TL-ER6120 User Guide
Page 9
... sessions. -4- z Powerful Firewall + Supporting One-Click IP-MAC Binding to avoid ARP spoofing and guarantee a network without stagnation. + Featured Attack Defense to access the headquarter network. Chapter 2 Introduction Thanks for choosing the SafeStreamTM Multi-WAN VPN Router TL-ER6120. 2.1 Overview of the Router The SafeStreamTM Multi-WAN VPN Router TL-ER6120 from TP-LINK possesses excellent data processing capability and multiple powerful functions including IPsec/PPTP/L2TP VPN, Load Balance, Access Control, Bandwidth Control, Session Limit, IM/P2P Blocking, PPPoE Server and...
... sessions. -4- z Powerful Firewall + Supporting One-Click IP-MAC Binding to avoid ARP spoofing and guarantee a network without stagnation. + Featured Attack Defense to access the headquarter network. Chapter 2 Introduction Thanks for choosing the SafeStreamTM Multi-WAN VPN Router TL-ER6120. 2.1 Overview of the Router The SafeStreamTM Multi-WAN VPN Router TL-ER6120 from TP-LINK possesses excellent data processing capability and multiple powerful functions including IPsec/PPTP/L2TP VPN, Load Balance, Access Control, Bandwidth Control, Session Limit, IM/P2P Blocking, PPPoE Server and...
TL-ER6120 User Guide
Page 10
... Balance modes, including Bandwidth Based Balance Routing, Application Optimized Routing, and Policy Routing to optimize bandwidth usage. + Featured Link Backup to switch all the new sessions from dropped line automatically to manage the Router from remote places. 2.2 Features Hardware ¾ Embedded with MIPS64 network processor with frequency of 500MHz ¾ Equipped with 128MB DDRII high-speed RAM ¾ 1 fixed gigabit WAN port (port 1), 3 adjustable gigabit WAN/LAN ports, 1 LAN/DMZ port (port 5) and 1 Console port ¾ Built-in Switch supporting Port Mirror, Port VLAN, Rate Control...
... Balance modes, including Bandwidth Based Balance Routing, Application Optimized Routing, and Policy Routing to optimize bandwidth usage. + Featured Link Backup to switch all the new sessions from dropped line automatically to manage the Router from remote places. 2.2 Features Hardware ¾ Embedded with MIPS64 network processor with frequency of 500MHz ¾ Equipped with 128MB DDRII high-speed RAM ¾ 1 fixed gigabit WAN port (port 1), 3 adjustable gigabit WAN/LAN ports, 1 LAN/DMZ port (port 5) and 1 Console port ¾ Built-in Switch supporting Port Mirror, Port VLAN, Rate Control...
TL-ER6120 User Guide
Page 11
...; Supports to change the MAC address of LAN, WAN, DMZ port ¾ Supports Logs, Statistics, Time setting ¾ Supports Remote and Web management ¾ Supports Diagnostic (Ping/Tracert) and Online Detection VPN ¾ Supports IPsec VPN and provides up to 100 IPsec VPN tunnels ¾ Supports IPSec VPN in LAN-to-LAN or Client-to-LAN ¾ Provides DES, 3DES, AES128, AES152, AES256 encryption, MD5, SHA1 authentication ¾ Supports IKE Pre-Share Key and DH1/DH2/DH5 Key Exchanges ¾ Supports PPTP/L2TP Server/Client Traffic Control ¾ Supports Bandwidth Control ¾ Supports...
...; Supports to change the MAC address of LAN, WAN, DMZ port ¾ Supports Logs, Statistics, Time setting ¾ Supports Remote and Web management ¾ Supports Diagnostic (Ping/Tracert) and Online Detection VPN ¾ Supports IPsec VPN and provides up to 100 IPsec VPN tunnels ¾ Supports IPSec VPN in LAN-to-LAN or Client-to-LAN ¾ Provides DES, 3DES, AES128, AES152, AES256 encryption, MD5, SHA1 authentication ¾ Supports IKE Pre-Share Key and DH1/DH2/DH5 Key Exchanges ¾ Supports PPTP/L2TP Server/Client Traffic Control ¾ Supports Bandwidth Control ¾ Supports...
