More Information .................................................................................................................................................................1
Web Interface Access ........................................................................................................................................................4
Viewing Status Information
System Status ....................................................................................................................................................................... 7
Viewing the Interface Statistics .........................................................................................................................................................8
Viewing the IP Statistics .........................................................................................................................................................................9
Supported Features ..............................................................................................................................................................................12
WAN Configuration .......................................................................................................................................................... 13
Configuring the Number of WAN Ports ......................................................................................................................................13
Configuring the WAN Connection ................................................................................................................................................13
LAN Configuration ............................................................................................................................................................ 25
Configuring the IP Address of the LAN Port ............................................................................................................................25
Configuring the DHCP Server ..........................................................................................................................................................26
Viewing the DHCP Client List ...........................................................................................................................................................28
Configuring IPTV Based on IGMP ..................................................................................................................................................29
Configuring IPTV in Bridge Mode ..................................................................................................................................................30
Configuring IPTV in Custom Mode ...............................................................................................................................................30
MAC Configuration ........................................................................................................................................................... 33
Configuring MAC Address ................................................................................................................................................................33
Viewing the Statistics ...........................................................................................................................................................................35
Configuring Port Mirror ........................................................................................................................................................................36
Configuring Rate Control ...................................................................................................................................................................37
Configuring Port Config ......................................................................................................................................................................38
Viewing Port Status ...............................................................................................................................................................................39
Creating a VLAN ......................................................................................................................................................................................40
Configuring the PVID of a Port ........................................................................................................................................................42
Configuring the LAN ..............................................................................................................................................................................43
Configuring the WAN ............................................................................................................................................................................44
Configuring the Number of WAN Ports ........................................................................................................................44
Configuring the WAN Connection ...................................................................................................................................45
IP Group Configuration .................................................................................................................................................. 55
Adding IP Address Entries .................................................................................................................................................................55
Grouping IP Address Entries ............................................................................................................................................................56
Time Range Configuration ............................................................................................................................................. 57
VPN IP Pool Configuration ............................................................................................................................................. 59
Service Type Configuration .......................................................................................................................................... 60
Supported Features ..............................................................................................................................................................................64
Configuring the Multi-Nets NAT .....................................................................................................................................................66
Configuring the One-to-One NAT .................................................................................................................................................67
Configuring the Virtual Servers .......................................................................................................................................................68
Configuring the Port Triggering ......................................................................................................................................................69
Configuring the NAT-DMZ .................................................................................................................................................................70
Configuring the ALG .............................................................................................................................................................................70
Bandwidth Control Configuration ............................................................................................................................... 71
Viewing the Session Limit Information .......................................................................................................................................74
Configuring the Load Balancing .....................................................................................................................................................75
Configuring the Link Backup ............................................................................................................................................................76
Configuring the Online Detection ..................................................................................................................................................77
Configuring the Static Routing ........................................................................................................................................................78
Configuring the Policy Routing .......................................................................................................................................................79
Viewing the Routing Table .................................................................................................................................................................80
Example for Configuring NAT ..........................................................................................................................................................81
Example for Configuring Load Balancing ..................................................................................................................................84
Example for Configuring Virtual Server ......................................................................................................................................85
Example for Configuring Policy Routing ....................................................................................................................................87
Supported Features ..............................................................................................................................................................................92
Anti ARP Spoofing ..................................................................................................................................................................................94
Enable Anti ARP Spoofing ....................................................................................................................................................97
Configuring MAC Filtering ...............................................................................................................................................................101
Configuring Access Control ..........................................................................................................................................................102
Example for Anti ARP Spoofing ...................................................................................................................................................104
Example for MAC Filtering ..............................................................................................................................................................107
Example for Access Control .........................................................................................................................................................109
Behavior Control .............................................................................................................................................................115
Supported Features ...........................................................................................................................................................................115
Behavior Control Configuration ................................................................................................................................116
Configuring Web Filtering ...............................................................................................................................................................116
Configure Web Group Filtering .......................................................................................................................................116
Configuring Web Security ...............................................................................................................................................................121
Example for Access Control .........................................................................................................................................................123
Example for Web Security ..............................................................................................................................................................127
Supported Features ...........................................................................................................................................................................130
Configuring the IPSec Policy.........................................................................................................................................................132
Configuring the Basic Parameters ...............................................................................................................................132
Configuring the Advanced Parameters .....................................................................................................................134
Verifying the Connectivity of the IPSec VPN tunnel ........................................................................................................136
Configuring the VPN IP Pool ..........................................................................................................................................................138
Configuring the L2TP Server ........................................................................................................................................................139
Configuring the L2TP Client ..........................................................................................................................................................140
(Optional) Configuring the L2TP Users ....................................................................................................................................142
Verifying the Connectivity of L2TP VPN Tunnel .................................................................................................................143
Configuring the VPN IP Pool ..........................................................................................................................................................144
Configuring the PPTP Server ........................................................................................................................................................145
Configuring the PPTP Client ..........................................................................................................................................................146
Configuring the PPTP Users ..........................................................................................................................................................147
Verifying the Connectivity of PPTP VPN Tunnel ................................................................................................................148
Example for Configuring IPSec VPN .........................................................................................................................................150
Example for Configuring L2TP VPN ..........................................................................................................................................154
Example for Configuring PPTP VPN ..........................................................................................................................................157
Portal Authentication Process .....................................................................................................................................................163
Supported Features ...........................................................................................................................................................................163
Supported Web Server .......................................................................................................................................................164
Local Authentication Configuration .........................................................................................................................165
Configuring the Authentication Page .......................................................................................................................................165
Configuring the Local User Account ........................................................................................................................................168
Configuring the Local User Account ...........................................................................................................................168
(Optional) Configuring the Backup of Local Users ..............................................................................................171
Configuring the Authentication Page .......................................................................................................................................175
Configuring the Five Tuple Type .................................................................................................................................................177
Configuring the URL Type...............................................................................................................................................................179
Viewing the Authentication Status ...........................................................................................................................181
Configuration Example .................................................................................................................................................182
Configuring the Authentication Page .........................................................................................................................183
Configuring Authentication Accounts for the Guests .......................................................................................184
Support Features .................................................................................................................................................................................186
Dynamic DNS Configurations ....................................................................................................................................187
Configure and View Peanuthull DDNS .....................................................................................................................................187
Configure and View Comexe DDNS .........................................................................................................................................188
Configure and View DynDNS ........................................................................................................................................................189
Configure and View NO-IP DDNS ...............................................................................................................................................191
Specifying the IP Address of the Host .......................................................................................................................194
Configuring the DDNS function .....................................................................................................................................194
System Tools
System Tools ....................................................................................................................................................................197
Support Features .................................................................................................................................................................................197
System Setting .....................................................................................................................................................................................199
Time Settings ...................................................................................................................................................................207
Setting the System Time .................................................................................................................................................................207
Getting time from the Internet Automatically .........................................................................................................207
Setting the System Time Manually...............................................................................................................................208
Setting the Daylight Saving Time................................................................................................................................................208
Date Mode .................................................................................................................................................................................210
System Log .......................................................................................................................................................................211
About This Guide
About This Guide
This User Guide provides information for managing
routers. Please read this guide carefully before operation.
TL-ER5120/TL-ER6020/TL-ER6120
Intended Readers
This Guide is intended for network managers familiar with IT concepts and network
terminologies.
Conventions
Some models featured in this guide may be unavailable in your country or region. For local
sales information, visit
When using this guide,please notice that features of the router may vary slightly depending
on the model and software version you have. All screenshots, images, parameters and
descriptions documented in this guide are used for demonstration only.
The information in this document is subject to change without notice. Every effort has
been made in the preparation of this document to ensure accuracy of the contents, but
all statements, information, and recommendations in this document do not constitute
the warranty of any kind, express or implied. Users must take full responsibility for their
application of any products.
http://www.tp-link.com
.
In this Guide, the following conventions are used:
The symbol
you make better use of your device.
Menu Name > Submenu Name > Tab page indicates the menu structure. Status >
Traffic Statistics > Interface Statistics means the Interface Statistics page under the
Traffic Statistics menu option that is located under the Status menu.
Bold font indicates a button, toolbar icon, menu or menu item.
stands for Note. Notes contain suggestions or references that help
More Information
The latest software and documentations can be found at Download Center at
www.tp-link.com/support
The Installation Guide (IG) can be found where you find this guide or inside the package
of the router.
Specifications can be found on the product page at
A Technical Support Forum is provided for you to discuss our products at
tp-link.com
.
.
http://www.tp-link.com
.
http://forum.
http://
Our Technical Support contact information can be found at the Contact Technical
Support page at
http://www.tp-link.com/support
.
User Guide 1
Part 1
Accessing the Router
CHAPTERS
1. Overview
2. Web Interface Access
Accessing the RouterOverview
1
Overview
You can access and manage the router using the GUI (Graphical User Interface, also called
web interface in this text). The router uses two built-in web servers, HTTP server and
HTTPS server, for user authentication.
User Guide
3
Accessing the RouterWeb Interface Access
2
Web Interface Access
The following example shows how to login via the web browser.
1) Connect a PC to a LAN port of the router with a RJ45 port properly. If your computer is
configured with a fixed IP address, change it to “Obtain an IP address automatically“.
2) Open a web browser and type the default management address http://192.168.0.1 in
the address field of the browser, then press the Enter key.
Figure 2-1 Enter the Router's IP Address In the Browser
3) Create a username and a password for subsequent login attempts.
Figure 2-2 Create a Username and a Password
User Guide 4
Accessing the RouterWeb Interface Access
4) Use the username and password set above to log in to the webpage.
Figure 2-3 Login Authentication
5) After a successful login, the main page will appear as shown below, and you can
configure the function by clicking the setup menu on the left side of the screen.
Figure 2-4 Web Interface
User Guide
5
Part 2
Viewing Status Information
CHAPTERS
1. System Status
2. Traffic Statistics
Viewing Status InformationSystem Status
1
System Status
The System Status page displays the basic system information (like the hardware version,
firmware version and system time) and the running information (like the WAN interface
status, memory utilization and CPU utilization).
Choose the menu Status > System Status > System Status to load the following page.
Figure 1-1 System Status
User Guide
7
Viewing Status InformationTraffic Statistics
2
Traffic Statistics
Traffic Statistics displays detailed information relating to the data traffic of interfaces and
IP addresses. You can monitor the traffic and locate faults according to this information.
With the Traffic Statistics function, you can:
View the traffic statistics on each interface.
Specify an IP address range, and view the traffic statistics of the IP addresses in this
range.
2.1 Viewing the Interface Statistics
Choose the menu Status > Traffic Statistics > Interface Statistics to load the following page.
Figure 2-1 Interface Statistics
View the detailed traffic information of each interface in the statistics list.
TX Rate (KB/s)Displays the rate for transmitting data in kilobytes per second.
RX Rate (KB/s)Displays the rate for receiving data in kilobytes per second.
TX Packet Rate
(Pkt/s)
RX Packet Rate
(Pkt/s)
Total TX BytesDisplays the bytes of packets transmitted on the interface.
Total RX BytesDisplays the bytes of packets received on the interface.
Total TX PacketsDisplays the number of packets transmitted on the interface.
Total RX PacketsDisplays the number of packets received on the interface.
Displays the rate for transmitting data in packets per second.
Displays the rate for receiving data in packets per second.
User Guide 8
Viewing Status InformationTraffic Statistics
You can enable Auto Refresh or click Refresh to get the latest statistics information, or
click Clear to clear the current statistics information.
2.2 Viewing the IP Statistics
Choose the menu Status > Traffic Statistics > IP Statistics to load the following page.
Figure 2-2 IP Statistics
Follow these steps to view the traffic statistics of the specific IP addresses:
1) In the Settings section, enable IP Statistics and specify an IP range to monitor.
Enable IP
Statistics
IP RangeSpecify an IP range. The router will monitor the packets whose source IP
Check the box to enable IP Statistics.
addresses or destination IP addresses are in this range, and display the
statistics information in Statistics List.
2) In the Statistics List section, view the detailed traffic information of the IP addresses.
