TP-LinkメーカーTL-ER6020の使用説明書/サービス説明書
ページ先へ移動 of 168
TL-ER6020 SafeStream TM Gigabit Dual-WAN VPN Router Rev: 1.0.0 1910010695.
-I- COPYRIGHT & TRADEMARKS Specifications are subjec t to change without notice. is a registered trademark of TP-LINK TECHNOLOGIES CO., L TD. Other brands and product names are trademarks of their respective holders.
-II- CONTENTS Package Contents .................................................................................................................. 1 Chapter 1 About this Guide ............................................................................
-III- 3.3.3 Session Li mit ...........................................................................................................58 3.3.4 Load Balanc e ..............................................................................................
-IV- 4.2 Network T opol ogy............................................................................................................... 128 4.3 Configur ations ........................................................................................
-1- Package Content s The following items should be found in your package: One TL-ER6020 Router One Power Cord One Console Cable Two mounting brackets and other fittings Installation Guide Resource CD Note: Make sure that the package contains the above items.
-2- Chapter 1 About this Guide This User Guide contains information for se tup and management of TL-E R6020 Router . Please read this guide carefully before operation. 1.1 Intended Readers This Guide is intended for Network Engineer and Network Administrator.
-3- Appendix A Hardware S pecifications Lists the hardware specific ations of this Router . Appendix B F AQ Provides the possible solutions to the problems that may occur during the installation and operation of the router . Appendix C Glossary Lists the glossary used in this guide.
-4- Chapter 2 Introduction Thanks for choosing the SafeS tream TM Gigabit Dual-W AN VPN Router TL-ER6020. 2.1 Overview of the Router The SafeS tream TM Gigabit Dual-W AN VPN Router TL-ER 6020 from TP-.
-5- Dual-W AN Ports + Providing two 10/100/1000M WAN ports for use r s to connect two Internet lines for bandwidth expansion. + Supporting multiple Load Balance modes, including Bandwidth Based Balance Routing, Application Optimized Routing, and Polic y Routing to optimize bandwidth usage.
-6- Supports Diagnostic (Ping/T r acert) and Online Detection VPN Supports IPsec VPN and provides up to 50 IPsec VPN tunnels Supports IPSec VPN in LAN-to-LAN or Client-to-LAN Provides .
-7- LEDs LED Status Indication On The Router is powered on PWR Off The Router is powered off or power supply is abnormal Flashing The Router works properly SYS On/Off The Router works improperly O.
-8- 2.3.2 Rear Panel The rear panel of TL-ER6020 is shown as the following figure. Power Socket Connect the female connector of the power cord to this power socket, and the male connector to the AC power outlet. Please make sure the voltage of the pow er supply meets the requirement of the input voltage (100-240V~ 50/60Hz).
-9- Chapter 3 Configuration 3.1 Network 3.1.1 S t atus The S tatus page shows the system information, the port connection st atus and other information related to this Router . Choose the menu Network → Stat us to load the following page. Figure 3-1 S t atus 3.
-10- Figure 3-2 Network T opology - NA T Mode If your Router is connecting the two networks of di fferent areas in a large network environment with a network topology as the Figure 3-3 shown, and forwards the packets betwe en these two networks by the Routing rules, you can set it to Non-NA T mode.
-1 1- Figure 3-4 Network T opology – Classic Mode Choose the menu Network → System Mode to load the following page. Figure 3-5 System Mode Y ou can select a System Mode for your R outer according to your network need.
-12- Non-NA T Mode In this mode, the Router functi ons as the traditional Gateway and fo rwards the packets via routing protocol. The Hosts in dif ferent subnets can co mm unicate with one another via the routing rules whereas no NA T is employed.
-13- Figure 3-6 W AN – S tatic IP The following items are displayed on this screen: St atic IP Connection T ype: Select S tatic IP if your ISP has assigned a static IP address for your computer . IP Address: Enter the IP address assigned by your ISP .
-14- Up stream Bandwidth: S pecify the b andwidth for transmitting p acket s on the port. Downstream Bandwidth: S pecify the b andwidth for receiving p ackets on the port.
-15- Dyn am ic I P Connection T ype: Select Dynamic IP if your ISP assigns the IP address automatically . Click <Obt ain> to get the IP address from your ISP’s server . Click <Release> to release the current IP address of W AN port. Host Name: Optional.
-16- Dynamic IP St atus Statu s: Displays the status of obt aining an IP address from your ISP . “Disabled” indicates that the Dy namic IP connection type is not applied. “Connecting” indicates that t he Router is obtaining the IP parameters from your ISP .
-17- Figure 3-8 W AN - PPPoE.
-18- The following items are displayed on this screen: PPPoE Settings Connection T ype: Select PPPoE if your ISP provides xDSL Vir tual Dial-up connection. Click <Connect> to dial-up to the Internet and obtain the IP address. Click <Disconnect> to disconnec t the Internet connection and release the current IP address.
-19- ISP Address: Optional. Enter the ISP address provided by your ISP . It's null by default. Service Name: Optional. Enter the Service Name prov ided by your ISP . It's null by default. Primary DNS: Enter the IP address of y our ISP’s Primary DNS.
