TP-Link TL-ER604W TL-ER604W V1 User Guide 1910010844

TP-Link TL-ER604W Manual

Get TP-Link TL-ER604W PDF manuals and user guides View all TP-Link TL-ER604W manuals
Add to My Manuals
Save this manual to your list of manuals

TP-Link TL-ER604W manual content summary:

  • TP-Link TL-ER604W | TL-ER604W V1 User Guide 1910010844 - Page 1
    TL-ER604W Wireless N Gigabit Broadband VPN Router Rev1.0.1 1910010844
  • TP-Link TL-ER604W | TL-ER604W V1 User Guide 1910010844 - Page 2
    TP-LINK TECHNOLOGIES CO., LTD. Copyright © 2013 TP-LINK TECHNOLOGIES CO., LTD. All rights reserved. http://www.tp-link and used in accordance with the instruction manual, may cause harmful interference to party responsible for compliance could void the user's authority to operate the equipment. CE
  • TP-Link TL-ER604W | TL-ER604W V1 User Guide 1910010844 - Page 3
    Guide 2 1.1 Intended Readers ...2 1.2 Conventions ...2 1.3 Overview of this Guide ...2 Chapter 2 Introduction ...3 2.1 Overview of the Router 31 3.2 Wireless ...37 3.2.1 Wireless Setting...37 3.2.2 MAC Filtering ...50 3.2.3 Host Status ...51 3.3 User Group ...52 3.3.1 Group...52 3.3.2 User ...53
  • TP-Link TL-ER604W | TL-ER604W V1 User Guide 1910010844 - Page 4
    ...82 3.5.5 App Control...88 3.6 VPN...89 3.6.1 IKE...90 3.6.2 IPsec...94 3.6.3 L2TP/PPTP...100 3.7 Services ...104 3.7.1 PPPoE Server...104 3.7.2 E-Bulletin ...109 3.7.3 Dynamic DNS ...111 3.7.4 UPnP ...116 3.8 Maintenance ...117 3.8.1 Admin Setup ...117 3.8.2 Management...120 3.8.3 License ...122
  • TP-Link TL-ER604W | TL-ER604W V1 User Guide 1910010844 - Page 5
    4 Application...130 4.1 Network Requirements...130 4.2 Network Topology...131 4.3 Configurations...131 4.3.1 Internet Setting ...131 4.3.2 VPN Setting ...133 4.3.3 Network Management 139 4.3.4 Network Security...143 Appendix A Hardware Specifications 148 Appendix B FAQ ...149 Appendix C Glossary
  • TP-Link TL-ER604W | TL-ER604W V1 User Guide 1910010844 - Page 6
    Package Contents The following items should be found in your package:  One TL-ER604W Router  One Power Adapter  One RJ45 Ethernet Cable  Quick Installation Guide  Resource CD Note: Make sure that the package contains the above items. If any of the listed items is damaged or missing, please
  • TP-Link TL-ER604W | TL-ER604W V1 User Guide 1910010844 - Page 7
    for Network Engineer and Network Administrator. 1.2 Conventions In this Guide the following conventions are used:  The Router or TL-ER604W mentioned in this Guide stands for TL-ER604W SafeStream Wireless N Gigabit Broadband VPN Router without any explanation.  Menu Name→Submenu Name→Tab page
  • TP-Link TL-ER604W | TL-ER604W V1 User Guide 1910010844 - Page 8
    for choosing the SafeStream Wireless N Gigabit Broadband VPN Router TL-ER604W. 2.1 Overview of the Router The SafeStream Wireless N Gigabit Broadband VPN Router TL-ER604W from TP-LINK supports Wireless N speed and Gigabit wired speeds on all ports. It integrates multiple VPN protocols, high-security
  • TP-Link TL-ER604W | TL-ER604W V1 User Guide 1910010844 - Page 9
    + Supporting remote management to manage the Router from remote places. 2.2 Features Hardware  1 fixed gigabit WAN port, 1 interchangeable gigabit WAN/LAN port, 3 fixed gigabit LAN ports  Fanless Design for Quiet Operation  Hardware Wi-Fi On/Off button provides an easy way to turn wireless radio
  • TP-Link TL-ER604W | TL-ER604W V1 User Guide 1910010844 - Page 10
    RIP v1/v2  Built-in Switch supporting Port Mirror, Port VLAN, Rate Control and so on  Supports to change the MAC address of LAN and WAN port  Supports Logs, Statistics, Time setting  Supports Remote and Web management  Supports Diagnostic (Ping/Tracert) and Online Detection Wireless  Supports
  • TP-Link TL-ER604W | TL-ER604W V1 User Guide 1910010844 - Page 11
    of TL-ER604W is shown as the following figure.  LEDs LED Status Figure 2-1 Front Panel Indication On PWR Off The Router is powered on The Router is powered off or power supply is abnormal SYS Flashing On/Off The Router works properly The Router works improperly On(Green) The wireless
  • TP-Link TL-ER604W | TL-ER604W V1 User Guide 1910010844 - Page 12
    Reset button Use the button to restore the Router to the factory defaults. With the Router powered on, use a pin to press power adapter provided with this TL-ER604W SafeStream Wireless N Gigabit Broadband VPN Router.  On/Off Press this button to turn on or turn off the Router. Note: Please use only
  • TP-Link TL-ER604W | TL-ER604W V1 User Guide 1910010844 - Page 13
    Network 3.1.1 Status The Status page shows the system information, the port connection status and other information related to this Router. Choose the menu Network→Status to load the following page. 3.1.2 System Mode Figure 3-1 Status The TL-ER604W Router can work in three modes: NAT, Non-NAT and
  • TP-Link TL-ER604W | TL-ER604W V1 User Guide 1910010844 - Page 14
    network environment with a network topology as the Figure 3-3 shown, and forwards the packets between these two networks by the Routing rules, you can set it to Non-NAT mode. Figure 3-3 Network Topology - Non-NAT Mode If your Router is connected in a combined network topology as the Figure 3-4 shown
  • TP-Link TL-ER604W | TL-ER604W V1 User Guide 1910010844 - Page 15
    Router will first transport the packets which are compliant with NAT forwarding Router can implement NAT for the packets without blocking the packets in the different subnet of the ports.  3.1.3 WAN 3.1.3.1 WAN Mode TL-ER604W provides two adjustable WAN ports. You can set the number of WAN ports
  • TP-Link TL-ER604W | TL-ER604W V1 User Guide 1910010844 - Page 16
    ports you prefer to use. The Router support one WAN and dual WAN. The Router will adjust the physical ports accordingly, which can be illustrated on the following port sketch. Note: By default, TL-ER604W Internet Service Provider). Tips: It's allowed to set the IP addresses of both the WAN ports
  • TP-Link TL-ER604W | TL-ER604W V1 User Guide 1910010844 - Page 17
    not clear, please consult your ISP. Subnet Mask: Enter the Subnet Mask assigned by your ISP. Default Gateway: Optional. Enter the Gateway assigned by your ISP. MTU: MTU (Maximum Transmission Unit) is it. Upstream Bandwidth: Specify the bandwidth for transmitting packets on the port. -12-
  • TP-Link TL-ER604W | TL-ER604W V1 User Guide 1910010844 - Page 18
    port. 2) Dynamic IP If your ISP (Internet Service Provider) assigns the IP address automatically, please choose the Dynamic IP connection type to obtain the parameters for WAN port of WAN port. Host Name: Optional. This field allows you to give a name for the Router. It's blank by default. MTU:
  • TP-Link TL-ER604W | TL-ER604W V1 User Guide 1910010844 - Page 19
    the default value if no other MTU value is provided by your ISP. Get IP Address by Unicast: The broadcast requirement may not be supported by a manually released or the request of the Router gets no response from your ISP. Please check your network connection and consult your ISP if this problem
  • TP-Link TL-ER604W | TL-ER604W V1 User Guide 1910010844 - Page 20
    the IP address of your ISP's Primary DNS. Secondary DNS: Displays the IP address of your ISP's Secondary DNS. 3) PPPoE If your ISP (Internet Service Provider) has provided the account information for the PPPoE connection, please choose the PPPoE connection type (Used mainly for DSL Internet
