Page 1 TL-ER6020 SafeStream Gigabit Dual-WAN VPN Router Rev: 1.0.0 1910010695...
Page 2: Fcc Statement
No part of the specifications may be reproduced in any form or by any means or used to make any derivative such as translation, transformation, or adaptation without permission from TP-LINK TECHNOLOGIES CO., LTD. Copyright © 2012 TP-LINK TECHNOLOGIES CO., LTD. All rights reserved. http://www.tp-link.com FCC STATEMENT This equipment has been tested and found to comply with the limits for a Class A digital device, pursuant to part 15 of the FCC Rules.
Page 3: Table Of Contents
CONTENTS ........................1 Package Contents ....................2 Chapter 1 About this Guide Intended Readers ........................2 Conventions ...........................2 Overview of this Guide ......................2 ......................4 Chapter 2 Introduction Overview of the Router ......................4 Features..........................5 Appearance..........................6 2.3.1 Front Panel ........................6 2.3.2 Rear Panel.........................8 ......................9 Chapter 3 Configuration Network..........................9 3.1.1 Status.........................9...
Page 4 3.3.3 Session Limit ......................58 3.3.4 Load Balance......................59 3.3.5 Routing ........................64 Firewall..........................69 3.4.1 Anti ARP Spoofing ....................69 3.4.2 Attack Defense ......................72 3.4.3 MAC Filtering ......................74 3.4.4 Access Control......................75 3.4.5 App Control......................81 VPN............................83 3.5.1 IKE...........................83 3.5.2 IPsec........................87 3.5.3 L2TP/PPTP......................94 Services ..........................98 3.6.1 PPPoE Server......................98 3.6.2 E-Bulletin .......................104...
Page 5 Network Topology.......................128 Configurations........................128 4.3.1 Internet Setting ......................128 4.3.2 VPN Setting ......................130 4.3.3 Network Management....................136 4.3.4 Network Security....................140 ........................146 Chapter 5 CLI Configuration........................146 Interface Mode ........................149 Online Help ........................150 Command Introduction.......................152 5.4.1 ip..........................152 5.4.2 ip-mac ........................152 5.4.3 sys .........................153 5.4.4 user........................154 5.4.5 history ........................155 5.4.6...
Page 6: Package Contents
Package Contents The following items should be found in your package:  One TL-ER6020 Router One Power Cord   One Console Cable  Two mounting brackets and other fittings  Installation Guide Resource CD  Note: Make sure that the package contains the above items. If any of the listed items is damaged or missing,...
Page 7: Chapter 1 About This Guide
Chapter 1 About this Guide This User Guide contains information for setup and management of TL-ER6020 Router. Please read this guide carefully before operation. 1.1 Intended Readers This Guide is intended for Network Engineer and Network Administrator. 1.2 Conventions In this Guide the following conventions are used:...
Page 8 Appendix A Hardware Lists the hardware specifications of this Router. Specifications Appendix B FAQ Provides the possible solutions to the problems that may occur during the installation and operation of the router. Appendix C Glossary Lists the glossary used in this guide.
Page 9: Chapter 2 Introduction
2.1 Overview of the Router The SafeStream Gigabit Dual-WAN VPN Router TL-ER6020 from TP-LINK possesses excellent data processing capability and multiple powerful functions including IPsec/PPTP/L2TP VPN, Load Balance, Access Control, Bandwidth Control, Session Limit, IM/P2P Blocking, PPPoE Server and so on, which consumedly meet the needs of small and medium enterprise, hotels and communities with volumes of users demanding a efficient and easy-to-manage network with high security.
Page 10: Features
Dual-WAN Ports  + Providing two 10/100/1000M WAN ports for users to connect two Internet lines for bandwidth expansion. + Supporting multiple Load Balance modes, including Bandwidth Based Balance Routing, Application Optimized Routing, and Policy Routing to optimize bandwidth usage. + Featured Link Backup to switch all the new sessions from dropped line automatically to another for keeping an always on-line network.
Page 11: Appearance
 Supports Access Control Supports Attack Defense   Supports IP-MAC Binding  Supports GARP (Gratuitous ARP)  Deploys One-Click restricting of IM/P2P applications 2.3 Appearance 2.3.1 Front Panel The front panel of TL-ER6020 is shown as the following figure.
Page 12: Led Status Indication
LEDs  Status Indication The Router is powered on The Router is powered off or power supply is abnormal Flashing The Router works properly On/Off The Router works improperly There is a device linked to the corresponding port Link/Act There is no device linked to the corresponding port Flashing The corresponding port is transmitting or receiving data On (Green) The linked device is running at 1000Mbps...
Page 13: Rear Panel
2.3.2 Rear Panel The rear panel of TL-ER6020 is shown as the following figure. Power Socket  Connect the female connector of the power cord to this power socket, and the male connector to the AC power outlet. Please make sure the voltage of the power supply meets the requirement of the input voltage (100-240V~ 50/60Hz).
Page 14: Chapter 3 Configuration
Figure 3-1 Status 3.1.2 System Mode The TL-ER6020 Router can work in three modes: NAT, Non-NAT and Classic. If your Router is hosting your local network’s connection to the Internet with a network topology as the Figure 3-2 shown, you can set it to NAT mode.
Page 15 Figure 3-2 Network Topology - NAT Mode If your Router is connecting the two networks of different areas in a large network environment with a network topology as the Figure 3-3 shown, and forwards the packets between these two networks by the Routing rules, you can set it to Non-NAT mode.
Page 16 Figure 3-4 Network Topology – Classic Mode Choose the menu Network→System Mode to load the following page. Figure 3-5 System Mode You can select a System Mode for your Router according to your network need. NAT Mode  NAT (Network Address Translation) mode allows the Router to translate private IP addresses within internal networks to public IP addresses for traffic transport over external networks, such as the Internet.
Page 17: Wan
3.1.3 WAN TL-ER6020 provides the following six Internet connection types: Static IP, Dynamic IP, PPPoE/Russian PPPoE, L2TP/Russian L2TP, PPTP/Russian PPTP and BigPond. To configure the WAN, please first select the type of Internet connection provided by your ISP (Internet Service Provider).
Page 18 Figure 3-6 WAN – Static IP The following items are displayed on this screen:  Static IP Select Static IP if your ISP has assigned a static IP address for your Connection Type: computer. Enter the IP address assigned by your ISP. If you are not clear, IP Address: please consult your ISP.