-20- PPPoE St atus Statu s: Displays the status of PPPoE connection. “Disabled” indicates that t he PPPoE connection type is not applied. “Connecting” indicates that t he Router is obtaining the IP parameters from your ISP . “Connected” indicates that the Router has successfully obtained the IP parameters from your ISP .
-21- Figure 3-9 W AN - L2TP The following items are displayed on this screen: L2TP Settings Connection T ype: Select L2TP if your ISP provides a L2TP connection. Click <Connect> to dial-up to the Internet and obtain the IP address. Click <Disconnect> to disconnect the In ternet connection and release the current IP address.
-22- Account Name: Enter the Account Name provided by your ISP . If you are not clear , please consult your ISP . Password: Enter the Password provided by your ISP . Server IP: Enter the Server IP provided by your ISP . MTU: MTU (Maximum T ransmission Unit) is the maximum data unit transmitted by the physical network .
-23- Primary DNS/ Secondary DNS: If S tatic IP is selected, configure the DNS. If Dynamic IP is selected, the obtained DNS is displayed. Up stream Bandwidth: Specify the b andwidth for transmitting packet s on the port. Downstream Bandwidth: S pecify the b andwidth for receiving p ackets on the port.
-24- 5) PPTP If your ISP (Internet Service Provider) has provi ded the account informati on for the PPTP connection, please choose the PPTP connection type. Figure 3-10 W AN - PPTP The following items are displayed on this screen: PPTP Settings Connection T ype: Select PPTP if your ISP prov ides a PPTP connection.
-25- <Disconnect> to disconnect the In ternet connection and release the current IP address. Account Name: Enter the Account Name provided by your ISP . If you are not clear , please consult your ISP . Password: Enter the Password provided by your ISP .
-26- Primary DNS/ Secondary DNS: If S tatic IP is selected, configure the DNS. If Dynamic IP is selected, the obtained DNS is displayed. Up stream Bandwidth: Specify the b andwidth for transmitting packet s on the port. Downstream Bandwidth: S pecify the b andwidth for receiving p ackets on the port.
-27- Figure 3-1 1 W AN – Bigpond The following items are displayed on this screen: BigPond Settings Connection T ype: Select BigPond if your ISP prov ides a BigPond connection. Click <Connect> to dial-up to the Internet and obtain the IP address.
-28- Auth Domain: Enter the domain name of authentic ation server . It's only required when the address of Auth Server is a server name. Auth Mode: Y ou can select the proper Active mode according to your need.
-29- Default Gateway: Displays the IP address of the default gateway assigned by your ISP . Note: T o ensure the BigPond connection re-established norma lly , please restart the connection at least 5 seconds after the connection is of f. 3.1.4 LAN 3.1.
-30- Choose the menu Network → LAN → DHCP to load the following page. Figure 3-13 DHCP Settings The following items are displayed on this screen: DHCP Settings DHCP Server: Enable or disable the DHCP server on your Router .
-31- Primary DNS: Optional. Enter the Primary DNS server address provided by your ISP . It is recommended to enter the IP address of the LAN port of the Router . Secondary DNS: Optional. If a Secondary DNS Server address is available, enter it. 3.1.4.
-32- DHCP Reservation MAC Address: Enter the MAC address of the computer for which you want to reserve the IP address. IP Address: Enter the reserved IP address. Description: Optional. Enter a description for the entry . Up to 28 characters can be entered.
-33- Figure 3- 16 DMZ – Public Mode In Private mode, the DMZ port allows the Hosts in DMZ to access Internet via NA T mode which translates private IP addresses within DMZ to pub lic IP addresses for trans port over Internet. The Hosts in DMZ can directly communicate with LAN us ing the private IP addresses within the different subnet of LAN.
-34- Figure 3-18 DMZ The following items are displayed on this screen: DMZ Statu s: Activate or inactivate this entry . The DMZ port functions as a normal LAN port when it’s disabled. Mode: Select the mode for DMZ port to control the connection way among DMZ, LAN and Internet.
-35- Set the MAC Address for LAN port: In a complex network topology with all the ARP bound devices, if you want to use TL-ER6020 instead of the current router in a network node, you c an just set the.
-36- MAC Clone: It’s only available for W AN port. Cl ick the <Restore Factory MAC> button to restore the MAC address to the factory default value or click the <Clone Current PC’s MAC> button to clone the MAC address of the PC you are currently using to con figure the Router .
-37- The following items are displayed on this screen: St atistics Unicast: Displays the number of normal unica st p acket s received or transmitted on the port. Broadcast: Displays the number of normal broadcast packet s received or transmitted on the port.
-38- Choose the menu Network → Sw itc h → Port Mirror to load the following page. Figure 3-21 Port Mirror The following items are displayed on this screen: General Enable Port Mirror: Check the box to enable the Port Mirr or function. If unchecked, it will be disabled.
-39- The entry in Figure 3-21 indicates: The outgoing packets sent by port 1, port 2, port 3 and port 5 (mirrored ports) will be copied to port 4 (mirroring port).
-40- Figure 3-22 Rate Control The following items are displayed on this screen: Rate Control Port: Displays the port number . Ingress Limit: S pecify whether to enable t he Ingress Limit feature. Ingress Rate: S pecify the limit rate for the ingress packet s.