IP Address
Number
TX Rate (KB/s)Displays the rate for transmitting data in kilobytes per second.
RX Rate (KB/s)Displays the rate for receiving data in kilobytes per second.
TX Packet Rate
(Pkt/s)
RX Packet Rate
(Pkt/s)
Displays the number of active users whose IP address is in the specified IP
range.
Displays the rate for transmitting data in packets per second.
Displays the rate for receiving data in packets per second.
Total TX BytesDisplays the bytes of packets transmitted by the user who owns the IP address.
Total RX BytesDisplays the bytes of packets received by the user who owns the IP address.
User Guide
9
Viewing Status InformationTraffic Statistics
Total TX PacketsDisplays the number of packets transmitted by the user who owns the IP
address.
Total RX PacketsDisplays the number of packets received by the user who owns the IP address.
You can enable Auto Refresh or click Refresh to get the latest statistics information, or
click Clear to clear the current statistics information.
User Guide 10
Part 3
Configuring Network
CHAPTERS
1. Overview
2. WAN Conguration
3. LAN Conguration
4. IPTV Conguration
5. MAC Conguration
6. Switch Conguration
7. VLAN Conguration
8. IPv6 Conguration
Configuring NetworkOverview
1
Overview
The Network module provides basic router functions, including WAN connection, DHCP
service, VLAN, IPTV service and more.
1.1 Supported Features
WAN
The router can provide a maximum of four WAN ports. Each WAN port has its own internet
connection, providing link backup and load balancing.
LAN
For LAN configuration, you can configure the LAN IP address and DHCP (Dynamic Host
Configuration Protocol) server. With its DHCP server enabled, the router can automatically
assign IP addresses to hosts in the LAN.
IPTV
IPTV services is based on the Internet protocol, rather than through traditional satellite
signal or cable transmission.
The router supports three kinds of IPTV configuration according to your ISP
IPTV based on IGMP.
IPTV in Bridge mode.
IPTV in Custom mode.
MAC
You can change the default MAC address of the WAN port or LAN port according to your
needs.
Switch
The router supports some basic switch port management functions, like Port Mirror, Rate
Control, Flow Control and Port Negotiation, to help you to monitor the traffic and manage
the network effectively.
VLAN
:
The router supports 802.1Q VLAN, which can divide the LAN into multiple VLANs, helping
to manage the network more effectively.
IPv6
You can set up an IPv6 internet connection if your ISP provides IPv6 service.
User Guide 12
Configuring NetworkWAN Configuration
2
WAN Configuration
You can configure at most four WAN ports. Each WAN port can have its own WAN
connection, providing link backup and load balancing.
To complete WAN configuration, follow these steps:
1) Configure the number of WAN ports.
2) Configure the WAN connection.
2.1 Configuring the Number of WAN Ports
Choose the menu Network > WAN > WAN Mode to load the following page.
Figure 2-1 Configuring the WAN Mode
WAN ModeSpecify the number of WAN ports.
1: Configure physical interface 1 as WAN1.
2: Configure physical interface 1 and interface 2 as WAN1 and WAN2 respectively.
3: Configure physical interface 1, interface 2 and interface3 as WAN1, WAN2 and
WAN3 respectively.
4: Configure physical interface 1, interface 2, interface 3 and interface 4 as WAN1,
WAN2, WAN3 and WAN4 respectively.
Note:
When a WAN port is added, a port-related tab is automatically added; when a WAN port is de-
•
leted, the port-related tab is automatically deleted.
The router will reboot after switching the WAN mode.
•
2.2 Configuring the WAN Connection
The router supports six connection types: Static IP, Dynamic IP, PPPoE, L2TP, PPTP and
BigPond Cable, you can choose one according to the service provided by your ISP.
User Guide
13
Configuring NetworkWAN Configuration
Static IP: If your ISP provides you with a fixed IP address and the corresponding
parameters, choose Static IP.
Dynamic IP: If your ISP automatically assigns the IP address and the corresponding
parameters, choose Dynamic IP.
PPPoE: If your ISP provides you with a PPPoE account, choose PPPoE.
L2TP: If your ISP provides you with an L2TP account, choose L2TP.
PPTP: If your ISP provides you with a PPTP account, choose PPTP.
BigPond Cable: If your ISP provides you with a BigPond Cable account, choose BigPond
Cable. BigPond Cable is only available for Australian users.
Configuring the Dynamic IP
Choose the menu Network > WAN > WAN to load the following page.
Figure 2-2 Configuring the Dynamic IP
In the Connection Configuration section, select the connection type as Dynamic IP. Enter
the corresponding parameters and click Save.
Connection TypeChoose the connection type as Dynamic IP if your ISP automatically assigns the IP
address.
Host NameOptional. Enter a name for the router. It is null by default.
Upstream
Bandwidth
Downstream
Bandwidth
Specify the upstream bandwidth of the WAN port. The value configured here is the
upper limit of the “Maximum Upstream Bandwidth” on Transmission > Bandwidth Control > Bandwidth Control page, to make “Bandwidth Control” take effect, please
ensure this parameter is set correctly.
Specify the downstream bandwidth of the WAN port. The value configured here is the
lower limit of the “Maximum Downstream Bandwidth” on Transmission > Bandwidth Control> Bandwidth Control page, to make “Bandwidth Control” take effect, please
ensure this parameter is set correctly.
User Guide 14
Configuring NetworkWAN Configuration
MTUSpecify the MTU (Maximum Transmission Unit) of the WAN port.
MTU is the maximum data unit transmitted in the physical network. When Dynamic
IP is selected, MTU can be set in the range of 576-1500 bytes. The default value is
1500.
Primary/
Secondary DNS
VLANAdd the WAN port to a VLAN. Generally, you don’t need to manually configure it
Get IP using
Unicast DHCP
Connect/
Disconnect
Optional. Enter the IP address of the DNS server provided by your ISP.
unless required by your ISP.
By default, the WAN port is automatically assigned to a VLAN, and the egress rule of
the VLAN is UNTAG, so the packets are transmitted by the WAN port without VLAN
tags. If you want the WAN port to transmit packets with VLAN tag, you need to create
the corresponding VLAN first and configure its egress rule as TAG, then manually
add the WAN port to that VLAN. To create VLANs, go to Network > VLAN > VLAN.
Note: When using the IPTV function, either in Bridge mode or Custom mode,
the router will automatically create corresponding VLANs after you finished the
configuration, and add port 1 (WAN 1) to the VLANs. Users cannot then manually
select the VLAN that WAN 1 belongs to.
The broadcasting requirement may not be supported by a few ISPs. Select this
option if you can not get the IP address from your ISP even with a normal network
connection. This option is not required generally.
Click the button to active/terminate the connection.
Configuring the Static IP
Choose the menu Network > WAN > WAN to load the following page.
Figure 2-3 Configuring the Static IP
In Connection Configuration section, select the connection type as Static IP. Enter the
corresponding parameters and click Save.
User Guide
15
Configuring NetworkWAN Configuration
Connection TypeChoose the connection type as Static IP if your ISP has offered you a fixed IP
address.
IP AddressEnter the IP address provided by your ISP.
Subnet MaskEnter the subnet mask provided by your ISP.
Default GatewayEnter the default gateway provided by your ISP.
Upstream
Bandwidth
Downstream
Bandwidth
MTUSpecify the MTU (Maximum Transmission Unit) of the WAN port.
Primary/
Secondary DNS
VLANAdd the WAN port to a VLAN. Generally, you don’t need to manually configure it
Specify the downstream bandwidth of the WAN port. The value configured here is the
lower limit of the “Maximum Downstream Bandwidth” on Transmission > Bandwidth Control> Bandwidth Control page, to make “Bandwidth Control” take effect, please
ensure this parameter is set correctly.
Specify the downstream bandwidth of the WAN port. The value configured here is the
lower limit of the “Maximum Downstream Bandwidth” on Transmission > Bandwidth Control > Bandwidth Control page, to make “Bandwidth Control” take effect, please
ensure this parameter is set correctly.
MTU is the maximum data unit transmitted in the physical network. When Static IP is
selected, MTU can be set in the range of 576-1500 bytes. The default value is 1500.
Optional. Enter the IP address of the DNS server provided by your ISP.
unless required by your ISP.
By default, the WAN port is automatically assigned to a VLAN, and the egress rule of
the VLAN is UNTAG, so the packets are transmitted by the WAN port without VLAN
tags. If you want the WAN port to transmit packets with VLAN tag, you need to create
the corresponding VLAN first and configure its egress rule as TAG, then manually
add the WAN port to that VLAN. To create VLANs, go to Network > VLAN > VLAN.
Note: When using the IPTV function, either in Bridge mode or Custom mode,
the router will automatically create corresponding VLANs after you finished the
configuration, and add port 1 (WAN1) to the VLANs. Users cannot then manually
select the VLAN that WAN 1 belongs to.
User Guide 16
Configuring NetworkWAN Configuration
Configuring the PPPoE
Choose the menu Network > WAN > WAN to load the following page.
Figure 2-4 Configuring the PPPoE
In the Connection Configuration section, select the connection type as PPPoE. Enter the
corresponding parameters and click Save.
Connection TypeChoose the connection type as PPPoE if your ISP provides you with a PPPoE
account.
UsernameEnter the PPPoE username provided by your ISP.
PasswordEnter the PPPoE password provided by your ISP.
Connection
Mode
TimeChoose the effective time range when the Connection Mode is chosen as Time-
Choose the connection mode, including Connect Automatically, Connect Manually
and Time-Based.
Connect Automatically: The router will activate the connection automatically when
the router reboots or the connection is down.
Connect Manually: You can manually activate or terminate the connection.
Time-Based: During the specified period, the router will automatically activate the
connection.
Based. To create the time range, go to Preferences > TimeRange > Time Range.
Upstream
Bandwidth
Specify the upstream bandwidth of the WAN port. The value configured here is the
upper limit of the “Maximum Upstream Bandwidth” on Transmission > Bandwidth Control > Bandwidth Control page, to make “Bandwidth Control” take effect, please
ensure this parameter is set correctly.
User Guide
17
Configuring NetworkWAN Configuration
Downstream
Bandwidth
MTUSpecify the MTU (Maximum Transmission Unit) of the WAN port.
Service NameOptional. Enter the service name. This parameter is not required unless provided by
Primary/
Secondary DNS
VLANAdd the WAN port to a VLAN. Generally, you don’t need to manually configure it
Specify the downstream bandwidth of the WAN port. The value configured here is the
lower limit of the “Maximum Downstream Bandwidth” on Transmission > Bandwidth Control > Bandwidth Control page, to make “Bandwidth Control” take effect, please
ensure this parameter is set correctly.
MTU is the maximum data unit transmitted in the physical network. When PPPoE is
selected, MTU can be set in the range of 576-1492 bytes. The default value is 1492.
your ISP. It is null by default.
Optional. Enter the IP address of the DNS server provided by your ISP.
unless required by your ISP.
By default, the WAN port is automatically assigned to a VLAN, and the egress rule of
the VLAN is UNTAG, so the packets are transmitted by the WAN port without VLAN
tags. If you want the WAN port to transmit packets with VLAN tag, you need to create
the corresponding VLAN first and configure its egress rule as TAG, then manually
add the WAN port to that VLAN. To create VLANs, go to Network > VLAN > VLAN.
Secondary
Connection
Connect/
Disconnect
Note: When using the IPTV function, either in Bridge mode or Custom mode,
the router will automatically create corresponding VLANs after you finished the
configuration, and add port 1 (WAN 1) to the VLANs. Users cannot then manually
select the VLAN that WAN 1 belongs to.
Secondary connection is required by some ISPs. Select the connection type required
by your ISP.
None: Select this if the secondary connection is not required by your ISP.
Dynamic IP: Select this if your ISP automatically assigns the IP address and subnet
mask for the secondary connection.
Static IP: Select this if your ISP provides you with a fixed IP address and subnet mask
for the secondary connection.
Click the button to active/terminate the connection.
User Guide 18
Configuring NetworkWAN Configuration
Configuring the L2TP
Choose the menu Network > WAN > WAN to load the following page.