Page 19 Upstream Bandwidth: Specify the bandwidth for transmitting packets on the port. Downstream Specify the bandwidth for receiving packets on the port. Bandwidth: Dynamic IP If your ISP (Internet Service Provider) assigns the IP address automatically, please choose the Dynamic IP connection type to obtain the parameters for WAN port automatically. Figure 3-7 WAN –...
Page 20  Dynamic IP Select Dynamic IP if your ISP assigns the IP address Connection Type: automatically. Click <Obtain> to get the IP address from your ISP’s server. Click <Release> to release the current IP address of WAN port. Host Name: Optional.
Page 21  Dynamic IP Status Status: Displays the status of obtaining an IP address from your ISP. “Disabled” indicates that the Dynamic IP connection type is not  applied. “Connecting” indicates that the Router is obtaining the IP  parameters from your ISP. “Connected”...
Page 22 Figure 3-8 WAN - PPPoE -17-...
Page 23 The following items are displayed on this screen:  PPPoE Settings Connection Type: Select PPPoE if your ISP provides xDSL Virtual Dial-up connection. Click <Connect> to dial-up to the Internet and obtain the IP address. Click <Disconnect> to disconnect the Internet connection and release the current IP address.
Page 24 ISP Address: Optional. Enter the ISP address provided by your ISP. It's null by default. Optional. Enter the Service Name provided by your ISP. It's null by Service Name: default. Primary DNS: Enter the IP address of your ISP’s Primary DNS. Optional.
Page 25  PPPoE Status Status: Displays the status of PPPoE connection. “Disabled” indicates that the PPPoE connection type is not  applied. “Connecting” indicates that the Router is obtaining the IP  parameters from your ISP. “Connected” indicates that the Router has successfully ...
Page 26 Figure 3-9 WAN - L2TP The following items are displayed on this screen:  L2TP Settings Connection Type: Select L2TP if your ISP provides a L2TP connection. Click <Connect> to dial-up to the Internet and obtain the IP address. Click <Disconnect>...
Page 27 Account Name: Enter the Account Name provided by your ISP. If you are not clear, please consult your ISP. Enter the Password provided by your ISP. Password: Server IP: Enter the Server IP provided by your ISP. MTU: MTU (Maximum Transmission Unit) is the maximum data unit transmitted by the physical network.
Page 28 Primary DNS/ If Static IP is selected, configure the DNS. If Dynamic IP is selected, Secondary DNS: the obtained DNS is displayed. Specify the bandwidth for transmitting packets on the port. Upstream Bandwidth: Downstream Specify the bandwidth for receiving packets on the port. Bandwidth: ...
Page 29 PPTP If your ISP (Internet Service Provider) has provided the account information for the PPTP connection, please choose the PPTP connection type. Figure 3-10 WAN - PPTP The following items are displayed on this screen:  PPTP Settings Connection Type: Select PPTP if your ISP provides a PPTP connection.
Page 30 <Disconnect> to disconnect the Internet connection and release the current IP address. Account Name: Enter the Account Name provided by your ISP. If you are not clear, please consult your ISP. Enter the Password provided by your ISP. Password: Server IP: Enter the Server IP provided by your ISP.
Page 31 If Static IP is selected, configure the DNS. If Dynamic IP is selected, Primary DNS/ the obtained DNS is displayed. Secondary DNS: Upstream Bandwidth: Specify the bandwidth for transmitting packets on the port. Downstream Specify the bandwidth for receiving packets on the port. Bandwidth: ...
Page 32 Figure 3-11 WAN – Bigpond The following items are displayed on this screen:  BigPond Settings Connection Type: Select BigPond if your ISP provides a BigPond connection. Click <Connect> to dial-up to the Internet and obtain the IP address. Click <Disconnect>...
Page 33 Auth Domain: Enter the domain name of authentication server. It's only required when the address of Auth Server is a server name. You can select the proper Active mode according to your need. Auth Mode: Manual: Select this option to manually activate or terminate the ...
Page 34: Lan
Default Gateway: Displays the IP address of the default gateway assigned by your ISP. Note: To ensure the BigPond connection re-established normally, please restart the connection at least 5 seconds after the connection is off. 3.1.4 LAN 3.1.4.1 On this page, you can configure the parameters for LAN port of this router. Choose the menu Network→LAN→LAN to load the following page.
Page 35 Choose the menu Network→LAN→DHCP to load the following page. Figure 3-13 DHCP Settings The following items are displayed on this screen:  DHCP Settings Enable or disable the DHCP server on your Router. To enable the DHCP Server: Router to assign the TCP/IP parameters to the computers in the LAN automatically, please select Enable.
Page 36: Dhcp Reservation
Primary DNS: Optional. Enter the Primary DNS server address provided by your ISP. It is recommended to enter the IP address of the LAN port of the Router. Secondary DNS: Optional. If a Secondary DNS Server address is available, enter it. 3.1.4.3 DHCP Client On this page, you can view the information about all the DHCP clients connected to the Router.
Page 37: Dmz
DMZ (Demilitarized Zone) is a network which has fewer default firewall restrictions than the LAN does. TL-ER6020 provides a DMZ port to allow all the local hosts connected to this port to be exposed to the Internet for some special-purpose services, such as such as Internet gaming and video-conferencing.
Page 38 Hosts in DMZ can directly communicate with LAN using the private IP addresses within the different subnet of LAN. Figure 3-17 DMZ – Private Mode 3.1.5.1 This page allows you to configure the DMZ port of TL-ER6020. Choose the menu Network→DMZ→DMZ to load the following page. -33-...
Page 39: Mac Address
Figure 3-18 DMZ The following items are displayed on this screen:  Status: Activate or inactivate this entry. The DMZ port functions as a normal LAN port when it’s disabled. Mode: Select the mode for DMZ port to control the connection way among DMZ, LAN and Internet.
Page 40 In a complex network topology with all the ARP bound devices, if you want to use TL-ER6020 instead of the current router in a network node, you can just set the MAC address of TL-ER6020‘s LAN port the same to the MAC address of the previous router, which can avoid all the devices under this network node to update their ARP binding tables.
Page 41: Switch
To avoid a conflict of MAC address on the local area network, it’s not allowed to set the MAC address of the Router’s LAN port to the MAC address of the current management PC. 3.1.7 Switch Some basic switch port management functions are provided by TL-ER6020, which facilitates you to monitor the traffic and manage the network effectively. 3.1.7.1...
Page 42: Port Mirror
The following items are displayed on this screen:  Statistics Displays the number of normal unicast packets received or transmitted Unicast: on the port. Broadcast: Displays the number of normal broadcast packets received or transmitted on the port. Displays the number of flow control frames received or transmitted on Pause: the port.
