Manuel d'utilisation / d'entretien du produit TL-ER6020 SafeStream du fabricant TP-Link
Aller à la page of 168
TL-ER6020 Gigabit Dual-W AN VPN Router REV1.0.1 1910010852.
-I- COPYRIGHT & TRADEMARKS Specifications are subjec t to change without notice. is a registered trademark of TP-LINK TECHNOLOGIES CO., L TD. Other brands and product names are trademarks of their respective holders.
-II- CONTENTS Package Contents .................................................................................................................. 1 Chapter 1 About this Guide ............................................................................
-III- 3.3.3 Session Li mit ........................................................................................................... 58 3.3.4 Load Balanc e .............................................................................................
-IV- 4.2 Network T opol ogy............................................................................................................... 128 4.3 Configur ations ........................................................................................
-1- Package Content s The following items should be found in your package: One TL-ER6020 Router One Power Cord One Console Cable Two mounting brackets and other fittings Installation Guide Resource CD Note: Make sure that the package contains the above items.
-2- Chapter 1 About this Guide This User Guide contains information for se tup and management of TL-E R6020 Router . Please read this guide carefully before operation. 1.1 Intended Readers This Guide is intended for Network Engineer and Network Administrator.
-3- Appendix A Hardwar e S pecifications Lists the hardware specific ations of this Router . Appendix B F AQ Provides the possible solutions to the problems that may occur during the installation and operation of the router . Appendix C Glossary Lists the glossary used in this guide.
-4- Chapter 2 Introduction Thanks for choosing the SafeS tream Gi gabit Dual-W AN VPN Router TL-ER6020. 2.1 Overview of the Router The SafeS tream Gigabit Dual-W AN VPN Router TL -ER6020 from TP-LINK .
-5- Dual-W AN Ports + Providing two 10/100/1000M WAN ports for use r s to connect two Internet lines for bandwidth expansion. + Supporting multiple Load Balance modes, including Bandwidth Based Balance Routing, Application Optimized Routing, and Polic y Routing to optimize bandwidth usage.
-6- Supports Diagnostic (Ping/T r acert) and Online Detection VPN Supports IPsec VPN and provides up to 50 IPsec VPN tunnels Supports IPSec VPN in LAN-to-LAN or Client-to-LAN Provides .
-7- LEDs LED Status Indication On The Router is powered on PWR Off The Router is powered off or power supply is abnormal Flashing The Router works properly SYS On/Off The Router works improperly O.
-8- 2.3.2 Rear Panel The rear panel of TL-ER6020 is shown as the following figure. Power Socket Connect the female connector of the power cord to this power socket, and the male connector to the AC power outlet. Please make sure the voltage of the pow er supply meets the requirement of the input voltage (100-240V~ 50/60Hz).
-9- Chapter 3 Configuration 3.1 Network 3.1.1 S t atus The S tatus page shows the system information, the port connection st atus and other information related to this Router . Choose the menu Network → Stat us to load the following page. Figure 3-1 S t atus 3.
-10- Figure 3-2 Network T opology - NA T Mode If your Router is connecting the two networks of di fferent areas in a large network environment with a network topology as the Figure 3-3 shown, and forwards the packets betwe en these two networks by the Routing rules, you can set it to Non-NA T mode.
-1 1- Figure 3-4 Network T opology – Classic Mode Choose the menu Network → System Mode to load the following page. Figure 3-5 System Mode Y ou can select a System Mode for your R outer according to your network need.
-12- Non-NA T Mode In this mode, the Router functi ons as the traditional Gateway and fo rwards the packets via routing protocol. The Hosts in dif ferent subnets can co mm unicate with one another via the routing rules whereas no NA T is employed.
-13- Figure 3-6 W AN – S tatic IP The following items are displayed on this screen: St atic IP Connection T ype: Select S tatic IP if your ISP has assigned a static IP address for your computer . IP Address: Enter the IP address assigned by your ISP .
-14- Up stream Bandwidth: S pecify the b andwidth for transmitting p acket s on the port. Downstream Bandwidth: S pecify the b andwidth for receiving p ackets on the port.
-15- Dyn am ic I P Connection T ype: Select Dynamic IP if your ISP assigns the IP address automatically . Click <Obt ain> to get the IP address from your ISP’s server . Click <Release> to release the current IP address of W AN port. Host Name: Optional.
-16- Dynamic IP S t atus Statu s: Displays the status of obt aining an IP address from your ISP . “Disabled” indicates that the Dy namic IP connection type is not applied. “Connecting” indicates that t he Router is obtaining the IP parameters from your ISP .
-17- Figure 3-8 W AN - PPPoE.
-18- The following items are displayed on this screen: PPPoE Settings Connection T ype: Select PPPoE if your ISP provides xDSL Vir tual Dial-up connection. Click <Connect> to dial-up to the Internet and obtain the IP address. Click <Disconnect> to disconnec t the Internet connection and release the current IP address.
-19- ISP Address: Optional. Enter the ISP address provided by your ISP . It's null by default. Service Name: Optional. Enter the Service Name prov ided by your ISP . It's null by default. Primary DNS: Enter the IP address of y our ISP’s Primary DNS.