-41- Figure 3-23 Port Config The following items are displayed on this screen: Port Config Statu s: S pecify whether to enable the port. The packet s can be transported via this port after being enabled. Flow Control: Allows you to enable/disable the Flow Control function.
-42- 3.1.7.6 Port VLAN A VLAN (Virtual Local Area Network) is a network topology configured accord ing to a logical scheme rather than the physical layout, which allows you to divide the physical LAN into multiple logical LANs so as to control the communication among the ports .
-43- 3.2.1 Group On this page you can define the group for management. Choose the menu User Group → Group to load the following page. Figure 3-26 Group Configuration The following items are displayed on this screen: Group Config Group Name: S pecify a unique name for the group.
-44- User Config User Name: S pecify a unique name for the user . IP Address: Enter the IP Address of the user . It cannot be the network address or broadcast address of the port. Description: Give a description to the user fo r identification. It's optional.
-45- User Name: Select the name of the desired User . A vailable Group: Displays the Groups that the User can join. Selected Group: Displays the Groups to which this User belongs. Group Name: Select the name of the desired Group. Group Structure: Click this button to view the tree struct ure of this group.
-46- The following items are displayed on this screen: NAPT Source Port Range: Enter the source port range between 2049 and 65000, the span of which must be not less than 100. NA T -DMZ NA T -DMZ: Enable or disable NA T -DMZ. NA T DM Z is a special service of NA T application, which can be considered as a default forwardin g rule.
-47- Interface: Select an interface for forwarding data packets. DMZ Forwarding: Enable or disable DMZ Forwarding. The packets transmitted to the T ranslated IP Address will be forwarded to the host of Original IP if DMZ Forwarding is enabled. Description: Give a description for the entry .
-48- Subnet/Mask: Enter the subnet/mask to make the address range for the entry . Interface: Select the interface for the entry . Y ou can select LAN or DMZ port. Description: Give a description for the entry . Statu s: Activate or inactivate the entry .
-49- Configuration procedure 1. Establish the Multi-Nets NA T entries with Subnet/Mask of VLAN2 and VLAN3. The configured entries are as follows: 2. Then set the corresponding S tatic Route entry , en ter the IP address of t he interface connecting the Router and the three layer swit ch into the Next Hop field.
-50- Choose the menu Advanced → Routi ng → S t atic Route to load the following page. The S t atic Route entry is as follows: 3.3.1.4 Virtual Server Virtual server set s up public services in your private network, such as DN S, Email and FTP , and defines a service port.
-51- Figure 3-32 Virtual Server The fo layed Virtual Server ent ries. Up to 28 characters can b e Interface: Select an interface for forwarding data packe ts. Enter the service port or port range the Router provided for accessing to this service port or Internal Port: S pecify the service port of the LAN host as virtual serve r .
-52- Note: ● The External port and Internal Port should be set in the range of 1-65535. ● The extern al ports of dif ferent entries should be different, whereas the internal ports can be the same. List of Rules In this table, you can view the information of the entries and edit them by the Action buttons.
-53- p to 28 characters can be entered. Interface: Select an interface for forwarding dat a packet s. T rigger Port: Enter the trigger port number or the rang e of port.
-54- 3.3.1.6 Some special protocols such as (Application Layer Gatewa y) service is enabled. Choose the menu Advanced → NA T → ALG to load the following page. ALG FTP , H.323, SIP , IPsec and PPTP will work properly only when ALG Figure 3-34 ALG The following items are displayed on this screen: ALG Enable or disable FTP ALG .
-55- 3.3.2.1 Setup Choose the menu Advanced → T raffic Control → Setup to load the following p age. Figure 3-35 Configuration The following items are displayed on this screen: G ime: Enable Bandwidth n: With this option selected, the Bandwidth Control will take ef fect when the bandwidth usage reaches t he specified value.
-56- Interface B nd width Interface: tal bandwidth is equal to Bandwidth: e Downstream Bandwidth of W AN port can be configured on WA N page. a Displays the current enabled W AN port(s). The T o the sum of bandwidth of the enabled W AN port s. Displays the bandwidth of each W A N port for transmitting dat a.
-57- Band Rule Direction: W AN port cannot be selected if Mode: h user equals to the current addresses d Bandwid th S pecify the Guaranteed Upstream Bandwidth for this entry . d Ba ndw i dth S pecify the Guaranteed Downstr eam Bandwidth for this entry .
-58- Note: ● The premise for single r ule t aking effect is that the bandwidth of the interface for this rule is sufficient and not used up. ● It is impossible to satisfy all the guaranteed bandw .
-59- Session Limit ion: Statu s: Activate or inactivate the entry . ssions for the hosts within group1 ed. Limit. Choose the menu Advanced → Sessi on Limit → Session List to load the following p age. Group: Select a group to define the controlled users.
-60- Figure 3-39 Configuration With the box before Enable Application Optimized Routing checked, the Router will consider the source IP address and destination IP address of the packet s as a whole an.
-61- The following items are displa is screen: General yed on th Protocol: Select the protocol for the entry in the drop-down list. If the protocol you want to set is not in the lis t, you can add it to the list on 3.3.4.4 Protocol page. Source IP: Enter the source IP range for the entry .
-62- On this page, you can configur e the Link Backup function based on actual need to reduce the traffic burden of W AN port and improve the network efficie ncy . Choose the menu Advanced → Load Balance → Li nk Backup to load the following p age.