Page 43 Choose the menu Network→Switch→Port Mirror to load the following page. Figure 3-21 Port Mirror The following items are displayed on this screen:  General Enable Port Mirror: Check the box to enable the Port Mirror function. If unchecked, it will be disabled.
Page 44: Rate Control
The entry in Figure 3-21 indicates: The outgoing packets sent by port 1, port 2, port 3 and port 5 (mirrored ports) will be copied to port 4 (mirroring port). Application Example: To monitor all the traffic and analyze the network abnormity for an enterprise’s network, please set the Port Mirror function as below: Check the box before Enable Port Mirror to enable the Port Mirror function and select the Ingress &...
Page 45: Port Config
Figure 3-22 Rate Control The following items are displayed on this screen:  Rate Control Port: Displays the port number. Specify whether to enable the Ingress Limit feature. Ingress Limit: Specify the limit rate for the ingress packets. Ingress Rate: Egress Limit: Specify whether to enable Egress Limit feature.
Page 46: Port Status
Figure 3-23 Port Config The following items are displayed on this screen:  Port Config Status: Specify whether to enable the port. The packets can be transported via this port after being enabled. Flow Control: Allows you to enable/disable the Flow Control function. Select the Negotiation Mode for the port.
Page 47: User Group
LAN. However, hosts in different VLANs cannot communicate with one another directly. Therefore, broadcast packets are limited in a VLAN. TL-ER6020 provides the Port VLAN function, which allows you to create multiple logical VLANs for the LAN ports based on their port numbers.
Page 48: Group
3.2.1 Group On this page you can define the group for management. Choose the menu User Group→Group to load the following page. Figure 3-26 Group Configuration The following items are displayed on this screen: Group Config  Group Name: Specify a unique name for the group. Description: Give a description for the group.
Page 49: View
User Config  Specify a unique name for the user. User Name: IP Address: Enter the IP Address of the user. It cannot be the network address or broadcast address of the port. Description: Give a description to the user for identification. It's optional. List of User ...
Page 50: Advanced
User Name: Select the name of the desired User. Available Group: Displays the Groups that the User can join. Displays the Groups to which this User belongs. Selected Group: Group Name: Select the name of the desired Group. Click this button to view the tree structure of this group. All the members of Group Structure: this group will be displayed, including Users and sub-Groups.
Page 51 The following items are displayed on this screen: One-to-One NAT  Enter the Original IP Address in the first checkbox and Translated Mapping IP Address: IP Address in the second checkbox. TL-ER6020 allows mapping from LAN port to WAN port and DMZ in LAN Mode. -46-...
Page 52 Interface: Select an interface for forwarding data packets. DMZ Forwarding: Enable or disable DMZ Forwarding. The packets transmitted to the Translated IP Address will be forwarded to the host of Original IP if DMZ Forwarding is enabled. Description: Give a description for the entry. Activate or inactivate the entry.
Page 53 Application Example: Network Requirements The LAN subnet of TL-ER6020 is 192.168.0.0 /24, the subnet of VLAN2 under a three layer switch is 192.168.2.0 /24, while the subnet of VLAN3 is 192.168.3.0 /24. The IP of VLAN for cascading the switch to the Router is 192.168.0.2. Now the hosts within VLAN2 and VLAN3 desire to access the Internet.
Page 54 Configuration procedure Establish the Multi-Nets NAT entries with Subnet/Mask of VLAN2 and VLAN3. The configured entries are as follows: Then set the corresponding Static Route entry, enter the IP address of the interface connecting the Router and the three layer switch into the Next Hop field. -49-...
Page 55: Virtual Server
Choose the menu Advanced→Routing→Static Route to load the following page. The Static Route entry is as follows: 3.3.1.4 Virtual Server Virtual server sets up public services in your private network, such as DNS, Email and FTP, and defines a service port. All the service requests to this port will be transmitted to the LAN server appointed by the Router via IP address.
Page 56 Figure 3-32 Virtual Server The fo llowing items are disp layed on this screen:  Virtual Server Enter a name for Virtual Server entries. Up to 28 characters can be Name: entered. Select an interface for forwarding data packets. Interface: External Port: Enter the service port or port range the Router provided for accessing external network.
Page 57: Port Triggering
Note: ● The External port and Internal Port should be set in the range of 1-65535. ● The external ports of different entries should be different, whereas the internal ports can be the same. List of Rules  In this table, you can view the information of the entries and edit them by the Action buttons. The first entry in Figure 3-32 indicates: This is a Virtual Server entry named host, all the TCP data packets from WAN1 to port 65534-65535 of the Router will be redirected to the port 65534-65535 of the LAN host with IP address of 192.168.0.103, and this entry is activated.
Page 58 Name: Enter a name for Port Triggering entries. U p to 28 characters can be entered. Select an interface for forwarding data packets. Interface: Trigger Port: Enter the trigger port number or the range of port. Only when the trigger port initiates connection will all the corresponding incoming ports open and provide service for the applications, otherwise the incoming ports will not open.
Page 59: Traffic Control
3.3.1.6 Some special protocols such as FTP, H.323, SIP, IPsec and PPTP will work properly only when ALG (Application Layer Gateway) service is enabled. Choose the menu Advanced→NAT→ALG to load the following page. Figure 3-34 ALG The following items are displayed on this screen: ...
Page 60 3.3.2.1 Setup Choose the menu Advanced→Traffic Control→Setup to load the following page. Figure 3-35 Configuration The following items are displayed on this screen:  eneral Select this option to disable Bandwidth Control. Disable Bandwidth Control: Enable Bandwidth Select this option to enable Bandwidth Control all the time. Control all the t ime: With this option selected, the Bandwidth Control will take effect when the...
Page 61: Bandwidth Control
 Interface B ndwidth Interface: Displays the current enabled WAN port(s). The To tal bandwidth is equal to the sum of bandwidth of the enabled WAN ports. Displays the bandwidth of each WAN port for transmitting data. The Upstream Bandwidth: Upstream Bandwidth of WAN port can be configured on WAN page.
Page 62  Band width Control Rule Direction: Select the data stream direction for the entry. The direction of arrowhead indicates the data stream direction The DMZ port displays in the drop-down list only when the DMZ port is enabled. WAN-ALL means all WAN ports through which the data flow might pass.
Page 63: Session Limit
Note: ● The premise for single rule taking effect is that the bandwidth of the interface for this rule is sufficient and not used up. ● It is impossible to satisfy all the guaranteed bandwidth if the total guaranteed bandwidth specified by all Bandwidth Control rules for certain interface exceeds the physical bandwidth of this interface.
