TP-Link TL-ER6020 инструкция обслуживания

TL-ER6020 Gigabit Dual-W AN VPN Router REV1.0.1 1910010852[...]

-I- COPYRIGHT & TRADEMARKS Specifications are subjec t to change without notice. is a registered trademark of TP-LINK TECHNOLOGIES CO., L TD. Other brands and product names are trademarks of their respective holders. No part of the specificat ions may be reproduced in any form or by any means or used to make any derivative such as translation, [...]

-II- CONTENTS Package Contents .................................................................................................................. 1 Chapter 1 About this Guide ................................................................................................... 2 1.1 Intended Re aders ...................................................[...]

-III- 3.3.3 Session Li mit ...........................................................................................................58 3.3.4 Load Balanc e ...........................................................................................................59 3.3.5 Routin g ....................................................................[...]

-IV- 4.2 Network T opol ogy............................................................................................................... 128 4.3 Configur ations ................................................................................................................. ... 128 4.3.1 Internet Setting ..........................................[...]

-1- Package Content s The following items should be found in your package:  One TL-ER6020 Router  One Power Cord  One Console Cable  Two mounting brackets and other fittings  Installation Guide  Resource CD Note: Make sure that the package contains the above items. If any of t he listed items is damaged or missing, please contact [...]

-2- Chapter 1 About this Guide This User Guide contains information for se tup and management of TL-E R6020 Router . Please read this guide carefully before operation. 1.1 Intended Readers This Guide is intended for Network Engineer and Network Administrator. 1.2 Conventions In this Guide the following conventions are used:  The Router or TL-ER6[...]

-3- Appendix A Hardware S pecifications Lists the hardware specific ations of this Router . Appendix B F AQ Provides the possible solutions to the problems that may occur during the installation and operation of the router . Appendix C Glossary Lists the glossary used in this guide.[...]

-4- Chapter 2 Introduction Thanks for choosing the SafeS tream Gi gabit Dual-WAN VPN R outer TL-ER 6020. 2.1 Overview of the Router The SafeS tream Gigabit Dual-WAN VPN Router TL -ER6020 from TP-LINK possesses excellent data processing capability and multiple powerful functions including IPsec/PPTP/L2TP VPN, Load Balance, Access Control, Bandwidth [...]

-5-  Dual-W AN Port s + Providing two 10/100/1000M WAN ports for use r s to connect two Internet lines for bandwidth expansion. + Supporting multiple Load Balance modes, including Bandwidth Based Balance Routing, Application Optimized Routing, and Polic y Routing to optimize bandwidth usage. + Featured Link Backup to switch all the new sessions [...]

-6-  Supports Diagnostic (Ping/T r acert) and Online Detection VPN  Supports IPsec VPN and provides up to 50 IPsec VPN tunnels  Supports IPSec VPN in LAN-to-LAN or Client-to-LAN  Provides DES, 3DES, AES128, AES152, AES 256 encryption, MD5, SHA1 authentication  Supports IKE Pre-Share Key and DH1/DH2/DH5 Key Exchanges  Supports PPTP[...]

-7-  LEDs LED Status Indication On The Router is powered on PWR Off The Router is powered off or power supply is abnormal Flashing The Router works properly SYS On/Off The Router works improperly On There is a device link ed to the corresponding port Off There is no device linked to the corresponding port Link/Act Flashing The corresponding port[...]

-8- 2.3.2 Rear Panel The rear panel of TL-ER6020 is shown as the following figure.  Power Socket Connect the female connector of the power cord to this power socket, and the male connector to the AC power outlet. Please make sure the voltage of the pow er supply meets the requirement of the input voltage (100-240V~ 50/60Hz).  Grounding Termin[...]

-9- Chapter 3 Configuration 3.1 Network 3.1.1 S t atus The S tatus p age shows the system information, the port connection st atus and other information related to this Router . Choose the menu Network → Stat us to load the following page. Figure 3-1 S tatus 3.1.2 System Mode The TL-ER6020 Router can work in three modes: NA T , Non-NA T and Class[...]

-10- Figure 3-2 Network T opology - NA T Mode If your Router is connecting the two networks of di fferent areas in a large network environment with a network topology as the Figure 3-3 shown, and forwards the packets betwe en these two networks by the Routing rules, you can set it to Non-NA T mode. Figure 3-3 Network T opology – Non-NA T Mode If [...]

-1 1- Figure 3-4 Network T opology – Classic Mode Choose the menu Network → System Mode to load the following page. Figure 3-5 System Mode Y ou can select a System Mode for your R outer according to your network need.  NA T Mode NA T (Network Address T ranslation) mode allows the Router to translate private IP addr esses within internal netw[...]

-12-  Non-NA T Mode In this mode, the Router functi ons as the traditional Gateway and fo rwards the packets via routing protocol. The Hosts in dif ferent subnets can comm unicate with one another via the routing rules whereas no NA T is employed. For ex ample: If the DMZ port of the Rout er i s in W AN mode, the Hos ts in the subnet of DMZ port[...]

-13- Figure 3-6 W A N – S tatic IP The following items are displayed on this screen:  St atic IP Connection T ype: Select S tatic IP if your ISP has assigned a static IP address for your computer . IP Address: Enter the IP address assigned by your ISP . If you are not clear , please consult your ISP . Subnet Mask: Enter the Subnet Mask assigne[...]

-14- Up stream Bandwidth: S pecify the bandwidth for transmitting p ackets on the port. Downstream Bandwidth: S pecify the bandwidth for receiving p ackets on the port. 2) Dynamic IP If your ISP (Internet Service Provider) assigns the IP address automatic ally , please choose the Dynamic IP connection type to obt ain the parameters for W AN port au[...]

-15-  Dyn amic IP Connection T ype: Select Dynamic IP if your ISP assigns the IP address automatically . Click <Obtain> to get the IP address from your ISP’s server . Click <Release> to release the current IP address of W AN port. Host Name: Optional. This field allows you to give a name for the Router . It's blank by default.[...]

-16-  Dynamic IP St atus Statu s: Displays the status of obt aining an IP address from your ISP .  “Disabled” indicates that the Dy namic IP connection type is not applied.  “Connecting” indicates that t he Router is obtaining the IP parameters from your ISP .  “Connected” indicates that the Router has successfully obtained [...]

-17- Figure 3-8 W AN - PPPoE[...]

-18- The following items are displayed on this screen:  PPPoE Settings Connection T ype: Select PPPoE if your ISP provides xDSL V irtual Dial-up connec tion. Click <Connect> to dial-up to the Internet and obtain the IP address. Click <Disconnect> to disconnec t the Internet connection and release the current IP address. Account Name:[...]