Figure 2-5 Configuring the L2TP
In the Connection Configuration section, select the connection type as L2TP. Enter the
corresponding parameters and click Save.
Connection TypeChoose the connection type as L2TP if your ISP provides you with an L2TP account.
UsernameEnter the L2TP username provided by your ISP.
PasswordEnter the L2TP password provided by your ISP.
Connection
Mode
TimeChoose the effective time range when the Connection Mode is chosen as Time-
Choose the connection mode, including Connect Automatically, Connect Manually
and Time-Based.
Connect Automatically: The router will activate the connection automatically when
the router reboots or the connection is down.
Connect Manually: You can manually activate or terminate the connection.
Time-Based: During the specified period, the router will automatically activate the
connection.
Based. To create the time range, go to Preferences > TimeRange > Time Range.
User Guide
19
Configuring NetworkWAN Configuration
Upstream
Bandwidth
Downstream
Bandwidth
MTUSpecify the MTU (Maximum Transmission Unit) of the WAN port.
Primary/
Secondary DNS
VLANAdd the WAN port to a VLAN. Generally, you don’t need to manually configure it
Specify the upstream bandwidth of the WAN port. The value configured here is the
upper limit of the “Maximum Upstream Bandwidth” on Transmission > Bandwidth Control > Bandwidth Control page, to make “Bandwidth Control” take effect, please
ensure this parameter is set correctly.
Specify the downstream bandwidth of the WAN port. The value configured here is the
lower limit of the “Maximum Downstream Bandwidth” on Transmission > Bandwidth Control > Bandwidth Control page, to make “Bandwidth Control” take effect, please
ensure this parameter is set correctly.
MTU is the maximum data unit transmitted in the physical network. When L2TP is
selected, MTU can be set in the range of 576-1460 bytes. The default value is 1460.
Optional. Enter the IP address of the DNS server provided by your ISP.
unless required by your ISP.
By default, the WAN port is automatically assigned to a VLAN, and the egress rule of
the VLAN is UNTAG, so the packets are transmitted by the WAN port without VLAN
tags. If you want the WAN port to transmit packets with VLAN tag, you need to create
the corresponding VLAN first and configure its egress rule as TAG, then manually
add the WAN port to that VLAN. To create VLANs, go to Network > VLAN > VLAN.
Note: When using the IPTV function, either in Bridge mode or Custom mode,
the router will automatically create corresponding VLANs after you finished the
configuration, and add port 1 (WAN 1) to the VLANs. Users cannot then manually
select the VLAN that WAN 1 belongs to.
Secondary
Connection
VPN Server/
Domain Name
IP AddressEnter the IP address provided by your ISP for the secondary connection.
Subnet MaskEnter the subnet mask provided by your ISP for the secondary connection.
Default GatewayEnter the default gateway provided by your ISP for the secondary connection.
Primary/
Secondary DNS
Connect/
Disconnect
Select the secondary connection type provided by your ISP
The secondary connection is required for L2TP connection. The router will get
some necessary information after the secondary connection succeeded. These
information will be used in the L2TP connection process.
Enter the VPN Server/Domain Name provided by your ISP.
Enter the primary/secondary DNS provided by your ISP for the secondary
connection.
Click the button to active/terminate the connection.
User Guide 20
Configuring NetworkWAN Configuration
Configuring the PPTP
Choose the menu Network > WAN > WAN to load the following page.
Figure 2-6 Configuring the PPTP
In Connection Configuration section, select the connection type as PPTP. Enter the
corresponding parameters and click Save.
Connection TypeChoose the connection type as PPTP if your ISP provides you with a PPTP account.
UsernameEnter the PPTP username provided by your ISP.
PasswordEnter the PPTP password provided by your ISP.
Connection
Mode
TimeChoose the effective time range when the Connection Mode is chosen as Time-
Choose the connection mode, including Connect Automatically, Connect Manually
and Time-Based.
Connect Automatically: The router will activate the connection automatically when
the router reboots or the connection is down.
Connect Manually: You can manually activate or terminate the connection.
Time-Based: During the specified period, the router will automatically activate the
connection.
Based. To create the time range, go to Preferences > TimeRange > Time Range.
User Guide
21
Configuring NetworkWAN Configuration
Upstream
Bandwidth
Downstream
Bandwidth
MTUSpecify the MTU (Maximum Transmission Unit) of the WAN port.
Primary/
Secondary DNS
VLANAdd the WAN port to a VLAN. Generally, you don’t need to manually configure it
Specify the upstream bandwidth of the WAN port. The value configured here is the
upper limit of the “Maximum Upstream Bandwidth” on Transmission > Bandwidth Control > Bandwidth Control page, to make “Bandwidth Control” take effect, please
ensure this parameter is set correctly.
Specify the downstream bandwidth of the WAN port. The value configured here is the
lower limit of the “Maximum Downstream Bandwidth” on Transmission > Bandwidth Control > Bandwidth Control page, to make “Bandwidth Control” take effect, please
ensure this parameter is set correctly.
MTU is the maximum data unit transmitted in the physical network. When PPTP is
selected, MTU can be set in the range of 576-1420 bytes. The default value is 1420.
Optional. Enter the IP address of the DNS server provided by your ISP.
unless required by your ISP.
By default, the WAN port is automatically assigned to a VLAN by default, and the
egress rule of the VLAN is UNTAG, so the packets are transmitted by the WAN port
without VLAN tags. If you want the WAN port to transmit packets with VLAN tag, you
need to create the corresponding VLAN first and configure its egress rule as TAG,
then manually add the WAN port to that VLAN. To create VLANs, go to Network >
VLAN > VLAN.
Note: When using the IPTV function, either in Bridge mode or Custom mode,
the router will automatically create corresponding VLANs after you finished the
configuration, and add port 1 (WAN 1) to the VLANs. Users cannot then manually
select the VLAN that WAN 1 belongs to.
Secondary
Connection
VPN Server/
Domain Name
IP AddressEnter the IP address provided by your ISP for the secondary connection.
Subnet MaskEnter the subnet mask provided by your ISP for the secondary connection.
Default GatewayEnter the default gateway provided by your ISP for the secondary connection.
Primary/
Secondary DNS
Connect/
Disconnect
Select the secondary connection type provided by your ISP
The secondary connection is required for PPTP connection. The router will get
some necessary information after the secondary connection succeeded. These
information will be used in the PPTP connection process.
Enter the VPN Server/Domain Name provided by your ISP.
Enter the primary/secondary DNS provided by your ISP for the secondary
connection.
Click the button to active/terminate the connection.
User Guide 22
Configuring NetworkWAN Configuration
Configuring the BigPond Cable
Choose the menu Network > WAN > WAN to load the following page.
Figure 2-7 Configuring the BigPond Cable
In Connection Configuration section, select the connection type as BigPond Cable. Enter
the corresponding parameters and click Save.
Connection TypeChoose the connection type as BigPond if your ISP provides you with a BigPond
account.
UsernameEnter the BigPond username provided by your ISP.
PasswordEnter the BigPond password provided by your ISP.
Connection
Mode
TimeChoose the effective time range when the Connection Mode is chosen as Time-
Choose the connection mode, including Connect Automatically, Connect Manually
and Time-Based.
Connect Automatically: The router will activate the connection automatically when
the router reboots or the connection is down.
Connect Manually: You can manually activate or terminate the connection.
Time-Based: During the specified period, the router will automatically activate the
connection.
Based. To create the time range, go to Preferences > TimeRange > Time Range.
Upstream
Bandwidth
Downstream
Bandwidth
Specify the upstream bandwidth of the WAN port. The value configured here is the
upper limit of the “Maximum Upstream Bandwidth” on Transmission > Bandwidth Control > Bandwidth Control page, to make “Bandwidth Control” take effect, please
ensure this parameter is set correctly.
Specify the downstream bandwidth of the WAN port. The value configured here is the
lower limit of the “Maximum Downstream Bandwidth” on Transmission > Bandwidth Control > Bandwidth Control page, to make “Bandwidth Control” take effect, please
ensure this parameter is set correctly.
User Guide
23
Configuring NetworkWAN Configuration
MTUSpecify the MTU (Maximum Transmission Unit) of the WAN port.
MTU is the maximum data unit transmitted in the physical network. When BigPond
Cable is selected, MTU can be set in the range of 576-1500 bytes. The default value
is 1500.
Auth.ServerEnter the authenticating server’s IP address or hostname.
Auth.DomainEnter the server's domain name suffix (based on your location). For example, nsw.
bigpond.net.au for NSW/ACT, vic.bigpond.net.au for VIC/TAS/WA/SA/NT, or qld.
bigpond.net.au for QLD.
VLANAdd the WAN port to a VLAN. Generally, you don’t need to manually configure it
unless required by your ISP.
By default, the WAN port is automatically assigned to a VLAN, and the egress rule of
the VLAN is UNTAG, so the packets are transmitted by the WAN port without VLAN
tags. If you want the WAN port to transmit packets with VLAN tag, you need to create
the corresponding VLAN first and configure its egress rule as TAG, then manually
add the WAN port to that VLAN. To create VLANs, go to Network > VLAN > VLAN.
Connect/
Disconnect
Note: When using the IPTV function, either in Bridge mode or Custom mode,
the router will automatically create corresponding VLANs after you finished the
configuration, and add port 1 (WAN 1) to the VLANs. Users cannot then manually
select the VLAN that WAN 1 belongs to.
Click the button to active/terminate the connection.
User Guide 24
Configuring NetworkLAN Configuration
3
LAN Configuration
The LAN port is used to connect to the LAN clients, and works as the default gateway
for these clients. You can configure the DHCP server for the LAN clients, and clients will
automatically be assigned to IP addresses if the method of obtaining IP addresses is set as
“Obtain IP address automatically”.
For LAN configuration, you can:
Configure the IP address of the LAN port.
Configure the DHCP server.
3.1 Configuring the IP Address of the LAN Port
Choose the menu Network > LAN > LAN to load the following page.
Figure 3-1 Configuring the LAN IP Address
Enter the IP address of the LAN port, and click Save.
IP AddressEnter the IP address of the LAN port.
This IP address is the default gateway of the LAN clients, and the IP addresses of all
the LAN clients should be in the same subnet with this LAN IP address.
Subnet MaskEnter the subnet mask of the LAN port.
Management
Vlan
Specify the management VLAN.
If you set a management VLAN here, then only the clients in the specified VLAN can
access and manage the router. The default value is “---“, which means no VLAN is
selected, and any client in the LAN can access and manage the router.
User Guide
25
Configuring NetworkLAN Configuration
Note:
Changing the IP address of LAN port will automatically redirect the browser to the new man-
•
agement page. If the redirecting failed, please try to reconnect your PC to the router to automatically get a new IP address, or configure a proper static IP address manually.
Changing the IP address of the LAN port may affect some related functions, like the IP pool of
•
the DHCP server.
3.2 Configuring the DHCP Server
You can configure an IP address pool for the DHCP server to assign IP addresses. When
clients send requests to the DHCP server, the server will automatically assign IP addresses
and the corresponding parameters to the clients. Moreover, if you want to reserve an IP
address for a certain client, you can use Address Reservation to bind the IP address with
the client’s MAC address, and the bound IP address will always be assigned to that client.
Configuring the DHCP Server
Choose the menu Network > LAN > DHCP Server to load the following page.
Figure 3-2 Configuring the DHCP Server
Configure the parameters of the DHCP server, then click Save.
User Guide 26
Configuring NetworkLAN Configuration
Starting IP
Address
Ending IP
Address
Lease TimeSpecify the lease time for DHCP clients.
Default GatewayOptional. It is recommended to enter the IP address of the LAN port.
Default DomainOptional. Enter the domain name of your network.
Enter the starting IP address of the DHCP server’s IP pool. The IP pool defines the IP
range that can be assigned to the clients in the LAN.
Note: The starting IP address should be in the same subnet with the IP address of the
LAN port.
Enter the ending IP address of the DHCP server’s IP pool. The ending IP address
should be greater than the starting IP address.
Note: The ending IP address should be in the same subnet with the IP address of the
LAN port.