  • TP-Link TL-ER604W | TL-ER604W V1 User Guide 1910010844 - Page 21
    ISP. If you are not clear, please consult your ISP. Password: Enter the Password provided by your ISP. Active Mode: You can select the proper Active mode according to your need.  Manual: Select this option to manually activate or terminate the Internet connection by the or
  • TP-Link TL-ER604W | TL-ER604W V1 User Guide 1910010844 - Page 22
    null by default. Service Name: Optional. Enter the Service Name provided by your ISP. It's null by default. Primary port.  PPPoE Status Status: Displays the status of PPPoE connection.  "Disabled" indicates that the PPPoE connection type is not applied.  "Connecting" indicates that the Router
  • TP-Link TL-ER604W | TL-ER604W V1 User Guide 1910010844 - Page 23
    manually terminated or the request of the Router has no response from your ISP. Please ensure that your settings are correct and your network is connected well. Consult your ISP if this problem DNS. 4) L2TP If your ISP (Internet Service Provider) has provided the account information for the L2TP connection,
  • TP-Link TL-ER604W | TL-ER604W V1 User Guide 1910010844 - Page 24
    and release the current IP address. Account Name: Enter the Account Name provided by your ISP. If you are not clear, please consult your ISP. Password: Enter the Password provided by your ISP. Server IP: Enter the Server IP provided by your ISP. -19-
  • TP-Link TL-ER604W | TL-ER604W V1 User Guide 1910010844 - Page 25
    IP is selected, configure the subnet mask of WAN port. If Dynamic IP is select, the subnet mask of WAN port obtained is displayed. If Static IP is selected, configure the default gateway. If Dynamic IP is selected, the obtained default gateway is displayed. Primary DNS/ Secondary DNS: If Static
  • TP-Link TL-ER604W | TL-ER604W V1 User Guide 1910010844 - Page 26
     "Disconnected" indicates that the connection has been manually terminated or the request of the Router has no response from your ISP. Please ensure that your settings are correct and your network is connected well. Consult your ISP if this problem remains. Displays the IP address assigned by your
  • TP-Link TL-ER604W | TL-ER604W V1 User Guide 1910010844 - Page 27
    and release the current IP address. Account Name: Enter the Account Name provided by your ISP. If you are not clear, please consult your ISP. Password: Enter the Password provided by your ISP. Server IP: Enter the Server IP provided by your ISP. -22-
  • TP-Link TL-ER604W | TL-ER604W V1 User Guide 1910010844 - Page 28
    . If Dynamic IP is select, the subnet mask of WAN port obtained is displayed. Default Gateway: If Static IP is selected, configure the default gateway. If Dynamic IP is selected, the obtained default gateway is displayed. Primary DNS/ Secondary DNS: If Static IP is selected, configure the DNS
  • TP-Link TL-ER604W | TL-ER604W V1 User Guide 1910010844 - Page 29
    .  "Disconnected" indicates that the connection has been manually terminated or the request of the Router has no response from your ISP. Please ensure that your settings are correct and your network is connected well. Consult your ISP if this problem remains. IP Address: Displays the IP address
  • TP-Link TL-ER604W | TL-ER604W V1 User Guide 1910010844 - Page 30
    the current IP address. Account Name: Enter the Account Name provided by your ISP. If you are not clear, please consult your ISP. Password: Enter the Password provided by your ISP. If you are not clear, please consult your ISP. Auth Server: Enter the address of authentication server. It can
  • TP-Link TL-ER604W | TL-ER604W V1 User Guide 1910010844 - Page 31
    . The default MTU is 1500. Upstream/Downstream Specify the Upstream/Downstream Bandwidth for the port. To manually terminated or the request of the Router has no response from your ISP. Please ensure that your settings are correct and your network is connected well. Consult your ISP if this problem
  • TP-Link TL-ER604W | TL-ER604W V1 User Guide 1910010844 - Page 32
    3.1.4.1 LAN On this page, you can configure the parameters for LAN port of this router. Choose the menu Network→LAN→LAN to load the following page. Enter the LAN IP address of the Router. 192.168.0.1 is the default IP address. The Hosts in LAN can access the Router via this IP address. It can be
  • TP-Link TL-ER604W | TL-ER604W V1 User Guide 1910010844 - Page 33
    : Optional. Enter the Gateway address to be assigned. It is recommended to enter the IP address of the LAN port of the Router. Default Domain: Optional. Enter the domain name of your network. Primary DNS: Optional. Enter the Primary DNS server address provided by your ISP. It is recommended
  • TP-Link TL-ER604W | TL-ER604W V1 User Guide 1910010844 - Page 34
    you can view the information about all the DHCP clients connected to the Router. Choose the menu Network→LAN→DHCP Client to load the following page. DHCP clients in this table. Click the Refresh button for the updated information. 3.1.4.4 DHCP Reservation DHCP Reservation feature allows you to
  • TP-Link TL-ER604W | TL-ER604W V1 User Guide 1910010844 - Page 35
    . Note: It's recommended that users bind the IP address and the TL-ER604W instead of the current router in a network node, you can just set the MAC address of TL-ER604W's LAN port the same to the MAC address of the previous router, which can avoid all the devices under this network node to update
  • TP-Link TL-ER604W | TL-ER604W V1 User Guide 1910010844 - Page 36
    to set the MAC address of the Router's LAN port to the MAC address of the current management PC. 3.1.6 Switch Some basic switch port management functions are provided by TL-ER604W, which facilitates you to monitor the traffic and manage the network effectively. 3.1.6.1 Statistics Statistics screen
  • TP-Link TL-ER604W | TL-ER604W V1 User Guide 1910010844 - Page 37
    : The Port 1/2/3/4/5 mentioned in this User Guide refers to the WAN1/2 port and LAN1/2/3 port on the Router. 3.1.6.2 Port Mirror Port Mirror, the packets obtaining technology, functions to forward copies of packets from one/multiple ports (mirrored port) to a specific port (mirroring port). Usually
  • TP-Link TL-ER604W | TL-ER604W V1 User Guide 1910010844 - Page 38
    be copied to the mirroring port.  Port Mirror Mirroring Port: Select the Mirroring Port to which the traffic is copied. Only one port can be selected as the mirroring port. Mirrored Port: Select the Mirrored Port from which the traffic is mirrored. One or multiple ports can be selected as the
  • TP-Link TL-ER604W | TL-ER604W V1 User Guide 1910010844 - Page 39
    . 4) Click the button to apply. 3.1.6.3 Rate Control On this page, you can control the traffic rate for the specific packets on each port so as to manage your network flow. Choose the menu Network→Switch→Rate Control to load the following page. Figure 3-20 Rate Control The following items are
  • TP-Link TL-ER604W | TL-ER604W V1 User Guide 1910010844 - Page 40
    Egress Rate: Specify the limit rate for the egress packets. The first entry in Figure 3-20 indicates: The Ingress and Egress Limits are enabled for port 1. The Ingress and Egress Rates are 1Mbps. That is, the receiving rate for the ingress packets will not exceed 1Mbps, and the transmitting rate
  • TP-Link TL-ER604W | TL-ER604W V1 User Guide 1910010844 - Page 41
