TP-Link TL-ER6020 TL-ER6020 v1 User Guide

TP-Link TL-ER6020 Manual

Get TP-Link TL-ER6020 PDF manuals and user guides View all TP-Link TL-ER6020 manuals
Add to My Manuals
Save this manual to your list of manuals

TP-Link TL-ER6020 manual content summary:

  • TP-Link TL-ER6020 | TL-ER6020 v1 User Guide - Page 1
    TL-ER6020 SafeStreamTM Gigabit Dual-WAN VPN Router Rev: 1.0.0 1910010695
  • TP-Link TL-ER6020 | TL-ER6020 v1 User Guide - Page 2
    TP-LINK TECHNOLOGIES CO., LTD. Copyright © 2012 TP-LINK TECHNOLOGIES CO., LTD. All rights reserved. http://www.tp-link.com FCC STATEMENT This equipment has been tested if not installed and used in accordance with the instruction manual, may cause harmful interference to radio communications.
  • TP-Link TL-ER6020 | TL-ER6020 v1 User Guide - Page 3
    Readers ...2 1.2 Conventions ...2 1.3 Overview of this Guide ...2 Chapter 2 Introduction ...4 2.1 Overview of the Router ...4 2.2 Features...5 2.3 Appearance...6 2.3.1 Front Panel ...6 2.3.2 Rear Panel...8 Chapter 3 Configuration ...9 3.1 Network...9 3.1.1 Status...9 3.1.2 System Mode...9 3.1.3 WAN
  • TP-Link TL-ER6020 | TL-ER6020 v1 User Guide - Page 4
    App Control...81 3.5 VPN...83 3.5.1 IKE...83 3.5.2 IPsec...87 3.5.3 L2TP/PPTP...94 3.6 Services ...98 3.6.1 PPPoE Server...98 3.6.2 E-Bulletin ...104 3.6.3 Dynamic DNS ...106 3.6.4 UPnP ...112 3.7 Maintenance ...113 3.7.1 Admin Setup
  • TP-Link TL-ER6020 | TL-ER6020 v1 User Guide - Page 5
    4.2 Network Topology...128 4.3 Configurations...128 4.3.1 Internet Setting ...128 4.3.2 VPN Setting ...130 4.3.3 Network Management 136 4.3.4 Network Security...140 Chapter 5 CLI...146 5.1 Configuration...146 5.2 Interface Mode ...149 5.3 Online Help ...150 5.4 Command Introduction...152 5.4.1 ip
  • TP-Link TL-ER6020 | TL-ER6020 v1 User Guide - Page 6
    Package Contents The following items should be found in your package:  One TL-ER6020 Router  One Power Cord  One Console Cable  Two mounting brackets and other fittings  Installation Guide  Resource CD Note: Make sure that the package contains the above items. If any of the listed items is
  • TP-Link TL-ER6020 | TL-ER6020 v1 User Guide - Page 7
    Overview of this Guide Chapter 1 About This Guide Chapter 2 Introduction Chapter 3 Configurations Chapter 4 Application Chapter5 CLI Introduces the guide structure and conventions. Introduces the features and appearance of TL-ER6020 router. Introduces how to configure the Router via Web management
  • TP-Link TL-ER6020 | TL-ER6020 v1 User Guide - Page 8
    Appendix A Hardware Specifications Appendix B FAQ Appendix C Glossary Lists the hardware specifications of this Router. Provides the possible solutions to the problems that may occur during the installation and operation of the router. Lists the glossary used in this guide. -3-
  • TP-Link TL-ER6020 | TL-ER6020 v1 User Guide - Page 9
    the SafeStreamTM Gigabit Dual-WAN VPN Router TL-ER6020. 2.1 Overview of the Router The SafeStreamTM Gigabit Dual-WAN VPN Router TL-ER6020 from TP-LINK possesses excellent data processing capability and multiple powerful functions including IPsec/PPTP/L2TP VPN, Load Balance, Access Control, Bandwidth
  • TP-Link TL-ER6020 | TL-ER6020 v1 User Guide - Page 10
    Russian PPPoE, L2TP/Russian L2TP, PPTP/Russian PPTP, Dual Access, BigPond Internet connections  Supports Virtual Server, Port Triggering, ALG, Static Route and RIP v1/v2  Built-in Switch supporting Port Mirror, Port VLAN, Rate Control and so on  Supports to change the MAC address of LAN, WAN, DMZ
  • TP-Link TL-ER6020 | TL-ER6020 v1 User Guide - Page 11
     Built-in firewall supporting URL/MAC Filtering  Supports Access Control  Supports Attack Defense  Supports IP-MAC Binding  Supports GARP (Gratuitous ARP)  Deploys One-Click restricting of IM/P2P applications 2.3 Appearance 2.3.1 Front Panel The front panel of TL-ER6020 is shown as the
  • TP-Link TL-ER6020 | TL-ER6020 v1 User Guide - Page 12
    the RJ45 cable The DMZ port is for connecting the Router to the servers The Console port is for connecting with the serial port of a computer or terminal to monitor and configure the Router  Reset button Use the button to restore the Router to the factory defaults. With the Router powered on, use
  • TP-Link TL-ER6020 | TL-ER6020 v1 User Guide - Page 13
    2.3.2 Rear Panel The rear panel of TL-ER6020 is shown as the following figure.  Power Socket Connect voltage (100-240V~ 50/60Hz).  Grounding Terminal The Router already comes with lightning protection mechanism. You can also ground the Router through the PE (Protecting Earth) cable of AC cord or
  • TP-Link TL-ER6020 | TL-ER6020 v1 User Guide - Page 14
    Chapter 3 Configuration 3.1 Network 3.1.1 Status The Status page shows the system information, the port connection status and other information related to this Router. Choose the menu Network→Status to load the following page. 3.1.2 System Mode Figure 3-1 Status The TL-ER6020 Router can work in
  • TP-Link TL-ER6020 | TL-ER6020 v1 User Guide - Page 15
    network environment with a network topology as the Figure 3-3 shown, and forwards the packets between these two networks by the Routing rules, you can set it to Non-NAT mode. Figure 3-3 Network Topology - Non-NAT Mode If your Router is connected in a combined network topology as the Figure 3-4 shown
  • TP-Link TL-ER6020 | TL-ER6020 v1 User Guide - Page 16
    . Incoming traffic is translated back for delivery within the internal network. However, the Router will drop all the packets whose source IP addresses are in different subnet of LAN port. For example: If the LAN port of the Router is set to 192.168.0.1 for IP address and 255.255.255.0 for the
  • TP-Link TL-ER6020 | TL-ER6020 v1 User Guide - Page 17
    the ports. 3.1.3 WAN TL-ER6020 provides the following six Internet connection types: Static IP, Dynamic IP, PPPoE/Russian PPPoE, L2TP/Russian L2TP, PPTP/Russian PPTP and BigPond. To configure the WAN, please first select the type of Internet connection provided by your ISP (Internet Service Provider
  • TP-Link TL-ER6020 | TL-ER6020 v1 User Guide - Page 18
    IP address assigned by your ISP. If you are not clear, please consult your ISP. Subnet Mask: Enter the Subnet Mask assigned by your ISP. Default Gateway: Optional. Enter the Gateway assigned by your ISP. MTU: MTU (Maximum Transmission Unit) is the maximum data unit transmitted by the physical
  • TP-Link TL-ER6020 | TL-ER6020 v1 User Guide - Page 19
    Upstream Bandwidth: Specify the bandwidth for transmitting packets on the port. Downstream Bandwidth: Specify the bandwidth for receiving packets on the port. 2) Dynamic IP If your ISP (Internet Service Provider) assigns the IP address automatically, please choose the Dynamic IP connection type
  • TP-Link TL-ER6020 | TL-ER6020 v1 User Guide - Page 20
    IP address from your ISP's server. Click to release the current IP address of WAN port. Host Name: Optional. This field allows you to give a name for the Router. It's blank by default. MTU: MTU (Maximum Transmission Unit) is the maximum data unit transmitted by the physical network. It
  • TP-Link TL-ER6020 | TL-ER6020 v1 User Guide - Page 21
    manually released or the request of the Router gets no response from your ISP. Please check your network connection and consult your ISP if this problem your ISP's Secondary DNS. 3) PPPoE If your ISP (Internet Service Provider) has provided the account information for the PPPoE connection, please
  • TP-Link TL-ER6020 | TL-ER6020 v1 User Guide - Page 22
    Figure 3-8 WAN - PPPoE -17-
