manualshive.com logo in svg

TP-Link TL-ER604W, Руководство пользователя


Поделиться
Скачать
background image

 

 

 

TL-ER604W 

 

Wireless N Gigabit Broadband VPN Router 

Rev1.0.1 

1910010844 

Содержание TL-ER604W

Страница 1: ...TL ER604W Wireless N Gigabit Broadband VPN Router Rev1 0 1 1910010844...

Страница 2: ...cial environment This equipment generates uses and can radiate radio frequency energy and if not installed and used in accordance with the instruction manual may cause harmful interference to radio co...

Страница 3: ...f the Router 3 2 2 Features 4 2 3 Appearance 6 2 3 1 Front Panel 6 2 3 2 Rear Panel 7 Chapter 3 Configuration 8 3 1 Network 8 3 1 1 Status 8 3 1 2 System Mode 8 3 1 3 WAN 10 3 1 4 LAN 27 3 1 5 MAC Add...

Страница 4: ...Defense 80 3 5 3 MAC Filtering 82 3 5 4 Access Control 82 3 5 5 App Control 88 3 6 VPN 89 3 6 1 IKE 90 3 6 2 IPsec 94 3 6 3 L2TP PPTP 100 3 7 Services 104 3 7 1 PPPoE Server 104 3 7 2 E Bulletin 109...

Страница 5: ...rk Requirements 130 4 2 Network Topology 131 4 3 Configurations 131 4 3 1 Internet Setting 131 4 3 2 VPN Setting 133 4 3 3 Network Management 139 4 3 4 Network Security 143 Appendix A Hardware Specifi...

Страница 6: ...n your package One TL ER604W Router One Power Adapter One RJ45 Ethernet Cable Quick Installation Guide Resource CD Note Make sure that the package contains the above items If any of the listed items i...

Страница 7: ...item Font indicate a button Symbols in this Guide Symbol Description Note Ignoring this type of note might result in a malfunction or damage to the device Tips This format indicates important informat...

Страница 8: ...Supporting Guest Networking feature which provides a secure network for guests outside of the existing potentially sensitive LAN Hardware Wi Fi On Off button provides an easy way to turn wireless rad...

Страница 9: ...work Easy to use Providing easy to use GUI with clear configuration steps and detailed help information for the users to configure the Router simply Helping administrators to monitor the whole network...

Страница 10: ...PA PSK WPA2 PSK Encryption Supports WDS Multi SSID Guest Network VPN Supports IPsec VPN and provides up to 30 IPsec VPN tunnels Supports IPSec VPN in LAN to LAN or Client to LAN Provides DES 3DES AES1...

Страница 11: ...linked to the corresponding port but no activity Green light indicates the linked device is running at 1000Mbps and yellow indicates the linked device is running at 10 100Mbps Off There is no device...

Страница 12: ...Press this button to enable or disable WI FI 2 3 2 Rear Panel The rear panel of TL ER604W is shown as the following figure Figure 2 2 Rear Panel Antenna The router provides two external detachable ant...

Страница 13: ...ation related to this Router Choose the menu Network Status to load the following page Figure 3 1 Status 3 1 2 System Mode The TL ER604W Router can work in three modes NAT Non NAT and Classic If your...

Страница 14: ...3 3 shown and forwards the packets between these two networks by the Routing rules you can set it to Non NAT mode Figure 3 3 Network Topology Non NAT Mode If your Router is connected in a combined ne...

Страница 15: ...source IP address will be dropped Non NAT Mode In this mode the Router functions as the traditional Gateway and forwards the packets via routing protocol The Hosts in different subnets can communicate...

Страница 16: ...PPPoE L2TP Russian L2TP PPTP Russian PPTP and BigPond To configure the WAN please first select the type of Internet connection provided by your ISP Internet Service Provider Tips It s allowed to set...

Страница 17: ...Maximum Transmission Unit is the maximum data unit transmitted by the physical network It can be set in the range of 576 1500 The default MTU is 1500 It is recommended to keep the default value if no...

Страница 18: ...displayed on this screen Dynamic IP Connection Type Select Dynamic IP if your ISP assigns the IP address automatically Click Obtain to get the IP address from your ISP s server Click Release to relea...

Страница 19: ...ream Bandwidth Specify the bandwidth for transmitting packets on the port Downstream Bandwidth Specify the bandwidth for receiving packets on the port Dynamic IP Status Status Displays the status of o...

Страница 20: ...ess of your ISP s Primary DNS Secondary DNS Displays the IP address of your ISP s Secondary DNS 3 PPPoE If your ISP Internet Service Provider has provided the account information for the PPPoE connect...

Страница 21: ...dial up connection charged on time Always on Select this option to keep the connection always on The connection can be re established automatically when it is down Time based Select this option to ke...

Страница 22: ...tatic IP IP Address If Static IP is selected configure the IP address of WAN port If Dynamic IP is selected the obtained IP address of WAN port is displayed Subnet Address If Static IP is selected con...

Страница 23: ...t and your network is connected well Consult your ISP if this problem remains IP Address Displays the IP address assigned by your ISP Gateway Address Displays the Gateway Address assigned by your ISP...

Страница 24: ...ick Connect to dial up to the Internet and obtain the IP address Click Disconnect to disconnect the Internet connection and release the current IP address Account Name Enter the Account Name provided...

Страница 25: ...ndary connection Dynamic IP and Static IP connection types are provided Connection Type Select the secondary connection type Options include Disable Dynamic IP and Static IP IP Address If Static IP is...