Lease time defines how long the clients can use the IP address assigned by the DHCP
server. Generally, the client will automatically request the DHCP server for extending
the lease time before the lease expired. If the request failed, the client will have to stop
using that IP address when the lease finally expired, and try to get a new IP address
from the other DHCP servers.
Primary
Secondary DNS
Option 60Optional. Specify the option 60 for device identification. Mostly it is used under the
Option 138Optional. Specify the option 138, which can be configured as the management IP
StatusCheck the box to enable the DHCP server.
/
Configuring the Address Reservation
Optional. Enter the DNS server address provided by your ISP. If you are not clear,
please consult your ISP.
scenario where the clients apply for different IP addresses from different servers
according to the needs. By default, it is TP-LINK.
If a client requests option 60, the server will respond a packet containing the option
60 configured here. And then the client will compare the received option 60 with its
own. If they are the same, the client will accept the IP address assigned by the server,
otherwise the assigned IP address will not be accepted.
address of an AC (Access Controller) device. If the APs in the local network request
this option, the server will respond a packet containing this option to inform the APs
of the AC’s IP address.
Choose the menu Network > LAN > Address Reservation and click Add to load the
following page.
User Guide
27
Configuring NetworkLAN Configuration
Figure 3-3 Configuring the Address Reservation
Enter the MAC address of the client and the IP address to be reserved, then click OK.
MAC AddressEnter the MAC address of the client.
IP AddressEnter the IP address to be reserved.
DescriptionOptional. Enter a brief description for the entry. Up to 32 characters can be entered.
Export to IPMAC Binding
StatusCheck the box to enable this entry.
Optional. Check the box to export this binding entry to IP-MAC Binding List on Firewall
> Anti ARP Spoofing > IP-MAC Binding page.
3.3 Viewing the DHCP Client List
Choose the menu Network > LAN > DHCP Client List to load the following page.
Figure 3-4 Viewing the DHCP Client List
Here you can view the DHCP client list.
Client NameDisplays the name of the client.
MAC AddressDisplays the MAC address of the client.
Assigned IP
Address
Lease TimeDisplays the remaining lease time of the assigned IP address. After the lease expires,
Displays the IP address assigned to the client.
the IP address will be re-assigned.
User Guide 28
Configuring NetworkIPTV Configuration
4
IPTV Configuration
You can configure IPTV according to the type of IPTV service provided by your ISP:
Configure IPTV based on IGMP.
Configure IPTV in Bridge mode.
Configure IPTV in Custom mode.
4.1 Configuring IPTV Based on IGMP
Some ISPs provide IPTV service based on IGMP technology. In this scenario, you can just
enable IGMP snooping and IGMP proxy, and connect your STB (Set-Top Box) to any LAN
port of the router. The IPTV stream will then be transmitted to the corresponding LAN port.
Choose the menu Network > IPTV> IPTV to load the following page.
Figure 4-1 Configuring IPTV Based on IGMP
Enable IGMP Snooping and IGMP Proxy, and choose the IGMP version, then click Save.
IGMP SnoopingCheck the box to enable IGMP Snooping.
Without IGMP Snooping, the router will broadcast multicast stream to all LAN ports,
even though some LAN ports are not connected to any multicast member.
With IGMP Snooping enabled, the LAN ports listen IGMP packets transmitted between
the router and the clients and build a multicast table. The multicast table records the
multicast members and the corresponding connected LAN port. So the multicast
stream will be transmitted to only the ports that connected to multicast members.
IGMP ProxyCheck the box to enable IGMP Proxy.
IGMP Proxy sends IGMP querier packets to the LAN ports to detect if there is any
multicast member connected to the LAN ports.
IGMP VersionChoose the IGMP version as V2 or V3. The default is IGMP V2.
User Guide
29
Configuring NetworkIPTV Configuration
4.2 Configuring IPTV in Bridge Mode
If your ISP doesn’t provide any parameters and the IPTV service is not based on IGMP
technology, you can enable IPTV function and choose the Bridge mode, then specify a port
to connect IPTV set-top box.
Choose the menu Network > IPTV> IPTV to load the following page.
Figure 4-2 Configuring the Bridge Mode
Enable IPTV function, choose the mode as Bridge, and choose a LAN port to connect to the
IPTV set-top box, then click Save.
IPTVCheck the box to enable IPTV function.
ModeChoose the mode as Bridge.
In Bridge mode, the LAN port chosen to connect to the IPTV becomes a dedicated
port for IPTV service.
Port ModeSpecify the service to be supported by the LAN port.
Internet: Specify the port to support only internet service. If you want to access the
internet, you should connect your host to this port.
IPTV: Specify the port to only support IPTV service. If you want to use IPTV, you
should connnect your IPTV set-top box to this port.
4.3 Configuring IPTV in Custom Mode
If your ISP supports Triple-Play service, i.e., providing internet, VoIP and IPTV services over
one single broadband connection, you can configure IPTV in Custom mode.
In Triple-Play, services are labeled with different VLAN tags specified by the ISP. When
the WAN port receives packets, it will forward the packets to the corresponding LAN port
according to the VLAN tag.
User Guide 30
Configuring NetworkIPTV Configuration
Choose the menu Network > IPTV> IPTV to load the following page.
Figure 4-3 Configuring the Custom Mode
Follow these steps to configure IPTV in Custom mode:
1) Enable IPTV function and choose the mode as Custom.
IPTVCheck the box to enable IPTV function.
ModeChoose the mode as Custom.
In Custom mode, the services are labeled with different VLAN tags, which is
specified by the ISP. The WAN port will forward the packets to its corresponding
LAN port.
2) Enter the parameters provided by your ISP, including the VLAN IDs and priorities of
different services.
Internet VLAN IDEnter the VLAN ID of the internet service. It is provided by your ISP.
Internet VLAN
Priority
802.1Q TagOptional. Check the box and the egress internet packets of WAN 1 port will be
Enter the VLAN priority of the internet service. It is provided by your ISP.
tagged.
IP-Phone VLAN IDEnter the VLAN ID of the IP-Phone service. It is provided by your ISP.
IP-Phone VLAN
Priority
IPTV VLAN IDEnter the VLAN ID of the IPTV service. It is provided by your ISP.
Enter the VLAN priority of the IP-Phone service. It is provided by your ISP.
User Guide
31
Configuring NetworkIPTV Configuration
IPTV VLAN
Priority
IPTV Multicast
VLAN ID
IPTV Multicast
VLAN Priority
Enter the VLAN priority of the IPTV service. It is provided by your ISP.
Enter the VLAN ID of the IPTV multicast service. It is provided by your ISP.
Enter the VLAN priority of the IPTV multicast service. It is provided by your ISP.
3) Specify the service to support for the LAN port.
Port ModeSpecify the service to be supported by the LAN port.
Internet: Specify the port to support only Internet service. If you want to surf the
internet, you should connect your host to this port.
IP-Phone: Specify the port to support only IP-Phone service. If you want to make
an IP-Phone call, you should connect your IP-Phone to this port.
IPTV: Specify the port to only support IPTV service. If you want to use IPTV, you
should connnect your IPTV set-top box to this port.
Note:
Among the WAN ports, only WAN 1 supports IPTV service. So if you want to use IPTV function,
•
connect your ISP network to WAN 1.
In Bridge mode, after you have saved the configuration, the router will automatically and ran-
•
domly create some VLANs for WAN 1 and the LAN ports. These VLANs will be displayed on the
VLAN page.
In Custom mode, after you configured the VLAN IDs of different services, these VLANs will
•
automatically be created, and port 1 (WAN 1) will automatically be added to the IPTV VLAN and
Internet VLAN. These VLANs will be displayed on the VLAN page.
User Guide 32
Configuring NetworkMAC Configuration
5
MAC Configuration
Generally, the MAC address does not need to be changed. However, in some particular
situations, you may need to change the MAC address of the WAN port or LAN port.
Configure the MAC Address of the WAN port
In the condition that your ISP has bound the account to the MAC address of the dial-up
device, if you want to replace the dial-up device with this router, you can just set the MAC
address of this router’s WAN port as the same as that of the previous dial-up device for a
normal internet connection.
Configure the MAC Address of the LAN port
In a complex network with all the devices are ARP bound , if you want to replace the current
router with this router, you can just set the MAC address of this router’s LAN port as the
same as that of the previous router, which can avoid all the devices under this network
node to update their ARP binding tables.
5.1 Configuring MAC Address
Choose the menu Network > MAC > MAC to load the following page.
Figure 5-1 Configuring MAC Address
Configure the MAC address of the WAN port or LAN port according to your need, then click
Save.
Interface NameDisplays the WAN port and LAN port.
Current MAC
Address
Configure the MAC address of the WAN port or LAN port.
User Guide
33
Configuring NetworkMAC Configuration
MAC CloneRestore Factory MAC: Click this button to restore the MAC address to the factory
default value.
Clone Current PC’s MAC: Click this button to clone the MAC address of the PC you
are currently using to configure the router. It’s only available for the WAN ports.
Note:
To avoid a MAC address conflict in the LAN, it is not permitted to set the MAC address of the router’s
LAN port as the MAC address of the current management PC.
User Guide 34
Configuring NetworkSwitch Configuration
6
Switch Configuration
The router provides some basic switch port management function, including Statistics,
Port Mirror, Port Config and Port Status.
6.1 Viewing the Statistics
Choose the menu Network > Switch > Statistics to load the following page.
Figure 6-1 Viewing the Statistics
Statistics displays the detailed traffic information of each port, which allows you to monitor
the traffic and locate faults promptly.
UnicastDisplays the number of normal unicast packets received or transmitted on the port.
BroadcastDisplays the number of normal broadcast packets received or transmitted on the port.
PauseDisplays the number of flow control frames received or transmitted on the port.
MulticastDisplays the number of normal multicast packets received or transmitted on the port.
User Guide
35
Configuring NetworkSwitch Configuration
TotalDisplays the total bytes of the received or transmitted packets (including error
frames).
UndersizeDisplays the number of received packets which have a length less than 64 bytes
(including error frames).
NormalDisplays the number of received packets which have length between 64 bytes and the
maximum frame length (including error frames).
OversizeDisplays the number of received packets that have a length greater than the maximum
frame length (including error frames).
Note:
Error Frame: The frames that have a false checksum.
Maximum frame length: The maximum frame length supported by the router. For untagged frames,
Port Mirror function allows the switch to forward packet copies of the monitored port(s) to
a specific monitoring port. Then you can analyze the copied packets to monitor network
traffic and troubleshoot network problems.
Choose the menu Network > Switch > Mirror to load the following page.
Figure 6-2 Configuring Port Mirror
Follow these steps to configure Port Mirror:
1) In Settings section, enable Port Mirror function, and choose the mirror mode.
User Guide 36
Configuring NetworkSwitch Configuration
Enable Port
Mirror
Mirror ModeChoose the mirror mode which includes Ingress, Egress and Ingress and Egress.
Check the box to enable Port Mirror function.
Ingress: The packets received by the mirrored port will be copied to the mirroring
port.
Egress: The packets sent by the mirrored port will be copied to the mirroring port.
Ingress and Egress: Both the incoming and outgoing packets through the
mirrored port will be copied to the mirroring port.
2) In the Monitor List section, set the mirroring port and the mirrored port(s), then click
Save.
Mirroring PortThe packets through the mirrored port will be copied to this port.
Usually, the mirroring port is connected to a data diagnose device, which is used
to analyze the mirrored packets for monitoring and troubleshooting the network.
Mirrored PortThe packets through this port will be copied to the mirroring port.
Usually, the mirrored ports are the ports to be monitored.
6.3 Configuring Rate Control
Rate Control enables you to control the traffic rate for the specific packets on each port to
manage your network.
Choose the menu Network > Switch > Rate Control to load the following page.
Figure 6-3 Configuring Rate Control
Choose the port and configure the ingress frames or egress frames limitation, then click
Save.
Ingress LimitCheck the box to enable the Ingress Limit feature.