-20- PPPoE St atus Statu s: Displays the status of PPPoE connection. “Disabled” indicates that t he PPPoE connection type is not applied. “Connecting” indicates that t he Router is obtaining the IP parameters from your ISP . “Connected” indicates that the Router has successfully obtained the IP parameters from your ISP .
-21- Figure 3-9 W AN - L2TP The following items are displayed on this screen: L2TP Settings Connection T ype: Select L2TP if your ISP provides a L2TP connection. Click <Connect> to dial-up to the Internet and obtain the IP address. Click <Disconnect> to disconnect the In ternet connection and release the current IP address.
-22- Account Name: Enter the Account Name provided by your ISP . If you are not clear , please consult your ISP . Password: Enter the Password provided by your IS P . Server IP: Enter the Server IP provided by your ISP . MTU: MTU (Maximum T ransmission Unit) is the maximum data unit transmitted by the physical network .
-23- Primary DNS/ Secondary DNS: If S tatic IP is selected, configure the DNS. If Dynamic IP is selected, the obtained DNS is displayed. Up stream Bandwidth: S pecify the b andwidth for transmitting p acket s on the port. Downstream Bandwidth: S pecify the b andwidth for receiving p ackets on the port.
-24- 5) PPTP If your ISP (Internet Service Provider) has provi ded the account informati on for the PPTP connection, please choose the PPTP connection type. Figure 3-10 W AN - PPTP The following items are displayed on this screen: PPTP Settings Connection T ype: Select PPTP if your ISP prov ides a PPTP connection.
-25- <Disconnect> to disconnect the In ternet connection and release the current IP address. Account Name: Enter the Account Name provided by your ISP . If you are not clear , please consult your ISP . Password: Enter the Password provided by your IS P .
-26- Primary DNS/ Secondary DNS: If S tatic IP is selected, configure the DNS. If Dynamic IP is selected, the obtained DNS is displayed. Up stream Bandwidth: S pecify the b andwidth for transmitting p acket s on the port. Downstream Bandwidth: S pecify the b andwidth for receiving p ackets on the port.
-27- Figure 3-1 1 W AN – Bigpond The following items are displayed on this screen: BigPond Settings Connection T ype: Select BigPond if your ISP prov ides a BigPond connection. Click <Connect> to dial-up to the Internet and obtain the IP address.
-28- Auth Domain: Enter the domain name of authentic ation server . It's only required when the address of Auth Server is a server name. Auth Mode: Y ou can select the proper Active mode according to your need.
-29- Default Gateway: Displays the IP address of the default gateway assigned by your ISP . Note: T o ensure the BigPond connection re-established norma lly , please restart the connection at least 5 seconds after the connection is of f. 3.1.4 LAN 3.1.
-30- Choose the menu Network → LAN → DHCP to load the following page. Figure 3-13 DHCP Settings The following items are displayed on this screen: DHCP Settings DHCP Server: Enable or disable the DHCP server on your Router .
-31- Primary DNS: Optional. Enter the Primary DNS server address provided by your ISP . It is recommended to enter the IP address of the LAN port of the Router . Secondary DNS: Optional. If a Secondary DNS Server address is available, enter it. 3.1.4.
-32- DHCP Reservation MAC Address: Enter the MAC address of the computer for which you want to reserve the IP address. IP Address: Enter the reserved IP address. Description: Optional. Enter a description for the entry . Up to 28 characters can be entered.
-33- Figure 3- 16 DMZ – Public Mode In Private mode, the DMZ port allows the Hosts in DMZ to access Internet via NA T mode which translates private IP addresses within DMZ to pub lic IP addresses for trans port over Internet. The Hosts in DMZ can directly communicate with LAN us ing the private IP addresses within the different subnet of LAN.
-34- Figure 3-18 DMZ The following items are displayed on this screen: DMZ Statu s: Activate or inactivate this entry . The DMZ port functions as a normal LAN port when it’s disabled. Mode: Select the mode for DMZ port to control the connection way among DMZ, LAN and Internet.
-35- Set the MAC Address for LAN port: In a complex network topology with all the ARP bound devices, if you want to use TL-ER6020 instead of the current router in a network node, you c an just set the.
-36- MAC Clone: It’s only available for W AN port. Cl ick the <Restore Factory MAC> button to restore the MAC address to the factory default value or click the <Clone Current PC’s MAC> button to clone the MAC address of the PC you are currently using to con figure the Router .
-37- The following items are displayed on this screen: St atistics Unicast: Displays the number of normal unica st packet s received or transmitted on the port. Broadcast: Displays the number of normal broadcast packet s received or transmitted on the port.
-38- Choose the menu Network → Sw itc h → Port Mirror to load the following page. Figure 3-21 Port Mirror The following items are displayed on this screen: General Enable Port Mirror: Check the box to enable the Port Mirr or function. If unchecked, it will be disabled.
-39- The entry in Figure 3-21 indicates: The outgoing packets sent by port 1, port 2, port 3 and port 5 (mirrored ports) will be copied to port 4 (mirroring port).
-40- Figure 3-22 Rate Control The following items are displayed on this screen: Rate Control Port: Displays the port number . Ingress Limit: S pecify whether to enable t he Ingress Limit feature. Ingress Rate: S pecify the limit rate for the ingress packet s.
-41- Figure 3-23 Port Config The following items are displayed on this screen: Port Config Statu s: S pecify whether to enable the port. The packet s can be transported via this port after being enabled. Flow Control: Allows you to enable/disable the Flow Control function.