Страница 26: ...ion has been manually terminated or the request of the Router has no response from your ISP Please ensure that your settings are correct and your network is connected well Consult your ISP if this pro...

Страница 27: ...ick Connect to dial up to the Internet and obtain the IP address Click Disconnect to disconnect the Internet connection and release the current IP address Account Name Enter the Account Name provided...

Страница 28: ...dary connection Dynamic IP and Static IP connection types are provided Connection Type Select the secondary connection type Options include Disable Dynamic IP and Static IP IP Address If Static IP is...

Страница 29: ...as been manually terminated or the request of the Router has no response from your ISP Please ensure that your settings are correct and your network is connected well Consult your ISP if this problem...

Страница 30: ...Internet connection and release the current IP address Account Name Enter the Account Name provided by your ISP If you are not clear please consult your ISP Password Enter the Password provided by you...

Страница 31: ...Balance and Bandwidth Control take effect please set these parameters correctly BigPond Status Status Displays the status of BigPond connection Disabled indicates that the BigPond connection type is n...

Страница 32: ...n LAN can access the Router via this IP address It can be changed according to your network Subnet Mask Enter the Subnet Mask The default subnet mask is 255 255 255 0 Note If the LAN IP address is cha...

Страница 33: ...P address to define a range for the DHCP server to assign dynamic IP addresses This address should be in the same IP address subnet with the Router s LAN IP address The default address is 192 168 0 25...

Страница 34: ...HCP Reservation DHCP Reservation feature allows you to reserve an IP address for the specified MAC address The client with this MAC address will always get the same IP address every time when it acces...

Страница 35: ...work does not need to be changed commonly Set the MAC Address for LAN port In a complex network topology with all the ARP bound devices if you want to use TL ER604W instead of the current router in a...

Страница 36: ...to apply Note To avoid a conflict of MAC address on the local area network it s not allowed to set the MAC address of the Router s LAN port to the MAC address of the current management PC 3 1 6 Switch...

Страница 37: ...rame length The maximum untagged frame this Router can support is 1518 bytes long and the maximum tagged frame is 1522 bytes long Oversize Displays the number of the received packets including error f...

Страница 38: ...de is selected only the outgoing packets sent by the mirrored port will be copied to the mirroring port Ingress Egress When this mode is selected both the incoming and outgoing packets through the mir...

Страница 39: ...2 Select Port 3 to be the Mirroring Port to monitor all the packets of the other ports 3 Select all the other ports to be the Mirrored Ports 4 Click the Save button to apply 3 1 6 3 Rate Control On th...

Страница 40: ...s packets will not exceed 1Mbps and the transmitting rate for all the egress packets will not exceed 1Mbps 6 4 Port Config On this page you can configure the basic parameters for the ports Choose the...

Страница 41: ...e the network security By creating VLANs in a physical LAN you can divide the LAN into multiple logical LANs each of which has a broadcast domain of its own Hosts in the same VLAN communicate with one...

Страница 42: ...ting 3 2 1 1 Wireless Setting On this page you can configure the basic parameters of the wireless network Choose the menu Wireless Wireless Setting Wireless Setting to load the following page Figure 3...

Страница 43: ...ts are 802 11b 11g only Select if all of your wireless clients are 802 11g 11n only Select only if all of your wireless clients are 802 11n 11bg mixed Select if you are using both 802 11b and 802 11g...

Страница 44: ...ast its name SSID on the air AP Isolation Enable or disable the AP Isolation This function can isolate wireless stations on your network from each other Wireless devices will be able to communicate wi...

Страница 45: ...wireless networking standard AES AES is a specification for the encryption of electronic data established by the U S National Institute of Standards and Technology Password Enter ASCII characters betw...

Страница 46: ...nal Institute of Standards and Technology Radius Server IP Enter the IP address of the Radius server Radius Port Enter the port number of the Radius server Radius Password Enter the password for the R...

Страница 47: ...0 9 a f A F zero key is not promoted or 5 ASCII characters 128 bit You can enter 26 hexadecimal digits any combination of 0 9 a f A F zero key is not promoted or 13 ASCII characters 152 bit You can e...

Страница 48: ...D You can establish multiple wireless networks if Multi SSID is enabled SSID Insulation Enable or disable the SSID Insulation If enabled the hosts accessing to the different SSID cannot be communicate...

Страница 49: ...ble the Guest Network If the Guest Network is enabled the hosts in this network cannot communicate with the LAN port or other SSIDs AP Isolation This function can isolate wireless stations on your net...

Страница 50: ...ectronic data established by the U S National Institute of Standards and Technology Password Enter ASCII characters between 8 and 63 characters or 8 to 64 Hexadecimal characters Group Key Update Perio...

Страница 51: ...port number of the Radius server Radius Password Enter the password for the Radius server Group Key Update Period Specify the group key update interval in seconds The value should be 30 or above Ente...

Страница 52: ...16 ASCII characters Tips The parameters of the host which desires to connect to the router must be the same as the parameter configured here The WEP Auth type is not supported by 802 11n mode The TKI...

Страница 53: ...search function to select the SSID to join BSSID to be bridged The BSSID of the AP your Router is going to connect to as a client You can also use the search function to select the BSSID to join Key T...

Страница 54: ...dvanced to load the following page Figure 3 27 Wireless Advanced General WMM WMM function can guarantee the packets with high priority messages being transmitted preferentially It is strongly recommen...

Страница 55: ...result in poor network performance since excessive packets 2346 is the default setting and is recommended DTIM Interval This value determines the interval of the Delivery Traffic Indication Message D...

Страница 56: ...select one filtering rule according to need Click Save button to apply the setting Filtering Rules MAC Address Enter the MAC Address of the host to be filtered Description Enter a description for the...