-19- ISP Address: Optional. Enter the ISP address provided by your ISP . It's null by default. Service Name: Optional. Enter the Service Name prov ided by your ISP . It's null by default. Primary DNS: Enter the IP address of y our ISP’s Primary DNS. Secondary DNS: Optional. Enter the IP address of your ISP’ s Secondary DNS. Secondary [...]

-20-  PPPoE St atus Statu s: Displays the status of PPPoE connection.  “Disabled” indicates that t he PPPoE connection type is not applied.  “Connecting” indicates that t he Router is obtaining the IP parameters from your ISP .  “Connected” indicates that the Router has successfully obtained the IP parameters from your ISP .[...]

-21- Figure 3-9 W A N - L2TP The following items are displayed on this screen:  L2TP Settings Connection T ype: Select L2TP if your ISP provides a L2T P connection. Click <Connect> to dial-up to the Internet and obtain the IP address. Click <Disconnect> to disconnect the In ternet connection and release the current IP address.[...]

-22- Account Name: Enter the Account Name provided by your ISP . If you are not clear , please consult your ISP . Password: Enter the Password provided by your ISP . Server IP: Enter the Server IP provided by your ISP . MTU: MTU (Maximum T ransmission Unit) is the maximum data unit transmitted by the physical network . It can be set in the range of[...]

-23- Primary DNS/ Secondary DNS: If S tatic IP is selected, co nfigure the DNS. If Dynamic IP is selected, the obtained DNS is displayed. Up stream Bandwidth: Specify the b andwidth for transmitting packet s on the port. Downstream Bandwidth: S pecify the bandwidth for receiving p ackets on the port.  L2TP S tatus Statu s: Displays the status of[...]

-24- 5) PPTP If your ISP (Internet Service Provider) has provi ded the account informati on for the PPTP connection, please choose the PPTP connection type. Figure 3-10 W A N - PPTP The following items are displayed on this screen:  PPTP Settings Connection T ype: Select PPTP if your ISP prov ides a PPTP connection. Click <Connect> to dial[...]

-25- <Disconnect> to disconnect the In ternet connection and release the current IP address. Account Name: Enter the Account Name provided by your ISP . If you are not clear , please consult your ISP . Password: Enter the Password provided by your ISP . Server IP: Enter the Server IP provided by your ISP . MTU: MTU (Maximum T ransmission Unit[...]

-26- Primary DNS/ Secondary DNS: If S tatic IP is selected, co nfigure the DNS. If Dynamic IP is selected, the obtained DNS is displayed. Up stream Bandwidth: Specify the b andwidth for transmitting packet s on the port. Downstream Bandwidth: S pecify the bandwidth for receiving p ackets on the port.  PP TP Statu s Statu s: Displays the status o[...]

-27- Figure 3-1 1 WAN – Bigpond The following items are displayed on this screen:  BigPond Settings Connection T ype: Select BigPond if your ISP prov ides a BigPond connection. Click <Connect> to dial-up to the Internet and obtain the IP address. Click <Disconnect> to disconnect the Inte rnet connection and release the current IP a[...]

-28- Auth Domain: Enter the domain name of authentic ation server . It's only required when the address of Auth Server is a server name. Auth Mode: Y ou can select the proper Active mode according to your need.  Manual: Select this option to manually activate or terminate the Internet connection by the <Con nect> or <Disconnect>[...]

-29- Default Gateway: Displays the IP address of the default gateway assigned by your ISP . Note: T o ensure the BigPond connection re-established norma lly , please restart the connection at least 5 seconds after the connection is of f. 3.1.4 LAN 3.1.4.1 LAN On this page, you can configure the p a rameters for LAN port of this router . Choose the [...]

-30- Choose the menu Network → LAN → DHCP to load the following page. Figure 3-13 DHCP Settings The following items are displayed on this screen:  DHCP Settings DHCP Server: Enable or disable the DHCP server on your Router . T o enable the Router to assign the TCP/IP paramete rs to the computers in the LAN automatically , please select Enabl[...]

-31- Primary DNS: Optional. Enter the Primary DNS server address provided by your ISP . It is recommended to enter the IP address of the LAN port of the Router . Secondary DNS: Optional. If a Secondary DNS Server address is available, enter it. 3.1.4.3 DHCP Client On this page, you can view the information about all the DHCP clients c onnected to t[...]

-32-  DHCP Reservation MAC Address: Enter the MAC address of the computer for which you want to reserve the IP address. IP Address: Enter the reserved IP address. Description: Optional. Enter a description for the entry . Up to 28 characters can be entered. Statu s: Activate or Inactivate the corresponding entry .  List of Reserved Addres s I[...]

-33- Figure 3- 16 DMZ – Public Mode In Private mode, the DMZ port allows the Hosts in DMZ to access Internet via NA T mode which translates private IP addresses within DMZ to pub lic IP addresses for trans port over Internet. The Hosts in DMZ can directly communicate with LAN us ing the private IP addresses within the different subnet of LAN. Fig[...]

-34- Figure 3-18 DMZ The following items are displayed on this screen:  DMZ Statu s: Activate or inactivate this entry . The DMZ port functions as a normal LAN port when it’s disabled. Mode: Select the mode for DMZ port to control the connection way among DMZ, LAN and Internet. Options include: Public and Private. IP Address: Enter the IP addr[...]

-35- Set the MAC Address fo r LAN port: In a complex network topology with all the ARP bound devices, if you want to use TL-ER6020 instead of the current router in a network node, you c an just set the MAC address of TL-ER6020‘s LAN port the same to the MAC address of the previous r outer , which can avoid all the devices under this network node [...]

-36- MAC Clone: It’s only available for W AN port. Cl ick the <Restore Factory MAC> button to restore the MAC address to the factory default value or click the <Clone Current PC’s MAC> button to clone the MAC address of the PC you are currently using to con figure the Router . Then click <Save> to apply . Note: T o avoid a con[...]

-37- The following items are displayed on this screen:  St atistics Unicast: Displays the number of normal unica st p ackets received or transmitted on the port. Broadcast: Displays the number of normal broadcast packet s received or transmitted on the port. Pause: Displays the number of flow contro l frames received or transmitted on the port. [...]

-38- Choose the menu Network → Sw itc h → Port Mirror to load the following page. Figure 3-21 Port Mirror The following items are displayed on this screen:  General Enable Port Mirror: Check the box to enable the Port Mirr or function. If unchecked, it will be disabled. Mode: Select the mode for the port mirror function. Options include: [...]