Page 64: Load Balance
 Session Limit Group: Select a group to define the controlled users. Max. Sessions: Enter the max. Sessions for the users. Give a description for the entry. Descript ion: Activate or inactivate the entry. Status:  List of Session Limit You can view the information of the entries and edit them by the Action buttons.
Page 65: Policy Routing
Figure 3-39 Configuration With the box before Enable Application Optimized Routing checked, the Router will consider the source IP address and destination IP address of the packets as a whole and record the WAN port they pass t hrough. And then the packets with the same source IP address and destination IP address or destination port will be forwarded to the recorded WAN port.
Page 66: Link Backup
The following items are displa yed on th is screen: General  Protocol: Select the protocol for the entry in the drop-down list. If the protocol you want to set is not in the list, you can add it to the list on 3.3.4.4 Protocol page.
Page 67 On this page, you can configure the Link Backup function based on actual need to reduce the traffic burden of WAN port and improve the network efficiency. Choose the menu Advanced→Load Balance→Link Backup to load the following page. Figure 3-41 Link Backup The fo llowing items are displaye...
Page 68 Timing: Link Backup will be enabled if the specified effective time is reached. All the traffic on the primary WAN will switch to the backup WAN at the beginning of the effective time; the traffic on the backup WAN will switch to the primary WAN at the ending of the effective time.
Page 69: Routing
Figure 3-42 Protocol The following items are displayed on this screen:  Protocol Name: Enter a name to indicate a protocol. The name will display in the drop-down list of Protocol on Access Rule page. Enter the Number of the protocol in the range of 0-255. Number: ...
Page 70 Choose the menu Advanced→Routing→Static Route to load the following page. Figure 3-43 Static Route The following items are displayed on this screen:  Static Route Destination: Enter the destination host the route leads to. Enter the Subnet Mask of the destination network. Subnet Mask: Next Hop: Enter the gateway IP address to which the packet should be sent next.
Page 71 You can set a Static Route entry: Enter the WAN IP address of R1 (116.31.88.16) in the Next Hop field on the Static Route page of TL-ER6020 as the following figure shown, then click the <Add> button to save the entry.
Page 72 (Variable Length Subnet Mask), simple plain text authentication, MD5 cryptograph authentication, CIDR (Classless Inter-Domain Routing) and multicast. TL-ER6020 supports both RIPv1 version and RIPv2 version, thus you can configure the RIP version based on the actual need to improve the network performance.
Page 73: Route Table
Authentication: network situation, and the password should not be more than 15 characters. All Interfaces: Here you can operate all the interfaces in bulk. All the interfaces will not apply RIP if “Enable” option for All Interfaces is selected. List of RIP ...
Page 74: Firewall
Flags: The Flags of route entry. The Flags describe certain characteristics of the route. The logical interface of route entry. Logical Interface: Physical The physical interface of route entry. Interface: The Metric of route entry. Metric 3.4 Firewall 3.4.1 Anti ARP Spoofing ARP (Address Resolution Protocol) is used for analyzing and mapping IP addresses to the corresponding MAC addresses so that packets can be delivered to their destinations correctly.
Page 75 Figure 3-46 IP-MAC Binding The following items are displayed on this screen: General  It is recommended to check all the options. You should import the IP and MAC address of the host to IP-MAC Binding List and enable the corresponding entry before enabling “Permit the packets matching the IP-MAC Binding entries only”.
Page 76: Arp Scanning
You can view the information of the entries and edit them by the Action buttons. The first entry in Figure 3-46 indicates: The IP address of 192.168.1.101 and MAC address of 00-19-66-83-53-CF have been bound and this entry is activated. Note: If all the entries in the binding list are disabled and “Permit the packets of IP-MAC Binding entries only”...
Page 77: Attack Defense
Indicates that the IP and MAC address of this entry are already bound. To bind the entries in the list, check these entries and click the <Import> button, then the settings will take effect if the entries do not conflict with the existed entries. Note: If the local hosts suffered from ARP attack, you cannot add IP-MAC Binding entries on this page.
Page 78 Figure 3-49 Attack Defense The following items are displayed on this screen:  General Flood attack is a commonly used DoS (Denial of Service) attack, Flood Defense: including TCP SYN, UDP, ICMP and so on. It is recommended to select all the Flood Defense...
Page 79: Mac Filtering
Packet Anomaly Packet Anomaly refers to the abnormal packets. It is Defense: recommended to select all the Packet Anomaly Defense options. With this box checked, the Router will record the defense logs. Enable Attack Defense Logs: MAC Filtering 3.4.3 On this page, you can control the Internet access of local hosts by specifying their MAC addresses. Choose the menu Firewall→MAC Filtering→MAC Filtering to load the following page.
Page 80: Access Control
 List of Rules You can view the information of the entries and edit them by the Action buttons. 3.4.4 Access Control 3.4.4.1 URL Filtering URL (Uniform Resource Locator) specifies where an identified resource is available and the mechanism for retrieving it. URL Filter functions to filter the Internet URL address, so as to provide a convenient way for controlling the access to Internet from LAN hosts.
Page 81 Group: URL Filtering will take effect to all the users in group.  Mode: Select the mode for URL Filtering. “Keyword’’ indicates that all the URL addresses including the specified keywords will be filtered. “URL Path” indicates that the URL address will be filtered only when it exactly matches the specified URL.
Page 82: Web Filtering
3.4.4.2 Web Filtering On this page, you can filter the desired web components. Choose the menu Firewall→Access Control→Web Filtering to load the following page. Figure 3-52 Web Filtering Check the box before Enable Web Filtering and select the web components to be filtered. 3.4.4.3 Access Rules Choose the menu Firewall→Access Control→Access Rules to load the following page.
Page 83 Policy: Select a policy for the entry:  Block: When this option is selected, the packets obeyed the rule will not be permitted to pass through the Router.  Allow: When this option is selected, the packets obeyed the rule will be allowed to pass through the Router. Service: Select the service for the entry.
Page 84 Priority: Select this option to specify the priority for the added entries. The latest enabled entry will be displayed at the end of the list by default.  List of Rules You can view the information of the entries and edit them by the Action buttons. The smaller the value is, the higher the priority is.
Page 85 Figure 3-54 Service The following items are displayed on this screen:  Service Name: Enter a name for the service. The name should not be more than 28 characters. The name will display in the drop-down list of Protocol on Access Rule page.