Страница 57: ...Transmitted Packets Displays the total packets transmitted by the host Bytes Tx Displays the total bytes transmitted by the host Bytes Rx Displays the total bytes received by the host Rate Tx Display...

Страница 58: ...iew the information of the Groups and edit them by the Action buttons 3 3 2 User On this page you can configure the User for the group Choose the menu User Group User to load the following page Figure...

Страница 59: ...r View or Group View Choose the menu User Group View to load the following page Figure 3 32 View Configuration The following items are displayed on this screen View Config View Select the desired view...

Страница 60: ...sing private IP addresses With the explosion of the Internet the number of available IP addresses is not enough NAT provides a way to allow multiple private hosts to access the public network with one...

Страница 61: ...igure the One to One NAT Choose the menu Advanced NAT One to One NAT to load the following page Figure 3 34 One to One NAT The following items are displayed on this screen One to One NAT Mapping IP Ad...

Страница 62: ...Type of WAN is Static IP Changing the Connection type from Static IP to other ones will make the entries attached to the interface disabled 3 4 1 3 Multi Nets NAT Multi Nets NAT function allows the I...

Страница 63: ...corresponding Static Route entries For detailed setting of subnet mask please refer to the Appendix BFAQ Application Example Network Requirements The LAN subnet of TL ER604W is 192 168 0 0 24 the sub...

Страница 64: ...dvanced Routing Static Route to load the following page The Static Route entry is as follows 3 4 1 4 Virtual Server Virtual server sets up public services in your private network such as DNS Email and...

Страница 65: ...rt range will be redirected to the specified server in local network Internal Port Specify the service port of the LAN host as virtual server Protocol Specify the protocol used for the entry Internal...

Страница 66: ...used for those applications requiring multiple connections When an application initiates a connection to the trigger port all the ports corresponding to the incoming port will open for follow up conn...

Страница 67: ...ping between the ports is not allowed Each entry supports at most 5 groups of incoming ports and the sum of incoming ports you set for each entry should not be more than 100 List of Rules In this tabl...

Страница 68: ...lt setting if no special requirement IPsec ALG Enable or disable IPsec ALG The default setting is enabled It is recommended to keep default if no special requirement PPTP ALG Enable or disable PPTP AL...

Страница 69: ...t enabled WAN port s The Total bandwidth is equal to the sum of bandwidth of the enabled WAN ports Upstream Bandwidth Displays the bandwidth of each WAN port for transmitting data The Upstream Bandwid...

Страница 70: ...ans all WAN ports through which the data flow might pass Individual WAN port cannot be selected if WAN ALL rules are added Group Select the group to define the controlled users Mode Individual The ban...

Страница 71: ...y Note The premise for single rule taking effect is that the bandwidth of the interface for this rule is sufficient and not used up It is impossible to satisfy all the guaranteed bandwidth if the tota...

Страница 72: ...Description Give a description for the entry Status Activate or inactivate the entry List of Session Limit You can view the information of the entries and edit them by the Action buttons The first en...

Страница 73: ...rd the WAN port they pass through And then the packets with the same source IP address and destination IP address or destination port will be forwarded to the recorded WAN port This feature is to ensu...

Страница 74: ...range for the entry 0 0 0 0 0 0 0 0 means any IP is acceptable Source Port Enter the source Port range for the entry which is effective only when the protocol is TCP UDP or TCP UDP The default value...

Страница 75: ...ion the Router will switch all the new sessions from dropped line automatically to another to keep an always on line network On this page you can configure the Link Backup function based on actual nee...

Страница 76: ...ecified time period When the start time you enter is not earlier than the end time the default effective time is from the start time of the day to the end time of the next day Status Activate or inact...

Страница 77: ...not be configured 3 4 5 Routing 3 4 5 1 Static Route Routing is the process of selecting optimized paths in a network along which to send network traffic Static Route is a kind of special routing conf...

Страница 78: ...le Metric Defines the priority of the route The smaller the value is the higher the priority is The default value is 0 It is recommended to keep the default value Description Give a description for th...

Страница 79: ...istance vector algorithm to select the optimal path With features of easy configuration management and implementation it is widely used in small and medium sized networks such as the campus network Th...

Страница 80: ...icast and broadcast Password Authentication If RIPv2 is enabled set the Password Authentication according to the actual network situation and the password should not be more than 15 characters All Int...

Страница 81: ...rt is Static IP 3 4 5 3 Route Table This page displays the information of the system route table Choose the menu Advanced Routing Route Table to load the following page Figure 3 49 RIP The following i...

Страница 82: ...he Hosts and Gateways are trusted there are high security risks during ARP Implementation Procedure in the actual complex network The attacker may send the ARP spoofing packets with false IP address t...

Страница 83: ...C Address Enter the MAC Address corresponding to the IP Address Description Give a description for the entry Status Activate or inactivate the entry List of Rules You can view the information of the e...

Страница 84: ...tion Indicates that this entry is imported to the list on IP MAC Binding page but not effective yet Indicates that the IP and MAC address of this entry are already bound To bind the entries in the lis...

Страница 85: ...tically removed from the list if it has not been communicated with others for a long time This period is regarded as the aging time of the ARP information 3 5 2 Attack Defense With Attack Defense func...

Страница 86: ...ICMP and so on It is recommended to select all the Flood Defense options and specify the corresponding thresholds Keep the default settings if you are not sure Packet Anomaly Defense Packet Anomaly re...