-63- Timing: Link Backup will be enabled if the spec ified effective time is reached. All the traf fic on the primary W AN will switch to the backup W AN at the beginning of the effective time; t he traf fic on the backup W AN will switch to the primary W AN at the ending of the ef fective time.
-64- Figure 3-42 Protocol The following items are displayed on this screen: Protocol Name: Enter a name to indicate a protocol. The name will display in the drop-down list of Protocol on Access Rule page. Number: Enter the Number of the prot ocol in the range of 0-255.
-65- Choose the menu Advanced → Routi ng → S t atic Route to load the following page. Figure 3-43 Static Route The following items are displayed on this screen: St atic Route Destination: Enter the destination hos t the route leads to. Subnet Mask: Enter the Subnet Mask of the destination network.
-66- The first entry in Figure 3-43 indicates: If there are packets being sent to a device with IP address of 21 1.162.1.0 and subnet mask of 255.255.255.
-67- The distance of RIP refers to the hop count s that a data p acket p asses through before reaching its destination, the value range of wh ich is 1–15. It means the destination cannot be reac hed if the value is more than 15. Optimal path indicates the p ath wi th the fewest hop counts.
-68- Authentication: network situation, and the password s hould not be more than 15 characters. All Interfaces: Here you can operate all the interfaces in bulk. All the interfaces will not apply RIP if “Enable” option for All Interfaces is selected.
-69- Flags: The Flags of route entry . The Flags describe certain characteristics of the route. Logical Interface: The logical interface of route entry . Physical Interface: The physical interface of route entry . Metric The Metric of route entry . 3.
-70- Figure 3-46 IP-MAC Binding The following items are displayed on this screen: General It is recommended to check all the options. Y ou s hould import the IP and MAC address of the host to IP-MAC Binding List and enable the corresponding entr y before enabling “Permit the packet s matching the IP-MAC Binding entries only”.
-71- Y ou can view the informati on of the entries and edit t hem by the Action buttons. The first entry in Figure 3-46 indicates: The IP address of 192.
-72- Indicates that the IP and MAC addres s of this entry are already bound. T o bind the entries in the list, check these entri es and click the <Import> button, then the settings will take ef fect if the entries do not c onflict with the existed entries.
-73- Figure 3-49 Attack Defense The following items are displayed on this screen: General Flood Defense: Flood attack is a commonly used DoS (Denial of Service) att ack, including TCP SYN, UDP , ICMP and so on. It is recommended to select all the Flood Defens e options and specify the corresponding thresholds.
-74- Packet Anomaly Defense: Packet Anomaly refers to the abnormal p ackets. It is recommended to select all the Packet Anomaly Defense options. Enable Att ack Defense Logs: With this box checked, the Rout er will record the defense logs.
-75- List of Rules Y ou can view the informati on of the entries and edit t hem by the Action buttons. 3.4.4 Access Control 3.4.4.1 URL Filtering URL (Uniform Resource Locator) specifies wher e an identified resource is available and the mechanism for retrieving it.
-76- Group: URL Filtering will take ef fect to all the users in group. Mode: Select the mode for URL Filtering. “Keyword’’ indicates that all the URL addresses including the specif ied keywords will be filtered. “URL Path” indicates that the URL address will be filtered only when it exactly matches the specified URL.
-77- 3.4.4.2 Web Filtering On this page, you can filter the desired web components. Choose the menu Firewall → Access Control → Web Filtering to load the following p age. Figure 3-52 Web Filtering Check the box before Enable Web Filt ering and select the web components to be filtered.
-78- Policy: Select a policy for the entry: Block: When this option is selected, the packet s obeyed the rule will not be permitted to pass through the Router . Allow: When this option is selected, the packet s obeyed the rule will be allowed to pass through the Router .
-79- Priority: Select this option to specify the priority for the added entries. The latest enabled entry will be displa yed at the end of the list by default. List of Rules Y ou can view the information of the entries and edit them by the Action butt ons.
-80- Figure 3-54 Service The following items are displayed on this screen: Service Name: Enter a name for the service. T he name should not be more than 28 characters. The name will display in the drop-down list of Protocol on Access Rule page. Protocol: Select the protocol for the servic e.
-81- 3.4.5 App Control 3.4.5.1 Control Rules On this page, you can enable t he Application Rules function. Choose the menu Firewall → App Control → Control Rules to load the following page.
-82- Application: Click the <Application List> button to select applications from the popup checkbox. The applications include IM , Web IM, SNS, P2P , Media, Basic and Proxy . The default setting is to limit all the applications in the application list except for Basic and Proxy .
-83- 3.5 VPN VPN (Virtual Private Network) is a private network established via the public network, generally via the Internet. However , the private network is a logical network without any physical network lines, so it is called Virtual Private Network.
-84- 3.5.1.1 IKE Policy On this page you can configure the rela ted parameters for IKE negotiation. Choose the menu VPN → IKE → IKE Policy to load the following p age.
-85- Exchange Mode: Select the IKE Exchange M ode in phase 1, and ensure the remote VPN peer uses the same mode. Main: Main mode provides i dentity protection and exchanges more information, which applies to the scenarios with higher requirement for i dentity protection.