User Guide
37
Configuring NetworkSwitch Configuration
Ingress Frame
Type
Ingress Rate
(Mbps)
Egress LimitCheck the box to enable Egress Limit feature.
Egress Rate
(Mbps)
Specify the ingress frame type to be limited. It is All Frames by default.
All Frames: The ingress rate of all frames is limited.
Broadcast: The ingress rate of broadcast frames is limited.
Broadcast and Multicast: The ingress rate of broadcast and multicast frames is
limited.
Specify the limit rate for the ingress packets.
Specify the limit rate for the egress packets.
6.4 Configuring Port Config
You can configure the flow control and negotiation mode for the port.
Choose the menu Network > Switch > Port Config to load the following page.
Figure 6-4 Configuring Flow Control and Negotiation
Configure the flow control and negotiation mode for a port.
Flow ControlCheck the box to enable the flow control function.
Flow Control is the process of managing the data transmission of the sender to avoid
the receiver getting overloaded.
User Guide 38
Configuring NetworkSwitch Configuration
Negotiation
Mode
Select the negotiation mode for the port. You can set the mode as Auto, or manually
set the speed and duplex mode for the port. It is recommended to configure both
devices of a link to work in Auto-Negotiation mode or manually configure them to work
in the same speed and duplex mode.
If the two devices at both sides work in Auto mode, they will advertise their speed and
duplex abilities to each other, and negotiate the optimal speed and duplex mode.
If the local device works in Auto mode while the peer device does not, the local device
will automatically detect and match the speed with the peer device. The local device
will work in half-duplex mode, no matter what duplex mode the peer device is in.
6.5 Viewing Port Status
Choose the menu Network > Switch > Port Status to load the following page.
Figure 6-5 Viewing Port Status
StatusDisplays the port status.
Link Down: The port is not connected.
Link Up: The port is working normally.
Speed (Mbps)Displays the port speed.
Duplex ModeDisplays the duplex mode of the port.
Flow ControlDisplays if the Flow Control is enabled.
User Guide
39
Configuring NetworkVLAN Configuration
7
VLAN Configuration
The router supports 802.1Q VLAN, which can divide a LAN into multiple logical LANs.
Each logical LAN is a VLAN. Hosts in the same VLAN can communicate with each other.
However, hosts in different VLANs cannot communicate directly. Therefore, broadcast
packets can be limited to within the VLAN.
7.1 Creating a VLAN
Choose the menu Network > VLAN > VLAN to load the following page.
Figure 7-1 Creating a VLAN
Create a VLAN and add the port(s) to the VLAN, then click OK.
VLAN IDEnter a VLAN ID. The value ranges from 1 to 4094.
NameSpecify the name of the VLAN for easy identification.
PortsCheck the box to select the port and specify the port type in the specified VLAN. The
port can be divided into two types: TAG or UNTAG.
TAG: The egress rule of the packets transmitted by the port is Tagged.
UNTAG: The egress rule of the packets transmitted by the port is Untagged.
DescriptionOptional. Enter a brief description for easy management and searching.
User Guide 40
Configuring NetworkVLAN Configuration
Viewing the VLANs
Choose the menu Network > VLAN > VLAN to load the following page.
Figure 7-2 Viewing the VLAN
In the VLAN list you can view all the VLANs existing in the router.
VLAN IDDisplays the VLAN ID.
NameDisplays the VLAN name.
PortsDisplays the ports which belongs to the corresponding VLAN.
DescriptionDisplays the description of the VLAN.
Note:
The VLAN list contains all the VLANs existing in the router. Some of them are manually created by
the user, and can be edited or deleted. Some are automatically created and referenced by the router
for some special scenarios like IPTV or management VLAN, and you cannot edit or delete these
VLANs.
User Guide
41
Configuring NetworkVLAN Configuration
7.2 Configuring the PVID of a Port
Choose the menu Network > VLAN > Port to load the following page.
Figure 7-3 Configuring the PVID
Configure the PVID of the port, then click Save.
Port Displays the port.
PVID
VLANDisplays the VLAN(s) the port belongs to.
Specify the PVID for the port.
port.
VID indicates the default VLAN for the corresponding
P
User Guide 42
Configuring NetworkIPv6 Configuration
8
IPv6 Configuration
To complete IPv6 configuration, follow these steps:
1) Configure the LAN to specify the type of assigning IPv6 address to the client.
2) Configure the WAN connection.
8.1 Configuring the LAN
Configure the type of assigning IPv6 address to the LAN clients.
Choose the menu Network > IPv6 > LAN to load the following page.
Figure 8-1 Configuring the LAN
1) In Global section, enable IPv6 function and click Save.
IPv6Check the box to enable IPv6 function for the LAN.
2) In LAN section, configure the Assigned Type and Address prefix, then click Save.
User Guide
43
Configuring NetworkIPv6 Configuration
Assigned TypeSelect the appropriate type of assigning the IPv6 address according to your ISP.
DHCPv6: The DHCP server automatically assigns the IPv6 address and DNS
information to the clients.
SLAAC+Stateless DHCP: The DHCP server advertises the IPv6 prefix to the
client, the client then dynamically form a host identifier that is 64 bits long and will
be suffixed to the end of the advertised prefix to form an IPv6 address. Generally,
the host identifier was formed using the EUI-64. The DHCP server can also offer
the DNS information to the client when the client requests.
SLAAC+RDNSS: The DHCP server advertises the IPv6 prefix to the client, the
client then dynamically form a host identifier that is 64 bits long and will be
suffixed to the end of the advertised prefix to form an IPv6 address. Generally,
the host identifier was formed using the EUI-64. The DHCP server will also
automatically advertise the DNS information to the client.
Address PrefixEnter the LAN address prefix provided by your ISP.
Note: If the “Prefix Delegation” in WAN configuration is enabled, the LAN prefix will
be automatically assigned by the ISP, and you do not need to manually configure
it here.
Release TimeThe duration time in seconds when the assigned IPv6 address remains valid when
you choose the Assigned Type as DHCPv6. The default value is 86400 seconds .
AddressDisplays the IPv6 address of the LAN port.
8.2 Configuring the WAN
You can configure at most four WAN ports. Each WAN port can have its own IPv6 WAN
connection, providing link backup and expanding the bandwidth.
To complete WAN configuration, follow these steps:
1) Configure the number of WAN ports.
2) Configure the WAN connection.
8.2.1 Configuring the Number of WAN Ports
Choose the menu Network > WAN > WAN Mode to load the following page.
Figure 8-2 Configuring the WAN Mode
User Guide 44
Configuring NetworkIPv6 Configuration
WAN ModeSpecify the number of WAN ports.
1: Configure physical interface 1 as WAN1.
2: Configure physical interface 1 and interface 2 as WAN1 and WAN2 respectively.
3: Configure physical interface 1, interface 2 and interface3 as WAN1, WAN2 and
WAN3 respectively.
4: Configure physical interface 1, interface 2, interface 3 and interface 4 as WAN1,
WAN2, WAN3 and WAN4 respectively.
Note:
When a WAN port is added, the port-related entries are automatically added; when a WAN port
•
is deleted, the port-related entries are automatically deleted.
The router will reboot after switching the WAN mode.
•
8.2.2 Configuring the WAN Connection
The router supports five IPv6 connection types: Static IP, Dynamic IP (SLAAC/DHCPv6),
PPPoE, 6to4 Tunnel and Pass-Through (Bridge), you can choose one according to the
information provided by your ISP.
Static IP: Select this if your ISP provides you with a fixed IPv6 address, default gateway and
DNS address.
Dynamic IP (SLAAC/DHCPv6): Select this if your ISP automatically assigns the IPv6
address and the corresponding parameters.
PPPoE: Select this if your ISP provides you with a PPPoE account.
6to4 Tunnel: Select this if your ISP uses 6to4 deployment for assigning address.
Pass-Through (Bridge): Select this if your ISP uses Pass-Through (Bridge) network
deployment. No parameters are required for this type of connection.
User Guide
45
Configuring NetworkIPv6 Configuration
Choose the menu Network > IPv6 > WAN to load the following page.
Configuring the Dynamic IP (SLAAC/DHCPv6)
Figure 8-3 Configuring the Dynamic IP (SLAAC/DHCPv6)
Follow these steps to configure Dynamic IP connection:
1) In the General section, check the box to enable IPv6 function, then click Save.
IPv6Check the box to enable IPv6 function.
2) In the Internet section, choose the Internet Connection type as Dynamic IP (SLAAC/DHCPv6), and configure the corresponding parameters. Then click Save.
Internet
Connection Type
IPv6 Address/
Primary DNS/
Secondary DNS
RenewClick this button to get new IPv6 parameters assigned by the DHCPv6 server
ReleaseClick this button to release the IPv6 parametersassigned by DHCPv6 server
Choose Dynamic IP (SLAAC/DHCPv6) as the connection type.
Displays the IPv6 address/Primary DNS/Secondary DNS of the WAN port. These
parameters are automatically assigned by the DHCPv6 server from your ISP.
from the ISP.
from the ISP.
User Guide 46
Configuring NetworkIPv6 Configuration
3) In the Internet section, click Advanced to configure the way of getting the IPv6 address
and DNS address, and configure the Prefix Delegation. Then click Save.
Get IPv6 AddressChoose the method by which the IPv6 address is obtained from the ISP.
DHCPv6: The DHCP server automatically assigns the IPv6 address.
SLAAC+Stateless DHCP: The DHCP server advertises the IPv6 prefix to the
WAN port, the WAN port then dynamically form a host identifier that is 64 bits
long and will be suffixed to the end of the advertised prefix to form an IPv6
address. Generally, the host identifier was formed using the EUI-64.
Prefix DelegationEnable or disable prefix delegation. The prefix will be assigned to the LAN clients.
Enable: The prefix of the IPv6 address will automatically be assigned by the ISP,
and you do not need to configure the prefix in LAN page.
Disable: You need to enter a prefix manually.
Note: If more than one WAN port is enabled with Prefix Delegation, the LAN port
will assign the prefix of the latest enabled WAN port to the LAN clients.
DNS AddressChoose the way of getting DNS address from the ISP.
Get dynamically from ISP: The DNS address will automatically assigned by the
ISP.
Use the following DNS address: The user need to manually enter the DNS
address provided by the ISP.
Primary DNS/
Secondary DNS
Configuring the Static IP
Figure 8-4 Configuring the Static IP
Enter the DNS address provided by the ISP.
User Guide
47
Configuring NetworkIPv6 Configuration
Follow these steps to configure static IP connection:
1) In the General section, check the box to enable IPv6 function, then click Save.
IPv6Check the box to enable IPv6 function.
2) In the Internet section, choose the Internet Connection type as Static IP, and configure
the corresponding parameters. Then click Save.
Internet
Connection Type
IPv6 AddressEnter the IPv6 address provided by your ISP.
Default GatewayEnter the default gateway provided by your ISP.
Primary DNS/
Secondary DNS
Choose Static IP as the connection type.
Enter the DNS address provided by your ISP.
User Guide 48
Configuring NetworkIPv6 Configuration
Configuring the PPPoE
Figure 8-5 Configuring the PPPoE
Follow these steps to configure PPPoE connection:
1) In the General section, check the box to enable IPv6 function, then click Save.
IPv6Check the box to enable IPv6 function.
2) In the Internet section, choose the Internet Connection type as PPPoE, and configure
the corresponding parameters. Then click Save.
User Guide
49
Configuring NetworkIPv6 Configuration
Internet
Connection Type
UsernameEnter the PPPoE username provided by your ISP.
PasswordEnter the PPPoE password provided by your ISP.
IPv6 AddressDisplays the IPv6 address of the WAN port.
Choose PPPoE as the connection type.
Note:
If your ISP provides only one PPPoE account for both IPv4 and IPv6 con-
•
nections, and you have already established an IPv4 connection on this WAN
port, you can check PPPoE same session with IPv4 connection, then the
WAN port will use the PPP session of IPv4 PPPoE connection to get the IPv6
address. In this case, you do not need to enter the username and password
of the PPPoE account on this page.