    with one another directly. Therefore, broadcast packets are limited in a VLAN. TL-ER604W provides the Port VLAN function, which allows you to create multiple logical VLANs for the LAN ports based on their port numbers. Choose the menu Network→Switch→Port VLAN to load the following page. Figure 3-23
  • TP-Link TL-ER604W | TL-ER604W V1 User Guide 1910010844 - Page 42
    desired VLAN for the port. Tips: The Port VLAN can only be created among the LAN ports. 3.2 Wireless 3.2.1 Wireless Setting 3.2.1.1 Wireless Setting On this page you can configure the basic parameters of the wireless network. Choose the menu Wireless→Wireless Setting→Wireless Setting to load the
  • TP-Link TL-ER604W | TL-ER604W V1 User Guide 1910010844 - Page 43
    field determines which operating frequency will be used. The default channel is automatic and the Router will choose the best channel automatically. It is not necessary to change the wireless channel unless you notice interference problems with another nearby access point. Mode: Select the desired
  • TP-Link TL-ER604W | TL-ER604W V1 User Guide 1910010844 - Page 44
    Service Set Identification) must be assigned to all wireless device in your network. Considering your wireless network security, the default SSID is set to be TP-LINK_XXXXXX (XXXXXX indicates the last unique six numbers of each Router are three wireless security options supported by the Router: WPA-
  • TP-Link TL-ER604W | TL-ER604W V1 User Guide 1910010844 - Page 45
    on the wireless station's capability and request. Encryption: Select the Encryption typeđ including Automatic, TKIP, AES. The default setting is default password is the same with the default PIN code, which is labeled on the bottom of the Router Group Key Update Specify the group key update
  • TP-Link TL-ER604W | TL-ER604W V1 User Guide 1910010844 - Page 46
    . Radius Server IP: Enter the IP address of the Radius server. Radius Port: Enter the port number of the Radius server. Radius Password: Enter the password for the Radius server. Group Key Update Specify the group key update interval in seconds. The value should be 30 Period: or above. Enter
  • TP-Link TL-ER604W | TL-ER604W V1 User Guide 1910010844 - Page 47
    key is not promoted) or 16 ASCII characters. Tips: ● The modification of the Wireless Setting will take effect only after the router is rebooted. ● The WEP Auth type is not supported by 802.11n mode. ● The TKIP is not supported by 802.11n mode. The TKIP cannot be selected if 11n only mode is
  • TP-Link TL-ER604W | TL-ER604W V1 User Guide 1910010844 - Page 48
    3-25 Multi-SSID The following items are displayed on this screen:  General Multi-SSID: Enable or disable the Multi-SSID. You can establish multiple wireless networks if Multi-SSID is enabled. SSID Insulation:  Multi-SSID Config SSID: Enable or disable the SSID Insulation. If enabled, the hosts
  • TP-Link TL-ER604W | TL-ER604W V1 User Guide 1910010844 - Page 49
    options to enable security. There are three wireless security options supported by the Router: WPA-PSK/WPA2-PSK, WPA/WPA2 and port or other SSIDs. AP Isolation: This function can isolate wireless stations on your network from each other. Wireless devices will be able to communicate with the Router
  • TP-Link TL-ER604W | TL-ER604W V1 User Guide 1910010844 - Page 50
    of electronic data established by the U.S. National Institute of Standards and Technology. Password: Enter ASCII characters between 8 and 63 characters or 8 to 64 Hexadecimal characters. Group Key Update Specify the group key update interval in seconds. The value should be 30 Period: or above
  • TP-Link TL-ER604W | TL-ER604W V1 User Guide 1910010844 - Page 51
    . Radius Server IP: Enter the IP address of the Radius server. Radius Port: Enter the port number of the Radius server. Radius Password: Enter the password for the Radius server. Group Key Update Specify the group key update interval in seconds. The value should be 30 Period: or above. Enter
  • TP-Link TL-ER604W | TL-ER604W V1 User Guide 1910010844 - Page 52
    router must be the same as the parameter configured here. ● The WEP Auth type is not supported by 802.11n mode. ● The TKIP is not supported 3.2.1.1 Wireless Setting. Tips: ● The WDS function will be disabled if Multi-SSID is enabled. ● UP to 7 new SSIDs can be added to the router. ● The router allows
  • TP-Link TL-ER604W | TL-ER604W V1 User Guide 1910010844 - Page 53
    Choose the menu Wireless→Wireless Setting→WDS to load the following page.  General WDS: Scan: Figure 3-26 WDS Configuration Enable or disable the WDS function. With this function, the Router can bridge two or more WLANs. Click this button; you can search the AP which runs in the current channel.
  • TP-Link TL-ER604W | TL-ER604W V1 User Guide 1910010844 - Page 54
    AP your Router is going to connect needs password, you need to fill the key in this blank. Tips: The Multi-SSID function will be disabled if WDS is enabled. 3.2.1.4 Wireless Advanced On this page, you can configure the wireless advanced parameters. Choose the menu Wireless→Wireless Setting→Wireless
  • TP-Link TL-ER604W | TL-ER604W V1 User Guide 1910010844 - Page 55
    since excessive packets. 2346 is the default setting and is recommended. This value determines Wireless Advanced will take effect only after the router is rebooted. 3.2.2 MAC Filtering On this page, you can control the wireless access by configuring the MAC Filtering. Choose the menu User Wireless
  • TP-Link TL-ER604W | TL-ER604W V1 User Guide 1910010844 - Page 56
    -SSID. To control some of the hosts to access the wireless network, it is recommended to select "Enable Wireless MAC Address Filtering" and select one filtering rule according to need hosts connected to the wireless network. Choose the menu User Wireless→Host Status to load the following page. -51-
  • TP-Link TL-ER604W | TL-ER604W V1 User Guide 1910010844 - Page 57
    this wireless network will display on the following table.  Host Status MAC Address: Displays the MAC address of the host which access the Router by wireless connection data frames. 3.3 User Group The User Group function is used to group different users for unified management, so that you
  • TP-Link TL-ER604W | TL-ER604W V1 User Guide 1910010844 - Page 58
    Group→User to load the following page. Figure 3-31 User Configuration The following items are displayed on this screen:  User Config User Name: Specify a unique name for the user. IP Address: Enter the IP Address of the user. It cannot be the network address or broadcast address of the port
  • TP-Link TL-ER604W | TL-ER604W V1 User Guide 1910010844 - Page 59
    and edit them by the Action buttons. 3.3.3 View On this page, you can configure the User View or Group View. Choose the menu User Group→View to load the following page. Figure 3-32 View Configuration The following items are displayed on this screen:  View Config View: Select the desired
  • TP-Link TL-ER604W | TL-ER604W V1 User Guide 1910010844 - Page 60
    between private IP and public IP, which allows private network users to visit the public network using private IP addresses. With NAT Setup to load the following page. Figure 3-33 NAT Setup The following items are displayed on this screen:  NAPT Source Port Range: Enter the source port range
  • TP-Link TL-ER604W | TL-ER604W V1 User Guide 1910010844 - Page 61
    first checkbox and Translated IP Address in the second checkbox. TL-ER604W allows mapping from LAN port to WAN port in LAN Mode. Interface: Select an interface for forwarding data packets. DMZ Forwarding: Enable or disable DMZ Forwarding. The packets transmitted to the Translated IP Address will