-39- The entry in Figure 3-21 indicates: The outgoing packets sent by port 1, port 2, port 3 and port 5 (mirrored ports) will be copied to port 4 (mirroring port). Application Example: T o monitor all the traffic and analyze the network abnormity for an ent erprise’s network, please set the Port Mirror function as below: 1) Check the box before E[...]

-40- Figure 3-22 Rate Control The following items are displayed on this screen:  Rate Control Port: Displays the port number . Ingress Limit: S pecify whether to enable t he Ingress Limit feature. Ingress Rate: S pecify the limit rate for the ingress packet s . Egress Limit: S pecify whether to enable Egress Limit feature. Egress Rate: S pecify [...]

-41- Figure 3-23 Port Config The following items are displayed on this screen:  Port Config Statu s: S pecify whether to enable the po rt. The p ackets can be transported via this port after being enabled. Flow Control: Allows you to enable/disable the Flow Control function. Negotiation Mode: Select the Negotiation Mode for the port. All Port s:[...]

-42- 3.1.7.6 Port VLAN A VLAN (Virtual Local Area Network) is a network topology configured accord ing to a logical scheme rather than the physical layout, which allows you to divide the physical LAN into multiple logical LANs so as to control the communication among the ports . The VLAN function can prevent t he broadcast storm in LANs and enhance[...]

-43- 3.2.1 Group On this page you can define the group for management. Choose the menu User Group → Group to load the following page. Figure 3-26 Group Configuration The following items are displayed on this screen:  Group Config Group Name: S pecify a unique name for the group. Description: Give a description for the grou p. It's optiona[...]

-44-  User Config User Name: S pecify a unique name for the user . IP Address: Enter the IP Address of the user . It cannot be the network address or broadcast address of the port. Description: Give a description to the user fo r identification. It's optional.  List of User In this table, you can view the information of the Users and edi[...]

-45- User Name: Select the name of the desired User . A vailable Group: Displays the Groups that the User can join. Selected Group: Displays the Groups to which this User belongs. Group Name: Select the name of the desired Group. Group Structure: Click this button to view the tree struct ure of this group. All the members of this group will be disp[...]

-46- The following items are displayed on this screen:  NAPT Source Port Range: Enter the source port range between 2049 and 65000, the span of which must be not less than 100.  NA T -DMZ NA T -DMZ: Enable or disable NA T -DMZ. NA T DM Z is a special service of NA T application, which can be considered as a default forwardin g rule. When NA T[...]

-47- Interface: Select an interface for forwarding data packets. DMZ Forwarding: Enable or disable DMZ Forwarding. The packets transmitted to the T ranslated IP Address will be forwarded to the host of Original IP if DMZ Forwarding is enabled. Description: Give a description for the entry . Statu s: Activate or inactivate the entry .  List of Ru[...]

-48- Subnet/Mask: Enter the subnet/mask to make the address range for the entry . Interface: Select the interface for the entry . Y ou can select LAN or DMZ port. Description: Give a description for the entry . Statu s: Activate or inactivate the entry .  list of Rules Y ou can view the informati on of the entries and edit t hem by the Action bu[...]

-49- Configuration procedure 1. Establish the Multi-Nets NA T entries with Subnet/Mask of VLAN2 and VLAN3. The configured entries are as follows: 2. Then set the corresponding S tatic Route entry , en ter the IP address of t he interface connecting the Router and the three layer swit ch into the Next Hop field.[...]

-50- Choose the menu Advanced → Routi ng → S t atic Route to load the following page. The S tatic Route entry is as follows: 3.3.1.4 V irtual Server Virtual server set s up public services in your private network, such as DNS, Email and FTP , and defines a service port. All the serv ice requests to this port will be transmitted to the LAN serve[...]

-51- Figure 3-32 Virtual Server The following items are displayed on this screen:  Virtual Server Name: Enter a name for Virtual Server ent ries. Up to 28 characters can be entered. Interface: Select an interface for forwarding data packe ts. External Port: Enter the service port or port range the Router provided for accessing external network. [...]

-52- Note: ● The External port and Internal Port should be set in the range of 1-65535. ● The extern al ports of dif ferent entries should be different, whereas the internal port s can be the same.  List of Rules In this table, you can view the information of the entries and edit them by the Action buttons. The first entry in Figure 3-32 ind[...]

-53- Name: Enter a name for Port Triggering entri es. Up to 28 characters can be entered. Interface: Select an interface for forwarding dat a p ackets. T rigger Port: Enter the trigger port number or the rang e of port. Only when the trigger port initiates connection w ill all the corresponding incoming ports open and provide service for the applic[...]

-54- 3.3.1.6 ALG Some special protocols such as FTP , H.323, SIP , IPsec and PPTP will work properly only when ALG (Application Layer Gatewa y) service is enabled. Choose the menu Advanced → NA T → ALG to load the following page. Figure 3-34 ALG The following items are displayed on this screen:  ALG FTP ALG: Enable or disable FTP ALG . The d[...]

-55- 3.3.2.1 Setup Choose the menu Advanced → T raffic Control → Setup to load the following page. Figure 3-35 Configuration The following items are displayed on this screen:  General Disable Bandwidth Control: Select this option to disable Bandwidth Control. Enable Bandwidth Control all the time: Select this option to enable Bandwidth Contr[...]

-56-  Interface Bandwidth Interface: Displays the current enabled W AN port(s). The T otal bandwid th is equal to the sum of bandwidth of the enabled W AN ports. Up stream Bandwidth: Displays the bandwidth of each W A N port for transmitting data. The Upstream Bandwid th of W AN port can be configured on W AN page. Downstream Bandwidth: Displays[...]

-57-  Bandwidth Control Rule Direction: Select the data stream direction for the entry . The direction of arrowhead indicates the data stream direction The DMZ port displays in the drop-down list only when the DMZ port is enabled. W AN-ALL means all W AN ports through which the data flow might pass. Individual W AN port cannot be selected if W A[...]

-58- Note: ● The premise for single r ule t aking effect is that the bandwidth of the interface for this rule is sufficient and not used up. ● It is impossible to satisfy all the guaranteed bandw idth if the tota l guaranteed bandwidth specified by all Bandwidth Control rules for certain in terface exceeds the physical bandwid th of this interf[...]

-59-  Session Limit Group: Select a group to define the controlled users. Max. Sessions: Enter the max. Sessions for the users. Description: Give a description for the entry . Statu s: Activate or inactivate the entry .  List of Session Limit Y ou can view the informati on of the entries and edit t hem by the Action buttons. The first entry i[...]

-60- Figure 3-39 Configuration With the box before Enable Application Optimized Routing checked, the Router will consider the source IP address and destination IP address of the packet s as a whole and record the W A N port they pass through. And then the p ackets with the same source IP address and destination IP address or destination port will b[...]