Page 86: App Control
App Control 3.4.5 3.4.5.1 Control Rules On this page, you can enable the Application Rules function. Choose the menu Firewall→App Control→Control Rules to load the following page. Figure 3-55 Application Rules The following items are displayed on this screen:  General Check the box before Enable Application Control to make the Application Control function take effect.
Page 87 The database refers to all the applications in the application list on the Application Rules page, you can download the latest database from http://www.tp-link.com, Click the <Browse> button and select the file, and then click the <Upgrade> button to upgrade the database.
Page 88: Vpn
As the packets are encapsulated and de-encapsulated in the Router, the tunneling topology implemented by encapsulating packets is transparent to users. The tunneling protocols supported by TL-ER6020 contain Layer 3 IPsec and Layer 2 L2TP/PPTP. 3.5.1 IKE In the IPsec VPN, to ensure a secure communication, the two peers should encapsulate and de-encapsulate the packets using the information both known.
Page 89: Ike Policy
3.5.1.1 IKE Policy On this page you can configure the related parameters for IKE negotiation. Choose the menu VPN→IKE→IKE Policy to load the following page. Figure 3-58 IKE Policy The following items are displayed on this screen:  IKE Policy Specify a unique name to the IKE policy for identification and Policy Name: management purposes.
Page 90 Exchange Mode: Select the IKE Exchange Mode in phase 1, and ensure the remote VPN peer uses the same mode. Main: Main mode provides identity protection and exchanges  more information, which applies to the scenarios with higher requirement for identity protection. Aggressive: Aggressive Mode...
Page 91: Ike Proposal
DPD Interval: Enter the interval after which the DPD is triggered.  List of IKE Policy In this table, you can view the information of IKE Policies and edit them by the action buttons. 3.5.1.2 IKE Proposal On this page, you can define and edit the IKE Proposal. Choose the menu VPN→IKE→IKE Proposal to load the following page.
Page 92: Ipsec
Encryption: Specify the encryption algorithm for IKE negotiation. Options include: DES: DES (Data Encryption Standard) encrypts a 64-bit  block of plain text with a 56-bit key. 3DES: Triple DES, encrypts a plain text with 168-bit key.  AES128: Uses the AES algorithm and 128-bit key for ...
Page 93: Ipsec Policy
3.5.2.1 IPsec Policy On this page, you can define and edit the IPsec policy. Choose the menu VPN→IPsec→IPsec Policy to load the following page. Figure 3-60 IPsec Policy The following items are displayed on this screen:  General You can enable/disable IPsec function for the Router here. ...
Page 94 Mode: Select the network mode for IPsec policy. Options include: LAN-to-LAN: Select this option when the client is a  network. Client-to-LAN: Select this option when the client is a host.  Local Subnet: Specify IP address range on your local LAN to identify which PCs on your LAN are covered by this policy.
Page 95 Phase2. As it is independent of the key created in Phase1, this key can be secure even when the key in Phase1 is de-encrypted. Without PFS, the key in Phase2 is created based on the key in Phase1 and thus once the key in Phase1 is de-encrypted, the key in Phase2 is easy to be de-encrypted, in this case, the communication secrecy is threatened.
Page 96: Ipsec Proposal
AH Authentication Key-Out: Specify the outbound AH Authentication Key manually if AH protocol is used in the corresponding IPsec Proposal. The outbound key here must match the inbound AH authentication key at the other end of the tunnel, and vice versa. ESP Authentication Key-Out: Specify the outbound ESP Authentication Key manually if ESP protocol is used in the corresponding IPsec Proposal.
Page 97 Figure 3-61 IPsec Proposal The following items are displayed on this screen:  IPsec Proposal Proposal Name: Specify a unique name to the IPsec Proposal for identification and management purposes. The IPsec proposal can be applied to IPsec policy. Select the security protocol to be used. Options include: Security Protocol: (Authentication Header)
Page 98 ESP Authentication: Select the algorithm used to verify the integrity of the data for ESP authentication. Options include: MD5: MD5 (Message Digest Algorithm) takes a message of  arbitrary length and generates a 128-bit message digest. SHA: SHA (Secure Hash Algorithm) takes a message less than the ...
Page 99: L2Tp/Pptp
outgoing SPI value are different. However, the Incoming SPI value must match the Outgoing SPI value at the other end of the tunnel, and vice versa. The connection status on the remote endpoint of this tunnel is as the following figure shows. The SPI value is obtained via auto-negotiation. 3.5.3 L2TP/PPTP Layer 2 VPN tunneling protocol consists of L2TP (Layer 2 Tunneling Protocol) and PPTP (Point to Point Tunneling Protocol).
Page 100 Figure 3-63 L2TP/PPTP Tunnel The following items are displayed on this screen:  General Enable VPN-to-Internet: Specify whether to enable VPN-to-Internet function. If enabled, the VPN client is permitted to access the LAN of the server and Internet. Specify the interval to send hello packets. Hello Interval: ...
Page 101 Account Name: Enter the account name of L2TP/PPTP tunnel. It should be configured identically on server and client. Enter the password of L2TP/PPTP tunnel. It should be configured Password: identically on server and client. Tunnel: Select the network mode for the tunnel. Options include: LAN-to-LAN: Select this option when the L2TP/PPTP client is a ...
Page 102 Remote Subnet: Enter the IP address range of your remote network. (It's always the IP address range of LAN on the remote peer of VPN tunnel.) It’s the combination of IP address and subnet mask. Status Activate or inactivate the entry. ...
Page 103: Services
In this table, you can view the information of IP Pools and edit them by the action buttons. 3.5.3.3 List of L2TP/PPTP Tunnel This page displays the information and status of the tunnels. Choose the menu VPN→L2TP/PPTP→List of L2TP/PPTP Tunnel to load the following page. Figure 3-65 List of L2TP/PPTP Tunnel Figure 3-65 displays the connection status of the NO.1 entry in the list of tunnel in Figure 3-64.
Page 104 Figure 3-66 General The following items are displayed on this screen: General  PPPoE Server: Specify whether to enable the PPPoE Server function. Dial-up Access Only: Specify whether to enable the Dial-up Access Only function. If enabled, only the Dial-in Users and the user with Exceptional IP can access the Internet.
Page 105 Idle Timeout: Enter the maximum idle time. The session will be terminated after it has been inactive for this specified period. It can be 0-10080 minutes. If you want your Internet connection to remain on at all times, enter 0 in the Idle Timeout field.