  • TP-Link TL-ER6020 | TL-ER6020 v1 User Guide - Page 23
    ISP. If you are not clear, please consult your ISP. Password: Enter the Password provided by your ISP. Active Mode: You can select the proper Active mode according to your need.  Manual: Select this option to manually activate or terminate the Internet connection by the or
  • TP-Link TL-ER6020 | TL-ER6020 v1 User Guide - Page 24
    by default. Service Name: Optional. Enter the Service Name provided by your ISP. It's null by default. Primary DNS: Enter the IP address of your ISP's Primary DNS. Secondary DNS: Optional. Enter the IP address of your ISP's Secondary DNS. Secondary Connection: Here allows you to configure
  • TP-Link TL-ER6020 | TL-ER6020 v1 User Guide - Page 25
    manually terminated or the request of the Router has no response from your ISP. Please ensure that your settings are correct and your network is connected well. Consult your ISP if this problem DNS. 4) L2TP If your ISP (Internet Service Provider) has provided the account information for the L2TP connection,
  • TP-Link TL-ER6020 | TL-ER6020 v1 User Guide - Page 26
    Figure 3-9 WAN - L2TP The following items are displayed on this screen:  L2TP Settings Connection Type: Select L2TP if your ISP provides a L2TP connection. Click to dial-up to the Internet and obtain the IP address. Click to disconnect the Internet connection and release
  • TP-Link TL-ER6020 | TL-ER6020 v1 User Guide - Page 27
    IP is selected, the IP address of WAN port obtained is displayed. If Static IP is selected, configure the subnet mask of WAN port. If Dynamic IP is select, the subnet mask of WAN port obtained is displayed. If Static IP is selected, configure the default gateway. If Dynamic IP is selected, the
  • TP-Link TL-ER6020 | TL-ER6020 v1 User Guide - Page 28
     "Disconnected" indicates that the connection has been manually terminated or the request of the Router has no response from your ISP. Please ensure that your settings are correct and your network is connected well. Consult your ISP if this problem remains. Displays the IP address assigned by your
  • TP-Link TL-ER6020 | TL-ER6020 v1 User Guide - Page 29
    5) PPTP If your ISP (Internet Service Provider) has provided the account information for the PPTP connection, please choose the PPTP connection type. Figure 3-10 WAN - PPTP The following items are displayed
  • TP-Link TL-ER6020 | TL-ER6020 v1 User Guide - Page 30
    IP is selected, the IP address of WAN port obtained is displayed. If Static IP is selected, configure the subnet mask of WAN port. If Dynamic IP is select, the subnet mask of WAN port obtained is displayed. If Static IP is selected, configure the default gateway. If Dynamic IP is selected, the
  • TP-Link TL-ER6020 | TL-ER6020 v1 User Guide - Page 31
    .  "Disconnected" indicates that the connection has been manually terminated or the request of the Router has no response from your ISP. Please ensure that your settings are correct and your network is connected well. Consult your ISP if this problem remains. IP Address: Displays the IP address
  • TP-Link TL-ER6020 | TL-ER6020 v1 User Guide - Page 32
    the current IP address. Account Name: Enter the Account Name provided by your ISP. If you are not clear, please consult your ISP. Password: Enter the Password provided by your ISP. If you are not clear, please consult your ISP. Auth Server: Enter the address of authentication server. It can
  • TP-Link TL-ER6020 | TL-ER6020 v1 User Guide - Page 33
    . The default MTU is 1500. Upstream/Downstream Specify the Upstream/Downstream Bandwidth for the port. To manually terminated or the request of the Router has no response from your ISP. Please ensure that your settings are correct and your network is connected well. Consult your ISP if this problem
  • TP-Link TL-ER6020 | TL-ER6020 v1 User Guide - Page 34
    page, you can configure the parameters for LAN port of this router. Choose the menu Network→LAN→LAN to load the following page. Figure 3-12 LAN The following items are displayed on this screen:  LAN IP Address: Enter the LAN IP address of the Router. 192.168.0.1 is the default IP address. The
  • TP-Link TL-ER6020 | TL-ER6020 v1 User Guide - Page 35
    After the IP address expired, the client will be automatically assigned a new one. Default Gateway: Optional. Enter the Gateway address to be assigned. It is recommended to enter the IP address of the LAN port of the Router. Default Domain: Optional. Enter the domain name of your network. -30-
  • TP-Link TL-ER6020 | TL-ER6020 v1 User Guide - Page 36
    DNS: Optional. Enter the Primary DNS server address provided by your ISP. It is recommended to enter the IP address of the LAN port of the Router. Secondary DNS: Optional. If a Secondary DNS Server address is available, enter it. 3.1.4.3 DHCP Client On this page, you can view the information
  • TP-Link TL-ER6020 | TL-ER6020 v1 User Guide - Page 37
    DMZ DMZ (Demilitarized Zone) is a network which has fewer default firewall restrictions than the LAN does. TL-ER6020 provides a DMZ port to allow all the local hosts connected to this port to be exposed to the Internet for some special-purpose services, such as such as Internet gaming and video
  • TP-Link TL-ER6020 | TL-ER6020 v1 User Guide - Page 38
    Figure 3-16 DMZ - Public Mode In Private mode, the DMZ port allows the Hosts in DMZ to access Internet via NAT mode which of LAN. Figure 3-17 DMZ - Private Mode 3.1.5.1 DMZ This page allows you to configure the DMZ port of TL-ER6020. Choose the menu Network→DMZ→DMZ to load the following page. -33-
  • TP-Link TL-ER6020 | TL-ER6020 v1 User Guide - Page 39
    DHCP Reservation functions are available when the DMZ port is enabled. For the configuration instructions, please refer to section 3.1.4.1 to 3.1.4.4. Note: When the DMZ port is enabled in Public Mode, please do not enable the DHCP service of DMZ port if your ISP provides a single public IP address
  • TP-Link TL-ER6020 | TL-ER6020 v1 User Guide - Page 40
    topology with all the ARP bound devices, if you want to use TL-ER6020 instead of the current router in a network node, you can just set the MAC address of TL-ER6020's LAN port the same to the MAC address of the previous router, which can avoid all the devices under this network node to update
  • TP-Link TL-ER6020 | TL-ER6020 v1 User Guide - Page 41
    local area network, it's not allowed to set the MAC address of the Router's LAN port to the MAC address of the current management PC. 3.1.7 Switch Some basic switch port management functions are provided by TL-ER6020, which facilitates you to monitor the traffic and manage the network effectively
  • TP-Link TL-ER6020 | TL-ER6020 v1 User Guide - Page 42
    this Router can support Guide refers to the WAN1/2 port and LAN1/2/3 port on the Router. 3.1.7.2 Port Mirror Port Mirror, the packets obtaining technology, functions to forward copies of packets from one/multiple ports (mirrored port) to a specific port (mirroring port). Usually, the mirroring port
  • TP-Link TL-ER6020 | TL-ER6020 v1 User Guide - Page 43
    be copied to the mirroring port.  Port Mirror Mirroring Port: Select the Mirroring Port to which the traffic is copied. Only one port can be selected as the mirroring port. Mirrored Port: Select the Mirrored Port from which the traffic is mirrored. One or multiple ports can be selected as the
  • TP-Link TL-ER6020 | TL-ER6020 v1 User Guide - Page 44