Страница 87: ...ltering mode according to actual situation MAC Filtering MAC Address Enter the MAC Address to be filtered Description Give a description for the entry List of Rules You can view the information of the...

Страница 88: ...ich the URL Filtering takes effect ANY URL Filtering will take effect to all the users Group URL Filtering will take effect to all the users in group Mode Select the mode for URL Filtering Keyword ind...

Страница 89: ...com as the following figure shows and then click the Add button to make the setting take effect 3 5 4 2 Web Filtering On this page you can filter the desired web components Choose the menu Firewall Ac...

Страница 90: ...Only the service belonging to the specified service type is limited by the entry For example if you select Block for Policy and only FTP for Service the packets of other service types can still pass t...

Страница 91: ...nd edit them by the Action buttons The smaller the value is the higher the priority is The first entry in Figure 3 57 indicates The TELNET packets transmitted from the hosts within the network of 192...

Страница 92: ...in the drop down list of Protocol on Access Rule page Protocol Select the protocol for the service The system predefined protocols include TCP UDP and TCP UDP Dest Port Enter the start and end ports...

Страница 93: ...The specified application used by the specified local users will be not allowed to access the Internet if the Application Control entry is enabled Control Rules Object Specify the object for the entr...

Страница 94: ...o 3 3 1 Group 3 5 5 2 Database On this page you can upgrade the application database Choose the menu Firewall App Control Database to load the following page Figure 3 60 Database The database refers t...

Страница 95: ...ion both known Therefore the two peers need to negotiate a security key for communication with IKE Internet Key Exchange protocols Actually IKE is a hybrid protocol based on three underlying security...

Страница 96: ...he remote VPN peer uses the same mode Main Main mode provides identity protection and exchanges more information which applies to the scenarios with higher requirement for identity protection Aggressi...

Страница 97: ...otiation phase 1 Up to four proposals can be selected Pre shared Key Enter the Pre shared Key for IKE authentication and ensure both the two peers use the same key The key should consist of visible ch...

Страница 98: ...s a message less than 2 64 the 64th power of 2 in bits and generates a 160 bit message digest Encryption Specify the encryption algorithm for IKE negotiation Options include DES DES Data Encryption St...

Страница 99: ...tocols for checking the integrity of the transmission data and exchange the key to data de encryption IPsec has two important security protocols AH Authentication Header and ESP Encapsulating Security...

Страница 100: ...o the IPsec policy Up to 28 characters can be entered Mode Select the network mode for IPsec policy Options include LAN to LAN Select this option when the client is a network Client to LAN Select this...

Страница 101: ...IKE Mode IKE Policy It is available when IKE is selected as the negotiation mode Specify the IKE policy If there is no policy selection add new policy on VPN IKE IKE Policy page IPsec Proposal Select...

Страница 102: ...und ESP authentication key at the other end of the tunnel and vice versa ESP Encryption Key In Specify the inbound ESP Encryption Key manually if ESP protocol is used in the corresponding IPsec Propos...

Страница 103: ...he local subnet is 192 168 0 0 24 the remote subnet is 192 168 3 0 24 and this tunnel is using IKE automatic negotiation It is enabled Tips 0 0 0 0 0 32 indicates all IP addresses Refer to Appendix Tr...

Страница 104: ...cation Select the algorithm used to verify the integrity of the data for ESP authentication Options include MD5 MD5 Message Digest Algorithm takes a message of arbitrary length and generates a 128 bit...

Страница 105: ...tunnel after IPsec tunnel is successfully established The ingoing SPI value and outgoing SPI value are different However the Incoming SPI value must match the Outgoing SPI value at the other end of t...

Страница 106: ...If enabled the VPN client is permitted to access the LAN of the server and Internet Hello Interval Specify the interval to send hello packets L2TP PPTP Tunnel Protocol Select the protocol for VPN tunn...

Страница 107: ...e L2TP PPTP Server Enter the IP address of L2TP PPTP server It s always the WAN IP address of the remote peer of L2TP PPTP tunnel This item is available for Client mode Encryption Specify whether to e...

Страница 108: ...Pool Choose the menu VPN L2TP PPTP IP Address Pool to load the following page Figure 3 68 IP Address Pool The following items are displayed on this screen IP Address Pool Pool Name Specify a unique na...

Страница 109: ...a session ID are created In a Router the ID values of different tunnels are different A tunnel can create different ID values when it is reconnected 3 7 Services 3 7 1 PPPoE Server The Router can be c...

Страница 110: ...condary DNS server address The default is 0 0 0 0 Max Sessions Specify the maximum number of the sessions for PPPoE server The default is 256 Max Echo Requests Specify the maximum number of Echo Reque...

Страница 111: ...cryption algorithm of CHAP MS CHAP v2 with a higher security is an improved version of MS CHAP Radius Server It is available when Remote Authentication is selected RADIUS Remote Authentication Dial In...

Страница 112: ...rver Account to load the following page Figure 3 72 Account The following items are displayed on this screen Account Account Name Enter the account name This name should not be the same with the one i...

Страница 113: ...utomatical Select this option to bind the account to the MAC address of its first login automatically Only from the Host with this MAC address can the account log on to the server MAC Address It is av...

Страница 114: ...entry List of Account In this table you can view the information of Exceptional IPs and edit them by the Action buttons 3 7 1 5 List of Account On this page you can view the detailed information of a...

Страница 115: ...ems are displayed on this screen General Enable E Bulletin Specify whether to enable electronic bulletin function Interval Specify the interval to release the bulletin Enable Logs Specify whether to l...

