Benutzeranleitung / Produktwartung TL-ER5120 SafeStream des Produzenten TP-Link
Zur Seite of 146
TL-ER5120 Gigabit Load Balance Broadband Router Rev: 1.0.0 1910010517.
-I- COPYRIGHT & TRADEMARKS Specifications are subjec t to change without notice. is a registered trademark of TP-LINK TECHNOLOGIES CO., L TD. Other brands and product names are trademarks of their respective holders.
-II- CONTENTS Package Contents .................................................................................................................. 1 Chapter 1 About this Guide ............................................................................
-III- 3.3.3 Session Limit ...........................................................................................................59 3.3.4 Load Balance ................................................................................................
-IV- 5.1 Configuration ......................................................................................................................124 5.2 Interface Mode .......................................................................................
-1- Package Content s The following items should be found in your box: ¾ One TL-ER5120 Router ¾ One power cord ¾ One console cable ¾ Two mounting brackets and other fittings ¾ I nstallation Guide.
-2- Chapter 1 About this Guide This User Guide contains information for se tup and management of TL-E R5120 Router . Please read this guide carefully before operation. 1.1 Intended Readers This Guide is intended for Network Engineer and Network Administrator.
-3- Appendix A Hardwar e S pecifications Lists the hardware specific ations of this Router . Appendix B F AQ Provides the possible solutions to the problems that may occur during the installation and operation of the router . Appendix C Glossary Lists the glossary used in this guide.
-4- Chapter 2 Introduction Thanks for choosing the Gigabit Load Balance Broadband Router TL-ER5120. 2.1 Overview of the Router The Gigabit Load Balance Broadband Router TL-ER512 0 from TP-LINK possess.
-5- + Featured Link Backup to switch all the new sessions from dropped line automatically to another for keeping an always on-line network. z Easy-to-use + Providing easy-to-use GUI with clear configur ation steps and detailed help information for the users to configure the Router simply .
-6- ¾ Supports Bandwidth Control ¾ Supports Session Limit Security ¾ Built-in firewall supporting URL/MAC Filtering ¾ Supports Access Control ¾ Supports Attack Defense ¾ Supports IP-MAC Binding ¾ Supports GARP (Gratuitous ARP) ¾ Deploys One-Click restricting of IM/P2P applications 2.
-7- linked device is running at 10Mbps On The port is working in WAN mode WAN Off The port is working in LAN mode On The port is working in DMZ mode DMZ Off The port is working in LAN mode z Interface.
-8- Note: Please use only the power cord provided with this Router ..
-9- Chapter 3 Configuration 3.1 Network 3.1.1 S t atus The S tatus page shows the system information, the port connection st atus and other information related to this Router .
-10- Figure 3-1 S t atus 3.1.2 System Mode The TL-ER5120 Router can work in three modes: NA T , Non-NA T and Classic. If your Router is hosting your loca l network’s connection to the Internet with a network topology as the Figure 3-2 shown, you can set it to NA T mode.
-1 1- Figure 3-2 Network T opology - NA T Mode If your Router is connecting the two networks of di fferent areas in a large network environment with a network topology as the Figure 3-3 shown, and forwards the packets between these two networks by the Routing rules, you can set it to Non-NA T mode.
-12- Figure 3-4 Network T opology – Classic Mode Choose the menu Network → System Mode to load the following page. Figure 3-5 System Mode Y ou can select a System Mode for your R outer according to your network need.
-13- source IP address can be transported by NA T , wher eas the packet with 2 0.31.76.80 as its source IP address will be dropped. z Non-NA T Mode In this mode, the Router functi ons as the traditional Gateway and fo rwards the packets via routing protocol.
-14- port sketch. Note: 1) By default, TL-ER5120 is set to work in the mode of dual W AN ports. 2) Any change to the number of W AN port s may lead to a loss of current configurations. Ple ase be sure to backup your configurations in advance. 3) The DMZ port will not be available if four W AN ports are enabled.
-15- Figure 3-7 W AN – S tatic IP The following items are displayed on this screen: ¾ St atic IP Connection T ype: Select S tatic IP if your ISP has assigned a static IP address for your computer . IP Address: Enter the IP address assigned by your ISP .
-16- Secondary DNS: Optional. If a Secondary DNS Server address is available, enter it. Up stream Bandwidth: S pecify the bandwidth for transmitting p ackets o n the port. Downstream Bandwidth: S pecify the b andwidth for receiving p ackets on the port.
-17- Connection T ype: Select Dynamic IP if your ISP assigns the IP address automatically . Click <Obtain> to get the IP address from your ISP’s serv er . Cli ck <Release> to release the current IP address of W AN port. Host Name: Optional.
