. 3) The DMZ port will not be available if four W AN ports are enabled. 3.1.3.2 W AN1 TL-ER6120 provides the following six[...]

  • Seite 20

    -15- The following items are displayed on this screen: ¾ St atic IP Connection T ype: Select S tatic IP if your ISP has assigned a static IP address for your computer . IP Address: Enter the IP address assigned by your ISP . If you are not clear , please consult your ISP . Subnet Mask: Enter the Subnet Mask assigned by your ISP . Default Gateway: [...]

  • Seite 21

    -16- Figure 3-8 W AN – Dynamic IP The following items are displayed on this screen: ¾ Dyn am ic I P Connection T ype: Select Dynamic IP if your ISP assigns the IP address automatically . Click <Obtain> to get the IP address from your ISP’s serv er . Cli ck <Release> to release the current IP address of W AN port. Host Name: Optiona[...]

  • Seite 22

    -17- Get IP Address by Unicast: The broadcast requirement may not be supported by a few ISPs. Select this o pti on if you can not get the IP address from your ISP even with a normal network connection. This option is not required generally . Use the following DNS Server: Select this option to enter the DNS (Domain Name Server) address manually . Pr[...]

  • Seite 23

    -18- IP Address: Displays the IP address a ssigned by your ISP . Subnet Mask: Displays the Subnet Mask assigned by your ISP . Gateway Address: Displays the Gateway Address assigned by your ISP . Primary DNS: Displays the IP address of your ISP’ s Primary DNS. Secondary DNS: Displays the IP address of your ISP’ s Secondary DNS. 3) PPPoE If your [...]

  • Seite 24

    -19- Figure 3-9 W AN - PPPoE The following items are displayed on this screen: ¾ PPPoE Settings Connection T ype: Select PPPoE if your ISP provides xDSL Virtual Dial-up connection. Click <Connect> to dial-up to the Internet and obtain the IP a ddress. Click <Disconnect> to disconnect the Internet connection and release the current IP a[...]

  • Seite 25

    -20- Account Name: Enter the Account Name provided by your ISP . If you are not clear , please consult your ISP . Password: Enter the Password provided by your IS P . Active Mode: Y ou can select the proper Active mode according to your need. z Manual: Select this option to manually activate or terminate the Internet connection by the <Connect&g[...]

  • Seite 26

    -21- connection. Dynamic IP and S tatic IP connection types are provided. Connection T ype: Select the secondary connection type. Options include Disable, Dynamic IP and S tatic IP . IP Address: If S tatic IP is selected, configure the IP address of W AN port. If Dynamic IP is selected, the obtained IP address of W AN port is displayed. Subnet Addr[...]

  • Seite 27

    -22- this problem remains. IP Address: Displays the IP address a ssigned by your ISP . Gateway Address: Displays the Gateway Address assigned by your ISP . Primary DNS: Displays the IP address o f your ISP’s Primary DNS. Secondary DNS: Displays the IP address of your ISP’ s Secondary DNS. 4) L2TP If your ISP (Internet Service Provider) has prov[...]

  • Seite 28

    -23- Figure 3-10 W AN - L2TP The following items are displayed on this screen: ¾ L2TP Settings Connection T ype: Select L2TP if your ISP provides a L2TP connection. Click <Connect> to dial-up to the Internet and obtain the IP address. Click <Disco nnect> to disconnect the Internet connection and release the current IP address. Account [...]

  • Seite 29

    -24- not clear , please consult your ISP . Password: Enter the Password provided by your ISP . Server IP: Enter the Server IP provided by your ISP . MTU: MTU (Maximum T ransmission Unit) is the maximum data unit transmitted by the physical network. It can be set in the range of 576-1460. The def ault MTU is 1460. It is recommended to keep the defau[...]

  • Seite 30

    -25- Primary DNS/Secondary DNS: If S tatic IP is selected, c onfigure the DNS. If Dynamic IP is selected, the obtained DNS is displayed. Up stream Bandwidth: S pecify the bandwidth for transmitting packet s on the port. Downstream Bandwidth: S pecify the b andwidth for receiving p ackets on the port. ¾ L2TP S t atus Statu s: Displays the status of[...]

  • Seite 31

    -26- Figure 3-1 1 W AN - PPTP The following items are displayed on this screen: ¾ PPTP Settings Connection T ype: Select PPTP if your ISP provides a PPTP connection. Click <Connect> to dial-up to the Internet and obtain the IP address. Click <Disco nnect> to disconnect the Internet connection and release the current IP address.[...]

  • Seite 32

    -27- Account Name: Enter the Account Name provided by your ISP . If you are not clear , please consult your ISP . Password: Enter the Password provided by your ISP . Server IP: Enter the Server IP provided by your ISP . MTU: MTU (Maximum T ransmission Unit) is the maximum data unit transmitted by the physical network. It can be set in the range of [...]

  • Seite 33

    -28- displayed. Primary DNS/Secondary DNS: If S tatic IP is selected, c onfigure the DNS. If Dynamic IP is selected, the obtained DNS is displayed. Up stream Bandwidth: Specify the bandwidth for transmitting packet s on the port. Downstream Bandwidth: S pecify the b andwidth for receiving p ackets on the port. ¾ PP TP Statu s Statu s: Displays the[...]

  • Seite 34

    -29- The following items are displayed on this screen: ¾ BigPond Settings Connection T ype: Select BigPond if your ISP provides a Big Pond connection. Click <Connect> to dial-up to the Internet and obtain the IP address. Click <Disconnect> to disconnect the Internet connection and release the current IP address. Account Name: Enter the[...]

  • Seite 35

    -30- Auth Domain: Enter the domain name of authentication server . It's only required when the address of Auth Server is a server name. Auth Mode: Y ou can select the proper Active mode according to your need. z Manual: Select this option to manually activate or terminate the Internet c onnection by the <Connect> or <Disconnect> bu[...]

  • Seite 36

    -31- IP Address: Displays the IP address a ssigned by your ISP . Subnet Mask: Displays the Subnet Mask assigned by your ISP . Default Gateway: Displays the IP address of the default g ateway assigned by your ISP . Note: T o ensure the BigPond connection re-established norma lly , please restart the connection at least 5 seconds after the connection[...]

  • Seite 37

    -32- 3.1.4.2 DHCP The Router with its DHCP (Dynamic Host Configuration Protocol) server enabled can automatically assign an IP address to the computers in the LAN. Choose the menu Network → LAN → DHCP to load the following page. Figure 3-13 DHCP Settings The following items are displayed on this screen: ¾ DHCP Settings DHCP Server: Enable or d[...]