TL-ER6120 User Guide
Page 12
... connecting the Router to a DSL/Cable modem or Ethernet by the RJ45 cable The LAN port is for connecting the Router to the local PCs or switches by the RJ45 cable DMZ 5 The DMZ port is for connecting the Router to the servers Console / The Console port is for connecting with the serial port of a computer or terminal to monitor and configure the Router z Reset button Use the button to restore the Router to -7- z LEDs LED PWR Status On Off Indication The Router is powered on , use a pin to the factory defaults...
... connecting the Router to a DSL/Cable modem or Ethernet by the RJ45 cable The LAN port is for connecting the Router to the local PCs or switches by the RJ45 cable DMZ 5 The DMZ port is for connecting the Router to the servers Console / The Console port is for connecting with the serial port of a computer or terminal to monitor and configure the Router z Reset button Use the button to restore the Router to -7- z LEDs LED PWR Status On Off Indication The Router is powered on , use a pin to the factory defaults...
TL-ER6120 User Guide
Page 25
... dial-up connection charged on . Primary DNS: Enter the IP address of 576-1492. z Time-based: Select this option to configure the secondary -20- The default MTU is provided by your ISP. Enter the Service Name provided by your ISP. If you to keep the default value if no other MTU value is 1480. z Manual: Select this option to enable PPPoE advanced settings. Account...
... dial-up connection charged on . Primary DNS: Enter the IP address of 576-1492. z Time-based: Select this option to configure the secondary -20- The default MTU is provided by your ISP. Enter the Service Name provided by your ISP. If you to keep the default value if no other MTU value is 1480. z Manual: Select this option to enable PPPoE advanced settings. Account...
TL-ER6120 User Guide
Page 53
NAT-DMZ: Enable or disable NAT-DMZ. TL-ER6120 allows mapping from LAN port to load the following page. Description: Give a description for forwarding data packets. Host IP Address: Enter the IP address of NAT application, which can be considered as NAT DMZ server. 3.3.1.2 One-to-One NAT On this table, you can view the information of Original IP if DMZ Forwarding is enabled, all the data initiated by external network falling short of the current...
NAT-DMZ: Enable or disable NAT-DMZ. TL-ER6120 allows mapping from LAN port to load the following page. Description: Give a description for forwarding data packets. Host IP Address: Enter the IP address of NAT application, which can be considered as NAT DMZ server. 3.3.1.2 One-to-One NAT On this table, you can view the information of Original IP if DMZ Forwarding is enabled, all the data initiated by external network falling short of the current...
TL-ER6120 User Guide
Page 59
... Layer Gateway) service is activated. 3.3.1.6 ALG Some special protocols such as 8690-8696. ● The Router supports up connection after the trigger port initiates connection. The Incoming Port can be set in a continuous range such as FTP, H.323, SIP, IPsec and PPTP will open for trigger port. Trigger Port: Enter the trigger port number or range of port numbers. Incoming Port: Enter the incoming port number or range of port numbers. Incoming Protocol: Select the protocol used for TCP...
... Layer Gateway) service is activated. 3.3.1.6 ALG Some special protocols such as 8690-8696. ● The Router supports up connection after the trigger port initiates connection. The Incoming Port can be set in a continuous range such as FTP, H.323, SIP, IPsec and PPTP will open for trigger port. Trigger Port: Enter the trigger port number or range of port numbers. Incoming Port: Enter the incoming port number or range of port numbers. Incoming Protocol: Select the protocol used for TCP...
TL-ER6120 User Guide
Page 62
... the enabled WAN ports. Note: ● The Upstream/Downstream Bandwidth of WAN port can configure the Bandwidth Control function. The Upstream Bandwidth of WAN port you can be considered as the effective bandwidth, and vise versa. ● Click the button to jump to load the following page. Choose the menu Advanced→Traffic Control→Bandwidth Control to IP Traffic Statistics page. 3.3.2.2 Bandwidth Control On this screen: -57- Displays the bandwidth of each WAN port...