-61- The following items are displayed on this screen:  General Protocol: Select the protocol for the entry in the drop-down list. If the protocol you want to set is not in the lis t, you can add it to the list on 3.3.4.4 Protocol page. Source IP: Enter the source IP range for the entry . 0.0.0.0 - 0.0.0.0 means any IP is acceptable. Destination[...]

-62- On this page, you can configur e the Link Backup function based on actual need to reduce the traffic burden of W AN port and improve the network efficiency . Choose the menu Advanced → Load Balance → Li nk Backup to load the following p age. Figure 3-41 Link Backup The following items are displayed on this screen:  General W AN Port s: [...]

-63- Timing: Link Backup will be enabled if the spec ified effective time is reached. All the traf fic on the primary W AN will switch to the backup W AN at the beginning of the effective time; t he traf fic on the backup W AN will switch to the primary W AN at the ending of the effective time. Failover: S pecify the premise for Failover Mode. The [...]

-64- Figure 3-42 Protocol The following items are displayed on this screen:  Protocol Name: Enter a name to indicate a protocol. The name will display in the drop-down list of Protocol on Access Rule page. Number: Enter the Number of the prot ocol in the range of 0-255.  List of Protocol Y ou can view the informati on of the entries and edit [...]

-65- Choose the menu Advanced → Routi ng → S t atic Route to load the following page. Figure 3-43 Static Route The following items are displayed on this screen:  St atic Route Destination: Enter the destination hos t the route leads to. Subnet Mask: Enter the Subnet Mask of the destination network. Next Hop: Enter the gateway IP address to w[...]

-66- The first entry in Figure 3-43 indicates: If there are packets being sent to a device with IP address of 21 1.162.1.0 and subnet mask of 255.255.255.0, the Rout er will forward the packets from W AN1 port to the next hop of 21 1.200.1.1. Application Example There is a network topology as the following figure shown: If the LAN port of TL-ER6020[...]

-67- The distance of RIP refers to the hop counts that a data p acket passes through before reaching its destination, the value range of wh ich is 1–15. It means the destination cannot be reac hed if the value is more than 15. Optimal path indicates the p ath wi th the fewest hop counts. RIP exchanges the route information every 30 seconds by bro[...]

-68- Authentication: network situation, and the password s hould not be more than 15 characters. All Interfaces: Here you can operate all the interfaces in bulk. All the interfaces will not apply RIP if “Enable” option for All Interfaces is selected.  List of RIP After RIP is enabled, the information of RIP forw arding the packets received b[...]

-69- Flags: The Flags of route entry . The Flags describe certain characteristics of the route. Logical Interface: The logical interface of route entry . Physical Interface: The physical interface of route entry . Metric The Metric of route entry . 3.4 Firewall 3.4.1 Anti ARP S poofing ARP (Address Resolution Protocol) is used for analyzing and map[...]

-70- Figure 3-46 IP-MAC Binding The following items are displayed on this screen:  General It is recommended to check all the options. Y ou s hould import the IP and MAC address of the host to IP-MAC Binding List and enable the corresponding entr y before enabling “Permit the packet s matching the IP-MAC Binding entries only”. When suffered [...]

-71- Y ou can view the informati on of the entries and edit t hem by the Action buttons. The first entry in Figure 3-46 indicates: The IP address of 192.168.1.101 and MAC address of 00-1 9-66-83-53-CF have been bound and this entry is activated. Note: If all the entries in the binding list are disabled and “Permit the packets of IP-MAC Binding en[...]

-72- Indicates that the IP and MAC addres s of this entry are already bound. T o bind the entries in the list, check these entri es and click the <Import> button, then the settings will take ef fect if the entries do not c onflict with the existed entries. Note: If the local hosts suffered from ARP att ack, you cannot add IP-MAC Binding entri[...]

-73- Figure 3-49 Attack Defense The following items are displayed on this screen:  General Flood Defense: Flood attack is a commonly used DoS (Denial of Service) att ack, including TCP SYN, UDP , ICMP and so on. It is recommende d to select all the Flood Defens e options and specify the corresponding thresholds. Keep the def ault settings if you[...]

-74- Packet Anomaly Defense: Packet Anomaly refers to the abnormal p ackets. It is recommended to select all the Packet Anomaly Def ense options. Enable Att ack Defense Logs: With this box checked, the Rout er will record the defense logs. 3.4.3 MAC Filtering On this page, you can control the Internet access of local hosts by spec ifying their MAC [...]

-75-  List of Rules Y ou can view the informati on of the entries and edit t hem by the Action buttons. 3.4.4 Access Control 3.4.4.1 URL Filtering URL (Uniform Resource Locator) specifies wher e an identified resource is available and th e mechanism for retrieving it. URL Filt er functions to filter the Internet URL address, so as to provide a c[...]

-76-  Group: URL Filtering will take effect to all the users in group. Mode: Select the mode for URL Filtering. “Keyword’’ indicates that all the URL addresses including the specif ied keywords will be filtered. “URL Path” indicates that the URL address will be filtered only when it exactly matches the specified URL. Description: Give [...]

-77- 3.4.4.2 Web Filtering On this page, you can filter the desired web components. Choose the menu Firewall → Access Control → Web Filtering to load the following p age. Figure 3-52 Web Filtering Check the box before Enable Web Filt ering and select the web components to be filtered. 3.4.4.3 Access Rules Choose the menu Firewall → Access Con[...]

-78- Policy: Select a policy for the entry:  Block: When this option is selected, the packets obeyed the rule will not be permitted to pass through the Router .  Allow: When this option is selected, the packet s obeyed the rule will be allowed to pass through the Router . Service: Select the service for the entry . Only the service belonging [...]

-79- Priority: Select this option to specify the priority for the added entries. The latest enabled entry will be displa yed at the end of the list by default.  List of Rules Y ou can view the information of the entries and edit them by the Action butt ons. The smaller the value is, the higher the priority is. The first entry in Figure 3-53 indi[...]

-80- Figure 3-54 Service The following items are displayed on this screen:  Service Name: Enter a name for the service. T he name should not be more than 28 characters. The name will display in the drop-down list of Protocol on Access Rule page. Protocol: Select the protocol for the servic e. The system predefined protocols include TCP , UDP and[...]

-81- 3.4.5 App Control 3.4.5.1 Control Rules On this page, you can enable t he Application Rules function. Choose the menu Firewall → App Control → Control Rules to load the following page. Figure 3-55 Application Rules The following items are displayed on this screen:  General Check the box before Enable Application Control to make the Appl[...]