  • TP-Link TL-ER604W | TL-ER604W V1 User Guide 1910010844 - Page 62
    be 222.135.48.128. The data packets are transmitted from WAN1 port. DMZ Forwarding and this entry are both activated. Note: One-to-One NAT . 3.4.1.3 Multi-Nets NAT Multi-Nets NAT function allows the IP under LAN port within multiple subnets to access the Internet via NAT. Choose the menu Advanced
  • TP-Link TL-ER604W | TL-ER604W V1 User Guide 1910010844 - Page 63
    entry named tplink1. The subnet under the LAN port of the Router is 192.168.2.0/24 and this entry is TL-ER604W is 192.168.0.0 /24, the subnet of VLAN2 under a three layer switch is 192.168.2.0 /24, while the subnet of VLAN3 is 192.168.3.0 /24. The IP of VLAN for cascading the switch to the Router
  • TP-Link TL-ER604W | TL-ER604W V1 User Guide 1910010844 - Page 64
    as follows: 3.4.1.4 Virtual Server Virtual server sets up public services in your private network, such as DNS, Email and FTP, and defines a service port. All the service requests to this port will be transmitted to the LAN server appointed by the Router via IP address. Choose the menu Advanced→NAT
  • TP-Link TL-ER604W | TL-ER604W V1 User Guide 1910010844 - Page 65
    can be entered. Interface: Select an interface for forwarding data packets. External Port: Enter the service port or port range the Router provided for accessing external network. All the requests from Internet to this service port or port range will be redirected to the specified server in
  • TP-Link TL-ER604W | TL-ER604W V1 User Guide 1910010844 - Page 66
    entered. Interface: Select an interface for forwarding data packets. Trigger Port: Enter the trigger port number or the range of port. Only when the trigger port initiates connection will all the corresponding incoming ports open and provide service for the applications, otherwise the incoming
  • TP-Link TL-ER604W | TL-ER604W V1 User Guide 1910010844 - Page 67
    such as 8690-8696. ● The Router supports up to 16 Port Triggering entries. Each entry supports at most 5 groups of trigger ports and overlapping between the ports is not allowed. ● Each entry supports at most 5 groups of incoming ports and the sum of incoming ports you set for each entry should not
  • TP-Link TL-ER604W | TL-ER604W V1 User Guide 1910010844 - Page 68
    recommended to keep default if no special requirement. 3.4.2 Traffic Control Traffic Control functions to control the bandwidth by configuring rules for limiting various data flows. In this way, the network bandwidth can be reasonably distributed and utilized. 3.4.2.1 Setup Choose the menu Advanced
  • TP-Link TL-ER604W | TL-ER604W V1 User Guide 1910010844 - Page 69
    : Default Limit applies only for users that are not constrained by Bandwidth Control Rules. These users share certain bandwidth with upper limit configured here. Value 0 means all the remained bandwidth is available to use.  Interface Bandwidth Interface: Displays the current enabled WAN port
  • TP-Link TL-ER604W | TL-ER604W V1 User Guide 1910010844 - Page 70
    which the data flow might pass. Individual WAN port cannot be selected if WAN-ALL rules are added. Group: Select the group to define the controlled users. Mode: Individual: The bandwidth of each user equals to the current bandwidth of this entry. Shared: The total bandwidth of all controlled
  • TP-Link TL-ER604W | TL-ER604W V1 User Guide 1910010844 - Page 71
    the Action buttons. The first entry in Figure 3-40 indicates: The users within group "group1" share the bandwidth and the Downstream/Upstream Guaranteed interface. 3.4.3 Session Limit The amount of TCP and UDP sessions supported by the Router is finite. If some local hosts transmit too many TCP and
  • TP-Link TL-ER604W | TL-ER604W V1 User Guide 1910010844 - Page 72
    Limit entries will be disabled.  Session Limit Group: Max. Sessions: Description: Status: Select a group to define the controlled users. Enter the max. Sessions for the users. Give a description for the entry. Activate or inactivate the entry.  List of Session Limit You can view the information
  • TP-Link TL-ER604W | TL-ER604W V1 User Guide 1910010844 - Page 73
    Routing checked, the Router will consider the source IP address and destination IP address of the packets as a whole and record the WAN port they pass through. And then the packets with the same source IP address and destination IP address or destination port will be forwarded to the recorded WAN
  • TP-Link TL-ER604W | TL-ER604W V1 User Guide 1910010844 - Page 74
    for the entry, which is effective only when the protocol is TCP, UDP or TCP/UDP. The default value is 1 - 65535, which means any port is acceptable. WAN: Select the WAN port for transmitting packets. Effective Time: Specify the time for the entry to take effect. Status: Activate or inactivate
  • TP-Link TL-ER604W | TL-ER604W V1 User Guide 1910010844 - Page 75
    116.10.20.28 and 116.10.20.29 will be forwarded from WAN1 port, regardless of the port and protocol. This entry is activated d and will take effect at 8 am to 10 pm from Monday to Friday. 3.4.4.3 Link Backup With Link Backup function, the Router will switch all the new sessions from dropped line
  • TP-Link TL-ER604W | TL-ER604W V1 User Guide 1910010844 - Page 76
    secondary WAN lists at the same time, and one WAN port should be added to only one list. 3.4.4.4 Protocol On this page, you can specify the protocol for routing rules conveniently. A protocol constitutes of the name and number. The Router predefines three commonly used protocols such as TCP, UDP and
  • TP-Link TL-ER604W | TL-ER604W V1 User Guide 1910010844 - Page 77
    fixed topology, Static Route does not change along with the network topology automatically. The administrator should modify the static route information manually as long as the network topology or link status is changed. Choose the menu Advanced→Routing→Static Route to load the following page. -72-
  • TP-Link TL-ER604W | TL-ER604W V1 User Guide 1910010844 - Page 78
    smaller the value is, the higher the priority is. The default value is 0. It is recommended to keep the default value. Description: Give a description for the entry. Status: Activate mask of 255.255.255.0, the Router will forward the packets from WAN1 port to the next hop of 211.200.1.1. -73-
  • TP-Link TL-ER604W | TL-ER604W V1 User Guide 1910010844 - Page 79
    Example There is a network topology as the following figure shown: If the LAN port of TL-ER604Wčwith Non-NAT or Classic system modeĎis connected to LAN1 with subnet of 192.168.0.0/24, while the LAN port of another Router R1 is connected to LAN2 with network of 192.168.2.0/24. Meanwhile, the WAN
  • TP-Link TL-ER604W | TL-ER604W V1 User Guide 1910010844 - Page 80
    TL-ER604W supports supports multicast and broadcast. Password If RIPv2 is enabled, set the Password Authentication according to the actual Authentication: network situation, and the password enabled, the information of RIP forwarding the packets received by the Router will be displayed in the list
  • TP-Link TL-ER604W | TL-ER604W V1 User Guide 1910010844 - Page 81
    . Note: ● RIP function cannot be set if the Router is in NAT Mode. To set RIP function, please change the System Mode to Routing or Full Mode. ● The RIP function of WAN port takes effects only when the Connection Type of this WAN port is Static IP. 3.4.5.3 Route Table This page displays the