Page 106 Figure 3-67 IP Address Pool The following items are displayed on this screen: IP Address Pool  Pool Name: Specify a unique name to the IP Address Pool for identification and management purposes. Specify the start and the end IP address for IP Pool. The start IP address IP Address Range: should not exceed the end address and the IP address ranges must not overlap.
Page 107 Figure 3-68 Account The following items are displayed on this screen: Account  Enter the account name. This name should not be the same with the Account Name: one in L2TP/PPTP connection settings. Password: Enter the password. IP Address Assigned Select the IP Address Assigned Mode for IP assignment.
Page 108 Description: Enter the description for management and search purposes. Up to 28 characters can be entered. Activate or inactivate the entry. Status: MAC Binding: Select a MAC Binding type from the pull-down list. Options include: Disable: Select this option to disable the MAC Binding function. ...
Page 109: E-Bulletin
The following items are displayed on this screen: Exceptional IP  IP Address Range: Specify the start and the end IP address to make an exceptional IP address range. This range should be in the same IP range with LAN port or DMZ port of the Router.
Page 110 Figure 3-71 E-Bulletin The following items are displayed on this screen: General  Enable E-Bulletin: Specify whether to enable electronic bulletin function. Interval: Specify the interval to release the bulletin. Specify whether to log the E-Bulletin. Enable Logs: E-Bulletin  Title: Enter a title for the bulletin.
Page 111: Dynamic Dns
Content: Enter the content of the bulletin. Object: Select the object of this bulletin. Options include: ANY: The bulletin will be released to all the users and the PCs on the  LAN. Group: The bulletin will be released to the users in the selected group. ...
Page 112 The Router, as a DDNS client, cannot provide DDNS service. Prior to using this function, be sure you have registered on the official websites of DDNS service providers for username, password and domain name. TL-ER6020 Router offers PeanutHull DDNS client, Dyndns DDNS client, NO-IP DDNS client and Comexe DDNS client.
Page 113 Domain Name: Enter the Domain Name that you registered with your DDNS service provider. Activate or inactivate DDNS service here. DDNS Service: WAN Port: Displays the WAN port for which Dyndns DDNS is selected. Displays the current status of DDNS service DDNS Status: Offline: DDNS service is disabled.
Page 114 Account Name: Enter the Account Name of your DDNS account. If you have not registered, click <Go to register> to go to the website of No-IP for register. Enter the password of your DDNS account. Password: Domain Name: Enter the Domain Name that you registered with your DDNS service provider.
Page 115 Figure 3-74 PeanutHull DDNS The following items are displayed on this screen: PeanutHull DDNS  Account Name: Enter the Account Name of your DDNS account. If you have not registered, click <Go to register> to go to the website of PeanutHull for register.
Page 116 Domain Name: Displays the domain names obtained from the DDNS server. Up to 16 domain names can be displayed here.  List of PeanutHull Account In this table, you can view the existing DDNS entries or edit them by the Action button. 3.6.3.4 Comexe On this page you can configure Comexe DDNS client.
Page 117: Upnp
DDNS Status: Displays the current status of DDNS service Offline: DDNS service is disabled.  Connecting: client is connecting to the server.  Online: DDNS works normally.  Authorization fails: The Account Name or Password is incorrect.  Please check and enter it again. Domain Name: Displays the domain names obtained from the DDNS server.
Page 118: Maintenance
After UPnP is enabled, all UPnP connection rules will be displayed in the list of UPnP Mapping. Up to 64 UPnP service connections are supported in TL-ER6020. The NO.1 entry in Figure 3-76 indicates: TCP data received on port 12856 of the WAN port in the Router will be forwarded to port 12856 in 192.168.0.101 server in LAN.
Page 119 New User Name: Enter a new user name for the Router. New Password: Enter a new password for the Router. Re-enter the new password for confirmation. Confirm New Password: Note: ● The factory default password and user name are both admin. ●...
Page 120: Remote Management
Telnet Idle Timeout: Enter a timeout period that the Router will log the remote PCs out of the Web-based Utility after a specified period (Telnet Idle Timeout) of inactivity. Note: ● The default Web Management Port is 80. If the port is changed, you should type in the new address, such as http://192.168.0.1:XX (“XX”...
Page 121: Management
Application Example Network Requirements Allow the IP address within 210.10.10.0/24 segment to manage the Router with IP address of 210.10.10.50 remotely. Configuration Procedure Type 210.10.10.0/24 in the Subnet/Mask field on Remote Management page and enable the entry as the following figure shows. Then type the corresponding port number in Web Management Port and Telnet Management Port fields as the following figure shows.
Page 122 Figure 3-81 Export and Import The following items are displayed on this screen:  Configuration Version Displays the current Configuration version of the Router.  Export Click the <Export> button to save the current configuration as a file to your computer. You are suggested to take this measure before upgrading or modifying the configuration.
Page 123: License
Figure 3-83 Firmware Upgrade To upgrade the Router is to get more functions and better performance. Go to http://www.tp-link.com download the updated firmware. Type the path and file name of the update file into the “File” field. Or click the <Browse> button to locate the update file.
Page 124: Statistics
Figure 3-84 License 3.7.4 Statistics 3.7.4.1 Interface Traffic Statistics Interface Traffic Statistics screen displays the detailed traffic information of each port and extra information of WAN ports. Choose the menu Maintenance→Statistics→Interface Traffic Statistics to load the following page. Figure 3-85 Interface Traffic Statistics The following items are displayed on this screen: Interface Traffic Statistics ...
Page 125 Interface: Displays the interface. Rate Rx： Displays the rate for receiving data frames. Displays the rate for transmitting data frames. Rate Tx: Packets Rx: Displays the number of packets received on the interface. Displays the number of packets transmitted on the interface. Packets Tx: Bytes Rx: Displays the bytes of packets received on the interface.
Page 126: Diagnostics
Figure 3-86 IP Traffic Statistics The following items are displayed on this screen:  General Allows you to enable or disable IP Traffic Statistics. Enable IP Traffic Statistics: Enable Auto-refresh: Allows you to enable/disable refreshing the IP Traffic Statistics automatically. The default refresh interval is 10 seconds. ...
Page 127 Figure 3-87 Diagnostics The following items are displayed on this screen:  Ping Destination IP/Domain: Enter destination IP address or Domain name here. Then select a port for testing, if you select “Auto”, the Router will select the interface of destination automatically. After clicking <Start> button, the Router will send Ping packets to test the network connectivity and reachability of the host and the results will be displayed in the box below.
Page 128 of destination automatically. After clicking the <Start> button, the Router will send Tracert packets to test the connectivity of the gateways during the journey from the source to destination of the test data and the results will be displayed in the box below. 3.7.5.2 Online Detection On this page, you can detect the WAN port is online or not.