  • Seite 38

    -33- Default Gateway: Optional. Enter the Gateway address to be assigned. It is recommended to enter the IP address of the LAN port of the Router . Default Domain: Optional. Enter the domain name of your network. Primary DNS: Optional. Enter the Primary DNS server address provided by your ISP . It is recommended t o enter the IP address of the LAN [...]

  • Seite 39

    -34- Figure 3-15 DHCP Reservation The following items are displayed on this screen: ¾ DHCP Reservation MAC Address: Enter the MAC address of the computer for which you want to reserve the IP address. IP Address: Enter the reserved IP address. Description: Optional. Enter a description for the entry . Up to 28 characters can be entered. Statu s: Ac[...]

  • Seite 40

    -35- 3.1.5 DMZ DMZ (Demilitarized Zone) is a netwo rk which has fewer default firewa ll restrictions than th e LAN does. TL-ER6120 provides a DMZ port to allow all the loca l hosts connected to this port to be exposed to the Internet for some special-purpose services, such as such as Inter net gaming and video-conferencing. The DMZ physical port ca[...]

  • Seite 41

    -36- Choose the menu Network → DMZ → DMZ to load the following page. Figure 3-18 DMZ The following items are displayed on this screen: ¾ DMZ Statu s: Activate or inactivate this entry . The DMZ port functions as a normal LAN port when it’s disabled. Mode: Select the mode for DMZ por t to control the connection way among DMZ, LAN and Internet[...]

  • Seite 42

    -37- Set the MAC Address for LAN port: In a complex network topology with all the AR P bound devices, if you want to change to use TL-ER6120 instead of the current router in a net work node, you can just set the MAC address of TL-ER6120 ‘s LAN port the same to the MAC address of the previous router , which can avoid all the devices under this net[...]

  • Seite 43

    -38- to apply . Note: T o avoid a conflict of MAC address on the LAN, it’ s not allowed to set the MAC address of the Router ’s LAN port to the MAC address of the current management PC. 3.1.7 Switch Some basic switch port management functions are prov ided by TL-ER6120, wh ich facilitates you to monitor the traffic and manage the network ef fec[...]

  • Seite 44

    -39- Unicast: Displays the number of normal unicast p acket s received or transmitted on the port. Broadcast: Displays the number of normal broadcast packet s received or transmitted on the port. Pause: Displays the number of flow control frames received or transmitted on the port. Multicast: Displays the number of normal multicast packet s receive[...]

  • Seite 45

    -40- Figure 3-21 Port Mirror The following items are displayed on this screen: ¾ General Enable Port Mirror: Check the box to enable t he Port Mirror function. If unchecked, it will be disabled. Mode: Select the mode for the port mirr or function. Options include: z Ingress: When this mode is selected, only the incoming packet s sent by the mirror[...]

  • Seite 46

    -41- The entry in Figure 3-21 indicates: The outgoing packets sent by port 1, port 2, port 3 and port 5 (mirrored ports) will be copied to port 4 (mirroring port). Tips: If both the mirrored port and the mirroring port are the LAN ports, these two L AN ports should be in the same Port VLAN. For example, if port 3 (the mirror ing port) and port 4 (t[...]

  • Seite 47

    -42- Figure 3-22 Rate Control The following items are displayed on this screen: ¾ Rate Control Port: Displays the port number . Ingress Limit: S pecify whether to enable t he Ingress Limit feature. Ingress Mode: Select the Ingress Mode for each port. Options include: z All Frames: Select this option to limit all the frames. z Broadcast&Multica[...]

  • Seite 48

    -43- Figure 3-23 Port Config The following items are displayed on this screen: ¾ Port Config Statu s: S pecify whether to enable the port. The packet s can be transported via this port after being enabled. Flow Control: Allows you to enable/dis able the Flow Control function. Negotiation Mode: Select the Negotiation Mode for the port. All Port s: [...]

  • Seite 49

    -44- 3.1.7.6 Port VLAN A VLAN (Virtual Local Area Network) is a network topology configured accord ing to a logical scheme rather than the physical layout, which allows you to divide the physical LAN into multiple logical LANs so as to control the communication among the ports . The VLAN function can prevent t he broadcast storm in LANs and enhance[...]

  • Seite 50

    -45- 3.2.1 Group On this page you can define the group for management. Choose the menu User Group → Group to load the following page. Figure 3-26 Group Configuration The following items are displayed on this screen: ¾ Group Config Group Name: S pecify a unique name for the group. Description: Give a description for the grou p. It's optional[...]

  • Seite 51

    -46- ¾ User Config User Name: S pecify a unique name for the user . IP Address: Enter the IP Address of the user . It cannot be the network address or broadcast address of the port. Description: Give a description to the user fo r identification. It's optional. ¾ List of User In this table, you can view the information of the Users and edit [...]

  • Seite 52

    -47- Group Structure: Click this button to view the tree struct ure of this group. All the members of this group will be displayed, includi ng Users and sub-Groups. The Group Names are displayed in bold. A vailable Member: Displays the Users and the Groups which can be added into this group. Selected Member: Displays the members of this group, incl[...]

  • Seite 53

    -48- NA T -DMZ: Enable or disable NA T -DMZ. NA T DM Z is a special service of NA T application, which can be considered as a default forwardin g rule. When NA T DMZ ( Pseudo DMZ) is enabled, all the data initiated by external network falling short of the current connections or forwarding rules will be forwarded to the preset NA T DMZ host. Host IP[...]

  • Seite 54

    -49- The first entry in Figure 3-29 indicates: The IP address of host1 in local network is 1.1.1.1 and the W AN IP address after NA T mapping is specified to be 2.2.2.2. The dat a packet s are transmitted from W AN1 port. DMZ Forwarding and this entry are both activated. Note: One-to-One NA T entries t ake effect o nly when the Connection T ype of [...]

  • Seite 55

    -50- The first entry in Figure 3-30 indicates that: This is a Multi-Ne ts NA T entry named tplink1. The subnet under the LAN port of the Router is 192.168.2.0/24 and this ent ry is activated. After the co rresponding S tatic Route entry is set, the hos ts within this subnet can access the Internet through the Router via NA T . Note: ● Multi-Nets [...]

  • Seite 56

    -51- Configuration procedure 1. Establish the Multi-Nets NA T entries with Subnet/Mask of VLAN2 and VLAN3. The configured entries are as follows: 2. Then set the corresponding S tatic Route entry , en ter the IP address of t he interface connecting the Router and the three layer swit ch into the Next Hop field. Choose the menu Advanced → Routi ng[...]