-82- Application: Click the <Application List> button to select applications from the popup checkbox. The applications include IM , Web IM, SNS, P2P , Media, Basic and Proxy . The default setting is to limit all the applications in the application list except for Basic and Proxy . Effective Time: S pecify the time for the entry to take ef fec[...]

-83- 3.5 VPN VPN (Virtual Private Network) is a private network established via the public network, generally via the Internet. However , the private network is a logical network without any physical network lines, so it is called Virtual Private Network. With the wide application of the Internet, more and more data are needed to be shared through [...]

-84- 3.5.1.1 IKE Policy On this page you can configure the rela ted parameters for IKE negotiation. Choose the menu VPN → IKE → IKE Policy to load the following p age. Figure 3-58 IKE Policy The following items are displayed on this screen:  IKE Policy Policy Name: S pecify a unique name to the I KE policy for identification and management p[...]

-85- Exchange Mode: Select the IKE Exchange M ode in phase 1, and ensure the remote VPN peer uses the same mode.  Main: Main mode provides i dentity protection and exchanges more information, which applies to the scenarios with higher requirement for i dentity protection.  Aggressive: Aggressive Mode establishes a faster connection but with l[...]

-86- DPD Interval: Enter the interval after wh ich the DPD is triggered.  List of IKE Policy In this table, you can view the information of IKE Policies and edit them by the action buttons. 3.5.1.2 IKE Proposal On this page, you can define and edit the IKE Proposal. Choose the menu VPN → IKE → IKE Proposal to load the following page. Figure [...]

-87- Encryption: S pecify the encryption algorithm for IKE negotiation. Options include:  DES: DES (Data Encryption S tandard) encrypts a 64-bit block of plain text with a 56-bit key .  3DES: T riple DES, encrypts a plain text with 168-bit key .  AES128: Uses the AES algor ithm and 128-bit key for encryption.  AES192: Uses the AES algor[...]

-88- 3.5.2.1 IPsec Policy On this page, you can defi ne and edit the IPsec policy . Choose the menu VPN → IPsec → IPsec Policy to load the following page. Figure 3-60 IPsec Policy The following items are displayed on this screen:  General Y ou can enable/disable IPsec func tion for the Router here.  IPsec Policy Policy Name: S pecify a un[...]

-89- Mode: Select the network mode for IP sec policy . Options include:  LAN-to-LAN: Select this option when the client is a network.  Cl ie nt -to -L AN : Select th is option when the clien t is a host. Local Subnet: S pecify IP address range on your local LAN to identify which PCs on your LAN are covered by this policy . It's formed by[...]

-90- Phase2. As it is independent of the key created in Phase1, this key can be secure even when the key in Phase1 is de-encrypted. Without PFS, t he key in Phase2 is created based on the key in Phase1 and thus once the key in Phase1 is de-encrypted, the key in Phase2 is easy to be de-encrypted, in this case, the communication secrecy is threatened[...]

-91- AH Authentication Key-Out: S pecify the outbound AH Authent ication Key m anually if AH protocol is used in the co rresponding IPsec Proposal. The outbound key here must match the inbound AH a uthentication key at the other end of t he tunnel, and vice versa. ESP Authentication Key-Out: Specify the outbound ESP Authent ication Key manually if [...]

-92- Figure 3-61 IPsec Proposal The following items are displayed on this screen:  IPsec Proposal Proposal Name: S pecify a unique name to the IPse c Proposal for identification and management purposes. The IPsec proposal can be applied to IPsec policy . Security Protocol: Select the security protocol to be used. Options include:  AH: AH (Aut[...]

-93- ESP Authentication: Select the algorithm used to verify the integrity of the data for ESP authentication. Options include:  MD5: MD5 (Message Digest Algo rithm) takes a message of arbitrary length and generates a 128-bi t message digest.  SHA: SHA (Secure Hash Algorithm) takes a message less than the 64th power of 2 in bits and generates[...]

-94- outgoing SPI value are different. However , the Incoming SPI value must match the Outgoing SPI value at the other end of the tunnel, and vi ce versa. The connection statu s on the remote end point of this tunnel is as the following figur e shows. The SPI value is obt ained via auto-n egotiation. 3.5.3 L2TP/PPTP Layer 2 VPN tunneling protocol c[...]

-95- Figure 3-63 L2TP/PPTP Tunnel The following items are displayed on this screen:  General Enable VPN-to-Internet: S pecify whether to enable VPN-to-In ternet function. If enabled, the VPN client is permitted to access t he LAN of the server and Internet. Hello Interval: S pecify the interval to send hello packets.  L2TP/PPTP T unnel Protoc[...]

-96- Account Name: Enter the account nam e of L2TP/PPTP tunnel. It should be configured identically on server and client. Password: Enter the password of L2TP/PPT P tunnel. It should be configure d identically on server and client. T unnel: Select the network mode for the tunnel. Options include:  LAN-to-LAN: Select this option w hen the L2TP/PP[...]

-97- Remote Subnet: Enter the IP address range of your remote network. (It's always the IP address range of LAN on the remote peer of VPN tunnel.) It’ s the combination of IP address and subnet mask. Statu s Activate or inactivate the entry .  List of Configurations In this table, you can view your configurations of the tunnels and edit t[...]

-98- In this table, you can view the information of IP Pools and edit them by the action buttons. 3.5.3.3 List of L2TP/PPTP T unnel This page displays the informat ion and status of the tunnels. Choose the menu VPN → L2TP/PPTP → List of L2TP/PPTP T unnel to load the following p age. Figure 3-65 List of L2TP/PPTP Tunnel Figure 3-65 displays the [...]

-99- Figure 3-66 General The following items are displayed on this screen:  General PPPoE Server: S pecify whether to enabl e t he PPPoE Server function. Dial-up Access Only: S pecify whether to enable the Dial-up Access Only func tion. If enabled, only the Dial-in Users and the user with Excepti onal IP can access the Internet. PPPoE User Isola[...]

-100- Idle Timeou t: Enter the maximum idle time. The session will be terminated af ter it has been inactive for this specified period. It can be 0-10080 minutes. If you want your Internet connection to remain on at all times, enter 0 in the Idle T imeout field. The default value is 30. Authentication: Select the Authentication type. It can be Loca[...]

-101- Figure 3-67 IP Address Pool The following items are displayed on this screen:  IP Address Pool Pool Name: S pecify a unique name to the IP A ddress Pool for identification and management purposes. IP Address Range: S pecify the start and the end IP address for IP Pool. The start IP address should not exceed the end address and the IP addre[...]

-102- Figure 3-68 Account The following items are displayed on this screen:  Account Account Name: Enter the account name. This name should not be the same with the one in L2TP/PPTP connection settings. Password: Enter the password. IP Address Assigned Mode: Select the IP Address Assigned Mode for IP assignment.  S tatic: Select this option t[...]