    indicates: The outgoing packets sent by port 1, port 2, port 3 and port 5 (mirrored ports) will be copied to port 4 (mirroring port). Application Example: To monitor all the traffic and analyze the network abnormity for an enterprise's network, please set the Port Mirror function as below: 1) Check
  • TP-Link TL-ER6020 | TL-ER6020 v1 User Guide - Page 45
    in Figure 3-22 indicates: The Ingress and Egress Limits are enabled for port 1. The Ingress and Egress Rates are 1Mbps. That is, the receiving rate exceed 1Mbps. 3.1.7.4 Port Config On this page, you can configure the basic parameters for the ports. Choose the menu Network→Switch→Port Config to load
  • TP-Link TL-ER6020 | TL-ER6020 v1 User Guide - Page 46
    enabled. Flow Control: Allows you to enable/disable the Flow Control function. Negotiation Mode: Select the Negotiation Mode for the port. All Ports: Allows you to configure the parameters for all the ports at one time. 3.1.7.5 Port Status On this page, you can view the current status of each
  • TP-Link TL-ER6020 | TL-ER6020 v1 User Guide - Page 47
    packets are limited in a VLAN. TL-ER6020 provides the Port VLAN function, which allows you to create multiple logical VLANs for the LAN ports based on their port numbers. Choose the menu Network→Switch→Port VLAN to load the following page. Figure 3-25 Port VLAN The following items are displayed
  • TP-Link TL-ER6020 | TL-ER6020 v1 User Guide - Page 48
    this page you can define the group for management. Choose the menu User Group→Group to load the following page. Figure 3-26 Group Configuration The following items are displayed on this screen:  Group Config Group Name: Specify a unique name for the group. Description: Give a description for
  • TP-Link TL-ER6020 | TL-ER6020 v1 User Guide - Page 49
    Address of the user. It cannot be the network address or broadcast address of the port. Description: Give a description to the user for identification. It's optional.  List 3.2.3 View On this page, you can configure the User View or Group View. Choose the menu User Group→View to load the
  • TP-Link TL-ER6020 | TL-ER6020 v1 User Guide - Page 50
    addresses. Furthermore, NAT strengthens the LAN (Local Area Network) security of the network since the address of LAN host never appears on the Internet. 3.3.1.1 NAT Setup On this page, you can set up the NAT function. Choose the menu Advanced→NAT→NAT
  • TP-Link TL-ER6020 | TL-ER6020 v1 User Guide - Page 51
    screen:  NAPT Source Port Range: Enter the source port range between 2049 and 65000, the span of which must be not less than 100.  NAT-DMZ NAT-DMZ: Enable or disable NAT-DMZ. NAT DMZ is a special service of NAT application, which can be considered as a default forwarding rule. When NAT DMZ
  • TP-Link TL-ER6020 | TL-ER6020 v1 User Guide - Page 52
    be 222.135.48.128. The data packets are transmitted from WAN1 port. DMZ Forwarding and this entry are both activated. Note: One-to-One NAT Multi-Nets NAT Multi-Nets NAT function allows the IP under LAN or DMZ port within multiple subnets to access the Internet via NAT. Choose the menu Advanced
  • TP-Link TL-ER6020 | TL-ER6020 v1 User Guide - Page 53
    entry named tplink1. The subnet under the LAN port of the Router is 192.168.2.0/24 and this entry is TL-ER6020 is 192.168.0.0 /24, the subnet of VLAN2 under a three layer switch is 192.168.2.0 /24, while the subnet of VLAN3 is 192.168.3.0 /24. The IP of VLAN for cascading the switch to the Router
  • TP-Link TL-ER6020 | TL-ER6020 v1 User Guide - Page 54
    procedure 1. Establish the Multi-Nets NAT entries with Subnet/Mask of VLAN2 and VLAN3. The configured entries are as follows: 2. Then set the corresponding Static Route entry, enter the IP address of the interface connecting the Router and the three layer switch into the Next Hop field. -49-
  • TP-Link TL-ER6020 | TL-ER6020 v1 User Guide - Page 55
    as follows: 3.3.1.4 Virtual Server Virtual server sets up public services in your private network, such as DNS, Email and FTP, and defines a service port. All the service requests to this port will be transmitted to the LAN server appointed by the Router via IP address. Choose the menu Advanced→NAT
  • TP-Link TL-ER6020 | TL-ER6020 v1 User Guide - Page 56
    can be entered. Interface: Select an interface for forwarding data packets. External Port: Enter the service port or port range the Router provided for accessing external network. All the requests from Internet to this service port or port range will be redirected to the specified server in
  • TP-Link TL-ER6020 | TL-ER6020 v1 User Guide - Page 57
    buttons. The first entry in Figure 3-32 indicates: This is a Virtual Server entry named host, all the TCP data packets from WAN1 to port 65534-65535 of the Router will be redirected to the port 65534-65535 of the LAN host with IP address of 192.168.0.103, and this entry is activated
  • TP-Link TL-ER6020 | TL-ER6020 v1 User Guide - Page 58
    entered. Interface: Select an interface for forwarding data packets. Trigger Port: Enter the trigger port number or the range of port. Only when the trigger port initiates connection will all the corresponding incoming ports open and provide service for the applications, otherwise the incoming
  • TP-Link TL-ER6020 | TL-ER6020 v1 User Guide - Page 59
    323, SIP, IPsec and PPTP will work properly only when ALG (Application Layer Gateway) service is enabled. Choose the menu Advanced→NAT→ALG to load the following page. Figure 3-34 ALG The following items are displayed on this screen:  ALG FTP ALG: Enable or disable FTP ALG. The default setting is
  • TP-Link TL-ER6020 | TL-ER6020 v1 User Guide - Page 60
    menu Advanced→Traffic Control→Setup to load the following page. Figure 3-35 Configuration The following items Default Limit Limited Bandwidth: Default Limit applies only for users that are not constrained by Bandwidth Control Rules. These users share certain bandwidth with upper limit configured
  • TP-Link TL-ER6020 | TL-ER6020 v1 User Guide - Page 61
    The Downstream Bandwidth of WAN port can be configured on WAN page. Note: ● The Upstream/Downstream Bandwidth of WAN port you set must not be more than the bandwidth provided by ISP. Otherwise the Traffic Control will be invalid. ● If there are data flowing into the Router from interface A and out
  • TP-Link TL-ER6020 | TL-ER6020 v1 User Guide - Page 62
    entry. The direction of arrowhead indicates the data stream direction The DMZ port displays in the drop-down list only when the DMZ port is enabled. WAN-ALL means all WAN ports through which the data flow might pass. Individual WAN port cannot be selected if WAN-ALL rules are added. Group: Select
  • TP-Link TL-ER6020 | TL-ER6020 v1 User Guide - Page 63
    for certain interface exceeds the physical bandwidth of this interface. ● When DMZ port is disabled, it is only allowed deleting operation to the related rules. 3.3.3 Session Limit The amount of TCP and UDP sessions supported by the Router is finite. If some local hosts transmit too many TCP and UDP
  • TP-Link TL-ER6020 | TL-ER6020 v1 User Guide - Page 64
    . Click the button to get the latest information. 3.3.4 Load Balance In this part, you can configure the traffic sharing mode of the WAN ports to optimize the resource utilization. 3.3.4.1 Configuration Choose the menu Advanced→Load Balance→Configuration to load the following page. -59-
  • TP-Link TL-ER6020 | TL-ER6020 v1 User Guide - Page 65
    Routing checked, the Router will consider the source IP address and destination IP address of the packets as a whole and record the WAN port they pass through. And then the packets with the same source IP address and destination IP address or destination port will be forwarded to the recorded WAN