  • Seite 57

    -52- 3.3.1.4 V irtual Server Virtual server can be used for setting up public servic es in your private netw ork, such as DNS, Email and FTP . Virtual server can define a service port. All the service requests to this port will be transmitted to the LAN server appointed by the Router via IP address. Choose the menu Advanced → NA T → Vi rt ual S[...]

  • Seite 58

    -53- Statu s: Activate or inactivate the entry . Note: ● The External port and Internal Port should be set in the range of 1-65535. ● The external ports of different entries should be different, whereas the internal ports can be the same. ¾ List of Rules In this table, you can view the information of the entries and edit them by the Action but[...]

  • Seite 59

    -54- ¾ Port T riggering Name: Enter a name for Port Triggering entri es. Up to 28 characters can be entered. T rigger Port: Enter the trigger port number or range of port numbers. Only when the trigger port initiates connection w ill all the corresponding incoming ports open and provide service for the applications, otherwise the incoming ports wi[...]

  • Seite 60

    -55- Choose the menu Advanced → NA T → ALG to load the following page. Figure 3-33 ALG The following items are displayed on this screen: ¾ ALG FTP ALG: Enable or disable FTP ALG . The default setting is enabled. It is recommended to keep the def ault setting if no special requirement. H.323 ALG: Enable or disable H.323 ALG . The default settin[...]

  • Seite 61

    -56- Figure 3-34 Configuration The following items are displayed on this screen: ¾ General Disable Bandwidth Control: Select this option to disable Bandwidth Control. Enable Bandwidth Control all the time: Select this option to enable Bandwidth Control all the time. Enable Bandwidth Control When: With this option selected, the Bandwidth Control wi[...]

  • Seite 62

    -57- Interface: Displays the current enabled W AN port(s). The T otal bandwidth is equal to the sum of bandwidth of the enabled W AN port s. Up stream Bandwidth: Displays the bandwidth of each W A N port for transmitting dat a. The Upstream Bandwid th of W AN port can be configured on W AN page. Downstream Bandwidth: Displays the bandwidth of each [...]

  • Seite 63

    -58- ¾ Bandwidth Control Rule Direction: Select the data stream direction for the entry . The direction of arrowhead indicates the data stream direction The DMZ port displays in the drop-down list only when the DMZ port is enabled. WAN-ALL means all W AN ports through which the data fl ow might pass. Individual W AN port cannot be selected after W[...]

  • Seite 64

    -59- Note: ● The premise for single r ule t aking effect is that the bandwidth of the interface for this rule is sufficient and not used up. ● It is impossible to satisfy all the guaranteed bandw idth if the tota l guaranteed bandwidth specified by all Bandwidth Control rules for certain in terface exceeds the physical bandwid th of this interf[...]

  • Seite 65

    -60- Enable Session Limit: Check here to enable Session Limit, otherwise all the Session Limit entries will be disabled. ¾ Session Limit Group: Select a group to define the controlled user . Max. Sessions: Enter the max. Sessions for the users. Description: Give a description for the entry . Statu s: Activate or inactivate the entry . ¾ List of S[...]

  • Seite 66

    -61- Figure 3-38 Configuration With the box before Enable Application Optimized Routing checked, the Router will consider the source IP address and destination IP address of the packet s as a whole and record the W AN port they pass through. And then the p acket s with the sa me source IP address and destination IP address or destination port will [...]

  • Seite 67

    -62- The following items are displayed on this screen: ¾ General Protocol: Select the protocol for the entry in the drop-down list. If the protocol you want to set is not in the lis t, you can add it to the list on 3.3.4.4 Protocol page. Source IP: Enter the source IP range for the entry . 0.0.0.0 - 0.0.0.0 means any IP is acceptable. Destination [...]

  • Seite 68

    -63- On this page, you can configur e the Link Backup function based on actual need to reduce the traffic burden of W AN port and improve the network efficie ncy . Choose the menu Advanced → Load Balance → Li nk Backup to load the following p age. Figure 3-40 Link Backup The following items are displayed on this screen: ¾ General W AN Ports: D[...]

  • Seite 69

    -64- Timing: Link Backup will be enabled if the specified effective time is reached. All the traffic on the primary W AN will switch to the backup W AN at the beginning of the effective time; the tr affic on the backup W AN will switch to the primary W AN at the ending of the ef fective time. Failover: S pecify the premise for Failover Mode. The ba[...]

  • Seite 70

    -65- Figure 3-41 Protocol The following items are displayed on this screen: ¾ Protocol Name: Enter a name to indicate a protocol. The name will display in the drop-down list of Protocol on Access Rule page. Number: Enter the Number of the prot ocol in the range of 0-255. ¾ List of Protocol Y ou can view the informati on of the entries and edit t [...]

  • Seite 71

    -66- Choose the menu Advanced → Routi ng → S t atic Route to load the following page. Figure 3-42 Static Route The following items are displayed on this screen: ¾ St atic Route Destination: Enter the destination hos t the route leads to. Subnet Mask: Enter the Subnet Mask of the destination network. Next Hop: Enter the gateway IP address to wh[...]

  • Seite 72

    -67- The first entry in Figure 3-42 indicates: If there are packets being sent to a device with IP address of 172.31.70.28 and subnet mask of 255.255. 255.0, the Router will forward the packets from W AN1 port to the next hop of 1 16.10. 1.254. Application Example There is a network topology as the following figure shown: If the LAN port of TL-ER61[...]

  • Seite 73

    -68- 3.3.5.2 RIP RIP (Routing Information Protocol) is a dynamic route protocol using di stance vector algorithm to select the optimal path. With features of easy configurat ion, management and implementat ion, it is widely used in small and medium-sized networks such as the campus network. The distance of RIP refers to the hop count s that a data [...]

  • Seite 74

    -69- Statu s: Enable or disable RIP protocol. RIP V ersion: Select RIPv1 or RIPv2. RIPv2 s upports multicast and broadcast. Password Authentication: If RIPv2 is enabled, set the Password Au thentication accordi ng to the actual network situation, and the password s hould not be more than 15 characters. All Interfaces: Here you can operate all the i[...]

  • Seite 75

    -70- Destination: The Destination of route entry . Gateway: The Gateway of route entry . Flags: The Flags of route entry . The Flags describe certain characteristics of the route. Logical Interface: The logical interface of route entry . Physical Interface: The physical interface of route entry . Metric The Metric of route entry . 3.4 Firewall 3.4.[...]