Page 129: Time
WAN Status: Display the detecting results. Time 3.7.6 System Time is the time displayed while the Router is running. On this page you can configure the system time and the settings here will be used for other time-based functions like Access Rule, PPPoE and Logs.
Page 130: Logs
Note: ● If Get GMT function cannot be used properly, please add an entry with UDP port of 123 to the firewall software of the PC. ● The time will be lost when the Router is restarted. The Router will obtain GMT time automatically from Internet.
Page 131 The Logs of switch are classified into the following eight levels. Level Description Severity The system is unusable. Emergency Action must be taken immediately. Alert Critical conditions Critical Error conditions Error Warnings conditions Warning Normal but significant conditions Notice Informational messages Informational Debug-level messages Debug...
Page 132: Chapter 4 Application
Chapter 4 Application 4.1 Network Requirements The company has established the server farms in the headquarters to provide the Web, Mail and FTP services for all the staff in the headquarters and the branch offices, and to transmit the commercial confidential data to its partners.
Page 133: Network Topology
4.2 Network Topology 4.3 Configurations You can configure the Router via the PC connected to the LAN port of this Router. To log in to the Router, the IP address of your PC should be in the same subnet of the LAN port of this Router. (The default subnet of LAN port is 192.168.0.0/24.).
Page 134: Internet Connection
4.3.1.1 System Mode Set the system mode of the Router to the NAT mode. Choose the menu Network→System Mode to load the following page. Select the NAT mode and the <Save> button to apply. Figure 4-1 System Mode 4.3.1.2 Internet Connection Configure the Static IP connection type for the WAN1 and WAN2 ports of the Router.
Page 135: Vpn Setting
To enable the hosts in the remote branch office (WAN: 116.31.85.133, LAN: 172.31.10.1) to access the servers in the headquarters, you can create the VPN tunnel via the TP-LINK VPN routers between the headquarters and the remote branch office to guarantee a secured communication. The following takes IPsec settings of the Router in the headquarters for example.
Page 136 Authentication: Encryption: 3DES DH Group: Click the <Add> button to apply. Figure 4-4 IKE Proposal IKE Policy  Choose the menu VPN→IKE→IKE Policy to load the configuration page. Settings: Policy Name: IKE_1 Exchange Mode: Main IKE Proposal: proposal_IKE_1 (you just created) Pre-shared Key: aabbccddee SA Lifetime:...
Page 137 Figure 4-5 IKE Policy Tips: For the VPN Router in the remote branch office, the IKE settings should be the same as the Router in the headquarters. IPsec Setting To configure the IPsec function, you should create an IPsec Proposal firstly. IPsec Proposal ...
Page 138 ESP Encryption: 3DES Click the <Save> button to apply. Figure 4-6 IPsec Proposal IPsec Policy  Choose the menu VPN→IPsec→IPsec Policy to load the configuration page. Settings: IPsec: Enable Policy Name: IPsec_1 Status: Activate Mode LAN-to-LAN Local Subnet: 192.168.0.0/24 Remote Subnet: 172.31.10.0/24 WAN: WAN1...
Page 139 Figure 4-7 IPsec Policy Tips: For the VPN Router in the remote branch office, the IPsec settings should be consistent with the Router in the headquarters. The Remote Gateway of the remote Router should be set to the IP address of the Router in the headquarters. After the IPsec VPN tunnel of the two peers is established successfully, you can view the connection information on the VPN→IPsec→IPsec SA page.
Page 140 L2TP/PPTP Tunnel  Choose the menu VPN→L2TP/PPTP→L2TP/PPTP Tunnel to load the following page. Check the box of Enable VPN-to-Internet to allow the PPTP clients to access the local enterprise network and the Internet. Then continue with the following settings for the PPTP Tunnel. Settings: L2TP/PPTP: Enable...
Page 141: Network Management
4.3.3 Network Management To manage the enterprise network effectively and forbid the Hosts within the IP range of 192.168.0.30-192.168.0.50 to use IM/P2P application, you can set up a User Group and specify the network bandwidth limit and session limit for this group. The detailed configurations are as follows. 4.3.3.1 User Group Create a User Group with all the Hosts in the IP range of 192.168.0.30-192.168.0.50 as its group...
Page 142 Choose the menu User Group→User to load the configuration page. Click the <Batch> button to enter the batch processing screen. Then continue with the following settings: Settings: Action: Start IP Address: 192.168.0.30 End IP Address: 192.168.0.50 Prefix Username: User Start No.: Step: Click the OK button to add the Users in bulk.
Page 143 Application: Click the <Application List> button and select the applications desired to be blocked on the popup window. Status: Activate Figure 4-11 App Rules 4.3.3.3 Bandwidth Control To enable Bandwidth Control, you should configure the total bandwidth of interfaces and the detailed bandwidth control rule first.
Page 144 Figure 4-12 Bandwidth Setup Interface Bandwidth Choose the menu Network→WAN→WAN1 to load the configuration page. Configure the Upstream Bandwidth and Downstream Bandwidth of the interface as Figure 4-13 shows. The entered bandwidth value should be consistent with the actual bandwidth value. Bandwidth Control Rule Choose the menu Advanced→Traffic Control→Bandwidth Control to load the configuration page.
Page 145: Network Security
Figure 4-14 Bandwidth Control Rule 4.3.3.4 Session Limit Choose the menu Advanced→Session Limit→Session Limit to load the configuration page. Check the box before Enable Session Limit and click the <Save> button to apply. Then continue with the following settings: Settings: Group: group1 Max.
Page 146 4.3.4.1 LAN ARP Defense You can configure IP-MAC Binding manually or by ARP Scanning. For the first time configuration, please bind most of the ARP information by ARP Scanning. For some special items not bound, you can bind them manually. Scan and import the entries to ARP List Specify ARP Scanning range.
Page 147 Choose the menu Firewall→Anti ARP Spoofing→IP-MAC Binding to load the configuration page. To add the host with IP address of 192.168.1.20 and MAC address of 00-11-22-33-44-aa to the list, you can follow the settings below: Settings: IP Address: 192.168.0.20 MAC Address: 00-11-22-33-44-aa Status: Activate...
Page 148: Traffic Monitoring
4.3.4.3 Attack Defense Choose the menu Firewall→Attack Defense→Attack Defense to load the configuration page. Select the options desired to be enabled as Figure 4-20 shows, and then click the <Save> button. Figure 4-20 Attack Defense 4.3.4.4 Traffic Monitoring Port Mirror Choose the menu Network→Switch→Port Mirror to load the configuration page.