  • TP-Link TL-ER604W | TL-ER604W V1 User Guide 1910010844 - Page 82
    . The attacker may send the ARP spoofing packets with false IP address-to-MAC address mapping entries, and then the device will automatically update the ARP table after receiving wrong ARP packets, which results in a breakdown of the normal communication. Thus, ARP defense technology is generated to
  • TP-Link TL-ER604W | TL-ER604W V1 User Guide 1910010844 - Page 83
    entries only" option is selected and saved, the WEB management page of the Router cannot be login. At the moment, you should restore the Router to factory default and login again. 3.5.1.2 ARP Scanning ARP Scanning feature enables the Router to scan the IP address and corresponding MAC address and
  • TP-Link TL-ER604W | TL-ER604W V1 User Guide 1910010844 - Page 84
    attack, you cannot add IP-MAC Binding entries on this page. Please add entries manually on 3.5.1.1 IP-MAC Binding. 3.5.1.3 ARP List On this page, the IP-MAC information of the hosts which communicated with the Router recently will be saved in the ARP list. Choose the menu Firewall→Anti ARP Spoofing
  • TP-Link TL-ER604W | TL-ER604W V1 User Guide 1910010844 - Page 85
    regarded as the aging time of the ARP information. 3.5.2 Attack Defense With Attack Defense function enabled, the Router can distinguish the malicious packets and prevent the port scanning from external network, so as to guarantee the network security. Choose the menu Firewall→Attack Defense→Attack
  • TP-Link TL-ER604W | TL-ER604W V1 User Guide 1910010844 - Page 86
    General Flood Defense: Flood attack is a commonly used DoS (Denial of Service) attack, including TCP SYN, UDP, ICMP and so on. It is all the Flood Defense options and specify the corresponding thresholds. Keep the default settings if you are not sure. Packet Anomaly Defense: Packet Anomaly refers
  • TP-Link TL-ER604W | TL-ER604W V1 User Guide 1910010844 - Page 87
    3.5.3 MAC Filtering On this page, you can control the Internet access of local hosts by specifying their MAC addresses. Choose the menu Firewall→MAC Filtering→MAC Filtering to load the following page. Figure 3-54 MAC Filtering The following items are displayed on this screen:  General To control
  • TP-Link TL-ER604W | TL-ER604W V1 User Guide 1910010844 - Page 88
    : Select the range in which the URL Filtering takes effect:  ANY: URL Filtering will take effect to all the users.  Group: URL Filtering will take effect to all the users in group. Mode: Select the mode for URL Filtering. "Keyword'' indicates that all the URL addresses including the specified
  • TP-Link TL-ER604W | TL-ER604W V1 User Guide 1910010844 - Page 89
    Application Example: Network Requirements: Prevent the local hosts from accessing Internet website www.aabbcc.com and downloading the files with suffix of "exe". Configuration Procedure: Select Keywords mode and type "exe" in the field, select URL mode and type "www.aabbcc.com"
  • TP-Link TL-ER604W | TL-ER604W V1 User Guide 1910010844 - Page 90
     Allow: When this option is selected, the packets obeyed the rule will be allowed to pass through the Router. Service: Select the service for the entry. Only the service belonging to the specified service type is limited by the entry. For example, if you select "Block" for Policy and only FTP for
  • TP-Link TL-ER604W | TL-ER604W V1 User Guide 1910010844 - Page 91
    the network of 192.168.0.0/24 will be not allowed to pass through the Router at 8:00-20:00 from Tuesday to Saturday. Note: ● For the users in the private network and not being set access rule, the default Policy is Allow. ● To specify all IP addresses, type "0.0.0.0 / 32" in the Policy field
  • TP-Link TL-ER604W | TL-ER604W V1 User Guide 1910010844 - Page 92
    . The system predefined protocols include TCP, UDP and TCP/UDP. Dest. Port: Enter the start and end ports to make a destination port range for the service. The start port number cannot be greater than the end port number.  List of Service You can view the information of the entries and edit them
  • TP-Link TL-ER604W | TL-ER604W V1 User Guide 1910010844 - Page 93
    take effect. The specified application used by the specified local users will be not allowed to access the Internet if the Application select "Group" to limit the predefined group, or select "ANY" to limit all the users. Group: If select "Group" as object, you can select the group in the drop-
  • TP-Link TL-ER604W | TL-ER604W V1 User Guide 1910010844 - Page 94
    Proxy. The default setting is to on the Application Rules page, you can download the latest database from http://www.tp-link.com, Click the button and select the file, and then click the button to upgrade the database. 3.6 VPN VPN
  • TP-Link TL-ER604W | TL-ER604W V1 User Guide 1910010844 - Page 95
    Router, the tunneling topology implemented by encapsulating packets is transparent to users. The tunneling protocols supported by TL-ER604W contain Layer 3 IPsec and Layer 2 L2TP/PPTP. 3.6.1 IKE In the IPsec VPN Internet Security Association and Key Management Protocol), Oakley Key Determination
  • TP-Link TL-ER604W | TL-ER604W V1 User Guide 1910010844 - Page 96
    Policy Name: Specify a unique name to the IKE policy for identification and management purposes. The IKE policy can be applied to IPsec policy. Exchange Mode: Select the IKE Exchange Mode in phase 1, and ensure the remote VPN peer uses the same mode.  Main: Main mode provides identity protection
  • TP-Link TL-ER604W | TL-ER604W V1 User Guide 1910010844 - Page 97
    type is selected, enter a name for the local device as the ID in IKE negotiation Remote ID Type: Select the remote ID type for IKE negotiation. IP Address: uses an IP address as the ID in IKE define and edit the IKE Proposal. Choose the menu VPN→IKE→IKE Proposal to load the following page. -92-
  • TP-Link TL-ER604W | TL-ER604W V1 User Guide 1910010844 - Page 98
    items are displayed on this screen:  IKE Proposal Proposal Name: Specify a unique name to the IKE proposal for identification and management purposes. The IKE proposal can be applied to IPsec proposal. Authentication: Select the authentication algorithm for IKE negotiation. Options include
  • TP-Link TL-ER604W | TL-ER604W V1 User Guide 1910010844 - Page 99
    edit them by the action buttons. 3.6.2 IPsec IPsec (IP Security) is a set of services and protocols defined by IETF (Internet Engineering Task Force) to provide high security for IP packets can define and edit the IPsec policy. Choose the menu VPN→IPsec→IPsec Policy to load the following page. -94-
  • TP-Link TL-ER604W | TL-ER604W V1 User Guide 1910010844 - Page 100
    Figure 3-64 IPsec Policy The following items are displayed on this screen:  General You can enable/disable IPsec function for the Router here.  IPsec Policy Policy Name: Specify a unique name to the IPsec policy. Up to 28 characters can be entered. Mode: Select the network mode for
  • TP-Link TL-ER604W | TL-ER604W V1 User Guide 1910010844 - Page 101
    should be set to the IP address of this WAN port. Enter the Remote Gateway. It can be IP address or Domain name. Select the negotiation mode for the policy.  IKE: The parameters for the VPN tunnel are generated automatically via IKE negotiations.  Manual: All settings (including the keys) for the