  • Seite 76

    -71- Figure 3-45 IP-MAC Binding The following items are displayed on this screen: ¾ General It is recommended to check all the options. Y ou s hould import the IP and MAC address of the host to List of IP-MAC Binding and enable the correspo nding entry before e nabling “Permit the packet s matching the IP-MAC Binding entries only”. When suffer[...]

  • Seite 77

    -72- ¾ List of Rules Y ou can view the informati on of the entries and edit t hem by the Action buttons. The first entry in Figure 3-45 indicates: The IP address of 192.168.1.101 and MAC address of 00-19-66-83-53-CF have been bound and this entry is activated. Note: If all the entries in the binding list are disabled and “Permit the packets of I[...]

  • Seite 78

    -73- Indicates that the IP and MAC address of this entr y is already bound. T o bind the entries in the list, check these entri es and click the <Import> button, then the settings will take ef fect if the entries do not c onflict with the existed entries. Note: If the local hosts suffered from ARP attack, you cannot add IP-MAC Binding entries[...]

  • Seite 79

    -74- Figure 3-48 Attack Defense The following items are displayed on this screen: ¾ General Flood Defense: Flood attack is a kind of commonly used DoS (Denial of Service), which including TCP SYN, UDP , ICMP and so on. It is recommended to check all the Fl ood Defense options and specify the corresponding thresholds. Keep the default settings if y[...]

  • Seite 80

    -75- not sure. Packet Anomaly Defense: Packet Anomaly refers to the abnormal p ackets. It is recommended to select all the Packet Anomaly Defense options. Enable Att ack Defense Logs: With this box checked, the Rout er will record the defense logs. 3.4.3 MAC Filtering On this page, you can control the access to the Internet of local host by specify[...]

  • Seite 81

    -76- Description: Give a description for the entry . ¾ List of Rules Y ou can view the informati on of the entries and edit t hem by the Action buttons. 3.4.4 Access Control 3.4.4.1 URL Filtering URL (Uniform Resource Locator) specifies wher e an identified resource is available and the mechanism for retrieving it. URL Filt er functions to filter [...]

  • Seite 82

    -77- ¾ URL Filtering Rule Object: Select the range in which the URL Filtering t akes ef fect: z ANY : URL Filtering will take effect to all the users. z Group: URL Filtering will t ake effect to all the users in group. Mode: Select the mode for URL Filtering. “Keyword’’ indicates that all the URL addresses including the specif ied keywords w[...]

  • Seite 83

    -78- 3.4.4.2 Web Filtering On this page, you can filter the desired web components. Choose the menu Firewall → Access Control → Web Filtering to load the following p age. Figure 3-51 Web Filtering Check the box before Enable Web Filt ering and select the web components to be filtered. 3.4.4.3 Access Rules Choose the menu Firewall → Access Con[...]

  • Seite 84

    -79- Figure 3-52 Access Rule The following items are displayed on this screen: ¾ Access Rules Policy: Select a policy for the entry: y Block: When this option is selected, the packe ts obeyed the rule will not be allowed to pass through the Router . y Allow: When this option is selected, the packet s obeyed the rule will be allowed to pass through[...]

  • Seite 85

    -80- DMZ refers to all the W AN, LAN or DMZ interface s. Source: Select the Source IP Range for the entries, including the following three ways: y IP/MASK: Enter an IP a ddress or subnet mask. (" 0.0.0.0/32" means any IP). y Group: Select a predefined group of users. Y ou can set the group on 3.2.1 Group . y ANY : means for any users. Des[...]

  • Seite 86

    -81- ¾ List of Rules Y ou can view the information of the entries and ed it them by the Action butt ons. The smaller the value is, the higher the priority is. The first entry in Figure 3-52 indicates: The TELNET p acket s transmitted from the hosts within the network of 192.168.0.0/24 will be not allowed to pass through the Router at 8:00-20:00 fr[...]

  • Seite 87

    -82- The following items are displayed on this screen: ¾ Service Name: Enter a name for the service. T he name should not be more than 28 characters. The name will display in the drop-down list of Protocol on Access Rule page. Protocol: Select the protocol for the servic e. The system predefined protocols include TCP , UDP and TCP/UDP . Dest. Port[...]

  • Seite 88

    -83- Figure 3-54 Application Rules The following items are displayed on this screen: ¾ General Check the box before Enable Application Control to make the Applicat ion Control function take ef fect. The specified applic ation used by the specified loca l users will be not allowed to access the Internet if the App lication Control entry is enabled.[...]

  • Seite 89

    -84- Effective Time: S pecify the time for the entry to take ef fect. Description: Give a description for the entry . Statu s: Activate or inactivate the entry . ¾ List of Rules Y ou can view the informati on of the entries and edit t hem by the Action buttons. The first entry in Figure 3-54 indicates: The group1 is applied with Application Rules.[...]

  • Seite 90

    -85- technology is developed and used to establish the private network through the public network, which can guarantee a secured data exchange. VPN adopts the tunneling technology to establish a private connection between tw o endpoints. It is a connection secured by encrypting the data and using point -to-point authenticat ion. The following diagr[...]

  • Seite 91

    -86- Figure 3-57 IKE Policy The following items are displayed on this screen: ¾ IKE Policy Policy Name: S pecify a unique name to the IKE policy for ident ification and management purposes. The IKE policy can be applied to IPsec policy . Exchange Mode: Select the IKE Exchange Mode in phase 1, and ensure the remote VPN peer uses the same mode. z Ma[...]

  • Seite 92

    -87- scenarios with lower requirem ent for identity protection. Local ID T ype: Select the local ID type for I KE negotiation. IP Address: uses an IP address as the ID in IKE negotiation. FQDN: uses a name as the ID. Local ID: The local WAN IP will be inputted automatically if IP Address type is selected. If Name type is selected, enter a name for [...]

  • Seite 93

    -88- Figure 3-58 IKE Proposal The following items are displayed on this screen: ¾ IKE Proposal Proposal Name: S pecify a unique name to the IK E proposal for identification and management purposes. The IKE proposal can be applied to IPsec proposal. Authentication: Select the authentication algor ithm for IKE negotiation. Options include: z MD5: MD[...]

  • Seite 94

    -89- z AES192: Uses the AES algorit hm and 192-bit key for encryption. z AES256: Uses the AES algorit hm and 256-bit key for encryption. DH Group: Select the DH (Dif fie-Hellman) group to be used in key negotiation phase 1. The DH Grou p sets the strength of the algorithm in bits. Options include DH1, DH2 and DH5. z DH1: 768 bits z DH2: 1024 bits z[...]