Страница 116: ...d to the Group1 from 8am to 20pm on Thursday and Friday every a bulletin interval the interval in the figure is 30 min This entry is enabled Tips For the configuration for groups and users please refe...

Страница 117: ...O IP DDNS client and Comexe DDNS client The Dynamic DNS can be implemented on DynDNS DDNS No IP DDNS Peanuthull DDNS and Comexe DDNS pages On this page you can configure DynDNS client Choose the menu...

Страница 118: ...his table you can view the existing DDNS entries or edit them by the Action button On this page you can configure NO IP DDNS client Choose the menu Services Dynamic DNS No IP to load the following pag...

Страница 119: ...incorrect Please check and enter it again List of No IP Account In this table you can view the existing DDNS entries or edit them by the Action button 3 3 PeanutHull On this page you can configure Pea...

Страница 120: ...cting client is connecting to the server Online DDNS works normally Authorization fails The Account Name or Password is incorrect Please check and enter it again Domain Name Displays the domain names...

Страница 121: ...Up to 5 domain names can be displayed here List of Comexe Account In this table you can view the existing DDNS entries or edit them by the Action button 3 7 4 UPnP Devices based on UPnP Universal Plug...

Страница 122: ...ort in the Router will be forwarded to port 12856 in 192 168 0 101 server in LAN Note When using UPnP function make sure the UPnP is enabled for the Router and the operating system and applications in...

Страница 123: ...assword for confirmation Note The factory default password and user name are both admin You should enter the new user name and password when next login if the current username and password has been ch...

Страница 124: ...imeout of inactivity Note The default Web Management Port is 80 If the port is changed you should type in the new address such as http 192 168 0 1 XX XX is the new management port number E g If the We...

Страница 125: ...quirements Allow the IP address within 210 10 10 0 24 segment to manage the Router with IP address of 210 10 10 50 remotely Configuration Procedure Type 210 10 10 0 24 in the Subnet Mask field on Remo...

Страница 126: ...utton to save the current configuration as a file to your computer You are suggested to take this measure before upgrading or modifying the configuration Import Click the Browse button to locate the u...

Страница 127: ...e the Router is to get more functions and better performance Go to http www tp link com to download the updated firmware Type the path and file name of the update file into the File field Or click the...

Страница 128: ...information of WAN ports Choose the menu Maintenance Statistics Interface Traffic Statistics to load the following page Figure 3 89 Interface Traffic Statistics The following items are displayed on t...

Страница 129: ...y WAN port Abnormal IP Packets Rx Displays the rate for transmitting data frames 4 2 IP Traffic Statistics IP Traffic Statistics screen displays the detailed traffic information of each PC on LAN Choo...

Страница 130: ...ailed traffic information of corresponding PCs Sorted by Select the rule for displaying the traffic information 3 8 5 Diagnostics 3 8 5 1 Diagnostics This Router provides Ping test and Tracert test fu...

Страница 131: ...fter clicking the Start button the Router will send Tracert packets to test the connectivity of the gateways during the journey from the source to destination of the test data and the results will be...

Страница 132: ...nter the IP address of DNS server in Manual mode 0 0 0 0 means DNS Lookup is disabled List of WAN status Port Displays the detected WAN port Detection Displays whether the Online Detection is enabled...

Страница 133: ...TP Server Enter the IP Address for the NTP Server Manual With this option selected you can set the date and time manually Synchronize with PC S Clock With this option selected the administrator PC s c...

Страница 134: ...to display the log information with the same level Send System Logs Select Send System Logs and specify the server IP then the new added logs will be sent to the specified server The Logs of switch ar...

Страница 135: ...but maintained one dedicated line as the backup line and has applied a high bandwidth Fiber Access as the main line Remote Access It s required to build an effective and safe communication among the h...

Страница 136: ...ase letters Then click the Login button to log into the Router Tips If the LAN IP address is changed you must use the new IP address to log into the Router 4 3 1 Internet Setting You can connect the F...

Страница 137: ...ream Downstream Bandwidth of WAN port you set must not be more than the bandwidth provided by ISP Otherwise the Traffic Control will be invalid Then click the Save button to apply The configuration me...

Страница 138: ...IPsec settings of the Router in the headquarters for example Moreover you can configure the PPTP VPN Server to establish a remote mobile office which enables the staff on business to access the FTP se...

Страница 139: ...Policy Choose the menu VPN IKE IKE Policy to load the configuration page Settings Policy Name IKE_1 Exchange Mode Main IKE Proposal proposal_IKE_1 you just created Pre shared Key aabbccddee SA Lifetim...

Страница 140: ...n the headquarters 2 IPsec Setting To configure the IPsec function you should create an IPsec Proposal firstly IPsec Proposal Choose the menu VPN IPsec IPsec Proposal to load the following page Settin...

Страница 141: ...cy Name IPsec_1 Status Activate Mode LAN to LAN Local Subnet 192 168 0 0 24 Remote Subnet 172 31 10 0 24 WAN WAN1 Remote Gateway 116 31 85 133 Exchange Mode IKE IKE Policy IKE_1 IPsec Proposal proposa...

Страница 142: ...ss of the Router in the headquarters After the IPsec VPN tunnel of the two peers is established successfully you can view the connection information on the VPN IPsec IPsec SA page Figure 4 8 List of I...

Страница 143: ...nternet to allow the PPTP clients to access the local enterprise network and the Internet Then continue with the following settings for the PPTP Tunnel Settings L2TP PPTP Enable Protocol PPTP Mode Ser...

Страница 144: ...s are as follows 4 3 3 1 User Group Create a User Group with all the Hosts in the IP range of 192 168 0 30 192 168 0 50 as its group members Group Choose the menu User Group Group to load the followin...