  • TP-Link TL-ER604W | TL-ER604W V1 User Guide 1910010844 - Page 102
    match the Outgoing SPI value at the other end of the tunnel, and vice versa. AH Authentication Key-In: Specify the inbound AH Authentication Key manually if AH protocol is used in the corresponding IPsec Proposal. The inbound key here must match the outbound AH authentication key at the other end
  • TP-Link TL-ER604W | TL-ER604W V1 User Guide 1910010844 - Page 103
    tunnel, the local subnet is 192.168.0.0/24, the remote subnet is 192.168.3.0/24 and this tunnel is using IKE automatic negotiation. It is enabled. Tips: ● 0.0.0.0.0/32 indicates all IP addresses. ● Refer to Appendix Troubleshooting 5 for the configuration of subnet. 3.6.2.2 IPsec Proposal On this
  • TP-Link TL-ER604W | TL-ER604W V1 User Guide 1910010844 - Page 104
    the security protocol to be used. Options include:  AH: AH (Authentication Header) provides data origin authentication, data integrity and anti-replay services.  ESP: ESP (Encapsulating Security Payload) provides data encryption in addition to origin authentication, data integrity, and anti-replay
  • TP-Link TL-ER604W | TL-ER604W V1 User Guide 1910010844 - Page 105
    the Router is using WAN2 for tunnel connection, and the IP address of WAN2 and the default gateway of remote peer are via auto-negotiation. 3.6.3 L2TP/PPTP Layer 2 VPN tunneling protocol consists of L2TP (Layer 2 Tunneling tunnel 6 bytes at least Not supported L2TP IP network of UDP, frame
  • TP-Link TL-ER604W | TL-ER604W V1 User Guide 1910010844 - Page 106
    .  L2TP/PPTP Tunnel Protocol: Select the protocol for VPN tunnel. Options include L2TP and PPTP. Mode: Specify the working mode for this Router. Options include:  Client: In this mode, the device sends a request to the remote L2TP/PPTP server initiatively for establishing a tunnel.  Server
  • TP-Link TL-ER604W | TL-ER604W V1 User Guide 1910010844 - Page 107
    Remote Subnet: Enter the account name of L2TP/PPTP tunnel. It should be configured identically on server and client. Enter the password support. This item is available for Client-to-LAN tunnel type on Server mode. Specify the WAN port this L2TP/PPTP server. The default IP "0.0.0.0" means any IP
  • TP-Link TL-ER604W | TL-ER604W V1 User Guide 1910010844 - Page 108
    entry in Figure 3-67 indicates: this tunnel is encapsulated by using L2TP. Its user name is test, the password can be configured, and the Router is configured in Client mode. The remote server is 172.30.70.161 and the remote subnet is 192.168.2.0/24. This entry is enabled. 3.6.3.2 IP Address Pool On
  • TP-Link TL-ER604W | TL-ER604W V1 User Guide 1910010844 - Page 109
    ID values when it is reconnected. 3.7 Services 3.7.1 PPPoE Server The Router can be configured as a PPPoE server to specify account and IP address to users in LAN and thus you can control the dial-up of users for a high efficiency in network management. The PPPoE configuration can be implemented on
  • TP-Link TL-ER604W | TL-ER604W V1 User Guide 1910010844 - Page 110
    Dial-in Users and the user with Exceptional IP can access the Internet. PPPoE User Isolation: Specify whether to allow the Dial-in Users to communicate Echo-Requests sent by the server to wait for response. The default is 10. The link will be dropped when the number of the unacknowledged LCP echo
  • TP-Link TL-ER604W | TL-ER604W V1 User Guide 1910010844 - Page 111
    text.  MS-CHAP, put forward by Microsoft, adopts a different encryption algorithm of CHAP.  MS-CHAP v2 with a higher security is an improved version of MS-CHAP. Radius Server: It is available when Remote Authentication is selected. RADIUS (Remote Authentication Dial In User Service) provides an
  • TP-Link TL-ER604W | TL-ER604W V1 User Guide 1910010844 - Page 112
    this page, you can configure the PPPoE account. Choose the menu Services→PPPoE Server→Account to load the following page. Figure 3-72 Account be the same with the one in L2TP/PPTP connection settings. Password: Enter the password. IP Address Assigned Select the IP Address Assigned Mode for IP
  • TP-Link TL-ER604W | TL-ER604W V1 User Guide 1910010844 - Page 113
    default value is 1. Specify the Expiration Date of the account. The default is 2099-1-1. Description: Status: Enter the description for management Manually Users and the user with Exceptional IP can access the Internet. On this page, you can specify the Exceptional IP. Choose the menu Services
  • TP-Link TL-ER604W | TL-ER604W V1 User Guide 1910010844 - Page 114
    should be in the same IP range with LAN port of the Router. The start IP address should not exceed the all accounts you have established. Choose the menu Services→PPPoE Server→List of Account to load the 74 displays the connection information of PPPoE users. Click Click the button
  • TP-Link TL-ER604W | TL-ER604W V1 User Guide 1910010844 - Page 115
    Choose the menu Services→E-Bulletin to load the following page. Figure 3-75 E-Bulletin The following items are displayed on this screen:  General Enable E-Bulletin: Specify whether to enable electronic
  • TP-Link TL-ER604W | TL-ER604W V1 User Guide 1910010844 - Page 116
    User Group section. 3.7.3 Dynamic DNS DDNS (Dynamic DNS) service allows you to assign a fixed domain name to a dynamic WAN IP address, which enables the Internet hosts to access the Router will update the mappings between the domain name and IP address in DNS database. Therefore, the users can use
  • TP-Link TL-ER604W | TL-ER604W V1 User Guide 1910010844 - Page 117
    . Prior to using this function, be sure you have registered on the official websites of DDNS service providers for username, password and domain name. TL-ER604W Router offers PeanutHull DDNS client, Dyndns DDNS client, NO-IP DDNS client and Comexe DDNS client. The Dynamic DNS can be implemented
  • TP-Link TL-ER604W | TL-ER604W V1 User Guide 1910010844 - Page 118
    Status: Displays the WAN port for which Dyndns DDNS is selected. Displays the current status of DDNS service  Offline: DDNS service is disabled.  Connecting: client is connecting to the server.  Online: DDNS works normally.  Authorization fails: The Account Name or Password is incorrect. Please
  • TP-Link TL-ER604W | TL-ER604W V1 User Guide 1910010844 - Page 119
    DDNS service here. Displays the WAN port for which No-IP DDNS is selected. Displays the current status of DDNS service  Offline: DDNS service is disabled.  Connecting: client is connecting to the server.  Online: DDNS works normally.  Authorization fails: The Account Name or Password is
  • TP-Link TL-ER604W | TL-ER604W V1 User Guide 1910010844 - Page 120
    Password: DDNS Service: WAN Port: Service Type: DDNS Status: Enter the password of your DDNS account. Activate or inactivate DDNS service here. Displays the WAN port for which PeanutHull DDNS is selected. Displays the DDNS service type, including Professional service and Standard service. Displays
  • TP-Link TL-ER604W | TL-ER604W V1 User Guide 1910010844 - Page 121
    password of your DDNS account. Activate or inactivate DDNS service here. Displays the WAN port for which Comexe DDNS is selected. Displays the current status of DDNS service  Offline: DDNS service enabled for the Router, the host in LAN can automatically open the corresponding port to allow the
  • TP-Link TL-ER604W | TL-ER604W V1 User Guide 1910010844 - Page 122