  • Seite 95

    -90- Figure 3-59 IPsec Policy The following items are displayed on this screen: ¾ General Y ou can enable/disable IPsec func tion for the Router here. ¾ IPsec Policy Policy Name: S pecify a unique name to the IPsec policy . Up to 28 characters can be entered. Mode: Select the network mode for IP sec policy . Options include: z LAN-to-LAN: Select [...]

  • Seite 96

    -91- host. Local Subnet: Specify IP address range on your local LAN to identify which PCs on your LAN are covered by this policy . It's formed by IP address and subnet mask. Remote Subnet: S pecify IP address range on your remote network to identify which PCs on the remote network are covered by this policy . It's formed by IP address and[...]

  • Seite 97

    -92- Phase1 is de-encrypted. Without PFS, the key in Phase2 is created based on the key in Phase1 and thus once the key in Phase1 is de-encrypted, the key in Phase2 is easy to be de-encrypted, in this case, the communication secrecy is threatened. SA Lifetime: S pecify IPsec SA Lifetime for IKE mode. Statu s: Activate or inactiva te the entry . z M[...]

  • Seite 98

    -93- Outgoing SPI: S pecify the Outgoing SPI (S ecurity Parameter Index) manually . The Outgoin g SPI here must match the Incoming SPI value at the ot her end of the tunnel, and vice versa. AH Authentication Key-Out: S pecify the outbound AH Aut hentication Key manually if AH protocol is used in t he corresponding IPsec Proposal. The outbound key h[...]

  • Seite 99

    -94- Figure 3-60 IPsec Proposal The following items are displayed on this screen: ¾ IPsec Proposal Proposal Name: S pecify a unique name to the IPsec Proposal for identification and management purposes. The IPsec proposal can be applied to IPsec policy . Security Protocol: Select the security protocol to be used. Options include: z AH: AH (Authent[...]

  • Seite 100

    -95- for ESP authentication. Options include: z MD5: MD5 (Message Digest Algorithm) t akes a message of arbitrary length and generates a 128-bit message digest. z SHA: SHA (Secure Has h Algorithm) takes a me ssage less than the 64th power of 2 in bits and generates a 160-bit message digest. ESP Encry ption: Select the algorithm used to encrypt the [...]

  • Seite 101

    -96- and the default gateway of remote peer are 172.30 .70.151 and 172.30.70.161 res pectively . Security protocol and other parameters for IPsec tunnel and the remote router shoul d be configured the same. As Security Association is unidirectional, an ingoi ng SA and an outgoing SA are created to protect data flows for each tunnel after IPsec tunn[...]

  • Seite 102

    -97- Figure 3-62 L2TP/PPTP T unnel The following items are displayed on this screen: ¾ General Enable VPN-to-Internet: S pecify whether to enable VPN -to-Internet function. If enabled, the VPN client is permitted to access the LAN of the server and Internet. Hello Interval: Specify the interval to send hello p acket s. ¾ L2TP/PPTP T unnel Protoco[...]

  • Seite 103

    -98- tunnel. z Server: In this mode, t he Router responds the request from the remote client for establishing a tunnel. Account Name: Enter the account name of L2TP/PPTP tunnel. It should be configured identically on server and client. Password: Enter the password of L2TP/PPTP tunnel. It should be configured identically on server and client. T unne[...]

  • Seite 104

    -99- IP Pool: Select the IP Pool Name to specify the address range for the server's IP assignment. This it em is available for Server mode. Remote Subnet: Enter the IP address range of your remote network. (It's always the IP address range of LAN on the remote peer of VPN tunnel.) It’s the combination of IP address and subnet mask. Stat[...]

  • Seite 105

    -100- IP Address Range: S pecify the st art and the end IP address for IP Pool. The start IP address should not exceed the end address and the IP ranges must not o verlap. ¾ List of IP Po ol In this table, you can view the information of IP Pools and edit them by the action buttons. 3.5.3.3 List of L2TP/PPTP T unnel This page displays the informat[...]

  • Seite 106

    -101- 3.6.1.1 General On this page, you can conf igure PPPoE function globally . Choose the menu Services → PPPoE Server → General to load the following page. Figure 3-65 General The following items are displayed on this screen: ¾ General PPPoE Server: Specify whether to enable t he PPPoE Server function. Dial-up Access Onl y : S pecify whethe[...]

  • Seite 107

    -102- Idle Timeou t: Enter the maximum idle time. The session will be terminated after it has been inactive for this specified period. It can be 0-10080 minutes. If you want your Internet connection to remain on at all times, enter 0 in the Idle T imeout field. The default value is 30. Authentication: Select the Authentication type. It can be Local[...]

  • Seite 108

    -103- Figure 3-66 IP Address Pool The following items are displayed on this screen: ¾ IP Address Pool Pool Name: S pecify a unique name to the IP A ddress Pool for identification and management purposes. IP Address Range: Specify the start and the end IP address for IP Pool. The start IP address should not exceed the end address and the IP address[...]

  • Seite 109

    -104- Figure 3-67 Account The following items are displayed on this screen: ¾ Account Account Name: Enter the account name. This name should not be the same with the one in L2TP/PPTP connection settings. Password: Enter the password. IP Address Assigned Mode: Select the IP Address Assigned Mode for IP assignment. z S tatic: Select this option to a[...]

  • Seite 110

    -105- Statu s: Activate or inactivate the entry . MAC Binding: Select a MAC Binding type from t he pull-down list. Options include: z Disable: Select this option to disable the MAC Binding function. z Manual: Select this option to bind the account to a MAC address manually. Only from the Host with this MAC address can the account log on to the serv[...]

  • Seite 111

    -106- IP Address Range: Specify the st art and the end IP address to make an exceptional IP address range. This range should be in the sa me IP range with LAN port or DMZ port of the Router . The start IP addr ess should not exceed the end address and the IP address ranges must not overlap. Description: Give a description to the exceptional IP addr[...]

  • Seite 112

    -107- Figure 3-70 E-Bulletin The following items are displayed on this screen: ¾ General Enable E-Bulletin: S pecify whether to enable el ectronic bulletin function. Interval: S pecify the interval to release the bulletin. Enable Logs: S pecify whether to log the E-Bulletin. ¾ E-Bulletin Tit le : Enter a title for the bulletin.[...]

  • Seite 113

    -108- Content: Enter the content of the bulletin. Object: Select the object of this bulletin. Options include: z ANY: The bulletin will be released to all the users and the PCs on the LAN. z Group: The bulletin will be released to the users in the selected group. You can click < > button to add a group to the selected group and click < >[...]