-42- 3.1.7.6 Port VLAN A VLAN (Virtual Local Area Network) is a network topology configured accord ing to a logical scheme rather than the physical layout, which allows you to divide the physical LAN into multiple logical LANs so as to control the communication among the ports .
-43- 3.2.1 Group On this page you can define the group for management. Choose the menu User Group → Group to load the following page. Figure 3-26 Group Configuration The following items are displayed on this screen: Group Config Group Name: S pecify a unique name for the group.
-44- User Config User Name: S pecify a unique name for the user . IP Address: Enter the IP Address of the user . It cannot be the network address or broadcast address of the port. Description: Give a description to the user fo r identification. It's optional.
-45- User Name: Select the name of the desired User . A vailable Group: Displays the Groups that the User can join. Selected Group: Displays the Groups to which this User belongs. Group Name: Select the name of the desired Group. Group Structure: Click this button to view the tree struct ure of this group.
-46- The following items are displayed on this screen: NAPT Source Port Range: Enter the source port range between 2049 and 65000, the span of which must be not less than 100. NA T -DMZ NA T -DMZ: Enable or disable NA T -DMZ. NA T DM Z is a special service of NA T application, which can be considered as a default forwardin g rule.
-47- Interface: Select an interface for forwarding data packe ts. DMZ Forwarding: Enable or disable DMZ Forwarding. The packets transmitted to the T ranslated IP Address will be forwarded to the host of Original IP if DMZ Forwarding is enabled. Description: Give a description for the entry .
-48- Subnet/Mask: Enter the subnet/mask to make the address range for the entry . Interface: Select the interface for the entry . Y ou can select LAN or DMZ port. Description: Give a description for the entry . Statu s: Activate or inactivate the entry .
-49- Configuration procedure 1. Establish the Multi-Nets NA T entries with Subnet/Mask of VLAN2 and VLAN3. The configured entries are as follows: 2. Then set the corresponding S tatic Route entry , en ter the IP address of t he interface connecting the Router and the three layer swit ch into the Next Hop field.
-50- Choose the menu Advanced → Routi ng → S t atic Route to load the following page. The S t atic Route entry is as follows: 3.3.1.4 V irtual Server Virtual server set s up public services in your private network, such as DN S, Email and FTP , and defines a service port.
-51- Figure 3-32 Virtual Server The following items are displayed on this screen: Virtual Server Name: Enter a name for Virtual Server ent ries. Up to 28 characters can be entered. Interface: Select an interface for forwarding data packe ts. External Port: Enter the service port or port range the Router provided for accessing external network.
-52- Note: ● The External port and Internal Port should be set in the range of 1-65535. ● The extern al ports of dif ferent entries should be different, whereas the internal ports can be the same. List of Rules In this table, you can view the information of the entries and edit them by the Action buttons.
-53- Name: Enter a name for Port Triggering entri es. Up to 28 characters can be entered. Interface: Select an interface for forwarding data packe ts. T rigger Port: Enter the trigger port number or the rang e of port.
-54- 3.3.1.6 ALG Some special protocols such as FTP , H.323, SIP , IPsec and PPTP will work properly only when ALG (Application Layer Gatewa y) service is enabled. Choose the menu Advanced → NA T → ALG to load the following p age. Figure 3-34 ALG The following items are displayed on this screen: ALG FTP ALG: Enable or disable FTP ALG .
-55- 3.3.2.1 Setup Choose the menu Advanced → T raffic Control → Setup to load the following p age. Figure 3-35 Configuration The following items are displayed on this screen: General Disable Bandwidth Control: Select this option to disable Bandwidth Control.
-56- Interface Bandwidth Interface: Displays the current enabled W AN port(s). The T otal bandwid th is equal to the sum of bandwidth of the enabled W AN port s. Up stream Bandwidth: Displays the bandwidth of each W A N port for transmitting dat a.
-57- Bandwidth Control Rule Direction: Select the data stream direction for the entry . The direction of arrowhead indicates the data stream direction The DMZ port displays in the drop-down list only when the DMZ port is enabled. W AN-ALL means all W AN port s through which the data flow might pass.
-58- Note: ● The premise for single r ule taking ef fect is that the bandwidth of the interface for this rule is sufficient and not used up. ● It is impossible to satisfy all the guaranteed bandw .
-59- Session Limit Group: Select a group to define the controlled users. Max. Sessions: Enter the max. Sessions for the users. Description: Give a description for the entry . Statu s: Activate or inactivate the entry . List of Session Limit Y ou can view the informati on of the entries and edit t hem by the Action buttons.
-60- Figure 3-39 Configuration With the box before Enable Application Optimized Routing checked, the Router will consider the source IP address and destination IP address of the packet s as a whole and record the W AN port they pass through.
-61- The following items are displayed on this screen: General Protocol: Select the protocol for the entry in the drop-down list. If the protocol you want to set is not in the lis t, you can add it to the list on 3.3.4.4 Protocol page. Source IP: Enter the source IP range for the entry .
-62- On this page, you can configur e the Link Backup function based on actual need to reduce the traffic burden of W AN port and improve the network efficie ncy . Choose the menu Advanced → Load Balance → Li nk Backup to load the following p age.