-18- your ISP . z “Disabled” indicates that the Dynamic IP connection type is not applied. z “Connecting” indicates that the Router is obtaining the IP parameters from your ISP . z “Connected” indicates that the Router has successfully obtained the IP parameters from your ISP .
-19- Figure 3-9 W AN - PPPoE The following items are displayed on this screen: ¾ PPPoE Settings Connection T ype: Select PPPoE if your ISP provides xDSL Virtual Dial-up connection. Click <Connect> to dial-up to the Internet and obtain the IP a ddress.
-20- Account Name: Enter the Account Name provided by your ISP . If you are not clear , please consult your ISP . Password: Enter the Password provided by your IS P .
-21- connection. Dynamic IP and S tatic IP connection types are provided. Connection T ype: Select the secondary connection type. Options include Disable, Dynamic IP and S tatic IP . IP Address: If S tatic IP is selected, configure the IP address of W AN port.
-22- this problem remains. IP Address: Displays the IP address a ssigned by your ISP . Gateway Address: Displays the Gateway Address assigned by your ISP . Primary DNS: Displays the IP address of your ISP’ s Primary DNS. Secondary DNS: Displays the IP address of your ISP’ s Secondary DNS.
-23- Figure 3-10 W AN - L2TP The following items are displayed on this screen: ¾ L2TP Settings Connection T ype: Select L2TP if your ISP provides a L2TP connection. Click <Connect> to dial-up to the Internet and obtain the IP address. Click <Disco nnect> to disconnect the Internet connection and release the current IP address.
-24- not clear , please consult your ISP . Password: Enter the Password provided by your IS P . Server IP: Enter the Server IP provided by your ISP . MTU: MTU (Maximum T ransmission Unit) is the maximum data unit transmitted by the physical network. It can be set in the range of 576-1460.
-25- Primary DNS/Secondary DNS: If S tatic IP is selected, c onfigure the DNS. If Dynamic IP is selected, the obtained DNS is displayed. Up stream Bandwidth: S pecify the bandwidth for transmitting packet s on the port. Downstream Bandwidth: S pecify the b andwidth for receiving p ackets on the port.
-26- Figure 3-1 1 W AN - PPTP The following items are displayed on this screen: ¾ PPTP Settings Connection T ype: Select PPTP if your ISP provides a PPTP connection. Click <Connect> to dial-up to the Internet and obtain the IP address. Click <Disco nnect> to disconnect the Internet connection and release the current IP address.
-27- Account Name: Enter the Account Name provided by your ISP . If you are not clear , please consult your ISP . Password: Enter the Password provided by your IS P . Server IP: Enter the Server IP provided by your ISP . MTU: MTU (Maximum T ransmission Unit) is the maximum data unit transmitted by the physical network.
-28- displayed. Primary DNS/Secondary DNS: If S tatic IP is selected, c onfigure the DNS. If Dynamic IP is selected, the obtained DNS is displayed. Up stream Bandwidth: S pecify the bandwidth for transmitting packet s on the port. Downstream Bandwidth: S pecify the b andwidth for receiving p ackets on the port.
-29- The following items are displayed on this screen: ¾ BigPond Settings Connection T ype: Select BigPond if your ISP provides a Big Pond connection. Click <Connect> to dial-up to the Internet and obtain the IP address. Click <Disconnect> to disconnect the Internet connection and release the current IP address.
-30- Auth Domain: Enter the domain name of authentication server . It's only required when the address of Auth Server is a server name. Auth Mode: Y ou can select the proper Active mode according to your need.
-31- IP Address: Displays the IP address a ssigned by your ISP . Subnet Mask: Displays the Subnet Mask assigned by your ISP . Default Gateway: Displays the IP address of the default g ateway assigned by your ISP .
-32- 3.1.4.2 DHCP The Router with its DHCP (Dynamic Host Configuration Protocol) server enabled can automatically assign an IP address to the computers in the LAN.
-33- Default Gateway: Optional. Enter the Gateway address to be assigned. It is recommended to enter the IP address of the LAN port of the Router . Default Domain: Optional. Enter the domain name of your network. Primary DNS: Optional. Enter the Primary DNS server address provided by your ISP .
-34- Figure 3-15 DHCP Reservation The following items are displayed on this screen: ¾ DHCP Reservation MAC Address: Enter the MAC address of the computer for which you want to reserve the IP address. IP Address: Enter the reserved IP address. Description: Optional.
-35- 3.1.5 DMZ DMZ (Demilitarized Zone) is a netwo rk which has fewer default firewa ll restrictions than th e LAN does. TL-ER5120 provides a DMZ port to allow all the loca l hosts connected to this port to be exposed to the Internet for some special-purpose services, such as such as Inter net gaming and video-conferencing.