  • Seite 114

    -109- DNS database. Therefore, the users can use the same domain name to ac cess the DDNS client even if the IP address of the DDNS cli ent has changed. DDNS is usually us ed for the Internet users to access the private website and FTP server , both of which are established based on W eb server . The Router , as a DDNS client, cannot provide DDN S [...]

  • Seite 115

    -1 10 - DDNS St atus: Displays the current status of DDNS service z Offline: DDNS service is disabled. z Connecting: client is connecting to the server . z Online: DDNS works normally . z Authorization fails: The Account Name or Password is incorrect. Please check and enter it again. ¾ List of DynDNS Account In this table, you can view the existin[...]

  • Seite 116

    - 111 - DDNS St atus: Displays the current status of DDNS service z Offline: DDNS service is disabled. z Connecting: client is connecting to the server . z Online: DDNS works normally . z Authorization fails: The Account Name or Password is incorrect. Please check and enter it again. ¾ List of No-IP Account In this table, you can view the existing[...]

  • Seite 117

    -1 12 - DDNS St atus: Displays the current status of DDNS service z Offline: DDNS service is disabled. z Connecting: client is connecting to the server . z Online: DDNS works normally . z Authorization fails: The Account Name or Password is incorrect. Please check and enter it again. Domain Name: Displays the domain names obtained fr om the DDNS se[...]

  • Seite 118

    -1 13 - Domain Name 1: Enter the Domain Name that you registered with your DDNS service provider . Domain Name 2: Optional. Enter the Domain Name that you registered with your DDNS service provider . Domain Name 3: Optional. Enter the Domain Name that you registered with your DDNS service provider . Domain Name 4 Optional. Enter the Domain Name tha[...]

  • Seite 119

    -1 14 - Figure 3-75 UPnP The following items are displayed on this screen: ¾ General UPnP Funct ion: Enable or disable the UPnP function globally . ¾ List of UPnP Mappin g After UPnP is enabled, all UPnP connection rules will be displayed in the list of UPnP Mapping. Up to 64 UPnP service connections are supported in TL-ER6120. The NO.1 entry in [...]

  • Seite 120

    -1 15 - Figure 3-76 Password The following items are displayed on this screen: ¾ Administrator Current User Name: Enter the current user name of the Router . Current Password: Enter the current password of the Router . New User Name: Enter a new user name for the Router . New Password: Enter a new password for the Router . Confirm New Password: Re[...]

  • Seite 121

    -1 16 - ¾ General Web Management Port: Enter the Web Management Port for the Router . T elnet Management Port: Enter the T elnet Management Port for the Router . Web Idle T imeout: Enter a timeout period that the Router will log you out of the Web-based Utility af ter a specified period ( Web Idle Timeout ) of i nactivity . T elnet Idle Timeout: E[...]

  • Seite 122

    -1 17 - 3.7.1.3 Remote Management On this page you can configure the Remote Managem ent function. This featur e allows managing your Router from a remote location via the Internet. Choose the menu Maintenance → Setup → Remote Management to load the following page. Figure 3-78 Remote Management The following items are displayed on this screen: ?[...]

  • Seite 123

    -1 18 - 3.7.2.2 Export and Import Choose the menu Maintenance → Management → Export and Import to load the following page. Figure 3-80 Export and Import The following items are displayed on this screen: ¾ Configuration V ersion Displays the current Configur ation version of the Router . ¾ Export Click the <Export> button to save the cur[...]

  • Seite 124

    -1 19 - Figure 3-81 Reboot Click the <Reboot> button to reboot the Router . The configuration will not be lost after rebooting. The Internet connection will be temporarily interrupted while rebooting. Note: T o avoid damage, please don't turn off the device while rebooting. 3.7.2.4 Firmware Upgrade Choose the menu Maintenance → Managem[...]

  • Seite 125

    -120- Figure 3-83 License 3.7.4 S t atistics 3.7.4.1 Interface T raffic St atistics Interface T raf fic S tatistics screen displays the det ailed traf fic information of each port and extra information of W AN ports. Choose the menu Maintenance → St atistics → Interface T raffic Statistics to load the following p age. Figure 3-84 Interface T ra[...]

  • Seite 126

    -121- Rate Rx : Displays the rate for receiving data frames. Rate Tx: Displays the rate for transmitting data frames. Packets Rx: Displays the number of packet s received on the interface. Packets Tx: Displays the number of packets transmitted on the interface. Bytes Rx: Displays the bytes of packet s received on the interface. Bytes Tx: Displays[...]

  • Seite 127

    -122- Direction: Select the direction in the drop-down list to get the Flow S tatistics o f the specified direction. ¾ IP T raffic St atistics This table displays the det ailed traf fic information of corresponding PCs. Sorted by: Select the rule for displayi ng the traffic information. 3.7.5 Diagnostics 3.7.5.1 Diagnostics This Router provides Pi[...]

  • Seite 128

    -123- Figure 3-86 Diagnostics The following items are displayed on this screen: ¾ Ping Destination IP/Domain: Enter destination IP address or Domain name here. Then select a port for testing, if you select “A uto”, the Router will select the interface of destination automatically . After clickin g <S tart> button, the Router will send Pi[...]

  • Seite 129

    -124- ¾ T racer t Destination IP/Domain: Enter destin ation IP address or Domain name here. Then select a port for testing, if Auto is selected, the Router will select the interface of destination automatically . After clicking the <S t art> button, the Router will send T racert pa ckets to test the connectivity of the gateways during the jo[...]

  • Seite 130

    -125- DNS Lookup: Enter the IP address of DNS server in Manual mode. 0.0.0.0 means DNS Lookup is disabled. ¾ List of W AN status Port: Displays the detected W AN port. Detection: Displays whether the Online Detection is enabled. W AN St atus: Display the detecting results. 3.7.6 Ti me System T ime is the time displayed while the Rout er is running[...]

  • Seite 131

    -126- Get GMT : When this option is selected, you can configure the time zone and the IP Address for the NTP Server . T he Router will get GMT automatically if it has connected to a NTP Server . z T ime Zone: Select your local time. z Primary/Secondary NTP Server: Enter the IP Address for the NTP Server . Manual: With this option selected, you can [...]

  • Seite 132

    -127- Send System Logs: Select Send System Logs and specif y the server IP , then the new added logs will be sent to the specified server . The Logs of switch are classified into the following eight levels. Severity Level Description emergencies 0 The system is unusable. alerts 1 Action must be taken imme diately . critical 2 Critical conditions er[...]

  • Seite 133

    -128- Chapter 4 Application 4.1 Network Requirement s The company has established the server farms in the headquarters to provide the Web, Mail and FTP services for all the staf f in the headquarters an d the branch offices, and to transmit the commercial confidential data to it s p artners. The dedicated line access service wa s used by this comp [...]