-103- Description: Enter the description for management and search purposes. Up to 28 characters can be entered. Statu s: Activate or inactivate the entry . MAC Binding: Select a MAC Binding type from t he pull-down list. Options include:  Disable: Select this option to disable the MAC Binding function.  Manual: Select this option to bi nd th[...]

-104- The following items are displayed on this screen:  Exceptional IP IP Address Range: S pecify the start and the end IP address to make an exceptional IP address range. This range should be in the sa me IP range with LAN port or DMZ port of the Router . The start IP addr ess should not exceed the end address and the IP address ranges must no[...]

-105- Figure 3-71 E-Bulletin The following items are displayed on this screen:  General Enable E-Bulletin: S pecify whether to enable el ectronic bulletin function. Interval: S pecify the interval to release the bulletin. Enable Logs: S pecify whether to log the E-Bulletin.  E-Bulletin Tit le : Enter a title for the bulletin.[...]

-106- Content: Enter the content of the bulletin. Object: Select the object of this bulletin. Options include:  ANY: The bulletin will be released to all the users and the PCs on the LAN.  Group: The bulletin will be released to the users in the selected group. You can click < > button to add a group to the selected group and click <[...]

-107- latest IP add ress, the server will update the mappings between the domai n name and IP address in DNS database. Therefore, the users can use the same domain name to ac cess the DDNS client even if the IP address of the DDNS cli ent has changed. DDNS is usually us ed for the Internet users to access the private website and FTP server , both o[...]

-108- Domain Name: Enter the Domain Name that you r egistered with your DDNS service provider . DDNS Service: Activate or inactivate DDNS service here. W AN Port: Displays the W AN port for which Dyndns DDNS is selected. DDNS St atus: Displays the current status of DDNS service  Offline: DDNS service is disabled.  Connecting: client is connec[...]

-109- Account Name: Enter the Account Name of y our DDNS account. If you have no t registered, click <Go to register> to go to the website of No-IP for register . Password: Enter the password of your DDNS account. Domain Name: Enter the Domain Name that you r egistered with your DDNS service provider . DDNS Service: Activate or inactivate DDN[...]

-1 10- Figure 3-74 PeanutHull DDNS The following items are displayed on this screen:  PeanutHull DDNS Account Name: Enter the Account Name of y our DDNS account. If you have no t registered, click <Go to register> to go to the website of PeanutHull for register . Password: Enter the password of your DDNS account. DDNS Service: Activate or [...]

- 111 - Domain Name: Displays the domain names obtained from the DDNS server . Up to 16 domain names can be displayed here.  List of PeanutHull Account In this table, you can view the existing DDNS entries or edit them by the Action button. 3.6.3.4 Comexe On this page you can configure Comexe DDNS client. Choose the menu Services → Dynamic DNS[...]

-1 12- DDNS St atus: Displays the current status of DDNS service  Offline: DDNS service is disabled.  Connecting: client is connecting to the server.  Online: DDNS works normally.  Authorization fails: The Account Name or Password is incorrect. Please check and enter it again. Domain Name: Displays the domain names obtained from the DDN[...]

-1 13-  General UPnP Funct ion: Enable or disable the UPnP function globally .  List of UPnP Mappin g After UPnP is enabled, all UPnP connection rules will be displayed in the list of UPnP Mapping. Up to 64 UPnP service connections are supported in TL-ER6020. The NO.1 entry in Figure 3-76 indicates: TCP d ata received on port 12856 of the W A[...]

-1 14- New User Name: Enter a new user name for the Router . New Password: Enter a new password for the Router . Confirm New Password: Re-enter the new password for confirmation. Note: ● The factory default password and user name are both admin. ● Y ou should enter the new user name and password when next login if t he current username and pass[...]

-1 15- T elnet Idle Timeout: Enter a timeout period that t he Router will log the remote PCs out of the Web-based Utilit y after a specified period (T elnet Idle T imeout) of inactivity . Note: ● The default W eb Mana gement Port is 80. If t he port is changed, you should type in the new address, such as http://192.168.0.1:XX (“XX” is the new[...]

-1 16- Application Example Network Requirements Allow the IP address within 210. 10.10.0/24 segment to manage t he Router with IP address of 210.10.10.50 remotely . Configuration Procedure T ype 210.10.10.0/24 in the Subnet/Mask field on Remo te Management page and enable the entry as the following figure shows. Then type the corresponding port num[...]

-1 17- Figure 3-81 Export and Import The following items are displayed on this screen:  Configuration V ersion Displays the current Configur ation version of the Router .  Export Click the <Export> button to save the current conf iguration a s a file to your computer . Y ou are suggested to take this measure before upgrading or modifyin[...]

-1 18- Figure 3-82 Reboot Click the <Reboot> button to reboot the Router . The configuration will not be lost after rebooting. The Internet connection will be temporarily interrupted while rebooting. Note: T o avoid damage, please don't turn off the device while rebooting. 3.7.2.4 Firmware Upgrade Choose the menu Maintenance → Manageme[...]

-1 19- Figure 3-84 License 3.7.4 S t atistics 3.7.4.1 Interface T raffic St atistics Interface T raffic S tatistics screen displays the det ailed traffic information of each port and extra information of W AN ports. Choose the menu Maintenance → St atistics → Interfac e T raffic St atistics to load the following page. Figure 3-85 Interface T ra[...]

-120- Interface: Displays the interface. Rate Rx ： Displays the rate for receiving data frames. Rate Tx: Displays the rate for transmitting data frames. Packets Rx: Displays the number of p ackets received on the interface. Packets Tx: Displays the number of packets transmitted on the interface. Bytes Rx: Displays the bytes of packet s received o[...]

-121- Figure 3-86 IP Traf fic S tatistics The following items are displayed on this screen:  General Enable IP T raffic St atistics: Allows you to enable or disable IP Traf fic S tatistics. Enable Auto-refresh: Allows you to enable/disable refreshing the IP T raffic S tatistics automatically . The default refr esh interval is 10 seconds.  T r[...]

-122- Figure 3-87 Diagnostics The following items are displayed on this screen:  Ping Destination IP/Domain: Enter destination IP address or Domain name here. Then select a port for testing, if you select “A uto”, the Router will select the interface of destination automatically . After clicking <S tart> button, the Router will send Pi[...]

-123- of destination automatically . After clicking the <S tart> button, the Router will send T racert packets to test the connectivity of the gateways during the journey from th e source to destination of the test data and the result s will be displayed in the box below . 3.7.5.2 Online Detection On this page, you can detect the W AN port is[...]