-86- DPD Interval: Enter the interval after wh ich the DPD is triggered. List of IKE Policy In this table, you can view the information of IKE Policies and edit them by the action buttons. 3.5.1.2 IKE Propo sal On this page, you can define and edit the IKE Proposal.
-87- Encryption: S pecify the encryption algorithm for IKE negotiation. Options include: DES: DES (Data Encryption S tandard) encrypts a 64-bit block of plain text with a 56-bit key . 3DES: T riple DES, encrypts a plain text with 168-bit key .
-88- 3.5.2.1 IPsec Policy On this page, you can defi ne and edit the IPsec policy . Choose the menu VPN → IPsec → IPsec Policy to load the following page. Figure 3-60 IPsec Policy The following items are displayed on this screen: General Y ou can enable/disable IPsec func tion for the Router here.
-89- Mode: Select the network mode for IP sec policy . Options include: LAN-to-LAN: Select this option when the client is a network. Cl ie nt -to -L AN : Select th is option when the clien t is a host. Local Subnet: S pecify IP address range on your local LAN to identify which PCs on your LAN are covered by this policy .
-90- Phase2. As it is independent of the key created in Phase1, this key can be secure even when the key in Phase1 is de-encrypted. Without PFS, t he key in Phase2 is created based on the key in Phase.
-91- AH Authentication Key-Out: S pecify the outbound AH Authent ication Key m anually if AH protocol is used in the co rresponding IPsec Proposal. The outbound key here must match the inbound AH a uthentication key at the other end of t he tunnel, and vice versa.
-92- Figure 3-61 IPsec Proposal The following items are displayed on this screen: IPsec Proposal Proposal Name: S pecify a u nique name to the IPse c Proposal for identification and management purposes. The IPsec proposal can be applied to IPsec policy .
-93- ESP Authentication: Select the algorithm used to verify the integrity of the data for ESP authentication. Options include: MD5: MD5 (Message Digest Algo rithm) takes a message of arbitrary length and generates a 128-bi t message digest.
-94- outgoing SPI value are different. However , the Incoming SPI value must match the Outgoing SPI value at the other end of the tunnel, and vi ce versa. The connection statu s on the remote end point of this tunnel is as the following figur e shows.
-95- Figure 3-63 L2TP/PPTP T unnel The following items are displayed on this screen: General Enable VPN-to-Internet: S pecify whether to enable VPN-to-In ternet function. If enabled, the VPN client is permitted to access t he LAN of the server and Internet.
-96- Account Name: Enter the account nam e of L2TP/PPTP tunnel. It should be configured identically on server and client. Password: Enter the password of L2TP/PPT P tunnel. It should be configured identically on server and client. T unnel: Select the network mode for the tunnel.
-97- Remote Subnet: Enter the IP address range of your remote network. (It's always the IP address range of LAN on the remote peer of VPN tunnel.) It’ s the combination of IP address and subnet mask.
-98- In this table, you can view the information of IP Pools and edit them by the action buttons. 3.5.3.3 List of L2TP/PPTP T u nnel This page displays the informat ion and status of the tunnels. Choose the menu VPN → L2TP/PPTP → List of L2TP/PPTP T unnel to load the following page.
-99- Figure 3-66 General The following items are displayed on this screen: General PPPoE Server: S pecify whether to enable t he PPPoE Server function. Dial-up Access Only: S pecify whether to enabl e the Dial-up Access Only func tion. If enabled, only the Dial-in Users and the user with Excepti onal IP can access the Internet.
-100- Idle Timeou t: Enter the maximum idle time. The session will be terminated af ter it has been inactive for this specified period. It can be 0-10080 minutes. If you want your Internet connection to remain on at all times, enter 0 in the Idle T imeout field.
-101- Figure 3-67 IP Address Pool The following items are displayed on this screen: IP Address Pool Pool Name: S pecify a unique name to the IP A ddress Pool for identification and management purposes. IP Address Range: S pecify the start and the end IP address for IP Pool.
-102- Figure 3-68 Account The following items are displayed on this screen: Account Account Name: Enter the account name. This name should not be the same with the one in L2TP/PPTP connection settings. Password: Enter the password. IP Address Assigned Mode: Select the IP Address Assigned Mode for IP assignment.
-103- Description: Enter the description for management and search purposes. Up to 28 characters can be entered. Statu s: Activate or inactivate the entry . MAC Binding: Select a MAC Binding type from t he pull-down list. Options include: Disable: Select this option to disable the MAC Binding function.
-104- The following items are displayed on this screen: Exceptional IP IP Address Range: S pecify the start and the end IP address to make an exceptional IP address range. This range should be in the sa me IP range with LAN port or DMZ port of the Router .
-105- Figure 3-71 E-Bulletin The following items are displayed on this screen: General Enable E-Bulletin: S pecify whether to enabl e el ectronic bulletin function. Interval: S pecify the interval to release the bulletin. Enable Logs: S pecify whether to log the E-Bulletin.
-106- Content: Enter the content of the bulletin. Object: Select the object of this bulletin. Options include: ANY: The bulletin will be released to all the users and the PCs on the LAN. Group: The bulletin will be released to the users in the selected group.
-107- latest IP add ress, the server will update the mappings between the domai n name and IP address in DNS database. Therefore, the users can use the same domain name to ac cess the DDNS client even if the IP address of the DDNS cli ent has changed.