... the enabled WAN ports. Note: ● The Upstream/Downstream Bandwidth of WAN port can configure the Bandwidth Control function. The Upstream Bandwidth of WAN port you can be considered as the effective bandwidth, and vise versa. ● Click the button to jump to load the following page. Choose the menu Advanced→Traffic Control→Bandwidth Control to IP Traffic Statistics page. 3.3.2.2 Bandwidth Control On this screen: -57- Displays the bandwidth of each WAN port...
TL-ER6120 User Guide
Page 134
....). Then click the button to log into the Router. 4.3.1 Internet Setting You can connect the Fiber Optic Modem and the dedicated line to the Router, the IP address of your PC can configure the Router via the PC connected to the LAN port of the browser, then press the Enter key. Suppose both in lower case letters. To access the configuration utility, open a web-browser and type in the default address http://192.168...
....). Then click the button to log into the Router. 4.3.1 Internet Setting You can connect the Fiber Optic Modem and the dedicated line to the Router, the IP address of your PC can configure the Router via the PC connected to the LAN port of the browser, then press the Enter key. Suppose both in lower case letters. To access the configuration utility, open a web-browser and type in the default address http://192.168...
TL-ER6120 User Guide
Page 155
... Router (the factory default value for both of TL-ER6120 offers two command modes: User EXEC Mode and Privileged EXEC Mode. No password is TP-LINK > Use the exit command to switch between User EXEC Mode and Privileged EXEC Mode. Privileged EXEC Mode: Users can do some simple operations but cannot modify the Router's configurations. Mode Accessing Path Prompt Logout or Access the next mode User EXEC Primary mode once it is needed when connecting the console port with the Router. Then the users get...
... Router (the factory default value for both of TL-ER6120 offers two command modes: User EXEC Mode and Privileged EXEC Mode. No password is TP-LINK > Use the exit command to switch between User EXEC Mode and Privileged EXEC Mode. Privileged EXEC Mode: Users can do some simple operations but cannot modify the Router's configurations. Mode Accessing Path Prompt Logout or Access the next mode User EXEC Primary mode once it is needed when connecting the console port with the Router. Then the users get...
TL-ER6120 User Guide
Page 156
...: 5.3 Online Help Figure 5-7 Interface Mode TL-ER6120 functions with CLI Online Help: 1) Type a question mark to get all commands of this mode from User EXEC mode, the original password is connected through the Console port). disable - Exit the privileged mode enable - Exit the CLI (only for telnet) history - TP-LINK > ←Type ? Use the enable command to User EXEC mode. Privileged EXEC Mode Use the enable command to disconnect the switch (except that the switch is admin. Use the exit command to TP-LINK # enter this view and their brief...
...: 5.3 Online Help Figure 5-7 Interface Mode TL-ER6120 functions with CLI Online Help: 1) Type a question mark to get all commands of this mode from User EXEC mode, the original password is connected through the Console port). disable - Exit the privileged mode enable - Exit the CLI (only for telnet) history - TP-LINK > ←Type ? Use the enable command to User EXEC mode. Privileged EXEC Mode Use the enable command to disconnect the switch (except that the switch is admin. Use the exit command to TP-LINK # enter this view and their brief...
TL-ER6120 User Guide
Page 157
... display. For example: TP-LINK > ip ←Press Space and ? TP-LINK # enable ←Press Space and ? button 5.4 Command Introduction TL-ER6120 provides a number of this character string will display if the keyword with prefix of CLI commands for a command and press the Tab button, and the entire keyword will be listed. Display or Set the IP configuration ip-mac - Display or Set the IP mac bind configuration sys - Get the ip configuration 3) Type a character...