  • Seite 134

    -129- 4.2 Network T opology 4.3 Configurations Y ou can configure the Router via th e PC connected to the LAN port of this Router . T o log in to the Router , the IP address of your PC should be in the same subnet of the LAN por t of this Router . (The default subnet of LAN port is 192.168.0.0/24.). The IP ad dress of your PC can be obtained automa[...]

  • Seite 135

    -130- 4.3.1.1 System Mode Set the system mode of the Router to the NA T mode. Choose the menu Netw ork → System Mode to load the following p age. Select the NA T mode and the <Save> button to apply . Figure 4-1 System Mode 4.3.1.2 W AN Mode Set the Router to work in the mode of dual W AN ports. Choose the menu Network → WA N → W AN Mode[...]

  • Seite 136

    -131- Figure 4-3 W AN – S tatic IP 4.3.1.4 Link Backup Set the connection of W AN1 as t he primary link, th e connection of W AN 2 as the secondary link. Choose the menu Advanced → Load Balance → Link Backup to load the configuration page. Select WA N 1 a s Primary W AN , W AN2 as B ackup W AN , select the Failover mode as Figure 4-4 shown, a[...]

  • Seite 137

    -132- 4.3.2 VPN Setting T o enable the hosts in the remote branch of fice (W AN: 1 16.31.85.133, LAN: 172.31.10.1) to access the servers in the headquarters, you can create the VPN tunnel via the TP-LINK VPN routers between t he headquarters and the remote branch office to guar antee a secured communication. The following takes IPsec settings of th[...]

  • Seite 138

    -133- Policy Name: IKE_1 Exchange Mode: Main IKE Proposal: proposal_I KE_1 (you just created) Pre-shared Key: aabbccddee SA Lifetime: 3600 DPD: Enable DPD Interval: 10 Click the <Add> button to apply . Figure 4-7 IKE Policy Tips: For the VPN Router in the remote branch office, t he IKE settings should be the same as the Router in[...]

  • Seite 139

    -134- the headquarters. 2) IPsec Setting T o configure the IPsec function, you sh ould create an IPsec Proposal firstly . z IPsec Proposal Choose the menu VPN → IPsec → IPsec Proposal to load the following page. Settings: Proposal Name: proposal_IPsec_1 Security Protocol: ESP ESP Authentication: MD5 ESP Encryption: 3DES Click the <Save> b[...]

  • Seite 140

    -135- WA N : WA N1 Remote Gateway: 1 16.31.85.133 Exchange Mode IKE IKE Policy: IKE_1 IPsec Proposal: proposal_IPs ec_1 (you just created) PFS: DH1 SA Lifetime: 3600 Click the <Add> button to add the new entry to the list and click the <Save> button to apply . Figure 4-9 IPsec Policy Tips: For the VPN Router in the remote branch office,[...]

  • Seite 141

    -136- After the IPsec VPN tunnel of the two peers is est ablished successfully , y ou can view the connection information on the VPN → IPsec → IPsec SA page. Figure 4-10 List of IPsec SA 4.3.2.2 PPTP VPN Setting z IP Address Pool Choose the menu VPN → L2TP/PPTP → IP Address Pool to load the following p age. Enter the Pool Name and the IP Ad[...]

  • Seite 142

    -137- T unnel: Client-to-LAN IP Pool: PPTP_Dialup_User (you just created) Click the <Save> button to apply . 4.3.3 Network Management T o manage the enterprise network ef fectively and forbid the Hosts within the IP range of 192.168.0.30-192.168.0.50 to use IM/P2P application, you can set up a User Group an d specify the network bandwidth lim[...]

  • Seite 143

    -138- Figure 4-1 1 Group Config z User Choose the menu User Group → User to load the configuration page. Click the <Batch> button to enter the batch processing screen. Th en continue with the following settings: Settings: Action: Add S tart IP Address: 192.168.0.30 End IP Address: 192.168.0.50 Prefix Username: User S tart No.: 1 S tep: 1 Cl[...]

  • Seite 144

    -139- 4.3.3.2 App Control Choose the menu Firewall → App Control → Control Rules to load the configuration page. Check the box before Enable Application Control and click <Save> to apply . T hen continue with the following settings: Settings: Object: Group Group: group1 Application: Click the <Application List> button and select the[...]

  • Seite 145

    -140- Figure 4-14 Bandwidth Setup 2) Interface Bandw id th Choose the menu Network → WA N → WA N 1 to load the configurat ion page. Configure the Up stream Bandwidth and Do wnstream Bandw id th of the interface as Figur e 4-15 shows. The entered bandwidth value should be c onsistent with the ac tual bandwidth value. 3) Bandwidth Control Rule Ch[...]

  • Seite 146

    -141- Figure 4-16 Bandwidth Control Rule 4.3.3.4 Session Limit Choose the menu Advanced → Session Limit → Session Limit to load the confi guration page. Check the box before Enable Session Limit and click the <Save> button to apply . Then continue with the following settings: Settings: Group: group1 Max. Sessions: 250 S tatus: Activate Cl[...]

  • Seite 147

    -142- 4.3.4.1 LAN ARP Defense Y ou can configure IP-MAC Binding m anually or by ARP Scanning. For the first time configuration, please bind most of the ARP information by AR P Scanning. For some spec ial items not bound, you can bind them manually . 1) Scan and import the entries to ARP List S pecify ARP Scanning range. Choose the menu Firewall →[...]

  • Seite 148

    -143- Choose the menu Firewall → Anti ARP Spoofin g → IP-MAC Binding to load the configuration page. T o add the host with IP address of 192.168.1.20 a nd MAC address of 00-1 1-22-33- 44-aa to the list, you can follow the settings below: Settings: IP Address: 192.168.0.20 MAC Address: 00-1 1-22-33-44-aa S tatus: Activate Click the <Add> b[...]

  • Seite 149

    -144- 4.3.4.3 Att ack Defense Choose the menu Firewall → Att ack Defense → Att ack De fense to load the configuration p age. Select the options desired to be enabled as Figure 4-21 shows, and then click the <Save> button. Figure 4-22 Att ack Defense 4.3.4.4 T raffic Monitoring 1) Port Mirror Choose the menu Network → Sw itch → Port Mi[...]

  • Seite 150

    -145- Figure 4-23 Port Mirror 2) St atistics Choose the menu Maintenance → St atistics to load the page. Load the Interface T raffic S t atistics p age to view the traffic st atistics of each physical interface of the Router as Figure 4-23 shows. Figure 4-24 Interface T raf fic S tatistics Load the IP T raffic St atistics p age, and Check the box[...]