-63- Timing: Link Backup will be enabled if the spec ified effective time is reached. All the traf fic on the primary W AN will switch to the backup W AN at the beginning of the effective time; t he traf fic on the backup W AN will switch to the primary W AN at the ending of the ef fective time.
-64- Figure 3-42 Protocol The following items are displayed on this screen: Protocol Name: Enter a name to indicate a protocol. The name will display in the drop-down list of Protocol on Access Rule page. Number: Enter the Number of the prot ocol in the range of 0-255.
-65- Choose the menu Advanced → Routi ng → S t atic Route to load the following page. Figure 3-43 Static Route The following items are displayed on this screen: St atic Route Destination: Enter the destination hos t the route leads to. Subnet Mask: Enter the Subnet Mask of the destination network.
-66- The first entry in Figure 3-43 indicates: If there are packets being sent to a device with IP address of 21 1.162.1.0 and subnet mask of 255.255.255.
-67- The distance of RIP refers to the hop count s that a data p acket p asses through before reaching its destination, the value range of wh ich is 1–15. It means the destination cannot be reac hed if the value is more than 15. Optimal path indicates the p ath wi th the fewest hop counts.
-68- Authentication: network situation, and the password s hould not be more than 15 characters. All Interfaces: Here you can operate all the interfaces in bulk. All the interfaces will not apply RIP if “Enable” option for All Interfaces is selected.
-69- Flags: The Flags of route entry . The Flags describe certain characteristics of the route. Logical Interface: The logical interface of route entry . Physical Interface: The physical interface of route entry . Metric The Metric of route entry . 3.
-70- Figure 3-46 IP-MAC Binding The following items are displayed on this screen: General It is recommended to check all the options. Y ou s hould import the IP and MAC address of the host to IP-MAC Binding List and enable the corresponding entr y before enabling “Permit the packet s matching the IP-MAC Binding entries only”.
-71- Y ou can view the informati on of the entries and edit t hem by the Action buttons. The first entry in Figure 3-46 indicates: The IP address of 192.
-72- Indicates that the IP and MAC addres s of this entry are already bound. T o bind the entries in the list, check these entri es and click the <Import> button, then the settings will take ef fect if the entries do not c onflict with the existed entries.
-73- Figure 3-49 Attack Defense The following items are displayed on this screen: General Flood Defense: Flood attack is a commonly used DoS (Denial of Service) att ack, including TCP SYN, UDP , ICMP and so on. It is recommended to select all the Flood Defens e options and specify the corresponding thresholds.
-74- Packet Anomaly Defense: Packet Anomaly refers to the abnormal p ackets. It is recommended to select all the Packet Anomaly Defense options. Enable Att ack Defense Logs: With this box checked, the Rout er will record the defense logs.
-75- List of Rules Y ou can view the informati on of the entries and edit t hem by the Action buttons. 3.4.4 Access Control 3.4.4.1 URL Filtering URL (Uniform Resource Locator) specifies wher e an identified resource is available and the mechanism for retrieving it.
-76- Group: URL Filtering will take ef fect to all the users in group. Mode: Select the mode for URL Filtering. “Keyword’’ indicates that all the URL addresses including the specif ied keywords will be filtered. “URL Path” indicates that the URL address will be filtered only when it exactly matches the specified URL.
-77- 3.4.4.2 Web Filtering On this page, you can filter the desired web components. Choose the menu Firewall → Access Control → Web Filtering to load the following p age. Figure 3-52 Web Filtering Check the box before Enable Web Filt ering and select the web components to be filtered.
-78- Policy: Select a policy for the entry: Block: When this option is selected, the packet s obeyed the rule will not be permitted to pass through the Router . Allow: When this option is selected, the packet s obeyed the rule will be allowed to pass through the Router .
-79- Priority: Select this option to specify the priority for the added entries. The latest enabled entry will be displa yed at the end of the list by default. List of Rules Y ou can view the information of the entries and edit them by the Action butt ons.
-80- Figure 3-54 Service The following items are displayed on this screen: Service Name: Enter a name for the service. T he name should not be more than 28 characters. The name will display in the drop-down list of Protocol on Access Rule page. Protocol: Select the protocol for the servic e.
-81- 3.4.5 App Control 3.4.5.1 Control Rules On this page, you can enable t he Application Rules function. Choose the menu Firewall → App Control → Control Rules to load the following page.
-82- Application: Click the <Application List> button to select applications from the popup checkbox. The applications include IM , Web IM, SNS, P2P , Media, Basic and Proxy . The default setting is to limit all the applications in the application list except for Basic and Proxy .
-83- 3.5 VPN VPN (Virtual Private Network) is a private network established via the public network, generally via the Internet. However , the private network is a logical network without any physical network lines, so it is called Virtual Private Network.
-84- 3.5.1.1 IKE Policy On this page you can configure the rela ted parameters for IKE negotiation. Choose the menu VPN → IKE → IKE Policy to load the following p age.
-85- Exchange Mode: Select the IKE Exchange M ode in phase 1, and ensure the remote VPN peer uses the same mode. Main: Main mode provides i dentity protection and exchanges more information, which applies to the scenarios with higher requirement for i dentity protection.
-86- DPD Interval: Enter the interval after wh ich the DPD is triggered. List of IKE Policy In this table, you can view the information of IKE Policies and edit them by the action buttons. 3.5.1.2 IKE Proposal On this page, you can define and edit the IKE Proposal.