  • TP-Link TL-ER6020 | TL-ER6020 v1 User Guide - Page 66
    default value is 1 - 65535, which means any port is acceptable. WAN: Select the WAN port forwarded from WAN1 port, regardless of the port and protocol. This entry is activated d and will take effect at 8 am to 10 pm from Monday to Friday. 3.3.4.3 Link Backup With Link Backup function, the Router
  • TP-Link TL-ER6020 | TL-ER6020 v1 User Guide - Page 67
    On this page, you can configure the Link Backup function based on actual need to reduce the traffic burden of WAN port and improve the network efficiency. Choose the menu Advanced→Load Balance→Link Backup to load the following page. Figure 3-41 Link Backup The following items are displayed on this
  • TP-Link TL-ER6020 | TL-ER6020 v1 User Guide - Page 68
    secondary WAN lists at the same time, and one WAN port should be added to only one list. 3.3.4.4 Protocol On this page, you can specify the protocol for routing rules conveniently. A protocol constitutes of the name and number. The Router predefines three commonly used protocols such as TCP, UDP and
  • TP-Link TL-ER6020 | TL-ER6020 v1 User Guide - Page 69
    network along which to send network traffic. Static Route is a kind of special routing configured by the administrator, which is simple, efficient, and reliable. Commonly used in small should modify the static route information manually as long as the network topology or link status is changed. -64-
  • TP-Link TL-ER6020 | TL-ER6020 v1 User Guide - Page 70
    is accessible. Metric: Defines the priority of the route. The smaller the value is, the higher the priority is. The default value is 0. It is recommended to keep the default value. Description: Give a description for the entry. Status: Activate or inactivate the entry.  List of Rules You can
  • TP-Link TL-ER6020 | TL-ER6020 v1 User Guide - Page 71
    of 211.162.1.0 and subnet mask of 255.255.255.0, the Router will forward the packets from WAN1 port to the next hop of 211.200.1.1. Application Example There is a network topology as the following figure shown: If the LAN port of TL-ER6020(with Non-NAT or Classic system mode)is connected to LAN1
  • TP-Link TL-ER6020 | TL-ER6020 v1 User Guide - Page 72
    Router has not sent route information in 180 seconds, the RIP of the other routers would set the distance to this Router TL-ER6020 supports both RIPv1 version and RIPv2 version, thus you can configure the RIPv2 supports multicast and broadcast. Password If RIPv2 is enabled, set the Password
  • TP-Link TL-ER6020 | TL-ER6020 v1 User Guide - Page 73
    Figure 3-44 indicates: when receiving packets with destination IP is 116.10.20.28, the Router will select WAN1 which is in the same network with the destination IP as next hop and forward data via this port. The IP address of next hop is 116.10.1.254 and the hop count is
  • TP-Link TL-ER6020 | TL-ER6020 v1 User Guide - Page 74
    Flags: The Flags of route entry. The Flags describe certain characteristics of the route. Logical Interface: The logical interface of route entry. Physical Interface: The physical interface of route entry. Metric The Metric of route entry. 3.4 Firewall 3.4.1 Anti ARP Spoofing ARP (Address
  • TP-Link TL-ER6020 | TL-ER6020 v1 User Guide - Page 75
    the device will be replaced. You can set the packets sending rate in the Interval field. With the box before Enable ARP Logs checked, the Router will send ARP logs to the specified server. The IP address of server is the Server IP set on 3.7.7 Logs.  IP-MAC Binding IP Address
  • TP-Link TL-ER6020 | TL-ER6020 v1 User Guide - Page 76
    " option is selected and saved, the WEB management page of the Router cannot be login. At the moment, you should restore the Router to factory default and login again. 3.4.1.2 ARP Scanning ARP Scanning feature enables the Router to scan the IP address and corresponding MAC address and display them
  • TP-Link TL-ER6020 | TL-ER6020 v1 User Guide - Page 77
    manually on 3.4.1.1 IP-MAC Binding. 3.4.1.3 ARP List On this page, the IP-MAC information of the hosts which communicated with the Router recently will be saved in the ARP list. Choose the menu Firewall→Anti ARP Spoofing→ARP List to load the following page. Figure 3-48 ARP List The configurations
  • TP-Link TL-ER6020 | TL-ER6020 v1 User Guide - Page 78
    Figure 3-49 Attack Defense The following items are displayed on this screen:  General Flood Defense: Flood attack is a commonly used DoS (Denial of Service) attack, including TCP SYN, UDP, ICMP and so on. It is recommended to select all the Flood Defense options and specify the corresponding
  • TP-Link TL-ER6020 | TL-ER6020 v1 User Guide - Page 79
    to the abnormal packets. It is recommended to select all the Packet Anomaly Defense options. Enable Attack Defense Logs: With this box checked, the Router will record the defense logs. 3.4.3 MAC Filtering On this page, you can control the Internet access of local hosts by specifying their MAC
  • TP-Link TL-ER6020 | TL-ER6020 v1 User Guide - Page 80
     List of Rules You can view the information of the entries and edit them by the Action buttons. 3.4.4 Access Control 3.4.4.1 URL Filtering URL (Uniform Resource Locator) specifies where an identified resource is available and the mechanism for retrieving it. URL Filter functions to filter the
  • TP-Link TL-ER6020 | TL-ER6020 v1 User Guide - Page 81
    Example: Network Requirements: Prevent the local hosts from accessing Internet website www.aabbcc.com and downloading the files with suffix of "exe". Configuration Procedure: Select Keywords mode and type "exe" in the field, select URL mode and type "www.aabbcc.com" as the following figure
  • TP-Link TL-ER6020 | TL-ER6020 v1 User Guide - Page 82
    3.4.4.2 Web Filtering On this page, you can filter the desired web components. Choose the menu Firewall→Access Control→Web Filtering to load the following page. Figure 3-52 Web Filtering Check the box before Enable Web Filtering and select the web components to be filtered. 3.4.4.3 Access Rules
  • TP-Link TL-ER6020 | TL-ER6020 v1 User Guide - Page 83
    by the entry. For example, if you select "Block" for Policy and only FTP for Service, the packets of other service types can still pass through the Router. You can add new service types on 3.4.4.4 Service. Select interface for the entry. The entry will take effect when the interface to which the
  • TP-Link TL-ER6020 | TL-ER6020 v1 User Guide - Page 84
    the end of the list by default.  List of Rules You can Service The Service function allows you to specify the protocol and port number to be filtered for Firewall function conveniently. Protocol name and port range constitute a service type. The Router predefines three commonly used services
  • TP-Link TL-ER6020 | TL-ER6020 v1 User Guide - Page 85
    . The system predefined protocols include TCP, UDP and TCP/UDP. Dest. Port: Enter the start and end ports to make a destination port range for the service. The start port number cannot be greater than the end port number.  List of Service You can view the information of the entries and edit them
  • TP-Link TL-ER6020 | TL-ER6020 v1 User Guide - Page 86
    3.4.5 App Control 3.4.5.1 Control Rules On this page, you can enable the Application Rules function. Choose the menu Firewall→App Control→Control Rules to load the following page. Figure 3-55 Application Rules The following items are displayed on this screen:  General Check the box before Enable