-36- Choose the menu Network → DMZ → DMZ to load the following page. Figure 3-18 DMZ The following items are displayed on this screen: ¾ DMZ Statu s: Activate or inactivate this entry . The DMZ port functions as a normal LAN port when it’s disabled.
-37- Set the MAC Address for LAN port: In a complex network topology with all the AR P bound devices, if you want to change to use TL-ER5120 instead of the current router in a net work node, you can j.
-38- to apply . Note: T o avoid a conflict of MAC address on the LAN, it’s not allowed to set the MAC address of the Router ’s LAN port to the MAC address of the current management PC.
-39- Unicast: Displays the number of normal unicast packet s received or transmitted on the port. Broadcast: Displays the number of normal broadcast packe ts received or transmitted on the port. Pause: Displays the number of flow control frames received or transmitted on the port.
-40- Figure 3-21 Port Mirror The following items are displayed on this screen: ¾ General Enable Port Mirror: Check the box to enable t he Port Mirror function.
-41- The entry in Figure 3-21 indicates: The outgoing packets sent by port 1, port 2, port 3 and port 5 (mirrored ports) will be copied to port 4 (mirroring port). Tips: If both the mirrored port and the mirroring port are the LAN ports, these two L AN ports should be in the same Port VLAN.
-42- Figure 3-22 Rate Control The following items are displayed on this screen: ¾ Rate Control Port: Displays the port number . Ingress Limit: S pecify whether to enable t he Ingress Limit feature. Ingress Mode: Select the Ingress Mode for each port.
-43- Figure 3-23 Port Config The following items are displayed on this screen: ¾ Port Config Statu s: S pecify whether to enable the port. The packet s can be transported via this port after being enabled. Flow Control: Allows you to enable/disable the Flow Control function.
-44- 3.1.7.6 Port VLAN A VLAN (Virtual Local Area Network) is a network topology configured accord ing to a logical scheme rather than the physical layout, which allows you to divide the physical LAN into multiple logical LANs so as to control the communication among the ports .
-45- 3.2.1 Group On this page you can define the group for management. Choose the menu User Group → Group to load the following page. Figure 3-26 Group Configuration The following items are displayed on this screen: ¾ Group Config Group Name: S pecify a unique name for the group.
-46- ¾ User Config User Name: S pecify a unique name for the user . IP Address: Enter the IP Address of the user . It cannot be the network address or broadcast address of the port. Description: Give a description to the user fo r identification. It's o ptional.
-47- Group Structure: Click this button to view the tree struct ure of this group. All the members of this group will be displayed, includi ng Users and sub-Groups. The Group Names are displayed in bold. A vailable Member: Displays the Users and the Groups which can be added into this group.
-48- NA T -DMZ: Enable or disable NA T -DMZ. NA T DM Z is a special service of NA T application, which can be considered as a default forwardin g rule. When NA T DMZ ( Pseudo DMZ) is enabled, all the data initiated by external network falling short of the current connections or forwarding rules will be forwarded to the preset NA T DMZ host.
-49- The first entry in Figure 3-29 indicates: The IP address of host1 in local network is 1.1.1.1 and the W AN IP address after NA T mapping is specified to be 2.2.2.2. The data packet s are transmitted from W AN1 port. DMZ Forwarding and this entry are both activated.
-50- The first entry in Figure 3-30 indicates that: This is a Multi-Ne ts NA T entry named tplink1. The subnet under the LAN port of the Router is 192.168.2.0/24 and this ent ry is activated. After the co rresponding S tatic Route entry is set, the hos ts within this subnet can access the Internet through the Router via NA T .
-51- Configuration procedure 1. Establish the Multi-Nets NA T entries with Subnet/Mask of VLAN2 and VLAN3. The configured entries are as follows: 2. Then set the corresponding S tatic Route entry , en ter the IP address of t he interface connecting the Router and the three layer swit ch into the Next Hop field.
-52- 3.3.1.4 V irtual Server Virtual server can be used for setting up public servic es in your private netw ork, such as DNS, Email and FTP . Virtual server can define a service port. All the service requests to this port will be transmitted to the LAN server appointed by the Router via IP address.
-53- Statu s: Activate or inactivate the entry . Note: ● The External port and Internal Port should be set in the range of 1-65535. ● The external ports of different entries should be different, whereas the internal ports can be the same.
-54- ¾ Port T riggering Name: Enter a name for Port Triggering entri es. Up to 28 characters can be entered. T rigger Port: Enter the trigger port number or range of port numbers.
-55- Choose the menu Advanced → NA T → ALG to load the following p age. Figure 3-33 ALG The following items are displayed on this screen: ¾ ALG FTP ALG: Enable or disable FTP ALG . The default setting is enabled. It is recommended to keep the def ault setting if no special requirement.