Страница 145: ...the Users you just created into the Group 1 and click the Save button to apply 4 3 3 2 App Control Choose the menu Firewall App Control Control Rules to load the configuration page Check the box befo...

Страница 146: ...nced Traffic Control Setup to load the configuration page Check the box before Enable Bandwidth Control and click the Save button to apply Figure 4 12 Bandwidth Setup 2 Interface Bandwidth Choose the...

Страница 147: ...ited Bandwidth Up Down 800 Effective Time Keep the default value Status Activate Click the Add button to apply Figure 4 14 Bandwidth Control Rule 4 3 3 4 Session Limit Choose the menu Advanced Session...

Страница 148: ...etwork 4 3 4 1 LAN ARP Defense You can configure IP MAC Binding manually or by ARP Scanning For the first time configuration please bind most of the ARP information by ARP Scanning For some special it...

Страница 149: ...168 1 20 and MAC address of 00 11 22 33 44 aa to the list you can follow the settings below Settings IP Address 192 168 0 20 MAC Address 00 11 22 33 44 aa Status Activate Click the Add button to appl...

Страница 150: ...e WAN port will display in the Scanning Result table After obtaining the MAC address of WAN port from Scanning Result table select this entry then click the Import button to finish the binding operati...

Страница 151: ...Port Mirror 2 Statistics Choose the menu Maintenance Statistics to load the page Load the Interface Traffic Statistics page to view the traffic statistics of each physical interface of the Router as F...

Страница 152: ...147 Figure 4 23 IP Traffic Statistics After all the above steps the enterprise network will be operated based on planning...

Страница 153: ...TP maximum 100m 100BASE TX UTP category 5 5e cable maximum 100m EIA TIA 568 100 STP maximum 100m Cabling Type 1000BASE T UTP STP of Category 5 5e 6 or above maximum 100m LEDs PWR SYS WLAN WAN LAN Safe...

Страница 154: ...has been changed by others especially when the Remote Web Management function is enabled You re recommended to restore your Router and reconfigure the management port number and the username as well...

Страница 155: ...ake sure that the NAT DMZ service is disabled Q4 Some functions of the Router need to define the IP address subnet with Subnet Mask What are the common values of the Subnet Mask Subnet Mask is a 32 bi...

Страница 156: ...automatically configure the TCP IP parameters for the all the PCs that are connected to a DHCP server DMZ Demilitarized Zone A Demilitarized Zone allows one local host to be exposed to the Internet fo...

Страница 157: ...col Network layer protocol in the TCP IP stack offering a connectionless Internetwork service IP provides features for addressing type of service specification fragmentation and reassembly and securit...

Страница 158: ...tended to permit a workstation to dynamically access a maildrop on a server host in a useful fashion P PPPoE Point to Point Protocol over Ethernet PPPoE is a network protocol for encapsulating Point t...

Страница 159: ...e access method and the location of an information resource object on the Internet VLAN Virtual Local Area Network Group of devices on one or more LANs that are configured using management software so...

Страница 160: ...ter 3 3 How to configure GreenBow IPsec VPN Client with a TP LINK VPN Router 13 4 How to configure Shrew Soft VPN IPsec Client with TP LINK Router 23 5 How to configure LAN to LAN L2TP PPTP VPN on TP...

Страница 161: ...e Internet The VPN Virtual Private Network technology is developed and used to establish the private network through the public network which can guarantee a secured data exchange VPN adopts the tunne...

Страница 162: ...Psec SA NOTE We use TL ER6120 and TL R600VPN in this example the way to configure IPsec VPN on TL ER6020 TL ER604W is the same as that on TL ER6120 A Connecting the devices together Before setup a VPN...

Страница 163: ...4 Router B s Status page...

Страница 164: ...ER6120 Router A Step 1 On the management webpage click on VPN then IKE Proposal Under IKE Proposal enter Proposal Name whatever you like select Authentication Encryption and DH Group we use MD5 3DES...

Страница 165: ...ype Step 4 Under IKE Proposal 1 we use test1 in this example Enter Pre shared Key and SA Lifetime you want DPD is disabled Step 5 Click on Add Step 6 Click on IPsec on the left menu then IPsec Proposa...

Страница 166: ...r Local Subnet and Remote Subnet Step 9 Select WAN you use and type in Remote Gateway In this example the Remote Gateway is Router B s WAN IP address 218 18 1 208 Step 10 Look for Policy Mode and sele...

Страница 167: ...8 Step 13 Look for PFS we set NONE here under SA Lifetime enter 28800 or the period you want Step 14 Look for Status then select Activate Step 15 Click on Add Step 16 Select Enable then click on Save...

Страница 168: ...r B Step 1 Go to IPsec VPN IKE click on Add New Step 2 Enter Policy Name whatever you like here we use test2 Exchange Mode select Main Step 3 Authentication Algorithm and Encryption Algorithm are the...

Страница 169: ...e make sure that they are the same with Router A Step 6 Click on Save Step 7 Click on IPsec on left side click on Add New Step 8 Enter Policy Name we use ipsec2 in this example Step 9 Enter Local Subn...

Страница 170: ...the same with Router A we use MD5 and 3DES in this example Step 12 IKE Security Policy we use test2 in this example Step 13 Look for PFS we set NONE here under Lifetime enter 28800 or the period you...

Страница 171: ...12...

Страница 172: ...vices html To setup an IPsec VPN tunnel between the GreenBow IPsec VPN Client and the TP LINK VPN Router you need to perform the following steps A Make sure PCs of two sides can access to Internet B C...