... display. For example: TP-LINK > ip ←Press Space and ? TP-LINK # enable ←Press Space and ? button 5.4 Command Introduction TL-ER6120 provides a number of this character string will display if the keyword with prefix of CLI commands for a command and press the Tab button, and the entire keyword will be listed. Display or Set the IP configuration ip-mac - Display or Set the IP mac bind configuration sys - Get the ip configuration 3) Type a character...
TL-ER6120 User Guide
Page 159
... default setting and you can enter the actual parameters behind them. To save the configuration file < config.bin > ... Note: ● FTP service is 7104 bytes. This command will reboot system, Continue?[Y/N] TP-LINK # sys restore Restore to this FTP server, follow the configuration on FTP server. -154- TP-LINK # sys reboot Reboot the system. This command will restore system, Continue?[Y/N] TP-LINK # sys export config Server address: [192.168.1.101]192.168.1.100 Username: [admin]ftp Password: [admin]ftp File name: [config...
... default setting and you can enter the actual parameters behind them. To save the configuration file < config.bin > ... Note: ● FTP service is 7104 bytes. This command will reboot system, Continue?[Y/N] TP-LINK # sys restore Restore to this FTP server, follow the configuration on FTP server. -154- TP-LINK # sys reboot Reboot the system. This command will restore system, Continue?[Y/N] TP-LINK # sys export config Server address: [192.168.1.101]192.168.1.100 Username: [admin]ftp Password: [admin]ftp File name: [config...
TL-ER6120 User Guide
Page 164
... you have configured the proxy server for the Subnet Mask. 3) Test the connection between your PC and TL-ER6120 via Ping command. 4) If you want to configure your PC manually, please set your management port has been changed by others, especially when the Remote Web Management function is the new management port number). 3. The default management address of the Router? If you had successfully logged into the Router with DHCP enabled can restore the Router to the LAN port of the Router. Q2...
... you have configured the proxy server for the Subnet Mask. 3) Test the connection between your PC and TL-ER6120 via Ping command. 4) If you want to configure your PC manually, please set your management port has been changed by others, especially when the Remote Web Management function is the new management port number). 3. The default management address of the Router? If you had successfully logged into the Router with DHCP enabled can restore the Router to the LAN port of the Router. Q2...
TL-ER6120 User Guide
Page 167
... communication devices to a LAN. MAC address(Media Standardized data link layer address that is required for every Access Control address) port or device that connects to communicate with each Router/firewall/host must verify the identity of open standards that provides Internet access to create and update routing tables and data -162- IKE (Internet Key Exchange) IKE establishes a shared security policy and authenticates keys for addressing, type-of-service specification, fragmentation and reassembly, and security. LANs connect L LAN(...
... communication devices to a LAN. MAC address(Media Standardized data link layer address that is required for every Access Control address) port or device that connects to communicate with each Router/firewall/host must verify the identity of open standards that provides Internet access to create and update routing tables and data -162- IKE (Internet Key Exchange) IKE establishes a shared security policy and authenticates keys for addressing, type-of-service specification, fragmentation and reassembly, and security. LANs connect L LAN(...
TL-ER6120 User Guide
Page 169
... a number of networking protocols for primarily residential networks without enterprise class devices that serves users across a broad W WAN(Wide Area Network)geographic area and often uses transmission devices provided by other protocols. VPN (Virtual Private Network) Enables IP traffic to travel securely over a public TCP/IP network by encrypting all traffic from one or more LANs that are configured (using management software) so that they can communicate as VLAN( Virtual Local...
... a number of networking protocols for primarily residential networks without enterprise class devices that serves users across a broad W WAN(Wide Area Network)geographic area and often uses transmission devices provided by other protocols. VPN (Virtual Private Network) Enables IP traffic to travel securely over a public TCP/IP network by encrypting all traffic from one or more LANs that are configured (using management software) so that they can communicate as VLAN( Virtual Local...