-87- Encryption: S pecify the encryption algorithm for IKE negotiation. Options include: DES: DES (Data Encryption S tandard) encrypts a 64-bit block of plain text with a 56-bit key . 3DES: T riple DES, encrypts a plain text with 168-bit key .
-88- 3.5.2.1 IPsec Policy On this page, you can defi ne and edit the IPsec policy . Choose the menu VPN → IPsec → IPsec Policy to load the following page. Figure 3-60 IPsec Policy The following items are displayed on this screen: General Y ou can enable/disable IPsec func tion for the Router here.
-89- Mode: Select the network mode for IP sec policy . Options include: LAN-to-LAN: Select this option when the client is a network. Cl ie nt -to -L AN : Select th is option when the clien t is a host. Local Subnet: S pecify IP address range on your local LAN to identify which PCs on your LAN are covered by this policy .
-90- Phase2. As it is independent of the key created in Phase1, this key can be secure even when the key in Phase1 is de-encrypted. Without PFS, t he key in Phase2 is created based on the key in Phase.
-91- AH Authentication Key-Out: S pecify the outbound AH Authent ication Key manually if AH protocol is used in the co rresponding IPsec Proposal. The outbound key here must match the inbound AH a uthentication key at the other end of t he tunnel, and vice versa.
-92- Figure 3-61 IPsec Proposal The following items are displayed on this screen: IPsec Proposal Proposal Name: S pecify a u nique name to the IPse c Proposal for identification and management purposes. The IPsec proposal can be applied to IPsec policy .
-93- ESP Authentication: Select the algorithm used to verify the integrity of the data for ESP authentication. Options include: MD5: MD5 (Message Digest Algo rithm) takes a message of arbitrary length and generates a 128-bi t message digest.
-94- outgoing SPI value are different. However , the Incoming SPI value must match the Outgoing SPI value at the other end of the tunnel, and vi ce versa. The connection statu s on the remote end point of this tunnel is as the following figur e shows.
-95- Figure 3-63 L2TP/PPTP T unnel The following items are displayed on this screen: General Enable VPN-to-Internet: S pecify whether to enable VPN-to-In ternet function. If enabled, the VPN client is permitted to access t he LAN of the server and Internet.
-96- Account Name: Enter the account nam e of L2TP/PPTP tunnel. It should be configured identically on server and client. Password: Enter the password of L2TP/PPT P tunnel. It should be configured identically on server and client. T unnel: Select the network mode for the tunnel.
-97- Remote Subnet: Enter the IP address range of your remote network. (It's always the IP address range of LAN on the remote peer of VPN tunnel.) It’ s the combination of IP address and subnet mask.
-98- In this table, you can view the information of IP Pools and edit them by the action buttons. 3.5.3.3 List of L2TP/PPTP T unnel This page displays the informat ion and status of the tunnels. Choose the menu VPN → L2TP/PPTP → List of L2TP/PPTP T unnel to load the following page.
-99- Figure 3-66 General The following items are displayed on this screen: General PPPoE Server: S pecify whether to enable t he PPPoE Server function. Dial-up Access Only: S pecify whether to enable the Dial-up Access Only func tion. If enabled, only the Dial-in Users and the user with Excepti onal IP can access the Internet.
-100- Idle Timeou t: Enter the maximum idle time. The session will be terminated af ter it has been inactive for this specified period. It can be 0-10080 minutes. If you want your Internet connection to remain on at all times, enter 0 in the Idle T imeout field.
-101- Figure 3-67 IP Address Pool The following items are displayed on this screen: IP Address Pool Pool Name: S pecify a unique name to the IP A ddress Pool for identification and management purposes. IP Address Range: S pecify the start and the end IP address for IP Pool.
-102- Figure 3-68 Account The following items are displayed on this screen: Account Account Name: Enter the account name. This name should not be the same with the one in L2TP/PPTP connection settings. Password: Enter the password. IP Address Assigned Mode: Select the IP Address Assigned Mode for IP assignment.
-103- Description: Enter the description for management and search purposes. Up to 28 characters can be entered. Statu s: Activate or inactivate the entry . MAC Binding: Select a MAC Binding type from t he pull-down list. Options include: Disable: Select this option to disable the MAC Binding function.
-104- The following items are displayed on this screen: Exceptional IP IP Address Range: S pecify the st art and the end IP address to make an exceptional IP address range. This range should be in the sa me IP range with LAN port or DMZ port of the Router .
-105- Figure 3-71 E-Bulletin The following items are displayed on this screen: General Enable E-Bulletin: S pecify whether to enable el ectronic bulletin function . Interval: S pecify the interval to release the bulletin. Enable Logs: S pecify whether to log the E-Bulletin.
-106- Content: Enter the content of the bulletin. Object: Select the object of this bulletin. Options include: ANY: The bulletin will be released to all the users and the PCs on the LAN. Group: The bulletin will be released to the users in the selected group.
-107- latest IP add ress, the server will update the mappings between the domai n name and IP address in DNS database. Therefore, the users can use the same domain name to ac cess the DDNS client even if the IP address of the DDNS cli ent has changed.