Page 149 Figure 4-21 Port Mirror Statistics Choose the menu Maintenance→Statistics to load the page. Load the Interface Traffic Statistics page to view the traffic statistics of each physical interface of the Router as Figure 4-22 shows. Figure 4-22 Interface Traffic Statistics Load the IP Traffic Statistics page, and Check the box before Enable IP Traffic Statistics and Enable Auto-refresh, then click the <Save>...
Page 150 Figure 4-23 IP Traffic Statistics After all the above steps, the enterprise network will be operated based on planning. -145-...
Page 151: Chapter 5 Cli
Chapter 5 CLI TL-ER6020 provides a Console port for CLI (Command Line Interface) configuration, which enables you to configure the Router by accessing the CLI from console (such as Hyper Terminal) or Telnet. The following part will introduce the steps to access CLI via Hyper Terminal and some common CLI commands.
Page 152 Figure 5-2 Connection Description Select the port (The default port is COM1) to connect in Figure 5-3, and click OK. Figure 5-3 Select the port to connect Configure the port selected in the step above as the following Figure 5-4 shows. Configure Bits per second as 115200, Data bits as 8, Parity as None, Stop bits as 1, Flow control as None, and then click OK.
Page 153 Figure 5-4 Port Settings Choose File → Properties → Settings on the Hyper Terminal window as Figure 5-5 shows, then choose VT100 or Auto detect for Emulation and click OK. Figure 5-5 Connection Properties Settings -148-...
Page 154: Interface Mode
Figure 5-6 Log in the Router 5.2 Interface Mode The CLI of TL-ER6020 offers two command modes: User EXEC Mode and Privileged EXEC Mode. User EXEC Mode only allows users to do some simple operations such as view the system information, while Privileged EXEC Mode allows you to manage and configure the Router.
Page 155: Online Help
User EXEC mode. As Figure 5-7 shown: Figure 5-7 Interface Mode 5.3 Online Help TL-ER6020 possesses CLI Online Help: Type a question mark to get all commands of this view and their brief description in either mode. ←Type ? TP-LINK >...
Page 156 For example: ←Press Space and ? button TP-LINK > ip - Get the ip configuration Type a character string and a question mark with no space, all the commands with prefix of this character string will be listed.
Page 157: Command Introduction
5.4 Command Introduction TL-ER6020 provides a number of CLI commands for users to manage the Router and user information. For better understanding, each command is followed by note which is the meaning of the command. 5.4.1 ip The ip command is used to view or configure the IP address and subnet mask of the interfaces. View command can be used in both User EXEC Mode and Privileged EXEC Mode while configuration function can be only used in Privileged EXEC Mode.
Page 158: Sys
● The parameters in the brackets are default setting and you can enter the actual parameters behind them. Press Enter key directly if there are no changes. ● TL-ER6020 connects to the FTP server using port 21 by default. -153-...
Page 159: User
Pay special attention that the specified account must be with appropriate permissions since the functions such as export, import and firmware upgrade require read-write operation on FTP server. Import the configuration file. TP-LINK # sys import config The steps are as the above Server address: [192.168.1.101] item shown.
Page 160: History
TP-LINK > user get password current Username: admin Guest. Password: admin Modify the password of the TP-LINK > user set password Guest. Enter old password: Enter new password: Confirm new password: Query the user name and TP-LINK # user get...
Page 161: Exit
View the history command. TP-LINK > history 1. history 2. sys show 3. history Clear the history command. TP-LINK > history clear 1. history 2. sys show 3. history 4. history clear 5.4.6 exit The exit command is used to exit the system when logging in by Telnet.
Page 162: Appendix A Hardware Specifications
Appendix A Hardware Specifications IEEE 802.3, IEEE 802.3u, IEEE 802.3ab, IEEE 802.3x, TCP/ IP, DHCP, Standards ICMP, NAT、PPPoE, SNTP, HTTP, DNS, L2TP, PPTP, IPsec Two 10/100/1000M Auto-Negotiation WAN RJ45 port (Auto MDI/MDIX) Two 10/100/1000M Auto-Negotiation LAN RJ45 ports (Auto MDI/MDIX) Ports One 10/100/1000M Auto-Negotiation LAN/DMZ RJ45 port (Auto MDI/MDIX) One Console Port...
Page 163: Appendix B Faq
192.168.0.x ("x" is any number between 2 to 254) for the IP address and 255.255.255.0 for the Subnet Mask. Test the connection between your PC and TL-ER6020 via Ping command. If you still cannot access the configuration page, please restore your Router to its factory default settings and try to log in again.
Page 164 Q3: What can I do if the Router with the remote management function enabled cannot be accessed by the remote computer? Make sure that the IP address of the remote computer is in the subnet allowed to remotely access the router. If the router’s management port has been modified, please log into the Router with the new address, such as http://192.168.0.1:XX (“XX”...
Page 165: Appendix C Glossary
Appendix C Glossary Glossary Description A technology that allows data to be sent or received over DSL (Digital Subscriber existing traditional phone lines. Line) Application Level Gateway (ALG) is application specific translation agent that allows an application on a host in one ALG （...
Page 166 Glossary Description H.323 allows dissimilar communication devices to communicate with each other by using a standardized communication H.323 protocol. H.323 defines a common set of CODECs, call setup and negotiating procedures, and basic data transport methods. The protocol used by Web browsers and Web servers to HTTP（Hypertext Transfer transfer files, such as text and graphic files.
Page 167 Glossary Description Standardized data link layer address that is required for every port or device that connects to a LAN. Other devices in the MAC address（Media network use these addresses to locate specific ports in the Access Control address） network and to create and update routing tables and data structures.
Page 168 Glossary Description Telnet is used for remote terminal connection, enabling users to Telnet（Telecommunication log in to remote systems and use resources as if they were Network protocol） connected to a local system. UDP is a simple protocol that exchanges datagram without UDP（User Datagram acknowledgments or guaranteed delivery, requiring that error Protocol）...

TP-Link SafeStream TL-ER6020 User Manual

Package Contents

Chapter 1 About this Guide

Chapter 2 Introduction

Chapter 3 Configuration

Chapter 4 Application

Chapter 5 CLI

Appendix A Hardware Specifications

Appendix B FAQ

Appendix C Glossary

Quick Links

Related Manuals for TP-Link SafeStream TL-ER6020

Summary of Contents for TP-Link SafeStream TL-ER6020

Table of Contents