Страница 173: ...select Authentication Encryption and DH Group we use MD5 3DES DH2 in this example Step 3 Click on IKE Policy enter Policy Name whatever you like select Exchange Mode in this example we use Main selec...

Страница 174: ...hrough otherwise the VPN tunnel can t be established Step 4 Under IKE Proposal 1 we select 1 in this example Enter Pre shared Key and SA Lifetime you want DPD is disabled Step 5 Click on IPsec on the...

Страница 175: ...Policy Name whatever you like the Mode should be Client to LAN Enter Local Subnet and select WAN port Step 7 Look for Policy Mode and select IKE Under IKE Policy we select 123 which is used Under IPse...

Страница 176: ...der SA Lifetime enter 28800 or the period you want Look for Status then select Activate Step 9 Enable IPsec and then click on Save C Configuring the GreenBow VPN Client Step 1 Right click on VPN Confi...

Страница 177: ...Key should be the same with router s it is 123456 on IKE section the Encryption Authentication and Key Group are the same with router s we use 3DES MD5and DH2 here Step 3 Go to Advanced tab select DN...

Страница 178: ...19 Step 4 Right click on Phase 1 add a new phrase 2...

Страница 179: ...remote LAN address and Subnet mask in the example the IP address is 192 168 0 0 Subnet mask is 255 255 255 0 Encryption and Authentication are the same with routers we use 3DES and MD5 here The Mode s...

Страница 180: ...21 Step 6 Click Save and Apply and then right click on Phrase 2 Tunnel click on Open Tunnel...

Страница 181: ...22 Step 7 If the client connect to the VPN Server successfully you can see IPsec SA on the list...

Страница 182: ...e PCs of two sides can access to Internet B Configuring IPsec VPN settings on TL ER6120 C Configuring the Shrew VPN Client A Make sure PCs of two sides can access to Internet Before setup a VPN tunnel...

Страница 183: ...u like select Authentication Encryption and DH Group we use MD5 3EDS DH2 in this example Click on Add Step 3 Click on IKE Policy enter Policy Name whatever you like we select Aggressive for Exchange M...

Страница 184: ...se the VPN tunnel can t be established Step 4 Under IKE Proposal 1 we select test in this example Enter Pre shared Key and SA Lifetime you want DPD is disabled Click on Add Step 5 Click on IPsec on th...

Страница 185: ...26 Step 6 Click on IPsec Policy enter Policy Name whatever you like the Mode should be Client to LAN Enter Local Subnet and select WAN port...

Страница 186: ...od you want Look for Status then select Activate Step 9 Enable IPsec and then click on Add C Configuring the Shrew VPN Client Step 1 Click on Add Under Host Name or IP Address enter the TL ER6120 s WA...

Страница 187: ...u select Mutual PSK as Authentication Under Identification Type select Fully Qualified Domain Name and enter 321 for FQDN String Step 4 Click on Remote Identity select Fully Qualified Domain Name as I...

Страница 188: ...29 Step 5 Click on Credentials the Pre Shared Key should be the same as the Pre shared Key on the TL ER6120 it s 123456789...

Страница 189: ...lgorithm and Hash Algorithm are the same with TL ER6120 s we use aggressive group 2 3des md5 here Step 7 Click on Phase 2 under the Proposal Parameters the Transform Algorithm HMAC Algorithm are the s...

Страница 190: ...licy don t tick Obtain Topology Automatically or Tunnel All Then click on Add Step 9 Select Include as Type enter the TL ER6120 s LAN Subnet Address and Subnet Mask it s 192 168 1 0 255 255 255 0 Then...

Страница 191: ...32 Step 10 Click on Connect Step 11 Click on Connect Step 12 After Shrew Soft VPN show tunnel enabled as the followings you need ping TL ER6120 LAN IP...

Страница 192: ...33 Step 13 If client connect to the VPN Server successfully you can see IPsec SA on the list...

Страница 193: ...outer B NOTE We give the guide to configure LAN to LAN PPTP VPN in this example the way to configure LAN to LAN L2TP VPN is similar If the TP LINK Router configured as PPTP Server is behind a NAT devi...

Страница 194: ...35 Router B s Status Page...

Страница 195: ...ol enter Pool Name and IP Address Range and then click on Add NOTE IP Address pool must be different range from LAN IP address range Step 2 Go to L2TP PPTP Tunnel look for protocol select PPTP the Mod...

Страница 196: ...d and then click on Save D Configuring a PPTP client on TP LINK Router Step 1 Access Router B s management page go to L2TP PPTP Tunnel look for protocol select PPTP the Mode should beClient Step 2 Ent...

Страница 197: ...Click on Add and then click on Save Step 7 If the PPTP tunnel is established successfully you can check it on List of Tunnel Also PC within the local subnet of Router B can ping Router A s LAN IP 192...

Страница 198: ...C Windows 7 NOTE If the TP LINK Router is behind a NAT device Virtual Server or DMZ should be configured on the NAT device otherwise the VPN tunnel can t be established A Make sure PCs of two sides ca...

Страница 199: ...N L2TP PPTP IP Address Pool enter Pool Name and IP Address Range and then click on Add NOTE IP Address pool must be different range from LAN IP address range Step 3 Look for protocol select PPTP the M...

Страница 200: ...we use client as account name password is 123456 Step 5 Under Tunnel select Client to LAN Step 6 The tunnel supports up to 10 connections we enter 5 in this example Step 7 Under IP Address Pool select...

Страница 201: ...emote PC Windows 7 NOTE For remote PC to connect to PPTP server it can use Windows built in PPTP software or Third party PPTP software Step 1 Click on Start Control Panel Network and Internet Network...