-108- Domain Name: Enter the Domain Name that you r egistered with your DDNS service provider . DDNS Service: Activate or inactivate DDNS service here. W AN Port: Displays the W AN port for which Dyndns DDNS is selected. DDNS St atus: Displays the current status of DDNS service Offline: DDNS service is disabled.
-109- Account Name: Enter the Account Name of y our DDNS account. If you have not registered, click <Go to register> to go to the website of No-IP for register . Password: Enter the password of your DDNS account. Domain Name: Enter the Domain Name that you r egistered with your DDNS service provider .
-1 10- Figure 3-74 PeanutHull DDNS The following items are displayed on this screen: PeanutHull DDNS Account Name: Enter the Account Name of y our DDNS account. If you have not registered, click <Go to register> to go to the website of PeanutHull for register .
- 111 - Domain Name: Displays the domain names obtained from the DDNS server . Up to 16 domain names can be displayed here. List of PeanutHull Account In this table, you can view the existing DDNS entries or edit them by the Action button. 3.6.3.4 Comexe On this page you can configure Comexe DDNS client.
-1 12- DDNS St atus: Displays the current status of DDNS service Offline: DDNS service is disabled. Connecting: client is connecting to the server. Online: DDNS works normally. Authorization fails: The Account Name or Password is incorrect.
-1 13- General UPnP Funct ion: Enable or disable the UPnP function globally . List of UPnP Mappin g After UPnP is enabled, all UPnP connection rules will be displayed in the list of UPnP Mapping. Up to 64 UPnP service connections are supported in TL-ER6020.
-1 14- New User Name: Enter a new user name for the Router . New Password: Enter a new password for the Router . Confirm New Password: Re-enter the new password for confirmation.
-1 15- T elnet Idle T imeout: Enter a timeout period that t he Router will log the remote PCs out of the Web-based Utilit y after a specified period (T elnet Idle T imeout) of inactivity . Note: ● The default Web Management Port is 80. If t he port is changed, you should type in the new address, such as http://192.
-1 16- Application Example Network Requirements Allow the IP address within 210. 10.10.0/24 segment to manage t he Router with IP address of 210.10.10.50 remotely . Configuration Procedure T ype 210.10. 10.0/24 in the Subnet/Mask field on Remo te Management page and enable the entry as the following figure shows.
-1 17- Figure 3-81 Export and Import The following items are displayed on this screen: Configuration V ersion Displays the current Configur ation version of the Router . Export Click the <Export> button to save the current conf iguration a s a file to your computer .
-1 18- Figure 3-82 Reboot Click the <Reboot> button to reboot the Router . The configuration will not be lost after rebooting. The Internet connection will be temporarily interrupted while rebooting. Note: T o avoid damage, please don't turn off the device while rebooting.
-1 19- Figure 3-84 License 3.7.4 S t atistics 3.7.4.1 Interface T raffic St atistics Interface T raf fic S tatistics screen displays the det ailed traf fic information of each port and extra information of W AN ports. Choose the menu Maintenance → St atistics → Interface T raffic Statistics to load the following p age.
-120- Interface: Displays the interface. Rate Rx : Displays the rate for receiving data frames. Rate Tx: Displays the rate for transmitting data frames. Packets Rx: Displays the number of packet s received on the interface. Packets Tx: Displays the number of packet s transmitted on the interface.
-121- Figure 3-86 IP T raf fic S tatistics The following items are displayed on this screen: General Enable IP T raffic St atistics: Allows you to enable or disable IP T raf fic S tatistics. Enable Auto-refresh: Allows you to enable/disable refreshing the IP T raf fic S tatistics automatically .
-122- Figure 3-87 Diagnostics The following items are displayed on this screen: Ping Destination IP/Domain: Enter destination IP address or Domain name here. Then select a port for testing, if you select “A uto”, the Router will select the interface of destination automatically .
-123- of destination automatically . After clicking the <S tart> button, the Router will send T racert pa ckets to test the connectivity of the gateways during the journey from th e source to destination of the test data and the result s will be displayed in the box below .
-124- W AN St atus: Display the detecting results. 3.7.6 Ti me System T ime is the time displayed while the Rout er is running. On this page you can configure the system time and the settings here will be used for ot her time-based functions like Access Rule, PPPoE and Logs.
-125- Note: ● If Get GMT function cannot be used properly , pl ease add an entry with UDP port of 123 to the firewall software of the PC. ● The time will be lost when the Router is restar ted. The Router will obtai n GMT time automatically from Internet.
-126- The Logs of switch are classified into the following eight levels. Severity Level Description Emergency 0 The system is unusable. Alert 1 Action must be taken imme diately .
-127- Chapter 4 Application 4.1 Network Requirement s The company has established the server farms in the headquarters to provide the Web, Mail and FTP services for all the staf f in the headquarters an d the branch offices, and to transmit the commercial confidential data to it s p artners.
-128- 4.2 Network T opology 4.3 Configurations Y ou can configure the Router via th e PC connected to the LAN port of this Router . T o log in to the Router , the IP address of your PC should be in the same subnet of the LAN por t of this Router . (The default subnet of LAN port is 192.
-129- 4.3.1.1 System Mode Set the system mode of the Router to the NA T mode. Choose the menu Netw ork → System Mode to load the following p age. Select the NA T mode and the <Save> button to apply . Figure 4-1 System Mode 4.3.1.2 Internet Connection Configure the St atic IP connection type for the W A N1 and W AN2 ports of the Router .