  • TP-Link TL-ER6020 | TL-ER6020 v1 User Guide - Page 87
    applications include IM, Web IM, SNS, P2P, Media, Basic and Proxy. The default setting is to limit all the applications in the application list except for Basic Rules page, you can download the latest database from http://www.tp-link.com, Click the button and select the file, and then click
  • TP-Link TL-ER6020 | TL-ER6020 v1 User Guide - Page 88
    are encapsulated and de-encapsulated in the Router, the tunneling topology implemented by encapsulating packets is transparent to users. The tunneling protocols supported by TL-ER6020 contain Layer 3 IPsec and Layer 2 L2TP/PPTP. 3.5.1 IKE In the IPsec VPN, to ensure a secure communication, the two
  • TP-Link TL-ER6020 | TL-ER6020 v1 User Guide - Page 89
    3.5.1.1 IKE Policy On this page you can configure the related parameters for IKE negotiation. Choose the menu VPN→IKE→IKE Policy to load the following page. Figure 3-58 IKE Policy The following items are displayed on this screen:  IKE Policy Policy Name: Specify a
  • TP-Link TL-ER6020 | TL-ER6020 v1 User Guide - Page 90
    Exchange Mode: Select the IKE Exchange Mode in phase 1, and ensure the remote VPN peer uses the same mode.  Main: Main mode provides identity protection and exchanges more information, which applies to the scenarios with higher requirement for identity
  • TP-Link TL-ER6020 | TL-ER6020 v1 User Guide - Page 91
    this page, you can define and edit the IKE Proposal. Choose the menu VPN→IKE→IKE Proposal to load the following page. Figure 3-59 IKE Proposal The and management purposes. The IKE proposal can be applied to IPsec proposal. Authentication: Select the authentication algorithm for IKE negotiation
  • TP-Link TL-ER6020 | TL-ER6020 v1 User Guide - Page 92
    IKE Proposal In this table, you can view the information of IKE Proposals and edit them by the action buttons. 3.5.2 IPsec IPsec (IP Security) is a set of services and protocols defined by IETF (Internet Engineering Task Force) to provide high security for IP packets and prevent attacks. To ensure
  • TP-Link TL-ER6020 | TL-ER6020 v1 User Guide - Page 93
    can define and edit the IPsec policy. Choose the menu VPN→IPsec→IPsec Policy to load the following page. Figure 3-60 IPsec Policy The following items are displayed on this screen:  General You can enable/disable IPsec function for the Router here.  IPsec Policy Policy Name: Specify a unique
  • TP-Link TL-ER6020 | TL-ER6020 v1 User Guide - Page 94
    the IKE policy. If there is no policy selection, add new policy on VPN→IKE→IKE Policy page. Select IPsec Proposal on IKE mode. Up to four IPsec Proposals can be selected on IKE mode. Select the PFS (Perfect Forward Security) for IKE mode to enhance security. This setting should match the remote
  • TP-Link TL-ER6020 | TL-ER6020 v1 User Guide - Page 95
    value at the other end of the tunnel, and vice versa. AH Authentication Key-In: Specify the inbound AH Authentication Key manually if AH protocol is used in the corresponding IPsec Proposal. The inbound key here must match the outbound AH authentication key at the other end of the tunnel, and vice
  • TP-Link TL-ER6020 | TL-ER6020 v1 User Guide - Page 96
    Specify the outbound ESP Encryption Key manually if ESP protocol is used in the corresponding IPsec Proposal. The outbound key here must Troubleshooting 5 for the configuration of subnet. 3.5.2.2 IPsec Proposal On this page, you can define and edit the IPsec proposal. Choose the menu VPN→IPsec→IPsec
  • TP-Link TL-ER6020 | TL-ER6020 v1 User Guide - Page 97
    and management purposes. The IPsec proposal can be applied to IPsec policy. Security Protocol: Select the security protocol to be used. Options include:  AH: AH (Authentication Header) provides data origin authentication, data integrity and anti-replay services.  ESP: ESP (Encapsulating Security
  • TP-Link TL-ER6020 | TL-ER6020 v1 User Guide - Page 98
    tunnel connection, and the IP address of WAN2 and the default gateway of remote peer are 172.30.70.151 and 172.30.70.161 respectively. Security protocol and other parameters for IPsec tunnel and the remote router should be configured the same. As Security Association is unidirectional, an ingoing SA
  • TP-Link TL-ER6020 | TL-ER6020 v1 User Guide - Page 99
    Single tunnel 6 bytes at least Not supported L2TP IP network of UDP, frame relay virtual circuit, X.25 virtual circuit Multiple tunnels 4 bytes at least Supported 3.5.3.1 L2TP/PPTP Tunnel On this page, you can configure the L2TP/PPTP VPN. Choose the menu VPN→L2TP/PPTP→L2TP/PPTP Tunnel to
  • TP-Link TL-ER6020 | TL-ER6020 v1 User Guide - Page 100
    Interval: Specify the interval to send hello packets.  L2TP/PPTP Tunnel Protocol: Mode: Select the protocol for VPN tunnel. Options include L2TP and PPTP. Specify the working mode for this Router. Options include:  Client: In this mode, the device sends a request to the remote L2TP/PPTP server
  • TP-Link TL-ER6020 | TL-ER6020 v1 User Guide - Page 101
    client. Enter the password of L2TP/PPTP tunnel. It should be configured identically on server and client. Select the network mode for the tunnel. Options include:  LAN-to-LAN: Select this option when the L2TP/PPTP client is a LAN. The tunneling request is always initiated by a router.  Client-to
  • TP-Link TL-ER6020 | TL-ER6020 v1 User Guide - Page 102
    VPN tunnel.) It's the combination of IP address and subnet mask. Activate or inactivate the entry.  List of Configurations In this table, you can view your configurations L2TP. Its user name is test, the password can be configured, and the Router is configured in Client mode. The remote server
  • TP-Link TL-ER6020 | TL-ER6020 v1 User Guide - Page 103
    page displays the information and status of the tunnels. Choose the menu VPN→L2TP/PPTP→List of L2TP/PPTP Tunnel to load the following page create different ID values when it is reconnected. 3.6 Services 3.6.1 PPPoE Server The Router can be configured as a PPPoE server to specify account and IP
  • TP-Link TL-ER6020 | TL-ER6020 v1 User Guide - Page 104
    Sessions: Specify the maximum number of the sessions for PPPoE server. The default is 256. Max Echo-Requests: Specify the maximum number of Echo-Requests sent by the server to wait for response. The default is 10. The link will be dropped when the number of the unacknowledged LCP echo requests
  • TP-Link TL-ER6020 | TL-ER6020 v1 User Guide - Page 105
    0 in the Idle Timeout field. The default value is 30. Authentication: Select the adopts three handshakes and does not transfer password in plain text.  MS-CHAP, put forward by Microsoft, adopts a different encryption algorithm Services→PPPoE Server→IP Address Pool to load the following page. -100-
  • TP-Link TL-ER6020 | TL-ER6020 v1 User Guide - Page 106
    . In this table, you can view the information of IP Address Pools and edit them by the Action buttons. 3.6.1.3 Account On this page, you can configure the PPPoE account. Choose the menu Services→PPPoE Server→Account to load the following page. -101-
  • TP-Link TL-ER6020 | TL-ER6020 v1 User Guide - Page 107
    name should not be the same with the one in L2TP/PPTP connection settings. Password: Enter the password. IP Address Assigned Select the IP Address Assigned Mode for IP assignment. Mode: number of sessions for the client. The default value is 1. Specify the Expiration Date of the account. The
  • TP-Link TL-ER6020 | TL-ER6020 v1 User Guide - Page 108