  • Seite 151

    -146- Figure 4-25 IP T raf fic S tatistics After all the above step s, the enterpris e network will be operated based on planning.[...]

  • Seite 152

    -147- Chapter 5 CLI TL-ER6120 provides a Console po rt for CLI (Comm and Line Interface) confi guration, which enables you to configure the Router by accessing the CLI from c onsole (such as Hyper T ermi nal) or T elnet. The following part will introduce the step s to a ccess CLI via Hyper T erminal and some common CLI commands. 5.1 Configuration T[...]

  • Seite 153

    -148- Figure 5-2 Connection Description 4. Select the port (The default port is COM1) to connect in Figure 5-3 , and click OK . Figure 5-3 Select the port to connect 5. Configure the port selected in the ste p above as the following Figure 5-4 shows. Configure Bit s per second as 1 15200, Data bit s as 8, Parity as None, Stop bit s as 1, Flow contr[...]

  • Seite 154

    -149- Figure 5-4 Port Settings 6. Choose File → Properties → Settings on the Hyper T erminal windo w as Figure 5-5 shows, then choose VT100 or Auto detect for Emulation and click OK . Figure 5-5 Connection Properties Settings[...]

  • Seite 155

    -150- 7. The DOS prompting “TP-LINK>” will appea r after pressing the Enter button in the Hyper T erminal window as Figure 5-6 shows. Figure 5-6 Log in the Router 5.2 Interface Mode The CLI of TL-ER6120 offers two command mode s: User EXEC Mode and Privileged EXEC Mode. User EXEC Mode only allows users to do some si mple operations such as v[...]

  • Seite 156

    -151- port). Use the enable command to access Privileged EXEC mode. Privileged EXEC Mode Use the enable command to enter this mode from User EXEC mode, the original password is admin . TP-LINK # Use the exit command to disconnect the switch (except that the switch is connected through the Console port). Enter the disable command to return to User E[...]

  • Seite 157

    -152- ip - Display or Set the IP configuration ip-mac - Display or Set the IP mac bind configuration sys - System manager user - User configuration 2) T ype a command and a question mark separated by space. If there are keywords in this command, all the keywords and their brief descrip tions will display . For exam ple: TP-LINK > ip ← Press S [...]

  • Seite 158

    -153- 5.4.1 ip The ip command is used to view or configure the IP address and subnet mask of the interfaces. View command can be used in both User EXEC Mode and Privileged EXEC Mode while configuration function can be only used in Privileged EXEC Mode. TP-LINK > ip get lan Lan Ip: 192.168.0.1 Lan Mask: 255.255.255.0 Get the configuration informa[...]

  • Seite 159

    -154- TP-LINK # sys reboot This command will reboot system, Continue?[Y/N] Reboot the system. Y me ans YES, N means NO. TP-LINK # sys restore This command will restore system, Continue?[Y/N] Restore to factory default. Y means YES, N means NO. TP-LINK # sys export config Server address: [192.168.1.101]192.168.1.100 Username: [admin]ftp Password: [a[...]

  • Seite 160

    -155- TP-LINK # sys import config Server address: [192.168.1.101] Username: [admin] Password: [admin] File name: [config.bin] Import the configuration file. The steps are as the above item shown. Try to get the configuration file < config.bin > ... Get configuration file < config bin > succeed, file size is 7104 bytes. TP-LINK > sys [...]

  • Seite 161

    -156- TP-LINK > user set password Enter old password: Enter new password: Confirm new password: Modify the password of the Guest. TP-LINK # user get Username: admin Password: admin Query the user name and password of the Administrator . TP-LINK # user set password Enter old password: Enter new password: Confirm new password: Modify the password [...]

  • Seite 162

    -157- TP-LINK > history 1. history 2. sys show 3. history View the history command. TP-LINK > history clear 1. history 2. sys show 3. history 4. history clear Clear the history command. 5.4.6 exit The exit command is used to exit the system only when logging in by T elnet. TP-LINK > exit Exit CLI.[...]

  • Seite 163

    -158- Appendix A Hardware S pecifications St andards IEEE 802.3 、 IEEE 802.3u 、 IEEE 802.3x 、 TCP/ IP 、 DHCP 、 ICMP 、 NA T 、 PPPoE 、 SNTP 、 HTTP 、 DNS 、 L2TP 、 PPTP 、 IPsec One 10/100/1000M Auto- Negotiation W AN RJ45 port (Auto MDI/MDIX) Three adjustable 10/100/1000M Auto-N egotiation W AN/LAN RJ45 ports (Auto MDI/MDIX) O[...]

  • Seite 164

    -159- Appendix B F AQ Q1. What can I do if I cannot access the web-based configuration page? 1. For the first login, pl ease try the following steps: 1) Make sure the cable is well connected to t he LAN port of the Router . The corresponding LED should flash or be solid light. 2) Make sure the IP address of your PC is set in the same subnet address[...]

  • Seite 165

    -160- Q3: What can I do if the Router with the re mote management function enabled cannot be accessed by the remote computer? 1. Make sure that the IP address of the remote com puter is in the subnet allowed to remotely access the router . 2. If the router ’s management por t has been modified, please log in to the Router with the new address, su[...]

  • Seite 166

    -161- Appendix C Glossary Glossary Description DSL (Digital Subscriber Line) A technology that allows data to be sent or received over existing traditional phone lines. ALG ( Application Layer Gateway ) Application Level Gateway (A LG) is application specifi c translation agent that allows an application on a host in one address realm to connec[...]

  • Seite 167

    -162- Glossary Description H.323 H.323 allows dissimilar communica tion devices to communicate with each other by using a standardized communication protocol. H.323 defines a comm on set of CODECs, call setup and negotiating procedures, and basic data transport methods. H HTTP ( Hypertext Transfer Protocol ) The protocol used by Web browsers an[...]

  • Seite 168

    -163- Glossary Description structures. MAC addresses are 6 bytes long and are controlled by the IEEE. MTU ( Maximum T ransmission Unit ) The size in bytes of the larges t packet that can be transmitted. NA T ( Network Address T ranslator ) Mechanism for reducing the need for globally unique IP addresses. NA T allows an organization with add[...]

  • Seite 169

    -164- Glossary Description Protocol ) processing and retransmission be handled by other protocols. UPnP ( Universal Plug and Play ) UPnP is a set of networking prot ocols for primarily residential networks without enterprise cl ass devices that permits networked devices. URL ( Uniform Resource Locator ) URL describes the acce ss method an[...]