-130- Figure 4-3 Link Backup 4.3.2 VPN Setting T o enable the hosts in the remote branch of fice (W AN: 1 16.31.85.133, LAN: 172.31.10.1) to access the servers in the headquarters, you can create the VPN tunnel via the TP-LINK VPN routers between t he headquarters and the remote branch office to guar antee a secured communication.
-131- Authentication: MD5 Encryption: 3DES DH Group: DH2 Click the <Add> button to apply . Figure 4-4 IKE Proposal IKE Policy Choose the menu VPN → IKE → IKE Policy to load the configuration p age.
-132- Figure 4-5 IKE Policy Tips: For the VPN Router in the remote branch office, t he IKE settings should be the same as the Router in the headquarters. 2) IPsec Setting T o configure the IPsec function, you sh ould create an IPsec Proposal firstly .
-133- ESP Encryption: 3DES Click the <Save> button to apply . Figure 4-6 IPsec Proposal IPsec Policy Choose the menu VPN → IPsec → IPsec Policy to load the configuration p age. Settings: IPsec: Enable Policy Name: IPsec_1 S tatus: Activate Mode LAN-to-LAN Local Subnet: 192.
-134- Figure 4-7 IPsec Policy Tips: For the VPN Router in the remote branch office, the IPsec settings should be consistent with the Router in the headquarters. The Remote Gateway of the remote Router should be set to the IP address of the Router in the headquarters.
-135- L2TP/PPTP T unnel Choose the menu VPN → L2TP/PPTP → L2TP/PPTP T unnel to load the following page. Check the box of Enable VPN-to-Internet to allow the PPTP clients to access the local enterprise network and the Internet. Then continue with the following settings for the PPTP T unnel.
-136- 4.3.3 Network Management T o manage the enterprise network ef fectively and forbid the Hosts within the IP range of 192.168.0.30-192.168.0.50 to use IM/P2P application, you can set up a User Group and specify the network bandwidth limit and session limit for this group.
-137- Choose the menu User Group → User to load the configuration page. Click the <Batch> button to enter the batch processing screen. Th en continue with the following settings: Settings: Action: Add S tart IP Address: 192.168.0.30 End IP Address: 192.
-138- Application: Click the <Application List> button and select the applications desired to be blocked on the popup window . S tatus: Activate Figure 4-1 1 App Rules 4.3.3.3 Bandwid th Control T o enable Bandwidth Control, you s hould configure the total bandwid th of interfaces and the detailed bandwidth control rule first.
-139- Figure 4-12 Bandwidth Setup 2) Interface Bandw id th Choose the menu Network → WA N → WA N 1 to load the configurat ion page. Configure the Upstream Bandwidth and Do wnstream Bandw id th of the interface as Figur e 4-13 shows. The entered bandwidth value should be c onsistent with the ac tual bandwidth value.
-140- Figure 4-14 Bandwidth Control Rule 4.3.3.4 Session Limit Choose the menu Advanced → Session Limit → Session Limit to load the confi guration page. Check the box before Enable Session Limit and click the <Save> button to apply . Then continue with the following settings: Settings: Group: group1 Max.
-141- 4.3.4.1 LAN ARP Defense Y ou can configure IP-MAC Binding manually or by ARP Scanning. For the first time configuration, please bind most of the ARP information by AR P Scanning. For some spec ial items not bound, you can bind them manually . 1) Scan and import the entries to ARP List S pecify ARP Scanning range.
-142- Choose the menu Firewall → Anti ARP S poofing → IP-MAC Binding to load the configuration p age. T o add the host with IP address of 192.168.1.20 a nd MAC address of 00-1 1-22-33-44-aa to the list, you can follow the settings below: Settings: IP Address: 192.
-143- 4.3.4.3 Att ack Defense Choose the menu Firewall → Att ack Defense → Att ack De fense to load the configuration p age. Select the options desired to be enabled as Figure 4-20 shows, and then click the <Save> button. Figure 4-20 Att ack Defense 4.
-144- Figure 4-21 Port Mirror 2) St atistics Choose the menu Maintenance → St atistics to load the page. Load the Interface T raffic S t atistics p age to view the traffic st atistics of each physical interface of the Router as Figure 4-22 shows.
-145- Figure 4-23 IP T raf fic S tatistics After all the above step s, the enterpris e network will be operated based on planning..
-146- Chapter 5 CLI TL-ER6020 provides a Console po rt for CLI (Comm and Line Interface) confi guration, which enables you to configure the Router by accessing the CLI from c onsole (such as Hyper T ermi nal) or T elnet. The following part will introduce the step s to a ccess CLI via Hyper T erminal and some common CLI commands.
-147- Figure 5-2 Connection Description 4. Select the port (The default port is COM1) to connect in Figure 5-3 , and click OK . Figure 5-3 Select the port to connect 5.
-148- Figure 5-4 Port Settings 6. Choose File → Properties → Settings on the Hyp er T erminal window as Figure 5-5 shows, then choose VT100 or Auto detect for Emulation and click OK .
-149- 7. The DOS prompting “TP-LINK>” will appea r after pressing the Enter button in the Hyper T erminal window as Figure 5-6 shows. Figure 5-6 Log in the Router 5.2 Interface Mode The CLI of TL-ER6020 offers two command mode s: User EXEC Mode and Privileged EXEC Mode.