    will be displayed in the list of UPnP Mapping. Up to 64 UPnP service connections are supported in TL-ER604W. The NO.1 entry in Figure 3-80 indicates: TCP data received on port 12856 of the WAN port in the Router will be forwarded to port 12856 in 192.168.0.101 server in LAN. Note: ● When using UPnP
  • TP-Link TL-ER604W | TL-ER604W V1 User Guide 1910010844 - Page 123
    the Router. Current Password: Enter the current password of the Router. New User Name: Enter a new user name for the Router. New Password: Enter a new password for the Router. Confirm New Password: Re-enter the new password for confirmation. Note: ● The factory default password and user name
  • TP-Link TL-ER604W | TL-ER604W V1 User Guide 1910010844 - Page 124
    ) of inactivity. Telnet Idle Timeout: Enter a timeout period that the Router will log the remote PCs out of the Web-based Utility after a specified period (Telnet Idle Timeout) of inactivity. Note: ● The default Web Management Port is 80. If the port is changed, you should type in the new address
  • TP-Link TL-ER604W | TL-ER604W V1 User Guide 1910010844 - Page 125
    to manage the Router with IP address of 210.10.10.50 remotely. Configuration Procedure Type 210.10.10.0/24 in the Subnet/Mask field on Remote Management page and enable the entry as the following figure shows. Then type the corresponding port number in Web Management Port and Telnet Management Port
  • TP-Link TL-ER604W | TL-ER604W V1 User Guide 1910010844 - Page 126
    > button to reset all configuration settings to their default values. The default IP address is 192.168.0.1; the default login user name and password are both admin. 3.8.2.2 Export and Import Choose the menu Maintenance→Management→Export and Import to load the following page. Figure 3-85 Export
  • TP-Link TL-ER604W | TL-ER604W V1 User Guide 1910010844 - Page 127
    the menu Maintenance→Management →Firmware Upgrade to load the following page. Figure 3-87 Firmware Upgrade To upgrade the Router is to get more functions and better performance. Go to http://www.tp-link.com to download the updated firmware. Type the path and file name of the update file into the
  • TP-Link TL-ER604W | TL-ER604W V1 User Guide 1910010844 - Page 128
    3-88 License 3.8.4.1 Interface Traffic Statistics Interface Traffic Statistics screen displays the detailed traffic information of each port and extra information of WAN ports. Choose the menu Maintenance→Statistics→Interface Traffic Statistics to load the following page. Figure 3-89 Interface
  • TP-Link TL-ER604W | TL-ER604W V1 User Guide 1910010844 - Page 129
    the interface. IP Fragment Rx: Displays the amount of IP Fragments received by WAN port. Abnormal IP Packets Rx: Displays the rate for transmitting data frames. 3.8.4.2 IP to enable/disable refreshing the IP Traffic Statistics automatically. The default refresh interval is 10 seconds. -124-
  • TP-Link TL-ER604W | TL-ER604W V1 User Guide 1910010844 - Page 130
    traffic information of corresponding PCs. Sorted by: Select the rule for displaying the traffic information. 3.8.5 Diagnostics 3.8.5.1 Diagnostics This Router provides Ping test and Tracert test functions for network diagnose. Choose the menu Maintenance→Diagnostics→Diagnostics to load the
  • TP-Link TL-ER604W | TL-ER604W V1 User Guide 1910010844 - Page 131
    IP/Domain: Enter destination IP address or Domain name here. Then select a port for testing, if you select "Auto", the Router will select the interface of destination automatically. After clicking button, the Router will send Ping packets to test the network connectivity and reachability of
  • TP-Link TL-ER604W | TL-ER604W V1 User Guide 1910010844 - Page 132
    address of DNS server in Manual mode. 0.0.0.0 means DNS Lookup is disabled. Displays the detected WAN port. Detection: Displays whether the Online Detection is enabled. WAN Status: Display the detecting results. 3.8.6 Time System Time is the time displayed while the Router is running. On this
  • TP-Link TL-ER604W | TL-ER604W V1 User Guide 1910010844 - Page 133
    can set the date and time manually. With this option selected, the port of 123 to the firewall software of the PC. ● The time will be lost when the Router is restarted. The Router will obtain GMT time automatically from Internet. 3.8.7 Logs The Log system of Router can record, classify and manage
  • TP-Link TL-ER604W | TL-ER604W V1 User Guide 1910010844 - Page 134
    Figure 3-94 Logs  List of Logs List of Logs displays the system log information in log buffer. An entry of log contains the following four parts:  Config Enable Auto-refresh: Severity: Send System Logs: With this option selected, the page will refresh automatically every 5 seconds. Displays the
  • TP-Link TL-ER604W | TL-ER604W V1 User Guide 1910010844 - Page 135
    the branch offices, allow the staff on business to access the Mail Server and FTP Server in LAN, and provide the remote access services for the cooperated partners.  Network Management To avoid some of the staff using IM/P2P application at the working time to occupy a lot of network bandwidth
  • TP-Link TL-ER604W | TL-ER604W V1 User Guide 1910010844 - Page 136
    to the LAN port of this Router. To log in to the Router, the IP address of your PC should be in the same subnet of the LAN port of this Router. (The default subnet of LAN port is 192.168.0.0/24.). The IP address of your PC can be obtained automatically or configured manually. To access the
  • TP-Link TL-ER604W | TL-ER604W V1 User Guide 1910010844 - Page 137
    Configure the Static IP connection type for the WAN1 and WAN2 ports of the Router. Choose the menu Network→WAN→WAN1 to load the following page. Select the Static IP connection type and enter the IP address, Subnet Mask and Default Gateway provided by your ISP. Set both the Upstream Bandwidth and
  • TP-Link TL-ER604W | TL-ER604W V1 User Guide 1910010844 - Page 138
    access the servers in the headquarters, you can create the VPN tunnel via the TP-LINK VPN routers between the headquarters and the remote branch office to guarantee a secured communication. The following takes IPsec settings of the Router in the headquarters for example. Moreover, you can configure
  • TP-Link TL-ER604W | TL-ER604W V1 User Guide 1910010844 - Page 139
    Click the button to apply. Figure 4-4 IKE Proposal  IKE Policy Choose the menu VPN→IKE→IKE Policy to load the configuration page. Settings: Policy Name: IKE_1 Exchange Mode: Main IKE Proposal: proposal_IKE_1 (you just created) Pre-shared Key: aabbccddee
  • TP-Link TL-ER604W | TL-ER604W V1 User Guide 1910010844 - Page 140
    IKE Policy Tips: For the VPN Router in the remote branch office, the IKE settings should be the same as the Router in the headquarters. 2) IPsec Setting To configure the IPsec function, you should create an IPsec Proposal firstly.  IPsec Proposal Choose the menu VPN→IPsec→IPsec Proposal to load
  • TP-Link TL-ER604W | TL-ER604W V1 User Guide 1910010844 - Page 141
    Proposal  IPsec Policy Choose the menu VPN→IPsec→IPsec Policy to load the configuration page. Settings: IPsec: Enable Policy Name: IPsec_1 Status: Activate Mode LAN-to-LAN Local Subnet: 192.168.0.0/24 Remote Subnet: 172.31.10.0/24 WAN: WAN1 Remote Gateway: 116.31.85.133 Exchange
  • TP-Link TL-ER604W | TL-ER604W V1 User Guide 1910010844 - Page 142
    IPsec Policy Tips: For the VPN Router in the remote branch office, the IPsec settings should be consistent with the Router in the headquarters. The Remote Gateway of the remote Router should be set to the IP address of the Router in the headquarters. After the IPsec VPN tunnel of the two peers is