-56- Figure 3-34 Configuration The following items are displayed on this screen: ¾ General Disable Bandwidth Control: Select this option to disable Bandwidth Control. Enable Bandwidth Control all the time: Select this option to enable Bandwidth Control all the time.
-57- Interface: Displays the current enabled W AN port(s). The T otal bandwid th is equal to the sum of bandwidth of the enabled W AN port s. Up stream Bandwidth: Displays the bandwidth of each W A N port for transmitting dat a. The Upstream Bandwid th of W AN port can be configured on W AN page.
-58- ¾ Bandwidth Control Rule Direction: Select the data stream dir ection for the entry . The direction of arr owhead indicates the data stream direction The DMZ port displays in the drop-down list only when the DMZ port is enabled. WAN-ALL means all W AN ports through which the data fl ow might pass.
-59- Note: ● The premise for single r ule taking ef fect is that the bandwidth of the interface for this rule is sufficient and not used up. ● It is impossible to satisfy all the guaranteed bandw .
-60- Enable Session Limit: Check here to enable Session Limit, otherwise all the Session Limit entries will be disabled. ¾ Session Limit Group: Select a group to define the controlled user . Max. Sessions: Enter the max. Sessions for the users. Description: Give a description for the entry .
-61- Figure 3-38 Configuration With the box before Enable Application Optimized Routing checked, the Router will consider the source IP address and destination IP address of the packet s as a whole and record the W AN port they pass through.
-62- The following items are displayed on this screen: ¾ General Protocol: Select the protocol for the entry in the drop-down list. If the protocol you want to set is not in the lis t, you can add it to the list on 3.3.4.4 Protocol page. Source IP: Enter the source IP range for the entry .
-63- On this page, you can configur e the Link Backup function based on actual need to reduce the traffic burden of W AN port and improve the network efficie ncy . Choose the menu Advanced → Load Balance → Li nk Backup to load the following p age.
-64- Timing: Link Backup will be enabled if the specified effective time is reached. All the traffic on the primary W AN will switch to the backup W AN at the beginning of the effective time; the tr affic on the backup W AN will switch to the primary W AN at the ending of the ef fective time.
-65- Figure 3-41 Protocol The following items are displayed on this screen: ¾ Protocol Name: Enter a name to indicate a protocol. The name will display in the drop-down list of Protocol on Access Rule page. Number: Enter the Number of the prot ocol in the range of 0-255.
-66- Choose the menu Advanced → Routi ng → S t atic Route to load the following page. Figure 3-42 Static Route The following items are displayed on this screen: ¾ St atic Route Destination: Enter the destination hos t the route leads to. Subnet Mask: Enter the Subnet Mask of the destination network.
-67- The first entry in Figure 3-42 indicates: If there are packets being sent to a device with IP address of 172.31.70.28 and subnet mask of 255.255. 255.
-68- The distance of RIP refers to the hop count s that a data p acket p asses through before reaching its destination, the value range of wh ich is 1–15. It means the destination cannot be reac hed if the value is more than 15. Optimal path indicates the p ath wi th the fewest hop counts.
-69- Authentication: network situation, and the password s hould not be more than 15 characters. All Interfaces: Here you can operate all the interfaces in bulk. All the interfaces will not apply RIP if “Enable” option for All Interfaces is selected.
-70- Flags: The Flags of route entry . The Flags describe certain characteristics of the route. Logical Interface: The logical interface of route entry . Physical Interface: The physical interface of route entry . Metric The Metric of route entry . 3.
-71- Figure 3-45 IP-MAC Binding The following items are displayed on this screen: ¾ General It is recommended to check all the options. Y ou s hould import the IP and MAC address of the host to List of IP-MAC Binding and enable the correspo nding entry before e nabling “Permit the packet s matching the IP-MAC Binding entries only”.
-72- ¾ List of Rules Y ou can view the informati on of the entries and edit t hem by the Action buttons. The first entry in Figure 3-45 indicates: The IP address of 192.168.1.101 and MAC address of 00-19-66-83-53-CF have been bound and this entry is activated.
-73- Indicates that the IP and MAC address of this entr y is already bound. T o bind the entries in the list, check these entri es and click the <Import> button, then the settings will take ef fect if the entries do not c onflict with the existed entries.
-74- Figure 3-48 Attack Defense The following items are displayed on this screen: ¾ General Flood Defense: Flood attack is a kind of commonly used DoS (Denial of Service), which including TCP SYN, UDP , ICMP and so on. It is recommended to check all the Fl ood Defense options and specify the corresponding thresholds.
-75- not sure. Packet Anomaly Defense: Packet Anomaly refers to the abnormal p ackets. It is recommended to select all the Packet Anomaly Defense options. Enable Att ack Defense Logs: With this box checked, the Rout er will record the defense logs. 3.