-150- Mode Accessing Path Prompt Logout or Access the next mode User EXEC Mode Primary mode once it is connected with the Router . TP-LINK > Use the exit command to disconnect the Router (except t hat the Router is connected through the Console port).
-151- enable - Enter the privileged mode exit - Exit the CLI (only for telnet) history - Show command history ip - Display or Set the IP configuration ip-mac - Display or Set the IP mac bind configuration sys - System manager user - User configuration 2) T ype a command and a question mark separated by space.
-152- 5.4 Command Introduction TL-ER6020 provides a number of CLI commands for users to manage the Router and user information. For better understanding, each command is followed by note which is the meaning of the command. 5.4.1 ip The ip command is used to view or configure the IP address and subnet mask of the interfaces.
-153- 5.4.3 sys The sys command is used for system management, incl uding Backup and Restore, Factory Default, Reboot, Firmware Upgrade and so on. TP-LINK # sys reboot This command will r eboot system, Continue?[Y/N] Reboot the system. Y me ans YES, N means NO.
-154- ● Pay special attention t hat the specified a ccount must be with approp riate permissions since the functions such as export, import and firmwa re upgrade require read-wri te operation on FTP server . TP-LINK # sys import config Server address: [192.
-155- TP-LINK > user get Username: admin Password: admin Query the user name and password of the current Guest. TP-LINK > user set password Enter old password: Enter new password: Confirm new password: Modify the password of the Guest. TP-LINK # user get Username: admin Password: admin Query the user name and password of the Administrator .
-156- TP-LINK > history 1. history 2. sys show 3. history View the history command. TP-LINK > history clear 1. history 2. sys show 3. history 4. history clear Clear the history command. 5.4.6 exit The exit command is used to exit the syst em when logging in by T elnet.
-157- Appendix A Hardware S pecifications St andards IEEE 802.3, IEEE 802.3u, IEEE 802.3ab, IEEE 802.3x, TCP/ IP , DHCP , ICMP , NA T 、 PPPoE, SNTP , HTTP , DNS, L2TP , PPTP , IPsec T wo 10/100/1000.
-158- Appendix B F AQ Q1. What can I do if I cannot access the web-based configuration page? 1. For the first login, pl ease try the following steps: 1) Make sure the cable is well connected to t he LAN port of the Router . The corresponding LED should flash or be solid light.
-159- Q3: What can I do if the Router with the re mote management function enabled cannot be accessed by the remote computer? 1. Make sure that the IP address of the remote com puter is in the subnet allowed to remotely access the router .
-160- Appendix C Glossary Glossary Description DSL (Digital Subscriber Line) A technology that allows data to be sent or received over existing traditional phone lines.
-161- Glossary Description H.323 H.323 allows dissimilar communica tion devices to communicate with each other by using a standardized communication protocol. H.323 defines a comm on set of CODECs, call setup and negotiating procedures, and basic data transport methods.
-162- Glossary Description MAC address ( Media Access Control address ) S tandardized data link layer address that is required for every port or device that connects to a LAN. Other devices in th e network use these addresses to lo cate specific ports in the network and to create and update routing tables and data structures.
-163- Glossary Description T elnet ( T elecommunication Network protocol ) T elnet is used for remote terminal connection, ena bling users to log in to remote systems and us e resources as if they we re connected to a local system.
Un point important après l'achat de l'appareil (ou même avant l'achat) est de lire le manuel d'utilisation. Nous devons le faire pour quelques raisons simples:
Si vous n'avez pas encore acheté TP-Link TL-ER6020 SafeStream c'est un bon moment pour vous familiariser avec les données de base sur le produit. Consulter d'abord les pages initiales du manuel d'utilisation, que vous trouverez ci-dessus. Vous devriez y trouver les données techniques les plus importants du TP-Link TL-ER6020 SafeStream - de cette manière, vous pouvez vérifier si l'équipement répond à vos besoins. Explorant les pages suivantes du manuel d'utilisation TP-Link TL-ER6020 SafeStream, vous apprendrez toutes les caractéristiques du produit et des informations sur son fonctionnement. Les informations sur le TP-Link TL-ER6020 SafeStream va certainement vous aider à prendre une décision concernant l'achat.
Dans une situation où vous avez déjà le TP-Link TL-ER6020 SafeStream, mais vous avez pas encore lu le manuel d'utilisation, vous devez le faire pour les raisons décrites ci-dessus,. Vous saurez alors si vous avez correctement utilisé les fonctions disponibles, et si vous avez commis des erreurs qui peuvent réduire la durée de vie du TP-Link TL-ER6020 SafeStream.
Cependant, l'un des rôles les plus importants pour l'utilisateur joués par les manuels d'utilisateur est d'aider à résoudre les problèmes concernant le TP-Link TL-ER6020 SafeStream. Presque toujours, vous y trouverez Troubleshooting, soit les pannes et les défaillances les plus fréquentes de l'apparei TP-Link TL-ER6020 SafeStream ainsi que les instructions sur la façon de les résoudre. Même si vous ne parvenez pas à résoudre le problème, le manuel d‘utilisation va vous montrer le chemin d'une nouvelle procédure – le contact avec le centre de service à la clientèle ou le service le plus proche.