Страница 202: ...43 Choose Connect to a workplace and then click on Next Step 4 Select Use my Internet connection VPN...

Страница 203: ...44 Step 5 Under Internet address field enter router s WAN IP address and then click on Next Step 6 Enter User name and Password and then click on Create...

Страница 204: ...45 Step 7 The VPN connection is created and ready to use click on Close...

Страница 205: ...8 Go to Network and Sharing Center and click on Change adapter settings on the left menu Step 9 Right Click on VPN Connection and select Connect Step 10 Enter User name and Password and then click on...

Страница 206: ...47 Step 11 If the PPTP tunnel is established successfully you can check it on List of Tunnel...

Страница 207: ...ndows 7 NOTE If the TP LINK Router is behind a NAT device Virtual Server or DMZ should be configured on the NAT device otherwise the VPN tunnel can t be established A Make sure PCs of two sides can ac...

Страница 208: ...N L2TP PPTP IP Address Pool enter Pool Name and IP Address Range and then click on Add NOTE IP Address pool must be different range from LAN IP address range Step 3 Look for protocol select L2TP the M...

Страница 209: ...account name password is 1234 Step 5 Under Tunnel select Client to LAN Step 6 The tunnel supports up to 10 connections we enter 10 in this example Step 7 Under Encryption select Enable and then enter...

Страница 210: ...IPsec and then click on Save C Configuring L2TP client on remote PC Windows 7 NOTE For remote PC to connect to L2TP server it can use Windows built in L2TP software or Third party L2TP software Step 1...

Страница 211: ...52 Step 3 Choose Connect to a workplace and then click on Next...

Страница 212: ...53 Step 4 Select Use my Internet connection VPN...

Страница 213: ...54 Step 5 Under Internet address field enter router s WAN IP address and then click on Next Step 6 Enter User name and Password and then click on Create...

Страница 214: ...55 Step 7 The VPN connection is created and ready to use click on Close...

Страница 215: ...Change adapter settings on the left menu Step 9 Right Click on VPN Connection and select Properties On the Security tab Select Layer 2 Tunneling Protocol with IPsec L2TP IPsec under Data encryption s...

Страница 216: ...ep 10 Click on Advanced settings pick Use preshared key for authentication and then enter the key here is 5678 Step 11 Double click on VPN Connection enter User name and Password and then click on Con...

Страница 217: ...58...

Отзывы:

Нет отзывов

Похожие инструкции для TL-ER604W

ABB RELION REF615R Manual preview
RELION REF615R
Бренд: ABB Страницы: 66
Ubiquiti M900 Quick Start Manual preview
M900
Бренд: Ubiquiti Страницы: 24
3Com 486 Getting Started Manual preview
486
Бренд: 3Com Страницы: 20
D-Link DSL-2750U Setup preview
DSL-2750U
Бренд: D-Link Страницы: 14
NEC Univerge SV8100 System Configuration Manual preview
Univerge SV8100
Бренд: NEC Страницы: 44
Canon C50FSi - VB Network Camera Setup Manual preview
C50FSi - VB Network Camera
Бренд: Canon Страницы: 32
D-Link ShareCenter DNS-320L Datasheet preview
ShareCenter DNS-320L
Бренд: D-Link Страницы: 4
ABB i-bus KNX IPR/S 3.5.1 Product Manual preview
i-bus KNX IPR/S 3.5.1
Бренд: ABB Страницы: 44
PACOM Professional Series Quick Manual preview
Professional Series
Бренд: PACOM Страницы: 15
Barracuda Networks Network Quick Start Manual preview
Network
Бренд: Barracuda Networks Страницы: 2
Baracoda All in One Printer Communication Protocol Manual preview
All in One Printer
Бренд: Baracoda Страницы: 42
Canon Vb-C60 - Ptz Network Camera Setup Manual preview
Vb-C60 - Ptz Network Camera
Бренд: Canon Страницы: 30
D-Link PowerLine DHP-W611AV User Manual preview
PowerLine DHP-W611AV
Бренд: D-Link Страницы: 78
D-Link ShareCenter Quattro DNS-345 Datasheet preview
ShareCenter Quattro DNS-345
Бренд: D-Link Страницы: 4
D-Link DNS-722-4 Quick Install Manual preview
DNS-722-4
Бренд: D-Link Страницы: 16
D-Link MYDLINK DNR-322L Datasheet preview
MYDLINK DNR-322L
Бренд: D-Link Страницы: 4
D-Link mydlink DNR-312L Quick Install Manual preview
mydlink DNR-312L
Бренд: D-Link Страницы: 8
D-Link ShareCenter Quattro DNS-345 Quick Install Manual preview
ShareCenter Quattro DNS-345
Бренд: D-Link Страницы: 40

Бренды по названию

0 1 2 3 4 5 6 7 8 9 A B C D E F G H I J K L M N O P Q R S T U V W X Y Z

Популярные бренды

ABB AEG Acer Asus Beko Black & Decker Bosch Brother Candy Canon Cisco Craftsman D-Link DeWalt Dell Electrolux Emerson Epson Frigidaire Fujitsu GE HP Haier Hitachi Honeywell Huawei Husqvarna JVC Kenmore Kenwood KitchenAid LG Lenovo Makita Miele Mitsubishi Electric Motorola NEC Nikon Nokia Panasonic Philips Pioneer Samsung Sanyo Sharp Siemens Sony TP-Link Toshiba Whirlpool Xiaomi Yamaha Zanussi Загрузить еще бренды