-76- Description: Give a description for the entry . ¾ List of Rules Y ou can view the informati on of the entries and edit t hem by the Action buttons. 3.4.4 Access Control 3.4.4.1 URL Filtering URL (Uniform Resource Locator) specifies wher e an identified resource is available and the mechanism for retrieving it.
-77- ¾ URL Filtering Rule Object: Select the range in which the URL Filtering t akes ef fect: z ANY : URL Fi ltering will take ef fect to all the users. z Group: URL Filtering will t ake effect to all the users in group. Mode: Select the mode for URL Filtering.
-78- 3.4.4.2 Web Filtering On this page, you can filter the desired web components. Choose the menu Firewall → Access Control → Web Filtering to load the following p age. Figure 3-51 Web Filtering Check the box before Enable Web Filt ering and select the web components to be filtered.
-79- Figure 3-52 Access Rule The following items are displayed on this screen: ¾ Access Rules Policy: Select a policy for the entry: y Block: When this option is selected, the packe ts obeyed the rule will not be allowed to pass through the Router .
-80- DMZ refers to all the W AN, LAN or DMZ interface s. Source: Select the Source IP Range for the entries, including the following three ways: y IP/MASK: Enter an IP address or subnet mask. ( "0.0.0.0/32" means any IP). y Group: Select a predefined group of users.
-81- ¾ List of Rules Y ou can view the information of the entries and edit them by the Action butt ons. The smaller the valu e is, the higher the priority is. The first entry in Figure 3-52 indicates: The TELNET p acket s transmitted from the hosts within the network of 192.
-82- The following items are displayed on this screen: ¾ Service Name: Enter a name for the service. T he name should not be more than 28 characters. The name will display in the drop-down list of Protocol on Access Rule page. Protocol: Select the protocol for the servic e.
-83- Figure 3-54 Application Rules The following items are displayed on this screen: ¾ General Check the box before Enable Application Control to make the Applicat ion Control function take ef fect. The specified applic ation used by the specified loca l users will be not allowed to access the Internet if the App lication Control entry is enabled.
-84- Effective Time: S pecify the t ime for the entry to take e ffect . Description: Give a description for the entry . Statu s: Activate or inactivate the entry . ¾ List of Rules Y ou can view the informati on of the entries and edit t hem by the Action buttons.
-85- 3.5.1.1 General On this page, you can conf igure PPPoE function globally . Choose the menu Services → PPPoE Server → General to load the following page. Figure 3-56 General The following items are displayed on this screen: ¾ General PPPoE Server: S pecify whether to enable t he PPPoE Server function.
-86- Idle Timeou t: Enter the maximum idle time. The session will be terminated af ter it has been inactive for this specified period. It can be 0-10080 minutes. If you want your Internet connection to remain on at all times, enter 0 in the Idle T imeout field.
-87- Figure 3-57 IP Address Pool The following items are displayed on this screen: ¾ IP Address Pool Pool Name: S pecify a unique name to the IP A ddress Pool for identification and management purposes. IP Address Range: S pecify the start and the end IP address for IP Pool.
-88- Figure 3-58 Account The following items are displayed on this screen: ¾ Account Account Name: Enter the account name. This name should not be the same with the one in L2TP/PPTP connection settings. Password: Enter the password. IP Address Assigned Mode: Select the IP Address Assigned Mode for IP assignment.
-89- Statu s: Activate or inactivate the entry . MAC Binding: Select a MAC Binding type from t he pull-down list. Options include: z Disable: Select this option to disable the MAC Binding function. z Manual: Select this option to bind the account to a MAC address manually.
-90- IP Address Range: S pecify the st art and the end IP address to make an exceptional IP address range. This range should be in the sa me IP range with LAN port or DMZ port of the Router . The start IP addr ess should not exceed the end address and the IP address ranges must not overlap.
-91- Figure 3-61 E-Bulletin The following items are displayed on this screen: ¾ General Enable E-Bulletin: S pecify whether to enable el ectronic bulletin function . Interval: S pecify the interval to release the bulletin. Enable Logs: S pecify whether to log the E-Bulletin.
-92- Content: Enter the content of the bulletin. Object: Select the object of this bulletin. Options include: z ANY: The bulletin will be released to all the users and the PCs on the LAN. z Group: The bulletin will be released to the users in the selected group.
-93- DNS database. Therefore, the users can use the same domain name to ac cess the DDNS client even if the IP address of the DDNS cli ent has changed. DDNS is usually us ed for the Internet users to access the private website and FTP server , both of which are established based on W eb server .
-94- DDNS St atus: Displays the current statu s of DDNS service z Offline: DDNS service is disabled. z Connecting: client is connecting to the server . z Online: DDNS works normally . z Authorization fails: The Account Name or Password is incorrect. Please check and enter it again.