If your ISP provides two separate PPPoE accounts for the IPv4 and IPv6
•
connections, or the IPv4 connection of this WAN port is not based on PPPoE, please don’t check PPPoE same session with IPv4 connection and
manually enter the username and password for the IPv6 connection.
3) In the Internet section, click Advanced to configure the way of getting the IPv6 address
and DNS address, and configure the Prefix Delegation. Then click Save.
Get IPv6 AddressChoose the method by which the IPv6 address is obtained from the ISP.
DHCPv6: The DHCP server automatically assigns the IPv6 address.
SLAAC+Stateless DHCP: The DHCP server advertises the IPv6 prefix to the
WAN port, the WAN port then dynamically forms a host identifier that is 64
bits long and will be suffixed to the end of the advertised prefix to form an IPv6
address. Generally, the host identifier is formed using the EUI-64.
Prefix DelegationEnable or disable prefix delegation. The prefix will be assigned to the LAN clients.
Enable: The prefix of the IPv6 address will automatically be assigned by the ISP,
and you do not need to configure the prefix in the LAN page.
Disable: You need to enter a prefix manually.
Note: If more than one WAN port is enabled with Prefix Delegation, the LAN port
will assign the prefix of the latest enabled WAN port to the LAN clients.
DNS AddressChoose the way of getting DNS address from the ISP.
Get dynamically from ISP: The DNS address will automatically assigned by the
ISP.
Use the following DNS address: The user needs to manually enter the DNS
address provided by the ISP.
Primary DNS/
Secondary DNS
Enter the DNS address provided by the ISP.
User Guide 50
Configuring NetworkIPv6 Configuration
Configuring the 6to4 Tunnel
6to4 is an internet transition mechanism for migrating from IPv4 to IPv6, a system that
allows IPv6 packets to be transmitted over an IPv4 network. The IPv6 packet will be
encapsulated in the IPv4 packet and transmitted to the IPv6 destination through IPv4
network.
Figure 8-6 Configuring the 6to4 Tunnel
Follow these steps to configure 6to4 Tunnel connection:
1) In the General section, check the box to enable IPv6 function, then click Save.
IPv6Check the box to enable IPv6 function.
2) In the Internet section, choose the Internet Connection type as 6to4 Tunnel, and
configure the corresponding parameters. Then click Save.
Tunnel AddressDisplays the tunnel address of the WAN port.
Choose the connection type as PPPoE.
These parameters will be dynamically generated by the IPv4 information of WAN
port after you click Connect.
User Guide
51
Configuring NetworkIPv6 Configuration
3) (Optional) In Internet section, click Advanced to configure the DNS server. Then click
Save.
Use the following
DNS Server
Primary DNS/
Secondary DNS
Configuring the Pass-Through (Bridge)
Check the box to manually enter the IP address DNS server provided by your
ISP.
Note: If this option is not enabled, the router will use the default DNS servers with
the IPv6 address as 2001:4860:4860::8888 and 2001:4860:4860::8844.
Enter the IPv6 address of the DNS server provided by your ISP.
In Pass-Through (Bridge) mode, the router works as a transparent bridge. The IPv6 packets
received from the WAN port will be transparently forwarded to the LAN port and vice versa.
No extra parameter is required.
Figure 8-7 Configuring the Pass-Through (Bridge)
Follow these steps to configure Pass-Through (Bridge) connection:
1) In the General section, check the box to enable IPv6 function, then click Save.
IPv6Check the box to enable IPv6 function.
2) In the Internet section, choose the Internet Connection type as Pass-Through (Bridge),
then click Save.
Internet
Connection Type
Choose the connection type as Pass-Through (Bridge).
Note:
If the Internet Connection Type of any WAN port is Pass-Through (Bridge), the IPv6 parameters of
the LAN port and the other WAN ports cannot be configured.
User Guide 52
Part 4
Configuring Preferences
CHAPTERS
1. Overview
2. IP Group Configuration
3. Time Range Configuration
4. VPN IP Pool Configuration
5. Service Type Configuration
Configuring PreferencesOverview
1
Overview
You can preset certain preferences, such as IP groups, time ranges, IP Pools and
service types. These preferences will appear as options for you to choose when you are
configuring the corresponding parameters for some functions. For example, the IP groups
configured here will appear as options when you are configuring the effective IP addresses
for functions like Bandwidth Control, Session Limit , Policy Routing and so on.
Once you configure a preference here, it can be applied to multiple functions, saving time
during the configuration. For example, after configuring a time range in the Preferences > Time Range > Time Range page, you can use this time range as the effective time of
Bandwidth Control rules, Link Backup rules, Policy Routing rules, and so on.
User Guide 54
Configuring PreferencesIP Group Configuration
2
IP Group Configuration
IP groups configured here can be used as effective IP addresses for multiple functions like
Bandwidth Control, Session Limit , Policy Routing and so on.
To complete IP Group configuration, follow these steps:
1) Add IP address entries.
2) Add IP address entries to an IP group.
2.1 Adding IP Address Entries
Choose the menu Preferences > IP Group > IP Address and click Add to load the following
page.
Figure 2-1 Add an IP Address Entry
Follow these steps to add an IP address entry:
1) Enter a name and specify the IP address range.
NameEnter a name for the IP address entry. Only letters, digits or underscores are
allowed.
IP Address TypeChoose a type and enter the IP address in the corresponding format. Two types
are provided:
IP Address Range: Specify a starting IP address and an ending IP address.
IP Address/Mask: Specify a network address and the subnet mask.
Description(Optional) Enter an brief description of this IP address entry to make identifying it
easier.
2) Click OK.
User Guide
55
Configuring PreferencesIP Group Configuration
2.2 Grouping IP Address Entries
Choose the menu Preferences > IP Group > IP Group and click Add to load the following
page.
Figure 2-2 Create an IP Group
Follow these steps to create an IP group and add IP address entries to the group:
1) Specify a name and configure the range to add an IP address range.
Group NameEnter a name for the IP group. Only letters, digits or underscores are allowed.
Address NameSelect the IP address entries as the members of the group from the drop-down
list. It is multi-optional.
If no IP address entries are selected, the rule that references this IP group will
have no effect on any IP addresses.
Description(Optional) Enter an brief description of this IP group to make identifying it easier.
2) Click OK.
You can also choose an existing IP group and click
to add or remove the IP address
members.
Note:
An IP group that is being referenced by a rule cannot be deleted.
User Guide 56
Configuring PreferencesTime Range Configuration
3
Time Range Configuration
Time range configuration allows you to define time ranges by specifying the period in a day
and days in a week. The time range configured here can be used as the effective time for
multiple functions like Bandwidth Control, Link Backup, Policy Routing and so on.
Choose the menu Preferences > Time Range > Time Range and click Add to load the
following page.
Figure 3-1 Add a Time Range Entry
Follow these steps to add a time range entry:
1) Enter a name for the time range entry.
Time Range
Name
2) Choose a mode to set the time range. Two modes are provided: Working Calendar and
Manually.
Working Calendar
Working Calendar mode allows you to set the time range on a calendar. In this mode,
the effective time can be accurate to the hour.
Choose Working Calendar mode and click
Enter a name for the time range entry. Only letters, digits or underscores are
allowed.
to load the following page.
User Guide
57
Configuring PreferencesTime Range Configuration
Figure 3-2 Working Calendar Mode
Select the time slices and click OK to set the time range. You can click the time slices,
or alternatively drag the areas to select or deselect the time slices.
Manually
Manually mode allows you to enter the time range and select the effective days in a
week manually. In this mode, effective time can be accurate to the minute.
Choose Manually mode to load the following page.
Figure 3-3 Manually Mode
WeekSelect the effective days in a week.
Time Range
Enter a start and end time. If the effective time is discontinuous, click
another time range.
to add
3) (Optional) Enter an brief description of this time range to make identifying it easier.
4) Click OK.
Note:
A time range entry that is being referenced by a rule cannot be deleted.
User Guide 58
Configuring PreferencesVPN IP Pool Configuration
4
VPN IP Pool Configuration
Note:
TL-ER5120 does not support VPN IP Pool.
The VPN IP pools configured here can be used as the VPN IP address pools when
configuring L2TP VPN and PPTP VPN.
Choose the menu Preferences > VPN IP Pool > VPN IP Pool and click Add to load the
following page.
Figure 4-1 Add an IP Pool Entry
Follow these steps to add an IP Pool:
1) Enter a name and specify the starting and ending IP address of the IP Pool.
IP Pool NameEnter a name for the IP Pool. Only letters, digits or underscores are allowed.
Starting IP Address/
Ending IP Address
2) Click OK.
Note:
An IP pool entry that is being referenced by a rule cannot be deleted.
Specify the starting and ending IP address. The range of the IP pool cannot
overlap with the existing IP pools.
User Guide
59
Configuring PreferencesService Type Configuration
5
Service Type Configuration
The service type entries configured here can be used as part of the matching conditions
when configuring the Access Control rules in Firewall.
Choose the menu Preferences > Service Type > Service Type to load the following page.
Figure 5-1 Service Type List
The entries in gray are system predefined service types. You can add other entries if your
service type is not in the list.
User Guide 60
Configuring PreferencesService Type Configuration
Click Add to load the following page.
Figure 5-2 Add a Service Type Entry
Follow these steps to add a service type entry:
1) Enter a name for the service type.
Service Type NameEnter a name for the service type. Only letters, digits or underscores are
allowed.
2) Select the protocol for the service type. The predefined protocols include TCP, UDP,
TCP/UDP and ICMP. For other protocols, select the option Other.
When TCP, UDP, or TCP/UDP is selected, the following page will appear.
Figure 5-3 TCP/UDP Protocol
Source Port Range/
Destination Port Range
Specify range of the source port and destination port of the TCP or UDP
packets. Packets whose source port and destination port are both in the
range are considered as the target packets.
When ICMP is selected, the following page will appear.
Figure 5-4 ICMP Protocol
Type/CodeSpecify the type and code of the ICMP packets. ICMP packets with both
the type and code fields matched are considered as the target packets.
User Guide
61
Configuring PreferencesService Type Configuration
When Other is selected, the following page will appear.
Figure 5-5 Other Protocols
Protocol NumberSpecify the protocol number of the packets. Packets with the protocol
number field matched are considered as the target packets.
3) (Optional) Enter a brief description of this service type to make identifying it easier.
4) Click OK.
Note:
A service type entry that is being referenced by a rule cannot be deleted.
User Guide 62
Part 5
Configuring Transmission
CHAPTERS
1. Transmission
2. NAT Configurations
3. Bandwidth Control Configuration
4. Session Limit Configurations
5. Load Balancing Configurations
6. Routing Configurations
7. Configuration Examples
Configuring TransmissionTransmission
1
Transmission
1.1 Overview
Transmission function provides multiple traffic control measures for the network. You can
configure the transmission function according to your actual needs.
1.2 Supported Features
The transmission module includes NAT, Bandwidth Control, Session Limit, Load Balancing
and Routing.
NAT
NAT (Network Address Translation) is the translation between private IP and public IP.
NAT provides a way to allow multiple private hosts to access the public network using one
public IP at the same time, which alleviates the shortage of IP addresses. Furthermore, NAT
strengthens the LAN (Local Area Network) security since the address of LAN host never
appears on the internet. The router supports following NAT features:
Multi-Nets NAT
Multi-Nets NAT function can help the router provide NAT translation for multiple subnets.
One-to-One NAT
One-to-One NAT creates a relationship between a private IP address and a public IP
address. A device with a private IP address can be accessed through the corresponding
valid public IP address.
Virtual Servers
When you build up a server in the local network and want to share it on the internet, Virtual
Servers can realize the service and provide it to the internet users. At the same time
Virtual Servers can keep the local network safe as other services are still invisible from the
internet.
Port Triggering
Port Triggering is a feature used to dynamically forward traffic on a certain port to a
specific server on the local network. When a host in the local network initiates a connection
to the triggering port, all the external ports will be opened for subsequent connections. The
router can record the IP address of the host, when the data from the internet returns to the
User Guide 64
Configuring TransmissionTransmission
external ports, the router can forward them to the corresponding host. Port Triggering is
mainly applied to online games, VoIPs, video players and so on.