    to the server. MAC Address: It is available when Manually is selected. Enter the MAC address of the Host to . The default is 48. If Enable Advanced Account Features is not selected, the Session Timeout value is 0 by default.  Services→PPPoE Server→Exceptional IP to load the following page. Figure 3-
  • TP-Link TL-ER6020 | TL-ER6020 v1 User Guide - Page 109
    . This range should be in the same IP range with LAN port or DMZ port of the Router. The start IP address should not exceed the end address and the detailed information of all accounts you have established. Choose the menu Services→PPPoE Server→List of Account to load the following page. Figure 3-
  • TP-Link TL-ER6020 | TL-ER6020 v1 User Guide - Page 110
    Figure 3-71 E-Bulletin The following items are displayed on this screen:  General Enable E-Bulletin: Specify whether to enable electronic bulletin function. Interval: Specify the interval to release the bulletin. Enable Logs:  E-Bulletin Title: Specify whether to log the E-Bulletin. Enter a
  • TP-Link TL-ER6020 | TL-ER6020 v1 User Guide - Page 111
    Tips: For the configuration for groups and users, please refer to the User Group section. 3.6.3 Dynamic DNS DDNS (Dynamic DNS) service allows you to assign a fixed domain name to a dynamic WAN IP address, which enables the Internet hosts to access the Router or the
  • TP-Link TL-ER6020 | TL-ER6020 v1 User Guide - Page 112
    . Prior to using this function, be sure you have registered on the official websites of DDNS service providers for username, password and domain name. TL-ER6020 Router offers PeanutHull DDNS client, Dyndns DDNS client, NO-IP DDNS client and Comexe DDNS client. The Dynamic DNS can be implemented
  • TP-Link TL-ER6020 | TL-ER6020 v1 User Guide - Page 113
    Account Name or Password is incorrect. Please check and enter it again.  List of DynDNS Account In this table, you can view the existing DDNS entries or edit them by the Action button. 3.6.3.2 No-IP On this page you can configure NO-IP DDNS client. Choose the menu Services→Dynamic DNS→No-IP
  • TP-Link TL-ER6020 | TL-ER6020 v1 User Guide - Page 114
    > to go to the website of No-IP for register. Enter the password of your DDNS account. Enter the Domain Name that you registered with your DDNS service provider. Activate or inactivate DDNS service here. Displays the WAN port for which No-IP DDNS is selected. Displays the current status of DDNS
  • TP-Link TL-ER6020 | TL-ER6020 v1 User Guide - Page 115
    Enter the password of your DDNS account. DDNS Service: Activate or inactivate DDNS service here. WAN Port: Displays the WAN port for which PeanutHull DDNS is selected. Service Type: DDNS Status: Displays the DDNS service type, including Professional service and Standard service. Displays the
  • TP-Link TL-ER6020 | TL-ER6020 v1 User Guide - Page 116
    button. 3.6.3.4 Comexe On this page you can configure Comexe DDNS client. Choose the menu Services→Dynamic DNS→Comexe to load the following page . Password: Enter the password of your DDNS account. DDNS Service: Activate or inactivate DDNS service here. WAN Port: Displays the WAN port for
  • TP-Link TL-ER6020 | TL-ER6020 v1 User Guide - Page 117
    LAN via this port, so that the functions limited to NAT can work normally. For example, MSN Messenger installed in Windows XP and Windows ME system is using UPnP protocol when audio and video communications are processing. On this page you can configure UPnP service. Choose the menu Services→UPnP to
  • TP-Link TL-ER6020 | TL-ER6020 v1 User Guide - Page 118
    will be displayed in the list of UPnP Mapping. Up to 64 UPnP service connections are supported in TL-ER6020. The NO.1 entry in Figure 3-76 indicates: TCP data received on port 12856 of the WAN port in the Router will be forwarded to port 12856 in 192.168.0.101 server in LAN. Note: ● When using UPnP
  • TP-Link TL-ER6020 | TL-ER6020 v1 User Guide - Page 119
    new user name and password must not exceed 31 characters in length and must consist of numbers or letters. All the fields are case-sensitive. 3.7.1.2 Login Parameter On this page, you can configure and modify the Web and Telnet port. Choose the menu Maintenance→Admin Setup→Login Parameter to load
  • TP-Link TL-ER6020 | TL-ER6020 v1 User Guide - Page 120
    when next login. 3.7.1.3 Remote Management On this page you can configure the Remote Management function. This feature allows managing your Router from a remote location via the Internet. Choose the menu Maintenance→Setup→Remote Management to load the following page. Figure 3-79 Remote Management
  • TP-Link TL-ER6020 | TL-ER6020 v1 User Guide - Page 121
    to load the following page. Figure 3-80 Factory Defaults Click the button to reset all configuration settings to their default values. The default IP address is 192.168.0.1; the default login user name and password are both admin. 3.7.2.2 Export and Import Choose the
  • TP-Link TL-ER6020 | TL-ER6020 v1 User Guide - Page 122
    Figure 3-81 Export and Import The following items are displayed on this screen:  Configuration Version Displays the current Configuration version of the Router.  Export Click the button to save the current configuration as a file to your computer. You are suggested to take this measure
  • TP-Link TL-ER6020 | TL-ER6020 v1 User Guide - Page 123
    Firmware Upgrade to load the following page. Figure 3-83 Firmware Upgrade To upgrade the Router is to get more functions and better performance. Go to http://www.tp-link.com to download the updated firmware ● You are suggested to backup the configuration before upgrading. 3.7.3 License Choose the
  • TP-Link TL-ER6020 | TL-ER6020 v1 User Guide - Page 124
    3-84 License 3.7.4.1 Interface Traffic Statistics Interface Traffic Statistics screen displays the detailed traffic information of each port and extra information of WAN ports. Choose the menu Maintenance→Statistics→Interface Traffic Statistics to load the following page. Figure 3-85 Interface
  • TP-Link TL-ER6020 | TL-ER6020 v1 User Guide - Page 125
    the interface.  Advanced WAN Information Interface: Displays the interface. IP Fragment Rx: Displays the amount of IP Fragments received by WAN port. Abnormal IP Packets Rx: Displays the rate for transmitting data frames. 3.7.4.2 IP Traffic Statistics IP Traffic Statistics screen displays the
  • TP-Link TL-ER6020 | TL-ER6020 v1 User Guide - Page 126
    you to enable/disable refreshing the IP Traffic Statistics automatically. The default refresh interval is 10 seconds.  Traffic Statistics Direction: Select . 3.7.5 Diagnostics 3.7.5.1 Diagnostics This Router provides Ping test and Tracert test functions for network diagnose. Choose the
  • TP-Link TL-ER6020 | TL-ER6020 v1 User Guide - Page 127
    destination IP address or Domain name here. Then select a port for testing, if you select "Auto", the Router will select the interface of destination automatically. After clicking button, the Router will send Ping packets to test the network connectivity and reachability of the host and the
  • TP-Link TL-ER6020 | TL-ER6020 v1 User Guide - Page 128
    destination for PING detection, DNS server of WAN port will be selected as destination for DNS Lookup. In Manual Mode, you can configure the destination for PING and DNS Lookup manually. Ping: Enter the destination IP for Ping in Manual mode. 0.0.0.0 means PING detection is disabled. DNS Lookup
  • TP-Link TL-ER6020 | TL-ER6020 v1 User Guide - Page 129