-95- DDNS St atus: Displays the current statu s of DDNS service z Offline: DDNS service is disabled. z Connecting: client is connecting to the server . z Online: DDNS works normally . z Authorization fails: The Account Name or Password is incorrect. Please check and enter it again.
-96- DDNS St atus: Displays the current status of DDNS service z Offline: DDNS service is disabled. z Connecting: client is connecting to the server . z Online: DDNS works normally . z Authorization fails: The Account Name or Passwo rd is incorrect. Please check and enter it again.
-97- Domain Name 1: Enter the Domain Name that you registered with your DDNS service provider . Domain Name 2: Optional. Enter the Domain Name that you registered with your DDNS service provider . Domain Name 3: Optional. Enter the Domain Name that you registered with your DDNS service provider .
-98- Figure 3-66 UPnP The following items are displayed on this screen: ¾ General UPnP Funct ion: Enable or disable the UPnP function globally . ¾ List of UPnP Mappin g After UPnP is enabled, all UPnP connection rules will be displayed in the list of UPnP Mapping.
-99- Figure 3-67 Password The following items are displayed on this screen: ¾ Administrator Current User Name: Enter the current user name of the Router . Current Password: Enter the current password of the Router . New User Name: Enter a new user name for the Router .
-100- ¾ General Web Management Port: Enter the Web Management Port for the Router . T elnet Management Port: Enter the T elnet Management Port for the Router . Web Idle T imeout: Enter a timeout period that the Router will log you out of the Web-based Utility af ter a specified period ( Web Idle Timeout ) of inactiv ity .
-101- 3.6.1.3 Remote Management On this page you can configure the Remote Managem ent function. This featur e allows managing your Router from a remote location via the Internet. Choose the menu Maintenance → Setup → Remote Management to load the following page.
-102- 3.6.2.2 Export and Import Choose the menu Maintenance → Management → Export and Import to load the following page. Figure 3-71 Export and Import The following items are displayed on this screen: ¾ Configuration V ersion Displays the current Configur ation version of the Router .
-103- Figure 3-72 Reboot Click the <Reboot> button to reboot the Router . The configuration will not be lost after rebooting. The Internet connection will be temporarily interrupted while rebooting. Note: T o avoid damage, please don't turn off the device while rebooting.
-104- Figure 3-74 Interface T raf fic S tatistics The following items are displayed on this screen: ¾ Interface T r affic S t atistics Interface: Displays the interface. Rate Rx : Displays the rate for receiving data frames. Rate Tx: Displays the rate for transmitting data frames.
-105- Figure 3-75 IP T raf fic S tatistics The following items are displayed on this screen: ¾ General Enable IP T raffic St atistics: Allows you to enable or disable IP T raf fic S tatistics. Enable Auto-refresh: Allows you to enable/disable refreshing the IP T raf fic S tatistics automatically .
-106- Figure 3-76 Diagnostics The following items are displayed on this screen: ¾ Ping Destination IP/Domain: Enter destination IP address or Domain name here. Then select a port for testing, if you select “A uto”, the Router will select the interface of destination automatically .
-107- ¾ T racer t Destination IP/Domain: Enter destination IP address or Domain name here. Then select a port for testing, if Auto is selected, the Router will select the interface of destination automatically .
-108- DNS Lookup: Enter the IP address of D NS server in Manual mode. 0.0.0.0 means DNS Lookup is disabled. ¾ List of W AN status Port: Displays the detected W AN port. Detection: Displays whether the Online Detection is enabled. W AN St atus: Display the detecting results.
-109- Get GMT : When this option is selected, you can configure the time zone and the IP Address for the NTP Server . T he Router will get GMT automatically if it has connected to a NTP Server . z T ime Zone: Select your local time. z Primary/Secondary NTP Server: Enter the IP Address for the NTP Server .
-1 10- Send System Logs: Select Send System Logs and specif y the server IP , then the new added logs will be sent to the specified server . The Logs of switch are classified into the following eight levels. Severity Level Description emergencies 0 The system is unusable.
- 111 - Chapter 4 Application 4.1 Network Requirement s The company has established the server farms in the headquarters to provide the Web, Mail and FTP services for all the staf f. The dedicated line access service w as used by this company , which cost s greatly in network maintain and cable layout.
-1 12- enables you to set the connection of WAN1 as the main line and the connection of W AN2 as the backup line, which allows the Router to switch to the connecti on of W AN2 once the connection of W AN1 is broken down. The detailed configurations are as follows.
-1 13- Figure 4-3 W AN – S tatic IP 4.2.1.4 Link Backup Set the connection of W AN1 as t he primary link, th e connection of W AN 2 as the secondary link.