NAT-DMZ
When a PC is set to be a DMZ (Demilitarized Zone) host in the local network, it is totally
exposed to the internet, which can realize the unlimited bidirectional communication
between internal hosts and external hosts. The DMZ host becomes a virtual server with
all ports opened. When you are not clear about which ports to open in some special
applications, such as IP camera and database software, you can set the PC to be a DMZ
host.
ALG
Some special protocols such as FTP, H.323, SIP, IPSec and PPTP will work properly only
when ALG (Application Layer Gateway) service is enabled.
Bandwidth Control
You can control the bandwidth by configuring bandwidth control rules for limiting various
data flows. In this way, the network bandwidth can be reasonably distributed and utilized.
Session Limit
The amount of TCP and UDP sessions supported by the router is finite. If some local hosts
transmit too many TCP and UDP sessions to the public network, the communication quality
of the other local hosts will be affected, thus it is necessary to limit the sessions of those
hosts.
Load Balancing
You can configure the traffic sharing mode of the WAN ports to optimize the resource
utilization.
Routing
You can configure policy routing rules and static routing.
Policy routing provides a more accurate way to control the routing based on the policy
defined by the network administrator.
Static routing is a form of routing that is configured manually by adding non-aging entries
into a routing table. The manually-configured routing information guides the router in
forwarding data packets to the specific destination.
User Guide
65
Configuring TransmissionNAT Configurations
2
NAT Configurations
With NAT configurations, you can:
Configure the Multi-Nets NAT.
Configure the One-to-One NAT.
Configure the Virtual Servers.
Configure the Port Triggering.
Configure the NAT-DMZ.
Configure the ALG.
2.1 Configuring the Multi-Nets NAT
Choose the menu Transmission > NAT > Multi-Nets NAT and click Add to load the
following page.
Figure 2-1 Configuring the Multi-Nets NAT
Follow these steps to configure the Multi-Nets NAT:
1) Specify the name of the Multi-Nets NAT rule and configure other related parameters.
InterfaceSpecify the effective interface for the rule. If you choose multiple ports, the entry
will be applied to all selected ports simultaneously.
User Guide 66
Configuring TransmissionNAT Configurations
Source IP RangeSpecify the source IP range for the rule.
StatusCheck the box to enable the rule.
DescriptionGive a description for the rule entry to facilitate your management.
2) Click OK.
2.2 Configuring the One-to-One NAT
Choose the menu Transmission > NAT > One-to-One NAT and click Add to load the
following page.
Figure 2-2 Configuring the One-to-One NAT
Follow these steps to configure the One-to-One NAT:
1) Specify the name of the One-to-One NAT rule and configure other related parameters.
InterfaceSpecify the effective interface for the rule. If you choose multiple ports, the entry
will be applied to all selected ports simultaneously.
Original IPSpecify the original IP address for the rule. The original IP address cannot be the
broadcast address, network address or IP address of the interface.
Translated IP Specify the translated IP address for the rule. The translated IP address cannot be
the broadcast address, network address or IP address of the interface.
DMZ ForwardingCheck the box to enable DMZ Forwarding. The packets transmitted to the
translated IP address will be forwarded to the host of original IP address if DMZ
Forwarding is enabled.
DescriptionGive a description for the rule entry to facilitate your management.
StatusCheck the box to enable the rule.
2) Click OK.
User Guide
67
Configuring TransmissionNAT Configurations
Note:
One-to-One NAT takes effect only when the connection type of WAN is Static IP.
2.3 Configuring the Virtual Servers
Choose the menu Transmission > NAT > Virtual Servers and click Add to load the
following page.
Figure 2-3 Configuring the Virtual Servers
Follow these steps to configure the Virtual Servers:
1) Specify the name of the Virtual Server rule and configure other related parameters.
InterfaceSpecify the effective interface for the rule. If you choose multiple ports, the entry
will be applied to all selected ports simultaneously.
External PortEnter the service port or port range the router provided for accessing external
network. The ports or port ranges cannot overlap with those of other virtual
server rules.
Internal Port Specify the service port or port range of the LAN host as virtual server.
Internal Server
IP
ProtocolSpecify the protocol used for the entry.
StatusCheck the box to enable the rule.
Enter the IP address of the specified internal server for the entry. All the requests
from the internet to the specified LAN port will be redirected to this host.
2) Click OK.
User Guide 68
Configuring TransmissionNAT Configurations
2.4 Configuring the Port Triggering
Choose the menu Transmission > NAT > Port Triggering and click Add to load the
following page.
Figure 2-4 Configuring the Port Triggering
Follow these steps to configure the Port Triggering:
1) Specify the name of the Port Triggering rule and configure other related parameters.
InterfaceSpecify the effective interface for the rule. If you choose multiple ports, the entry
will be applied to all selected ports simultaneously.
Trigger PortEnter the trigger port or port range. Each entry supports at most 5 groups of
trigger ports. For example, you can enter 1-2, 3-4, 5-6, 7-8, 8-9. Note that the
ports or port ranges cannot overlap with those of other port triggering rules.
Trigger ProtocolSpecify the trigger protocol for the trigger port.
Incoming PortEnter the incoming port or port range. Each entry supports at most 5 groups of
incoming ports. For example, you can enter 1-2, 3-4, 5-6, 7-8, 8-9. Note that the
ports or port ranges cannot overlap with those of other port triggering rules.
Incoming
Protocol
StatusCheck the box to enable the rule.
Specify the incoming protocol for the incoming port.
2) Click OK.
User Guide
69
Configuring TransmissionNAT Configurations
2.5 Configuring the NAT-DMZ
Choose the menu Transmission > NAT > NAT-DMZ and click Add to load the following
page.
Figure 2-5 Configuring the NAT-DMZ
Follow these steps to configure the NAT-DMZ:
1) Specify the name of the NAT-DMZ rule and configure other related parameters.
InterfaceSpecify the effective interface for the rule. If you choose multiple ports, the entry
will be applied to all selected ports simultaneously.
Host IP AddressSpecify the host IP address for NAT-DMZ.
StatusCheck the box to enable the rule.
2) Click OK.
2.6 Configuring the ALG
Choose the menu Transmission > NAT > ALG to load the following page.
Figure 2-6 Configuring the ALG
Enable related ALG according to your needs and click Save.
User Guide 70
Configuring TransmissionBandwidth Control Configuration
3
Bandwidth Control Configuration
Bandwidth Control functions to control the bandwidth by configuring rules for limiting
various data flows. In this way, the network bandwidth can be reasonably distributed and
utilized.
Choose the menu Transmission> Bandwidth Control to load the following page.
Figure 3-1 Configuring the Bandwidth Control
Follow these steps to configure the Bandwidth Control rule:
1) In the Bandwidth ControlConfig Section, enable Bandwidth Control function globally.
Enable
Bandwidth
Control
Enable
Bandwidth
Control When
2) In the Bandwidth Control Rule List section, click Add to load the following page.
Check the box to enable Bandwidth Control globally.
With “Enable Bandwidth Control” selected, you can specify a percentage, and the
Bandwidth Control will take effect only when the bandwidth usage reaches the
percentage you specified.
User Guide
71
Configuring TransmissionBandwidth Control Configuration
Figure 3-2 Add Bandwidth Control rules
Specify the name of the Bandwidth Control rule and configure other related parameters.
Then click OK.
DirectionSpecify the data stream direction for the rule.
GroupSpecify the address group for the rule to define the controlled users. The IP group
referenced here can be created on the Preferences > IP Group > IP Group page.
Maximum
Upstream
Bandwidth
Maximum
Downstream
Bandwidth
ModeSpecify the bandwidth control mode for the address group.
Specify the Maximum Upstream Bandwidth in Kbps for the rule.
Specify the Maximum Downstream Bandwidth in Kbps for the rule.
Individual means the bandwidth of each user is equal to the current bandwidth of
this entry.
Shared means the total bandwidth of all controlled IP addresses is equal to the
current bandwidth of this entry.
Effective TimeSpecify the time for the rule to take effect. Any means it always takes effect. The
time range referenced here can be created on the Preference > Time Range > Time Range page.
DescriptionEnter a brief description for the rule.
IDAppend the rule to the right position to give a priority for the rule.
Choose the menu Transmission> Load Balancing > Basic Settings to load the following
page.
Figure 5-1 Configuring the Load Balancing
Follow these steps to configure the load balancing:
1) In the General Section, enable load balancing function globally and click Save.
2) In the Basic Settings section, select the appropriate method for load balancing and
click Save.
Enable Application
Optimized Routing
Enable Bandwidth Based
Balance Routing on port(s)
With Application Optimized Routing enabled, the router will consider
the source IP address and destination IP address (or destination port)
of the packets as a whole and record the WAN port they pass through.
Then the packets with the same source IP address and destination IP
address (or destination port) will be forwarded to the recorded WAN
port. This feature ensures that multi-connected applications work
properly.
Select the WAN port from the drop-down list to enable Bandwidth
Based Balance Routing.
With Link Backup function, the router will switch all the new sessions from dropped lines
automatically to another to keep an always on-line network.
Choose the menu Transmission> Load Balancing > Link Backup and click Add to load the
following page.
Figure 5-2 Configuring the Link Backup Rule
Configure the following parameters on this page and click OK.
Primary WANSpecify the primary WAN port. You can choose one primary WAN port, or choose
multiple primary WAN ports to perform load balance.
Backup WANSpecify the backup WAN port to back up the traffic for the primary WAN port under
the specified condition.
ModeSpecify the mode as Timing or Failover.
Timing: Link Backup will be enabled if the specified effective time is reached. All the
traffic on the primary WAN will switch to the backup WAN at the beginning of the
effective time; the traffic on the backup WAN will switch to the primary WAN at the
ending of the effective time.
Failover(Enable backup link when any primary WANs fails): Link Backup will be
enabled when any primary WANs fails.
Failover(Enable backup link when all primary WANs fail): Link Backup will be
enabled only when all primary WANs fail.
Effective TimeSpecify the time for the rule to take effect. “Any” means it takes effect at any time. The
time range referenced here can be created on the Preference > Time Range > Time Range page.
With Online Detection function, you can detect the online status of the WAN port.
Choose the menu Transmission> Load Balancing > Online Detection and click
the following page.
Figure 5-3 Configuring the Online Detection
Configure the following parameters on this page and click OK.
PortDisplays the name of WAN Port.
to load
ModeSelect the online detection mode.
Auto: In Auto Mode, the DNS server of the WAN port will be selected as the destination
for DNS Lookup to detect whether the WAN is online.
Manual: In Manual Mode, you can configure the destination IP address for PING and
DNS Lookup manually to detect whether the WAN is online.
Always Online: In Always Online Mode, the status of the port will always be online.
PingWith “Manual Mode” selected, specify the destination IP for Ping. The corresponding
port will ping the IP address to detect whether the WAN port is online. 0.0.0.0 means
Ping detection is disabled.
DNS LookupWith “Manual Mode” selected, specify the IP address of DNS server. The
corresponding port will perform the DNS lookup using default domain name to detect
whether the WAN port is online. 0.0.0.0 means DNS Lookup is disabled.
User Guide
77
Configuring TransmissionRouting Configurations
6
Routing Configurations
With routing configurations, you can:
Configure the static routing
Configure the policy routing rule
View the routing table
6.1 Configuring the Static Routing
Choose the menu Transmission> Routing > Static Route and click Add to load the
following page.
Figure 6-1 Configuring the Static Routing
Specify the name of the static route entry and configure other related parameters. Then
click OK.
Destination IPSpecify the destination IP address the route leads to.
Subnet MaskSpecify the subnet mask of the destination network.
Next HopSpecify the IP address to which the packet should be sent next.
InterfaceSpecify the physical network interface through which this route is accessible.
MetricDefine the priority of the route. A smaller value means a higher priority. The default
value is 0. It is recommended to keep the default value.
User Guide 78
Configuring TransmissionRouting Configurations
DescriptionEnter a brief description for the rule.
StatusCheck the box to enable the rule.
6.2 Configuring the Policy Routing
Choose the menu Transmission> Routing > Policy Routing and click Add to load the
following page.