    System Time: Displays the current date and time of the Router. Time Zone: Displays the current time zone of the Router. Status:  Config Displays the status of time capturing Get GMT: Manual: When this option is selected, you can configure the time zone and the IP Address for the NTP Server
  • TP-Link TL-ER6020 | TL-ER6020 v1 User Guide - Page 130
    be used properly, please add an entry with UDP port of 123 to the firewall software of the PC. ● The time will be lost when the Router is restarted. The Router will obtain GMT time automatically from Internet. 3.7.7 Logs The Log system of Router can record, classify and manage the system information
  • TP-Link TL-ER6020 | TL-ER6020 v1 User Guide - Page 131
    The Logs of switch are classified into the following eight levels. Severity Emergency Alert Level 0 Description The system is unusable. 1 Action must be taken immediately. Critical 2 Critical conditions Error 3 Error conditions Warning 4 Warnings conditions Notice 5 Normal but
  • TP-Link TL-ER6020 | TL-ER6020 v1 User Guide - Page 132
    headquarters and the branch offices, allow the staff on business to access the Mail Server and FTP Server in LAN, and provide the remote access services for the cooperated partners.  Network Management To avoid some of the staff using IM/P2P application at the working time to occupy a lot of
  • TP-Link TL-ER6020 | TL-ER6020 v1 User Guide - Page 133
    be in the same subnet of the LAN port of this Router. (The default subnet of LAN port is 192.168.0.0/24.). The IP address of your PC can be obtained automatically or configured manually. To access the configuration utility, open a web-browser and type in the default address http://192.168.0.1 in the
  • TP-Link TL-ER6020 | TL-ER6020 v1 User Guide - Page 134
    Mode 4.3.1.2 Internet Connection Configure the Static IP connection type for the WAN1 and WAN2 ports of the Router. Choose the menu Network Default Gateway provided by your ISP. Set both the Upstream Bandwidth and the Downstream Bandwidth to 100000Kbps.The Upstream/Downstream Bandwidth of WAN port
  • TP-Link TL-ER6020 | TL-ER6020 v1 User Guide - Page 135
    , you can create the VPN tunnel via the TP-LINK VPN routers between the headquarters and the remote branch office to guarantee a secured communication. The following takes IPsec settings of the Router in the headquarters for example. Moreover, you can configure the PPTP VPN Server to establish
  • TP-Link TL-ER6020 | TL-ER6020 v1 User Guide - Page 136
    : 3DES DH Group: DH2 Click the button to apply. Figure 4-4 IKE Proposal  IKE Policy Choose the menu VPN→IKE→IKE Policy to load the configuration page. Settings: Policy Name: IKE_1 Exchange Mode: Main IKE Proposal: proposal_IKE_1 (you just created) Pre-shared Key: aabbccddee SA
  • TP-Link TL-ER6020 | TL-ER6020 v1 User Guide - Page 137
    office, the IKE settings should be the same as the Router in the headquarters. 2) IPsec Setting To configure the IPsec function, you should create an IPsec Proposal firstly.  IPsec Proposal Choose the menu VPN→IPsec→IPsec Proposal to load the following page. Settings: Proposal Name: Security
  • TP-Link TL-ER6020 | TL-ER6020 v1 User Guide - Page 138
    ESP Encryption: 3DES Click the button to apply. Figure 4-6 IPsec Proposal  IPsec Policy Choose the menu VPN→IPsec→IPsec Policy to load the configuration page. Settings: IPsec: Enable Policy Name: IPsec_1 Status: Activate Mode LAN-to-LAN Local Subnet: 192.168.0.0/24 Remote
  • TP-Link TL-ER6020 | TL-ER6020 v1 User Guide - Page 139
    should be set to the IP address of the Router in the headquarters. After the IPsec VPN tunnel of the two peers is established successfully, you can view the connection information on the VPN→IPsec→IPsec SA page. Figure 4-8 List of IPsec SA 4.3.2.2 PPTP VPN Setting  IP Address Pool Choose the menu
  • TP-Link TL-ER6020 | TL-ER6020 v1 User Guide - Page 140
    the following page. Check the box of Enable VPN-to-Internet to allow the PPTP clients to access the local enterprise network and the Internet. Then continue with the following settings for the PPTP Tunnel. Settings: L2TP/PPTP: Protocol: Mode: Username: Password: Tunnel: IP Pool: Enable PPTP Server
  • TP-Link TL-ER6020 | TL-ER6020 v1 User Guide - Page 141
    to use IM/P2P application, you can set up a User Group and specify the network bandwidth limit and session limit for this group. The detailed configurations are as follows. 4.3.3.1 User Group Create a User Group with all the Hosts in the IP range of 192.168.0.30-192.168.0.50 as its
  • TP-Link TL-ER6020 | TL-ER6020 v1 User Guide - Page 142
    1 1 Click the OK button to add the Users in bulk. Figure 4-10 User Config - Batch  View Choose the menu User Group→View to load the configuration page. Add all the Users you just created into the Group 1 and click the button to apply. 4.3.3.2 App Control Choose the menu Firewall→App
  • TP-Link TL-ER6020 | TL-ER6020 v1 User Guide - Page 143
    be blocked on the popup window. Status: Activate Figure 4-11 App Rules 4.3.3.3 Bandwidth Control To enable Bandwidth Control, you should configure the total bandwidth of interfaces and the detailed bandwidth control rule first. 1) Enable Bandwidth Control Choose the menu Advanced→Traffic Control
  • TP-Link TL-ER6020 | TL-ER6020 v1 User Guide - Page 144
    Figure 4-12 Bandwidth Setup 2) Interface Bandwidth Choose the menu Network→WAN→WAN1 to load the configuration page. Configure the Upstream Bandwidth the menu Advanced→Traffic Control→Bandwidth Control to load the configuration page. Then continue with the following settings: Settings: Direction
  • TP-Link TL-ER6020 | TL-ER6020 v1 User Guide - Page 145
    Session Limit Choose the menu Advanced→Session Limit→Session Limit to load the configuration page. Check the box before Enable Session Limit and click the and Packet Anomaly Defense. Moreover, you can enable Port Mirror function and Statistics function to monitor the real-time traffic of the
  • TP-Link TL-ER6020 | TL-ER6020 v1 User Guide - Page 146
    by ARP Scanning. For some special items not bound, you can bind them manually. 1) Scan and import the entries to ARP List Specify ARP Scanning range. Choose the menu Firewall→Anti ARP Spoofing→ARP Scanning to load the configuration page. No ARP attack in the local network is the premise of ARP
  • TP-Link TL-ER6020 | TL-ER6020 v1 User Guide - Page 147
    WAN ARP attack, you can bind the default gateway and IP address of WAN port. Obtain the MAC address of WAN port by ARP Scanning first. Choose the menu Firewall→Anti ARP Spoofing→ARP Scanning to load the configuration page. Enter the default gateway of the WAN port such as 58.51.128.254 in the
  • TP-Link TL-ER6020 | TL-ER6020 v1 User Guide - Page 148
    Traffic Monitoring 1) Port Mirror Choose the menu Network→Switch→Port Mirror to load the configuration page. Check the box before Enable Port Mirror and select the Ingress&Egress mode. Select the Port 5 for the Mirroring Port and the Port 3 and the Port 4 for the Mirrored ports. Click the
  • TP-Link TL-ER6020 | TL-ER6020 v1 User Guide - Page 149
    Figure 4-21 Port Mirror 2) Statistics Choose the menu Maintenance→Statistics to load the page. Load the Interface Traffic Statistics page to view the traffic statistics of each physical interface of the Router as Figure 4-22 shows. Figure 4-22 Interface Traffic Statistics Load the IP Traffic
  • TP-Link TL-ER6020 | TL-ER6020 v1 User Guide - Page 150
    Figure 4-23 IP Traffic Statistics After all the above steps, the enterprise network will be operated based on planning. -145-
  • TP-Link TL-ER6020 | TL-ER6020 v1 User Guide - Page 151