-1 14- 4.2.2 Network Management T o manage the enterprise network effectively and forbid the Hosts within the IP range of 192.168.0.30-192.168.0.50 to use IM/P2P application, you can set up a User Group an d specify the network bandwidth limit and session limit for this group.
-1 15- Figure 4-6 User Config - Batch z View Choose the menu User Group → Vie w to load the configuration page. Add all the Users you just created into the Group 1 and click the <Save> button to apply . 4.2.2.2 App Control Choose the menu Firewall → App Control → Control Rules to load the configuration page.
-1 16- Figure 4-7 App Rules 4.2.2.3 Bandwid th Control T o enable Bandwidth Control, you s hould configure the total bandwid th of interfaces and the detailed bandwidth control rule first. 1) Enable Bandwid th Control Choose the menu Advanced → T raffic Control → Setup to load the configuration page.
-1 17- 2) Interface Bandwidth Choose the menu Network → WA N → WA N 1 to load the configurat ion page. Configure the Up stream Bandwidth and Do wnstream Ban dwid th of the interface as Figur e 4-9 shows. The entered bandwidth value should be c onsistent with the ac tual bandwidth value.
-1 18- Max. Sessions: 250 S tatus: Activate Click the <Add> button to apply . Figure 4-1 1 Session Limit 4.2.3 Network Security Y ou can enable the IP-MAC Binding f unction to defend the ARP attack fr om local or public network and enable Sending GARP packet s function to defend ARP attack.
-1 19- Figure 4-13 Scanning Result Choose the menu Firewall → Anti ARP S poofing → IP-MAC Binding to load the configuration p age. Select the ARP entries needed to be bound or c lick the <Select All> button, and then click the <Import>button.
-120- Figure 4-15 IP-MAC Binding 4.2.3.2 W AN ARP Defense T o prevent the WAN ARP attack, you can bind the default gateway and IP address of W AN port. Obtain the MAC address of W AN port by ARP Scanning first. Choose the menu Firewall → Anti ARP Spoofin g → ARP Scanning to lo ad the configuration page.
-121- Figure 4-16 Att ack Defense 4.2.3.4 T raffic Monitoring 1) Port Mirror Choose the menu Network → Sw itch → Port Mirror to load the configuration page. Check the bo x before Enable Port Mirror and select the Ingress&Egress mode. Select the Port 5 for the Mirroring Port and the Port 3 and the Port 4 for the Mirrored ports.
-122- Figure 4-17 Port Mirror 2) St atistics Choose the menu Maintenance → St atistics to load the page. Load the Interface T raffic S t atistics p age to view the traffic st atistics of each physical interface of the Router as Figure 4-18 shows.
-123- Figure 4-19 IP T raf fic S tatistics After all the above step s, the enterpris e network will be operated based on planning..
-124- Chapter 5 CLI TL-ER5120 provides a Console po rt for CLI (Comm and Line Interface) confi guration, which enables you to configure the Router by accessing the CLI from c onsole (such as Hyper T ermi nal) or T elnet. The following part will introduce the step s to a ccess CLI via Hyper T erminal and some common CLI commands.
-125- Figure 5-2 Connection Description 4. Select the port (The default port is COM1) to connect in Figure 5-3 , and click OK . Figure 5-3 Select the port to connect 5.
-126- Figure 5-4 Port Settings 6. Choose File → Properties → Settings on the Hyper T erminal window as Figure 5-5 shows, then choose VT100 or Auto detect for Emulation and click OK .
-127- 7. The DOS prompting “TP-LINK>” will appea r after pressing the Enter button in the Hyper T erminal window as Figure 5-6 shows. Figure 5-6 Log in the Router 5.2 Interface Mode The CLI of TL-ER5120 offers two command mode s: User EXEC Mode and Privileged EXEC Mode.
-128- port). Use the enable command to access Privileged EXEC mode. Privileged EXEC Mode Use the enable command to enter this mode from User EXEC mode, the original password is admin . TP-LINK # Use the exit command to disconnect the switch (except that the switch is connected through the Console port).
-129- ip - Display or Set the IP configuration ip-mac - Display or Set the IP mac bind configuration sys - System manager user - User configuration 2) T y pe a command and a question mark sep arated by space. If there are keywords in this command, all the keywords and their brief descrip tions will display .
-130- 5.4.1 ip The ip command is used to view or configure the IP address and subnet mask of the interfaces. View command can be used in both User EXEC Mode and Privileged EXEC Mode while configuration function can be only used in Privileged EXEC Mode.
-131- TP-LINK # sys reboot This command will r eboot system, Continue?[Y/N] Reboot the system. Y me ans YES, N means NO. TP-LINK # sys restore This command will restore system, Continue?[Y/N] Restore to factory default. Y means YES, N means NO. TP-LINK # sys export config Server address: [192.