Figure 6-2 Configuring the Policy Routing
Specify the name of the policy routing entry and configure other related parameters. Then
click OK.
Service TypeSpecify the service type for the rule.
Source IPEnter the source IP range for the rule. 0.0.0.0 - 0.0.0.0 means any IP is acceptable.
Destination IPEnter the destination IP range for the rule. 0.0.0.0 - 0.0.0.0 means any IP is acceptable.
WANSpecify the outcoming port for the rule. If you choose multiple ports, the entry will be
applied to all selected ports simultaneously.
Effective TimeSpecify the effective time for the rule.
User Guide
79
Configuring TransmissionRouting Configurations
ModeSpecify the policy routing mode for the rule.
Priority: In Priority Mode, the rule depends on the online detection result. If any WAN
port that you specify is online, the rule will take effect. If all the WAN ports that you
specify are offline, the rule will not take effect.
Only: In Only Mode, the rule always takes effect regardless of the WAN port status or
online detection result.
DescriptionEnter a brief description for the rule.
StatusCheck the box to enable the rule.
6.3 Viewing the Routing Table
Choose the menu Transmission> Routing > Routing Table to load the following page.
Figure 6-3 Routing Table
The Routing Table shows the information of the current route entries.
Destination IPDisplays the destination IP address the route leads to.
Subnet MaskDisplays the subnet mask of the destination network.
Next HopDisplays the gateway IP address to which the packet should be sent next.
InterfaceDisplays the physical network interface through which this route is accessible.
MetricDisplays the metric to reach the destination IP address.
User Guide 80
Configuring TransmissionConfiguration Examples
7
Configuration Examples
7.1 Example for Configuring NAT
7.1.1 Network Requirements
A company has two departments: Market Department and RD department. Each
department is assigned to an individual subnet. The company has the following
requirements:
1) The two departments need to access the internet via the same gateway router.
2) The company has a web server which needs to be accessed by the users on the
internet.
7.1.2 Network Topology
Figure 7-1 Network Topology
Web Server
192.168.0.20
RD Department
172.16.10.0/24
L3 Switch
Market Department
172.16.20.0/24
7.1.3 Configuration Scheme
To meet the first requirement, add Multi-nets NAT entries for the two departments
respectively on the gateway router, thus the router can translate and deliver packets
whose source IP addresses are in different subnets from the router’s LAN IP segment.
Then configure static routing on the gateway router to make sure the router know where to
deliver the packets to IP addresses in different subnets (172.16.10.0/24, 172.16.20.0/24).
LAN
Gateway Router
192.168.0.10
WAN1
123.1.1.3
Internet
User Guide
81
Configuring TransmissionConfiguration Examples
To meet the second requirement, add One-to-One NAT entry for the Web Server on
the gateway router, thus the web server with a private IP address can be accessed at a
corresponding valid public IP address. Note that One-to-One NAT take effects only when
the connection type of WAN port is Static IP.
7.1.4 Configuration Procedure
Follow the steps below to configure NAT on the gateway router:
Configuring the Multi-Nets NAT
1) Choose the menu Transmission > NAT > Multi-Nets NAT to load the configuration
page, and click Add.
2) Add Multi-nets NAT entries for the two departments respectively: Specify the entry
name as RD/Market, choose the interface as WAN1, and enter the network address
of the RD/Market department as source IP range. Keep Status of this entry as Enable.
Click OK.
Figure 7-2 Adding a Multi-Nets Entry for RD Department
Figure 7-3 Adding a Multi-Nets Entry for Market Department
Configuring the static routing
1) Choose the menu Transmission > Routing > Static Route to load the configuration
page, and click Add.
User Guide 82
Configuring TransmissionConfiguration Examples
2) Add static routes for the two departments respectively: Specify the entry name as RD/
Market, enter 172.16.10.0/172.16.20.0 as the destination IP, and specify the VLAN 1
interface IP of L3 switch as next hop, then choose the interface as WAN1. Keep Status
of this entry as Enable. Click OK.
Figure 7-4 Configuring the Static Routing for RD Department
Figure 7-5 Configuring the Static Routing for Market Department
Configuring the One-to-One NAT
1) Choose the menu Transmission > NAT > One-to-One NAT to load the configuration
page, and click Add.
2) Add a One-to-One NAT entry for the web server: Specify the entry name as web,
choose the interface as WAN1, and enter the orignal IP as 192.168.0.20, the translated
IP as 123.1.1.3. Enable DMZ Forwarding, then keep Status of this entry as Enable. Click
OK.
User Guide
83
Configuring TransmissionConfiguration Examples
Figure 7-6 Adding a Multi-Nets Entry for RD Department
7.2 Example for Configuring Load Balancing
7.2.1 Network Requirements
To make good use of bandwidth, the network administrator decides to bind two WAN links
using load balancing.
7.2.2 Network Topology
Figure 7-7 Network Topology
Internet
PPPoE 8Mbps
WAN1
Internet
Router
WAN2
Dynamic IP 12Mbps
7.2.3 Configuration Scheme
To meet the requirement, configure WAN parameters on the router in order that the
two WAN links can work properly and have access to the internet, then configure load
balancing on the router to aggregate two WAN links.
PC
User Guide 84
Configuring TransmissionConfiguration Examples
7.2.4 Configuration Procedure
Follow the steps below to configure load balancing on the router:
Configuring the WAN parameters
For WAN1 port, configure the connection type as PPPoE, and specify Upstream and
Downstream bandwidth for this link based on your ADSL bandwidth (You could consult
your internet Service Provider for the bandwidth information).
For WAN2 port, configure the connection type as Dynamic IP, and specify Upstream
and Downstream bandwidth for this link according to data that ISP provides.
Make sure two WAN links can work properly and have access to the internet.
Configuring the Load Balancing
Choose the menu Transmission> Load Balancing > Basic Settings to load the
configuration page. Enable Load Balancing globally, and click Save. Enable Application
Optimized Routing, and enable Bandwidth Based Balancing Routing on WAN1 port and
WAN2 port. Click Save.
Figure 7-8 Configuring the Load Balancing
7.3 Example for Configuring Virtual Server
7.3.1 Network Requirements
The network administrator builds up a FTP server on the local network and wants to share it
on the internet.
User Guide
85
Configuring TransmissionConfiguration Examples
7.3.2 Network Topology
Figure 7-9 Network Topology
LAN
FTP Server
IP:192.168.0.100
Router
7.3.3 Configuration Scheme
In this scenario, both virtual server and DMZ host can be configured to meet the
requirement. Here we take configuring Virtual Server as an example, owing to that for a
DMZ host all ports are open which may result in unsafety. Configure the FTP server as a
virtual server on the router so that the FTP server can be accessed by the internet user.
Demonstrated with TL-ER6120, The following section provides the configuration
procedure.
7.3.4 Configuration Procedure
Follow the steps below to configure virtual server on the router:
1) Choose the menu Network > NAT > Virtual Servers to load the configuration page, and
click Add.
WAN1
Internet
PC
2) Specify the entry name as ftp, choose the interface as WAN1, and specify the internal/
external port as 21, enter the IP address of FTP server (192.168.0.100) as the internal
server IP. Select the protocol as All, then keep Status of this entry as Enable. Click OK.
Figure 7-10 Configuring the Virtual Server
User Guide 86
Configuring TransmissionConfiguration Examples
7.4 Example for Configuring Policy Routing
7.4.1 Network Requirements
The network administrator has a router with 3 computers (192.168.0.2-192.168.0.4)
connected to the LAN side, all computers are routed to internet by WAN1 port and WAN2
port, the requirements are as follows:
WAN2 link is used to backup WAN1 link to keep an always on-line network.
The two computers with IP addresses 192.168.0.2 and 192.168.0.3 are required to use
WAN1 for web surfing, WAN2 for other internet activities.
7.4.1 Network Topology
Figure 7-11 Network Topology
Internet
WAN1
PC
192.168.0.2
Router
PC
192.168.0.3
Internet
WAN2
PC
192.168.0.4
7.4.2 Configuration Scheme
To meet the first requirement, configure link backup on the router. To meet the second
requirement, configure policy routing rules for two computers which use 192.168.0.2 and
192.168.0.3. Note that link backup rule has a higher priority than policy routing rule.
7.4.3 Configuration Procedure
Follow the steps below to configure link backup and policy routing on the router:
Configuring the Link Backup
1) Choose the menu Transmission > Load Balancing > Link Backup to load the
configuration page, and click Add.
2) Specify the primary WAN as WAN1, the backup WAN as WAN2 and the mode as
Failover (Enable backup link when any primary WAN fails), so that the backup WAN
User Guide
87
Configuring TransmissionConfiguration Examples
will be enabled when the primary WAN failed. Keep Status of this entry as Enable. Click
OK.
Figure 7-12 Configuring the Link Backup
Configuring the Policy Routing Rules
1) Choose the menu Preferences > IP Group > IP Address to load the configuration page,
and click Add. Specify the IP address name as tp, the IP address type as IP Address
Range (192.168.0.2-192.168.0.3). Click OK.
Figure 7-13 Configuring the IP Address
2) Choose the menu Preferences > IP Group > IP Address to load the configuration
page and click Add. Specify the IP group name as group1, the IP address name as tp to
reference the IP address you have created. Click OK.
User Guide 88
Configuring TransmissionConfiguration Examples
Figure 7-14 Configuring the IP Group
3) Choose the menu Transmission > Routing > Policy routing to load the configuration
page, and click Add.
Specify the policy routing rule name as policy1, the service type as HTTP, the source IP
as group1, the destination IP as IPGROUP_ANY which means no limit. Choose WAN1,
and keep Status of this entry as Enable. Click OK.
Figure 7-15 Configuring the Policy Routing Rule 1
Specify the policy routing rule name as policy2, the service type as ALL, the source IP
as group1, the destination IP as IPGROUP_ANY which means no limit. Choose WAN2,
and keep Status of this entry as Enable. Click OK.
User Guide
89
Configuring TransmissionConfiguration Examples
Figure 7-16 Configuring the Policy Routing Rule 2
User Guide 90
Part 6
Configuring Firewall
CHAPTERS
1. Firewall
2. Firewall Configuration
3. Configuration Examples
Configuring FirewallFirewall
1
Firewall
1.1 Overview
Firewall is used to enhance the network security. It can prevent external network threats from
spreading to the internal network, protect the internal hosts from ARP attacks, and control the
internal users’ access to the external network.
1.2 Supported Features
The Firewall module supports four functions: Anti ARP Spoofing, Attack Defense, MAC Filtering
and Access Control.
Anti ARP Spoofing
ARP (Address Resolution Protocol) is used to map IP addresses to the corresponding MAC
addresses so that packets can be delivered to their destinations. However, since ARP is
implemented with the premise that all the hosts and gateways are trusted, there are high
security risks on real, complex networks. If attackers send ARP spoofing packets with false IP
address-to-MAC address mapping entries, the device will update the ARP table based on the
false ARP packets and record wrong mapping entries, which results in a breakdown of normal
communication.
Anti ARP Spoofing can protect the network from ARP spoofing attacks. It works based on the
IP-MAC Binding entries. These entries record the correct one-to-one relationships between IP
addresses and MAC addresses. When receiving an ARP packet, the router checks whether it
matches any of the IP-MAC Binding entries. If not, the router will ignore the ARP packets. In this
way, the router maintains the correct ARP table.
In addition, the router provides the following two sub functions:
Permitting the packets matching the IP-MAC Binding entries only and discarding other
packets.
Sending GARP packets to the hosts when it detects ARP attacks. The GARP packets can
inform hosts of the correct ARP table, preventing their ARP tables from being falsified by
ARP spoofing packets.
Attack Defense
Attacks on a network device can cause device or network paralysis. With the Attack Defense
feature, the router can identify and discard various attack packets which are sent to the CPU,
and limit the packet receiving rate. In this way, the router can protect itself and the connected
network against malicious attacks.
User Guide 92
Loading...
+ hidden pages
You need points to download manuals.
1 point = 1 manual.
You can buy points or you can get point for every manual you upload.