-124- W AN St atus: Display the detecting results. 3.7.6 Ti me System T ime is the time displayed while the Rout er is running. On this page you can configure the system time and the settings here will be used for ot her time-based functions like Access Rule, PPPoE and Logs. Choose the menu Maintenance → Tim e → Ti me to load the following p ag[...]

-125- Note: ● If Get GMT function cannot be used properly , pl ease add an entry with UDP port of 123 to the firewall software of the PC. ● The time will be lost when the Router is restar ted. The Router will obtai n GMT time automatically from Internet. 3.7.7 Logs The Log system of Router can record, classify and manage the system information [...]

-126- The Logs of switch are classified into the following eight levels. Severity Level Description Emergency 0 The system is unusable. Alert 1 Action must be taken imme diately . Critical 2 Critical conditions Error 3 Error conditions W arning 4 W arnings conditions Notice 5 Normal but significant conditions Informational 6 Informational messages [...]

-127- Chapter 4 Application 4.1 Network Requirement s The company has established the server farms in the headquarters to provide the Web, Mail and FTP services for all the staf f in the he adquarters an d the branch offices, and to transmit the commercial confidential data to it s p artners. The dedicated line access service wa s used by this comp[...]

-128- 4.2 Network T opology 4.3 Configurations Y ou can configure the Router via th e PC connected to the LAN port of this Router . T o log in to the Router , the IP address of your PC should be in the same subnet of the LAN por t of this Router . (The default subnet of LAN port is 192.168.0.0/24.). The IP ad dress of your PC can be obtained automa[...]

-129- 4.3.1.1 System Mode Set the system mode of the Router to the NA T mode. Choose the menu Netw ork → System Mode to load the following p age. Select the NA T mode and the <Save> button to apply . Figure 4-1 System Mode 4.3.1.2 Internet Connection Configure the St atic IP connection type for the W AN1 and W AN2 ports of the Router . Choo[...]

-130- Figure 4-3 Link Backup 4.3.2 VPN Setting T o enable the hosts in the remote branch of fice (W AN: 1 16.31.85.133, LAN: 172.31.10.1) to access the servers in the headquarters, you can create the VPN tunnel via the TP-LINK VPN routers between t he headquarters and the remote branch office to guar antee a secured communication. The following tak[...]

-131- Authentication: MD5 Encryption: 3DES DH Group: DH2 Click the <Add> button to apply . Figure 4-4 IKE Proposal  IKE Policy Choose the menu VPN → IKE → IKE Policy to load the configuration p age. Settings: Policy Name: IKE_1 Exchange Mode: Main IKE Proposal: proposal_I KE_1 (you just created) Pre-shared Key: aabbccddee SA Lifetime: [...]

-132- Figure 4-5 IKE Policy Tips: For the VPN Router in the remote branch office, t he IKE settings should be the same as the Router in the headquarters. 2) IPsec Setting T o configure the IPsec function, you sh ould create an IPsec Proposal firstly .  IPsec Proposal Choose the menu VPN → IPsec → IPsec Proposal to load the following page. Se[...]

-133- ESP Encryption: 3DES Click the <Save> button to apply . Figure 4-6 IPsec Proposal  IPsec Policy Choose the menu VPN → IPsec → IPsec Policy to load the configuration p age. Settings: IPsec: Enable Policy Name: IPsec_1 S tatus: Activate Mode LAN-to-LAN Local Subnet: 192.168.0.0/24 Remote Subnet: 172.31.10.0/24 WA N : WA N1 Remote G[...]

-134- Figure 4-7 IPsec Policy Tips: For the VPN Router in the remote branch office, the IPsec settings should be consistent with the Router in the headquarters. The Remote Gateway of the remote Router should be set to the IP address of the Router in the headquarters. After the IPsec VPN tunnel of the two peers is est ablished successfully , y ou ca[...]

-135-  L2TP/PPTP T unnel Choose the menu VPN → L2TP/PPTP → L2TP/PPTP T unnel to load the following page. Check the box of Enable VPN-to-Internet to allow the PPTP clients to access the local enterprise network and the Internet. Then continue with the following settings for the PPTP T unnel. Settings: L2TP/PPTP: Enable Protocol: PPTP Mode: Se[...]

-136- 4.3.3 Network Management T o manage the enterprise network ef fectively and forbid the Host s within the IP range of 192.168.0.30-192.168.0.50 to use IM/P2P application, you can set up a User Group and specify the network bandwidth limit and session limit for this group. The det ailed configu r ations are as follows. 4.3.3.1 User Group Create[...]

-137- Choose the menu User Group → User to load the configuration page. Click the <Batch> button to enter the batch processing screen. Th en continue with the following settings: Settings: Action: Add S tart IP Address: 192.168.0.30 End IP Address: 192.168.0.50 Prefix Username: User S tart No.: 1 S tep: 1 Click the OK button to add the User[...]

-138- Application: Click the <Application List> button and select the applications desired to be blocked on the popup window . S tatus: Activate Figure 4-1 1 App Rules 4.3.3.3 Bandwid th Control T o enable Bandwidth Control, you s hould configure the total bandwid th of interfaces and the detailed bandwidth control rule first. 1) Enable Bandw[...]

-139- Figure 4-12 Bandwidth Setup 2) Interface Bandw id th Choose the menu Network → WA N → WA N 1 to load the configurat ion page. Configure the Upstream Bandwidth and Do w nstream Bandwidth of the interface as Figur e 4-13 shows. The entered bandwidth value should be c onsistent with the ac tual bandwidth value. 3) Bandwidth Control Rule Choo[...]

-140- Figure 4-14 Bandwidth Control Rule 4.3.3.4 Session Limit Choose the menu Advanced → Session Limit → Session Limit to load the confi guration page. Check the box before Enable Session Limit and click the <Save> button to apply . Then continue with the following settings: Settings: Group: group1 Max. Sessions: 250 S tatus: Activate Cl[...]

-141- 4.3.4.1 LAN ARP Defense Y ou can configure IP-MAC Binding manually or b y ARP Scanning. For the first time configuration, please bind most of the ARP information by AR P Scanning. For some spec ial items not bound, you can bind them manually . 1) Scan and import the entries to ARP List S pecify ARP Scanning ra nge. Choose the menu Firewall ?[...]

-142- Choose the menu Firewall → Anti ARP Spoofin g → IP-MAC Binding to load the configuration page. T o add the host with IP address of 192.168.1.20 a nd MAC address of 00-1 1-22-33-44-aa to the list, you can follow the settings below: Settings: IP Address: 192.168.0.20 MAC Address: 00-1 1-22-33- 44-aa S tatus: Activate Click the <Add> b[...]