-132- TP-LINK # sys import config Server address: [192.168.1.101] Username: [admin] Password: [admin] File name: [config.bin] Import the configuration file. The steps are as the above item shown. Try to get the configuration file < config.bin > .
-133- TP-LINK > user set password Enter old password: Enter new password: Confirm new password: Modify the password of the Guest. TP-LINK # user get Username: admin Password: admin Query the user name and password of the Administrator .
-134- TP-LINK > history 1. history 2. sys show 3. history View the history command. TP-LINK > history clear 1. history 2. sys show 3. history 4. history clear Clear the history command. 5.4.6 exit The exit command is used to exit the system only when logging in by T elnet.
-135- Appendix A Hardware S pecifications St andards IEEE 802.3 、 IEEE 802.3u 、 IEEE 802.3x 、 TCP/ IP 、 DHCP 、 ICMP 、 NA T 、 PPPoE 、 SNTP 、 HTTP 、 DNS One 10/100/1000M Auto- Negoti.
-136- Appendix B F AQ Q1. What can I do if I cannot access the web-based configuration page? 1. For the first login, pl ease try the following steps: 1) Make sure the cable is well connected to t he LAN port of the Router . The corresponding LED should flash or be solid light.
-137- Q3: What can I do if the Router with the re mote management function enabled cannot be accessed by the remote computer? 1. Make sure that the IP address of the remote com puter is in the subnet allowed to remotely access the router .
-138- Appendix C Glossary Glossary Description DSL (Digital Subscriber Line) A technology that allows data to be sent or received over existing traditional phone lines.
-139- Glossary Description H.323 H.323 allows dissimilar communica tion devices to communicate with each other by using a standardized communication protocol. H.323 defines a comm on set of CODECs, call setup and negotiating procedures, and basic data transport methods.
-140- Glossary Description structures. MAC addresses are 6 bytes long and are controlled by the IEEE. MTU ( Maximum T ransmission Unit ) The size in bytes of the larges t packet that can be transmitted. NA T ( Network Address T ranslator ) Mechanism for reducing the need for globally unique IP addresses.
-141- Glossary Description Protocol ) processing and retransmission be handled by other protocols. UPnP ( Universal Plug and Play ) UPnP is a set of networking prot ocols for primarily residential networks without enterprise cl ass devices that permits networked devices.
Ein wichtiger Punkt beim Kauf des Geräts TP-Link TL-ER5120 SafeStream (oder sogar vor seinem Kauf) ist das durchlesen seiner Bedienungsanleitung. Dies sollten wir wegen ein paar einfacher Gründe machen:
Wenn Sie TP-Link TL-ER5120 SafeStream noch nicht gekauft haben, ist jetzt ein guter Moment, um sich mit den grundliegenden Daten des Produkts bekannt zu machen. Schauen Sie zuerst die ersten Seiten der Anleitung durch, die Sie oben finden. Dort finden Sie die wichtigsten technischen Daten für TP-Link TL-ER5120 SafeStream - auf diese Weise prüfen Sie, ob das Gerät Ihren Wünschen entspricht. Wenn Sie tiefer in die Benutzeranleitung von TP-Link TL-ER5120 SafeStream reinschauen, lernen Sie alle zugänglichen Produktfunktionen kennen, sowie erhalten Informationen über die Nutzung. Die Informationen, die Sie über TP-Link TL-ER5120 SafeStream erhalten, werden Ihnen bestimmt bei der Kaufentscheidung helfen.
Wenn Sie aber schon TP-Link TL-ER5120 SafeStream besitzen, und noch keine Gelegenheit dazu hatten, die Bedienungsanleitung zu lesen, sollten Sie es aufgrund der oben beschriebenen Gründe machen. Sie erfahren dann, ob Sie die zugänglichen Funktionen richtig genutzt haben, aber auch, ob Sie keine Fehler begangen haben, die den Nutzungszeitraum von TP-Link TL-ER5120 SafeStream verkürzen könnten.
Jedoch ist die eine der wichtigsten Rollen, die eine Bedienungsanleitung für den Nutzer spielt, die Hilfe bei der Lösung von Problemen mit TP-Link TL-ER5120 SafeStream. Sie finden dort fast immer Troubleshooting, also die am häufigsten auftauchenden Störungen und Mängel bei TP-Link TL-ER5120 SafeStream gemeinsam mit Hinweisen bezüglich der Arten ihrer Lösung. Sogar wenn es Ihnen nicht gelingen sollte das Problem alleine zu bewältigen, die Anleitung zeigt Ihnen die weitere Vorgehensweise – den Kontakt zur Kundenberatung oder dem naheliegenden Service.