-108- Domain Name: Enter the Domain Name that you r egistered wi th your DDNS service provider . DDNS Service: Activate or inac tivate DDNS service here. W AN Port: Displays the W AN port for which Dyndns DDNS is selected. DDNS St atus: Displays the current status of DDNS service Offline: DDNS service is disabled.
-109- Account Name: Enter the Account Name of y our DDNS account. If you have no t registered, click <Go to register> to go to the website of No-IP for register . Password: Enter the password of your DDNS account. Domain Name: Enter the Domain Name that you r egistered wi th your DDNS service provider .
-1 10- Figure 3-74 PeanutHull DDNS The following items are displayed on this screen: PeanutHull DDNS Account Name: Enter the Account Name of y our DDNS account. If you have no t registered, click <Go to register> to go to the website of PeanutHull for register .
- 111 - Domain Name: Displays the domain names obtained from the DDNS server . Up to 16 domain names can be displayed here. List of PeanutHull Account In this table, you can view the existing DDNS entries or edit them by the Action button. 3.6.3.4 Comexe On this page you can configure Comexe DDNS client.
-1 12- DDNS St atus: Displays the current status of DDNS service Offline: DDNS service is disabled. Connecting: client is connecting to the server. Online: DDNS works normally. Authorization fails: The Account Name or Password is incorrect.
-1 13- General UPnP Funct ion: Enable or disable the UPnP function globally . List of UPnP Mappin g After UPnP is enabled, all UPnP connection rules will be displayed in the list of UPnP Mapping. Up to 64 UPnP service connections are supported in TL-ER6020.
-1 14- New User Name: Enter a new user name for the Router . New Password: Enter a new password for the Router . Confirm New Password: Re-enter the new password for confirmation.
-1 15- T elnet Idle T imeout: Enter a timeout period that t he Router will log the remote PCs out of the Web-based Utilit y after a specified period (T elnet Idle T imeout) of inactivity . Note: ● The default Web Management Port is 80. If t he port is changed, you should type in the new address, such as http://192.
-1 16- Application Example Network Requirements Allow the IP address within 210. 10.10.0/24 segment to manage t he Router with IP address of 210.10.10.50 remotely . Configuration Procedure T ype 210.10. 10.0/24 in the Subnet/Mask field on Remo te Management page and enable the entry as the following figure shows.
-1 17- Figure 3-81 Export and Import The following items are displayed on this screen: Configuration V ersion Displays the current Configur ation version of the Router . Export Click the <Export> button to save the current conf iguration a s a file to your computer .
-1 18- Figure 3-82 Reboot Click the <Reboot> button to reboot the Router . The configuration will not be lost after rebooting. The Internet connection will be temporarily interrupted while rebooting. Note: T o avoid damage, please don't turn off the device while rebooting.
-1 19- Figure 3-84 License 3.7.4 S t atistics 3.7.4.1 Interface T r affic S t atistics Interface T raf fic S tatistics screen displays the det ailed traf fic information of each port and extra information of W AN ports. Choose the menu Maintenance → St atistics → Interface T raffic Statistics to load the following p age.
-120- Interface: Displays the interface. Rate Rx : Displays the rate for receiving data frames. Rate Tx: Displays the rate for transmitting data frames. Packets Rx: Displays the number of p acket s received on the interface. Packets Tx: Displays the number of packets transmitted on the interface.
-121- Figure 3-86 IP T raf fic S tatistics The following items are displayed on this screen: General Enable IP T raffic St atistics: Allows you to enable or disable IP T raf fic S tatistics. Enable Auto-refresh: Allows you to enable/disable refreshing the IP T raf fic S tatistics automatically .
-122- Figure 3-87 Diagnostics The following items are displayed on this screen: Ping Destination IP/Domain: Enter destination IP address or Domain name here. Then select a port for testing, if you select “A uto”, the Router will select the interface of destination automatically .
-123- of destination automatically . After clicking the <S tart> button, the Router will send T racert pa ckets to test the connectivity of the gateways during the journey from th e source to destination of the test data and the result s will be displayed in the box below .
-124- W AN St atus: Display the detecting results. 3.7.6 Ti me System T ime is the time displayed while the Rout er is running. On this page you can configure the system time and the settings here will be used for ot her time-based functions like Access Rule, PPPoE and Logs.
-125- Note: ● If Get GMT function cannot be used properly , pl ease add an entry with UDP port of 123 to the firewall software of the PC. ● The time will be lost when the Router is restar ted. The Router will obtai n GMT time automatically from Internet.
-126- The Logs of switch are classified into the following eight levels. Severity Level Description Emergency 0 The system is unusable. Alert 1 Action must be taken imme diately .
-127- Chapter 4 Application 4.1 Network Requirement s The company has established the server farms in the headquarters to provide the Web, Mail and FTP services for all the staf f in the headquarters an d the branch offices, and to transmit the commercial confidential data to it s p artners.
-128- 4.2 Network T opology 4.3 Configurations Y ou can configure the Router via th e PC connected to the LAN port of this Router . T o log in to the Router , the IP address of your PC should be in the same subnet of the LAN por t of this Router . (The default subnet of LAN port is 192.