    Chapter 5 CLI TL-ER6020 provides a Console port for CLI (Command Line Interface) configuration, which enables you to configure the Router by accessing the CLI from console (such as Hyper Terminal) or Telnet. The following part will introduce the steps to access CLI via Hyper Terminal
  • TP-Link TL-ER6020 | TL-ER6020 v1 User Guide - Page 152
    Figure 5-2 Connection Description 4. Select the port (The default port is COM1) to connect in Figure 5-3, and click OK. Figure 5-3 Select the port to connect 5. Configure the port selected in the step above as the following Figure 5-4 shows. Configure Bits per second as 115200, Data bits as 8,
  • TP-Link TL-ER6020 | TL-ER6020 v1 User Guide - Page 153
    Figure 5-4 Port Settings 6. Choose File → Properties → Settings on the Hyper Terminal window as Figure 5-5 shows, then choose VT100 or Auto detect for Emulation and click OK. Figure 5-5 Connection Properties Settings -148-
  • TP-Link TL-ER6020 | TL-ER6020 v1 User Guide - Page 154
    7. The DOS prompting "TP-LINK>" will appear after pressing the Enter button in the Hyper Terminal window as Figure 5-6 shows. 5.2 Interface Mode Figure 5-6 Log in the Router The CLI of TL-ER6020 offers two command modes: User EXEC Mode and Privileged EXEC Mode. User EXEC Mode only allows users to
  • TP-Link TL-ER6020 | TL-ER6020 v1 User Guide - Page 155
    exit command to disconnect the Router (except that the Router is connected through the Console port). Use the enable command to access Privileged EXEC mode. Privileged EXEC Mode Use the enable command to TP-LINK # enter this mode from User EXEC mode, the original password is admin. Use the exit
  • TP-Link TL-ER6020 | TL-ER6020 v1 User Guide - Page 156
    . If there are keywords in this command, all the keywords and their brief descriptions will display. For example: TP-LINK > ip ←Press Space and ? button get - Get the ip configuration 3) Type a character string and a question mark with no space, all the commands with prefix of this character
  • TP-Link TL-ER6020 | TL-ER6020 v1 User Guide - Page 157
    Lan Ip: 192.168.0.1 Lan Mask: 255.255.255.0 Get the configuration information of LAN port. TP-LINK # ip set lan address 192.168.0.20 TP-LINK # ip set lan mask 255.255.0.0 Set the LAN IP address of the Router as 192.168.0.20. Displaying Operation succeeded! indicates the operation is successful
  • TP-Link TL-ER6020 | TL-ER6020 v1 User Guide - Page 158
    ?[Y/N] TP-LINK # sys restore Restore to factory default. Y means YES, N means NO. This command will restore system, Continue?[Y/N] TP-LINK # sys export config Server address: [192.168.1.101]192.168.1.100 Username: [admin]ftp Password: [admin]ftp File name: [config.bin] Export the configuration
  • TP-Link TL-ER6020 | TL-ER6020 v1 User Guide - Page 159
    since the functions such as export, import and firmware upgrade require read-write operation on FTP server. TP-LINK # sys import config Server address: [192.168.1.101] Username: [admin] Password: [admin] File name: [config.bin] Import the configuration file. The steps are as the above item
  • TP-Link TL-ER6020 | TL-ER6020 v1 User Guide - Page 160
    Guest. TP-LINK > user set password Enter old password: Enter new password: Confirm new password: Modify the password of the Guest. TP-LINK # user get Username: admin Password: admin Query the user name and password of the Administrator. TP-LINK # user set password Enter old password: Enter
  • TP-Link TL-ER6020 | TL-ER6020 v1 User Guide - Page 161
    TP-LINK > history 1. history 2. sys show 3. history View the history command. TP-LINK > history clear 1. history 2. sys show 3. history 4. history clear Clear the history command. 5.4.6 exit The exit command is used to exit the system when logging in by Telnet. TP-LINK > exit Exit CLI. -156-
  • TP-Link TL-ER6020 | TL-ER6020 v1 User Guide - Page 162
    802.3u, IEEE 802.3ab, IEEE 802.3x, TCP/ IP, DHCP, ICMP, NAT、PPPoE, SNTP, HTTP, DNS, L2TP, PPTP, IPsec Two 10/100/1000M Auto-Negotiation WAN RJ45 port (Auto MDI/MDIX) Ports Two 10/100/1000M Auto-Negotiation LAN RJ45 ports (Auto MDI/MDIX) One 10/100/1000M Auto-Negotiation LAN/DMZ RJ45
  • TP-Link TL-ER6020 | TL-ER6020 v1 User Guide - Page 163
    255.255.0 for the Subnet Mask. 3) Test the connection between your PC and TL-ER6020 via Ping command. 4) If you still cannot access the configuration page, please restore your Router to its factory default settings and try to log in again. 2. If your management port has been changed, please log into
  • TP-Link TL-ER6020 | TL-ER6020 v1 User Guide - Page 164
    the LAN host in the Virtual Server function. If so, you should change the router's management port or virtual server's service port. 4. Make sure that the NAT DMZ service is disabled. Q4: Some functions of the Router need to define the IP address subnet with Subnet Mask. What are the common values
  • TP-Link TL-ER6020 | TL-ER6020 v1 User Guide - Page 165
    the TCP/IP parameters Configuration Protocol) for the all the PCs that are connected to a DHCP server. D A Demilitarized Zone allows one local host to be exposed to the DMZ(Demilitarized Zone) Internet for a special-purpose service such as Internet gaming or videoconferencing. DNS(Domain
  • TP-Link TL-ER6020 | TL-ER6020 v1 User Guide - Page 166
    protocol. H.323 defines a common set of CODECs, call setup and negotiating procedures, and basic data transport methods. HTTP(Hypertext services (such as IPSec) that require keys. Before any IPSec traffic can be passed, each Router/firewall/host must verify the identity of its peer. IPsec
  • TP-Link TL-ER6020 | TL-ER6020 v1 User Guide - Page 167
    link layer address that is required for every port or device that connects to a LAN. Other devices in the MAC address(Media network use these addresses to locate specific ports Protocol) Common name for the suite of protocols to support the construction of worldwide Internet works. TCP and IP
  • TP-Link TL-ER6020 | TL-ER6020 v1 User Guide - Page 168
    on one or more LANs that are configured (using management software) so that they can communicate as VLAN( Virtual Local Area if they were attached different LAN segments. Because VLANs are based on logical instead of physical connections, they are extremely flexible. VPN (Virtual Private Network)
  • 1
  • 2
  • 3
  • 4
  • 5
  • 6
  • 7
  • 8
  • 9
  • 10
  • 11
  • 12
  • 13
  • 14
  • 15
  • 16
  • 17
  • 18
  • 19
  • 20
  • 21
  • 22
  • 23
  • 24
  • 25
  • 26
  • 27
  • 28
  • 29
  • 30
  • 31
  • 32
  • 33
  • 34
  • 35
  • 36
  • 37
  • 38
  • 39
  • 40
  • 41
  • 42
  • 43
  • 44
  • 45
  • 46
  • 47
  • 48
  • 49
  • 50
  • 51
  • 52
  • 53
  • 54
  • 55
  • 56
  • 57
  • 58
  • 59
  • 60
  • 61
  • 62
  • 63
  • 64
  • 65
  • 66
  • 67
  • 68
  • 69
  • 70
  • 71
  • 72
  • 73
  • 74
  • 75
  • 76
  • 77
  • 78
  • 79
  • 80
  • 81
  • 82
  • 83
  • 84
  • 85
  • 86
  • 87
  • 88
  • 89
  • 90
  • 91
  • 92
  • 93
  • 94
  • 95
  • 96
  • 97
  • 98
  • 99
  • 100
  • 101
  • 102
  • 103
  • 104
  • 105
  • 106
  • 107
  • 108
  • 109
  • 110
  • 111
  • 112
  • 113
  • 114
  • 115
  • 116
  • 117
  • 118
  • 119
  • 120
  • 121
  • 122
  • 123
  • 124
  • 125
  • 126
  • 127
  • 128
  • 129
  • 130
  • 131
  • 132
  • 133
  • 134
  • 135
  • 136
  • 137
  • 138
  • 139
  • 140
  • 141
  • 142
  • 143
  • 144
  • 145
  • 146
  • 147
  • 148
  • 149
  • 150
  • 151
  • 152
  • 153
  • 154
  • 155
  • 156
  • 157
  • 158
  • 159
  • 160
  • 161
  • 162
  • 163
  • 164
  • 165
  • 166
  • 167
  • 168
TL-ER6020
SafeStream
TM
Gigabit Dual-WAN VPN Router
Rev: 1.0.0
1910010695