-143- 4.3.4.3 Att ack Def ense Choose the menu Firewall → Att ack Defense → Att ack De fense to load the configuration p age. Select the options desired to be enabled as Figure 4-20 shows, and then click the <Save> button. Figure 4-20 Attack Defense 4.3.4.4 T raffic Monitoring 1) Port Mirror Choose the menu Network → Sw itch → Port Mi[...]

-144- Figure 4-21 Port Mirror 2) St atistics Choose the menu Maintenance → St atistics to load the page. Load the Interface T raffic St atistics page to view the traffic st atistics of each physical interface of the Router as Figure 4-22 shows. Figure 4-22 Interface T raffic S tatistics Load the IP T raffic St atistics page, and Check the box bef[...]

-145- Figure 4-23 IP Traf fic S tatistics After all the above step s, the enterpris e network will be operated based on planning.[...]

-146- Chapter 5 CLI TL-ER6020 provides a Console po rt for CLI (Comm and Line Interface) confi guration, which enables you to configure the Router by accessing the CLI from c onsole (such as Hyper T ermi nal) or T elnet. The following part will introduce the step s to a ccess CLI via Hyper T erminal and some common CLI commands. 5.1 Configuration T[...]

-147- Figure 5-2 Connection Description 4. Select the port (The default port is COM1) to connect in Figure 5 -3 , and click OK . Figure 5-3 Select the port to connect 5. Configure the port selected in the ste p above as the following Figure 5-4 shows. Configure Bit s per second as 1 15200, Data bit s as 8, Parity as None, Stop bit s as 1, Flow cont[...]

-148- Figure 5-4 Port Settings 6. Choose File → Properties → Settings on the Hyp er T erminal window as Figure 5-5 shows, then choose VT100 or Auto detect for Emulation and click OK . Figure 5-5 Connection Properties Settings[...]

-149- 7. The DOS prompting “TP-LINK>” will appea r after pressing the Enter button in the Hyper T erminal window as Figure 5-6 shows. Figure 5-6 Log in the Router 5.2 Interface Mode The CLI of TL-ER6020 offers two command mode s: User EXEC Mode and Privileged EXEC Mode. User EXEC Mode only allows users to do some si mple operations such as v[...]

-150- Mode Accessing Path Prompt Logout or Access the next mode User EXEC Mode Primary mode once it is connected with the Router . TP-LINK > Use the exit command to disconnect the Router (except t hat the Router is connected through the Console port). Use the enable command to access Privileged EXEC mode. Privileged EXEC Mode Use the enable comm[...]

-151- enable - Enter the privileged mode exit - Exit the CLI (only for telnet) history - Show command history ip - Display or Set the IP configuration ip-mac - Display or Set the IP mac bind configuration sys - System manager user - User configuration 2) T ype a command an d a question mark separated by space. If there are keywords in this command,[...]

-152- 5.4 Command Introduction TL-ER6020 provides a number of CLI commands for users to manage the Router and user information. For better understanding, each command is followed by note which is the meaning of the command. 5.4.1 ip The ip command is used to view or configure the IP address and subnet mask of the interfaces. V iew command can be us[...]

-153- 5.4.3 sys The sys command is used for system management, incl uding Backup and Restore, Factory Default, Reboot, Firmware Upgrade and so on. TP-LINK # sys reboot This command will reboot system, Continue?[Y/N] Reboot the system. Y me ans YES, N means NO. TP-LINK # sys restore This command will restore system, Continue?[Y/N] Restore to factory[...]

-154- ● Pay special attention t hat the specified a ccount must be with approp riate permissions since the functions such as export, import and firmwa re upgrade require read-wri te operation on FTP server . TP-LINK # sys import config Server address: [192.168.1.101] Username: [admin] Password: [admin] File name: [config.bin] Import the configura[...]

-155- TP-LINK > user get Username: admin Password: admin Query the user name and password of the current Guest. TP-LINK > user set password Enter old password: Enter new password: Confirm new password: Modify the password of the Guest. TP-LINK # user get Username: admin Password: admin Query the user name and password of the Administrator . T[...]

-156- TP-LINK > history 1. history 2. sys show 3. history View the history command. TP-LINK > history clear 1. history 2. sys show 3. history 4. history clear Clear the history command. 5.4.6 exit The exit command is used to exit the syst em when logging in by T elnet. TP-LINK > exit Exit CLI.[...]

-157- Appendix A Hardware Specifications St andards IEEE 802.3, IEEE 802.3u, IEEE 802.3ab, IEEE 802.3x, TCP/ IP , DHCP , ICMP , NA T 、 PPPoE, SNTP , HTTP , DNS, L2TP , PPTP , IPsec T wo 10/100/1000M Auto-Negotiation W AN RJ45 port (Auto MDI/MDIX) T wo 10/100/1000M Auto-Negotiation LA N RJ45 ports (Auto MDI/MDIX) One 10/100/1000M Auto-Negotiation [...]

-158- Appendix B F AQ Q1. What can I do if I cannot access the w eb-based configuration p age? 1. For the first login, pl ease try the following steps: 1) Make sure the cable is well connected to t he LAN port of the Router . The corresponding LE D should flash or be solid light. 2) Make sure the IP address of your PC is set in the same subnet addr[...]

-159- Q3: What can I do if the Router with the re mote management function enabled cannot be accessed by the remote computer? 1. Make sure that the IP address of the remote com puter is in the subnet allowed to remotely access the router . 2. If the router ’s management por t has been modified, please log in to the Router with the new address, su[...]

-160- Appendix C Glossary Glossary Description DSL (Digital Subscriber Line) A technology that allows data to b e sent or received over existing traditional phone lines. ALG （ Application Layer Gateway ） Application Level Gateway (A LG) is application specifi c translation agent that allows an application on a host in one address realm to conne[...]

-161- Glossary Description H.323 H.323 allows dissimilar communica tion devices to communicate with each other by using a standardized communication protocol. H.323 defines a comm on set of CODECs, call setup and negotiating procedures, and basic data transport methods. H HTTP （ Hypertext Transfer Protocol ） The protocol used by Web browsers an[...]

-162- Glossary Description MAC address （ Media Access Control address ） S tandardized data link layer address that is required for every port or device that connects to a LAN. Other devices in th e network use these addresses to lo cate specific ports in the network and to create and update routing tables and data structures. MAC addresses are [...]

-163- Glossary Description T elnet （ T elecommunication Network protocol ） T elnet is used for remote terminal connection, ena bling users to log in to remote systems and us e resources as if they we re connected to a local system. UDP （ User Datagram Protocol ） UDP is a simple protocol that exchanges datagram without acknowledgments or gua[...]