  • TP-Link TL-ER604W | TL-ER604W V1 User Guide 1910010844 - Page 143
    the following page. Check the box of Enable VPN-to-Internet to allow the PPTP clients to access the local enterprise network and the Internet. Then continue with the following settings for the PPTP Tunnel. Settings: L2TP/PPTP: Protocol: Mode: Username: Password: Tunnel: IP Pool: Enable PPTP Server
  • TP-Link TL-ER604W | TL-ER604W V1 User Guide 1910010844 - Page 144
    4.3.3 Network Management To manage the enterprise network effectively and forbid the Hosts within the IP range of 192.168.0.30-192.168.0.50 to use IM/P2P application, you can set up a User Group and specify the network bandwidth limit and session limit for this group. The detailed configurations are
  • TP-Link TL-ER604W | TL-ER604W V1 User Guide 1910010844 - Page 145
    Username: Start No.: Step: Add 192.168.0.30 192.168.0.50 User 1 1 Click the OK button to add the Users in bulk. Figure 4-10 User Config - Batch  View Choose the menu User Group→View to load the configuration page. Add all the Users you just created into the Group 1 and click the button
  • TP-Link TL-ER604W | TL-ER604W V1 User Guide 1910010844 - Page 146
    to load the configuration page. Check the box before Enable Bandwidth Control and click the button to apply. Figure 4-12 Bandwidth Setup 2) Interface Bandwidth Choose the menu Network¹WAN¹WAN1 to load the configuration page. Configure the Upstream Bandwidth and Downstream Bandwidth of the
  • TP-Link TL-ER604W | TL-ER604W V1 User Guide 1910010844 - Page 147
    Group: Mode: Guaranteed Bandwidth (Up/Down): Limited Bandwidth (Up/Down): Effective Time: Status: LAN -> WAN1 group1 Individual 100 800 Keep the default value Activate Click the button to apply. Figure 4-14 Bandwidth Control Rule 4.3.3.4 Session Limit Choose the menu Advanced¹Session Limit
  • TP-Link TL-ER604W | TL-ER604W V1 User Guide 1910010844 - Page 148
    flood defense and Packet Anomaly Defense. Moreover, you can enable Port Mirror function and Statistics function to monitor the real-time traffic of local network. 4.3.4.1 LAN ARP Defense You can configure IP-MAC Binding manually or by ARP Scanning. For the first time configuration, please bind most
  • TP-Link TL-ER604W | TL-ER604W V1 User Guide 1910010844 - Page 149
    shows. Figure 4-18 ARP List 2) Set IP-MAC Binding Entry Manually Configure the IP-MAC Binding entry manually and add it to ARP List. Choose the menu Firewall¹Anti ARP attack, you can bind the default gateway and IP address of WAN port. Obtain the MAC address of WAN port by ARP Scanning first. -144-
  • TP-Link TL-ER604W | TL-ER604W V1 User Guide 1910010844 - Page 150
    ¹Anti ARP Spoofing¹ARP Scanning to load the configuration page. Enter the default gateway of the WAN port such as 58.51.128.254 in the Scanning Range field and click the button, the MAC address of the WAN port will display in the Scanning Result table. After obtaining the MAC address
  • TP-Link TL-ER604W | TL-ER604W V1 User Guide 1910010844 - Page 151
    . Click the button to apply. Figure 4-21 Port Mirror 2) Statistics Choose the menu Maintenance¹Statistics to load the page. Load the Interface Traffic Statistics page to view the traffic statistics of each physical interface of the Router as Figure 4-22 shows. Figure 4-22 Interface Traffic
  • TP-Link TL-ER604W | TL-ER604W V1 User Guide 1910010844 - Page 152
    Figure 4-23 IP Traffic Statistics After all the above steps, the enterprise network will be operated based on planning. -147-
  • TP-Link TL-ER604W | TL-ER604W V1 User Guide 1910010844 - Page 153
    Auto-Negotiation WAN RJ45 port (Auto MDI/MDIX) Ports One interchangeable 10/100/1000Mbps Auto-Negotiation WAN/LAN RJ45 port (Auto MDI/MDIX) Three LEDs PWR, SYS, WLAN, WAN, LAN Safety & Emissions FCC, CE Wireless Frequency Band* 2.4~2.4835GHz Radio Data Rate 11nğup to 300Mbps (Automatic)
  • TP-Link TL-ER604W | TL-ER604W V1 User Guide 1910010844 - Page 154
    the connection between your PC and TL-ER604W via Ping command. 4) If you still cannot access the configuration page, please restore your Router to its factory default settings and try to log in again. 2. If your management port has been changed, please log into the Router with the new address, such
  • TP-Link TL-ER604W | TL-ER604W V1 User Guide 1910010844 - Page 155
    allowed to remotely access the router. 2. If the router's management port has been modified, please log into the Router with the new address, such as http://192.168.0.1:XX ("XX" is the new management port number). 3. Check to see if the management port has been mapped to the service port of the
  • TP-Link TL-ER604W | TL-ER604W V1 User Guide 1910010844 - Page 156
    to map an IP address to a MAC address. ProtocolĎ A security protocol that provides data authentication and AHčAuthentication HeaderĎoptional anti-replay services. AH is embedded in the data to be protected (a full IP datagram). DDNS č Dynamic Domain The capability of assigning a fixed host and
  • TP-Link TL-ER604W | TL-ER604W V1 User Guide 1910010844 - Page 157
    protocol. H.323 defines a common set of CODECs, call setup and negotiating procedures, and basic data transport methods. HTTPčHypertext policy and authenticates keys for services (such as IPSec) that require keys. Before any IPSec traffic can be passed, each Router/firewall/host must verify the
  • TP-Link TL-ER604W | TL-ER604W V1 User Guide 1910010844 - Page 158
    link layer address that is required for every port or device that connects to a LAN. Other devices in the MAC addressčMedia network use these addresses to locate specific ports in the Access Control addressĎ network and to create and update support of protocols to support the construction of
  • TP-Link TL-ER604W | TL-ER604W V1 User Guide 1910010844 - Page 159
    UDPčUser Datagram ProtocolĎ log in to remote systems devices on one or more LANs that are configured (using management software) so that they can communicate as VLANč Virtual instead of physical connections, they are extremely flexible. VPN čVirtual Private NetworkĎ Enables IP traffic to
  • 1
  • 2
  • 3
  • 4
  • 5
  • 6
  • 7
  • 8
  • 9
  • 10
  • 11
  • 12
  • 13
  • 14
  • 15
  • 16
  • 17
  • 18
  • 19
  • 20
  • 21
  • 22
  • 23
  • 24
  • 25
  • 26
  • 27
  • 28
  • 29
  • 30
  • 31
  • 32
  • 33
  • 34
  • 35
  • 36
  • 37
  • 38
  • 39
  • 40
  • 41
  • 42
  • 43
  • 44
  • 45
  • 46
  • 47
  • 48
  • 49
  • 50
  • 51
  • 52
  • 53
  • 54
  • 55
  • 56
  • 57
  • 58
  • 59
  • 60
  • 61
  • 62
  • 63
  • 64
  • 65
  • 66
  • 67
  • 68
  • 69
  • 70
  • 71
  • 72
  • 73
  • 74
  • 75
  • 76
  • 77
  • 78
  • 79
  • 80
  • 81
  • 82
  • 83
  • 84
  • 85
  • 86
  • 87
  • 88
  • 89
  • 90
  • 91
  • 92
  • 93
  • 94
  • 95
  • 96
  • 97
  • 98
  • 99
  • 100
  • 101
  • 102
  • 103
  • 104
  • 105
  • 106
  • 107
  • 108
  • 109
  • 110
  • 111
  • 112
  • 113
  • 114
  • 115
  • 116
  • 117
  • 118
  • 119
  • 120
  • 121
  • 122
  • 123
  • 124
  • 125
  • 126
  • 127
  • 128
  • 129
  • 130
  • 131
  • 132
  • 133
  • 134
  • 135
  • 136
  • 137
  • 138
  • 139
  • 140
  • 141
  • 142
  • 143
  • 144
  • 145
  • 146
  • 147
  • 148
  • 149
  • 150
  • 151
  • 152
  • 153
  • 154
  • 155
  • 156
  • 157
  • 158
  • 159
TL-ER604W
Wireless N Gigabit Broadband VPN Router
Rev1.0.1
1910010844