-129- 4.3.1.1 System Mode Set the system mode of the Router to the NA T mode. Choose the menu Netw ork → System Mode to load the following p age. Select the NA T mode and the <Save> button to apply . Figure 4-1 System Mode 4.3.1.2 Internet Connection Configure the St atic IP connection type for the W A N1 and W AN2 ports of the Router .
-130- Figure 4-3 Link Backup 4.3.2 VPN Setting T o enable the hosts in the remote branch of fice (W AN: 1 16.31.85.133, LAN: 172.31.10.1) to access the servers in the headquarters, you can create the VPN tunnel via the TP-LINK VPN routers between t he headquarters and the remote branch office to guar antee a secured communication.
-131- Authentication: MD5 Encryption: 3DES DH Group: DH2 Click the <Add> button to apply . Figure 4-4 IKE Proposal IKE Policy Choose the menu VPN → IKE → IKE Policy to load the configuration p age.
-132- Figure 4-5 IKE Policy Tips: For the VPN Router in the remote branch office, t he IKE settings should be the same as the Router in the headquarters. 2) IPsec Setting T o configure the IPsec function, you sh ould create an IPsec Proposal firstly .
-133- ESP Encryption: 3DES Click the <Save> button to apply . Figure 4-6 IPsec Proposal IPsec Policy Choose the menu VPN → IPsec → IPsec Policy to load the configuration p age. Settings: IPsec: Enable Policy Name: IPsec_1 S tatus: Activate Mode LAN-to-LAN Local Subnet: 192.
-134- Figure 4-7 IPsec Policy Tips: For the VPN Router in the remote branch office, the IPsec settings should be consistent with the Router in the headquarters. The Remote Gateway of the remote Router should be set to the IP address of the Router in the headquarters.
-135- L2TP/PPTP T unnel Choose the menu VPN → L2TP/PPTP → L2TP/PPTP T unnel to load the following page. Check the box of Enable VPN-to-Internet to allow the PPTP clients to access the local enterprise network and the Internet. Then continue with the following settings for the PPTP T unnel.
-136- 4.3.3 Network Management T o manage the enterprise network effectively and forbid the Hosts within the IP range of 192.168.0.30-192.168.0.50 to use IM/P2P application, you can set up a User Group and specify the network bandwidth limit and session limit for this group.
-137- Choose the menu User Group → User to load the configuration page. Click the <Batch> button to enter the batch processing screen. Th en continue with the following settings: Settings: Action: Add S tart IP Address: 192.168.0.30 End IP Address: 192.
-138- Application: Click the <Application List> button and select the applications desired to be blocked on the popup window . S tatus: Activate Figure 4-1 1 App Rules 4.3.3.3 Bandw id th Control T o enable Bandwidth Control, you s hould configure the total bandwid th of interfaces and the detailed bandwidth control rule first.
-139- Figure 4-12 Bandwidth Setup 2) Interface Bandw id th Choose the menu Network → WA N → WA N 1 to load the configurat ion page. Configure the Upstream Bandwidth and Do wnstream Bandw id th of the interface as Figur e 4-13 shows. The entered bandwidth value should be c onsistent with the ac tual bandwidth value.
-140- Figure 4-14 Bandwidth Control Rule 4.3.3.4 Session Limit Choose the menu Advanced → Session Limit → Session Limit to load the confi guration page. Check the box before Enable Session Limit and click the <Save> button to apply . Then continue with the following settings: Settings: Group: group1 Max.
-141- 4.3.4.1 LAN ARP Defense Y ou can configure IP-MAC Binding manually or by ARP Scanning. For the first time configuration, please bind most of the ARP information by AR P Scanning. For some spec ial items not bound, you can bind them manually . 1) Scan and import the entries to ARP List S pecify ARP Scanning range.
-142- Choose the menu Firewall → Anti ARP Spoofin g → IP-MAC Binding to load the configuration page. T o add the host with IP address of 192.168.1.20 a nd MAC address of 00-1 1-22-33-44-aa to the list, you can follow the settings below: Settings: IP Address: 192.
-143- 4.3.4.3 Attack Defense Choose the menu Firewall → Att ack Defense → Att ack De fense to load the configuration p age. Select the options desired to be enabled as Figure 4-20 shows, and then click the <Save> button. Figure 4-20 Att ack Defense 4.
-144- Figure 4-21 Port Mirror 2) St atistics Choose the menu Maintenance → St atistics to load the page. Load the Interface T raffic S t atistics p age to view the traffic st atistics of each physical interface of the Router as Figure 4-22 shows.
-145- Figure 4-23 IP T raf fic S tatistics After all the above step s, the enterpris e network will be operated based on planning..
-146- Chapter 5 CLI TL-ER6020 provides a Console po rt for CLI (Comm and Line Interface) confi guration, which enables you to configure the Router by accessing the CLI from c onsole (such as Hyper T ermi nal) or T elnet. The following part will introduce the step s to a ccess CLI via Hyper T erminal and some common CLI commands.
-147- Figure 5-2 Connection Description 4. Select the port (The default port is COM1) to connect in Figure 5-3 , and click OK . Figure 5-3 Select the port to connect 5.
-148- Figure 5-4 Port Settings 6. Choose File → Properties → Settings on the Hyp er T erminal window as Figure 5-5 shows, then choose VT100 or Auto detect for Emulation and click OK .