TL-ER6120 Installation Guide
Page 6
... in LAN mode 01 Introduction Gigabit Multi-WAN VPN Router CCCCCCCCCCCIntroduction 1111 Product Overview The SafeStreamTM Gigabit Multi-WAN VPN Router TL-ER6120 from TP-LINK possesses excellent data processing capability and multiple powerful functions including IPsec/ PPTP/L2TP VPN, Load Balance, Access Control, Bandwidth Control, Session Limit, IM/ P2P Blocking, PPPoE Server and so on The Router is powered off or power supply is abnormal The Router works properly The Router works improperly There is a device linked to the corresponding port There is no device linked to -manage network...
... in LAN mode 01 Introduction Gigabit Multi-WAN VPN Router CCCCCCCCCCCIntroduction 1111 Product Overview The SafeStreamTM Gigabit Multi-WAN VPN Router TL-ER6120 from TP-LINK possesses excellent data processing capability and multiple powerful functions including IPsec/ PPTP/L2TP VPN, Load Balance, Access Control, Bandwidth Control, Session Limit, IM/ P2P Blocking, PPPoE Server and so on The Router is powered off or power supply is abnormal The Router works properly The Router works improperly There is a device linked to the corresponding port There is no device linked to -manage network...
TL-ER6120 Installation Guide
Page 16
... Cable Device Ethernet Cable FFFFFFFFFFFFLightning Arrester Connection Note: Signal lightning arrester is not provided with our product. When cabling outdoors, please install a signal lightning arrester before connecting the cable to the ground via a shorter ground cable. If an outdoor AC power cord should match the rate of the device from lightning. Gigabit Multi-WAN VPN Router 3333Use Lightning Arrester Power lightning arrester and signal lightning arrester are used for lighting...
... Cable Device Ethernet Cable FFFFFFFFFFFFLightning Arrester Connection Note: Signal lightning arrester is not provided with our product. When cabling outdoors, please install a signal lightning arrester before connecting the cable to the ground via a shorter ground cable. If an outdoor AC power cord should match the rate of the device from lightning. Gigabit Multi-WAN VPN Router 3333Use Lightning Arrester Power lightning arrester and signal lightning arrester are used for lighting...
TL-ER6120 Installation Guide
Page 20
... key. Gigabit Multi-WAN VPN Router CCCCCCCCCCCConfiguration 5555 Preparations 111 Connect a PC to a LAN port of the Router with a RJ45 cable properly. 222 Set the Internet Protocol (TCP/IP) properties of the Router, open a web browser and type the default management address http://192.168.0.1 in lower case letters. FFFFFFFFFFFFInternet Protocol (TCP/IP) Properties 5555Login 111 To access the GUI (Graphical User Interface) of the PC as the following figure shown. Then click the Login button...
... key. Gigabit Multi-WAN VPN Router CCCCCCCCCCCConfiguration 5555 Preparations 111 Connect a PC to a LAN port of the Router with a RJ45 cable properly. 222 Set the Internet Protocol (TCP/IP) properties of the Router, open a web browser and type the default management address http://192.168.0.1 in lower case letters. FFFFFFFFFFFFInternet Protocol (TCP/IP) Properties 5555Login 111 To access the GUI (Graphical User Interface) of the PC as the following figure shown. Then click the Login button...
TL-ER6120 Installation Guide
Page 23
Run the command "user get Username: admin Password: admin TP-LINK > For the method of CLI. Please check as 255.255.255.0. Gigabit Multi-WAN VPN Router AAAAAAAAAAAATroubleshooting QQQQ What could not access the web-based configuration page? QQQQ Why does the PWR LED work abnormally? You are both admin. After a while, turn on the power again. 444 Make sure the IP address of your current settings will be cleared after the Router is blocked, please lower the security level...
Run the command "user get Username: admin Password: admin TP-LINK > For the method of CLI. Please check as 255.255.255.0. Gigabit Multi-WAN VPN Router AAAAAAAAAAAATroubleshooting QQQQ What could not access the web-based configuration page? QQQQ Why does the PWR LED work abnormally? You are both admin. After a while, turn on the power again. 444 Make sure the IP address of your current settings will be cleared after the Router is blocked, please lower the security level...