-149- 7. The DOS prompting “TP-LINK>” will appea r after pressing the Enter button in the Hyper T erminal window as Figure 5-6 shows. Figure 5-6 Log in the Router 5.2 Interface Mode The CLI of TL-ER6020 offers two command mode s: User EXEC Mode and Privileged EXEC Mode.
-150- Mode Accessing Path Prompt Logout or Access the next mode User EXEC Mode Primary mode once it is connected with the Router . TP-LINK > Use the exit command to disconnect the Router (except t hat the Router is connected through the Console port).
-151- enable - Enter the privileged mode exit - Exit the CLI (only for telnet) history - Show command history ip - Display or Set the IP configuration ip-mac - Display or Set the IP mac bind configuration sys - System manager user - User configuration 2) T ype a command and a question mark separated by space.
-152- 5.4 Command Introduction TL-ER6020 provides a number of CLI commands for users to manage the Router and user information. For better understanding, each command is followed by note which is the meaning of the command. 5.4.1 ip The ip command is used to view or configure the IP address and subnet mask of the interfaces.
-153- 5.4.3 sys The sys command is used for system management, incl uding Backup and Restore, Factory Default, Reboot, Firmware Upgrade and so on. TP-LINK # sys reboot This command will reboot system, Continue?[Y/N] Reboot the system. Y me ans YES, N means NO.
-154- ● Pay special attention t hat the specified a ccount must be with approp riate permissions since the functions such as export, import and firmwa re upgrade require read-wri te operation on FTP server . TP-LINK # sys import config Server address: [192.
-155- TP-LINK > user get Username: admin Password: admin Query the user name and password of the current Guest. TP-LINK > user set password Enter old password: Enter new password: Confirm new password: Modify the password of the Guest. TP-LINK # user get Username: admin Password: admin Query the user name and password of the Administrator .
-156- TP-LINK > history 1. history 2. sys show 3. history View the history command. TP-LINK > history clear 1. history 2. sys show 3. history 4. history clear Clear the history command. 5.4.6 exit The exit command is used to exit the syst em when logging in by T elnet.
-157- Appendix A Hardware Specifications St andards IEEE 802.3, IEEE 802.3u, IEEE 802.3ab, IEEE 802.3x, TCP/ IP , DHCP , ICMP , NA T 、 PPPoE, SNTP , HTTP , DNS, L2TP , PPTP , IPsec T wo 10/100/1000M.
-158- Appendix B F AQ Q1. What can I do if I cannot access the web-based configuration page? 1. For the first login, pl ease try the following steps: 1) Make sure the cable is well connected to t he LAN port of the Router . The corresponding LED should flash or be solid light.
-159- Q3: What can I do if the Router with the re mote management function enabled cannot be accessed by the remote computer? 1. Make sure that the IP address of the remote com puter is in the subnet allowed to remotely access the router .
-160- Appendix C Glossary Glossary Description DSL (Digital Subscriber Line) A technology that allows data to be sent or received over existing traditional phone lines.
-161- Glossary Description H.323 H.323 allows dissimilar communica tion devices to communicate with each other by using a standardized communication protocol. H.323 defines a comm on set of CODECs, call setup and negotiating procedures, and basic data transport methods.
-162- Glossary Description MAC address ( Media Access Control address ) S tandardized data link layer address that is required for every port or device that connects to a LAN. Other devices in th e network use these addresses to lo cate specific ports in the network and to create and update routing tables and data structures.
-163- Glossary Description T elnet ( T elecommunication Network protocol ) T elnet is used for remote terminal connection, enabling users to log in to remote systems and us e resources as if they we re connected to a local system.
デバイスTP-Link TL-ER6020の購入後に(又は購入する前であっても)重要なポイントは、説明書をよく読むことです。その単純な理由はいくつかあります:
TP-Link TL-ER6020をまだ購入していないなら、この製品の基本情報を理解する良い機会です。まずは上にある説明書の最初のページをご覧ください。そこにはTP-Link TL-ER6020の技術情報の概要が記載されているはずです。デバイスがあなたのニーズを満たすかどうかは、ここで確認しましょう。TP-Link TL-ER6020の取扱説明書の次のページをよく読むことにより、製品の全機能やその取り扱いに関する情報を知ることができます。TP-Link TL-ER6020で得られた情報は、きっとあなたの購入の決断を手助けしてくれることでしょう。
TP-Link TL-ER6020を既にお持ちだが、まだ読んでいない場合は、上記の理由によりそれを行うべきです。そうすることにより機能を適切に使用しているか、又はTP-Link TL-ER6020の不適切な取り扱いによりその寿命を短くする危険を犯していないかどうかを知ることができます。
ですが、ユーザガイドが果たす重要な役割の一つは、TP-Link TL-ER6020に関する問題の解決を支援することです。そこにはほとんどの場合、トラブルシューティング、すなわちTP-Link TL-ER6020デバイスで最もよく起こりうる故障・不良とそれらの対処法についてのアドバイスを見つけることができるはずです。たとえ問題を解決できなかった場合でも、説明書にはカスタマー・サービスセンター又は最寄りのサービスセンターへの問い合わせ先等、次の対処法についての指示があるはずです。