The TL-ER6020 has three router modes, NAT, Non-NAT and Classic. NAT, or network address translation mode, is the default and is used to translate public to private IP addresses between the WAN and LAN interfaces. Non-NAT mode disables NAT functionality and requires the configuration of static routes and/or utilization of the RIP routing protocol to establish routing rules. Classic mode is “a combined mode of NAT and Non-NAT”.
I could see classic mode as useful if it allowed configuration of NAT on one WAN interface and Non-NAT on the other WAN interface, but it didn't seem to work that way for me. Documentation of this mode is vague, so I've reached out to TP-LINK for clarity and will post an update when I hear back.
The TL-ER6020 automatically performs load balancing between active WAN ports using TP-LINK's “Intelligent Load Balancing”. Using the default configuration for load balancing, it looks to me like the TL-ER6020 distributes traffic equally between WAN interfaces based on sessions.
To test default load balancing on the TL-ER6020, I set up two continuous pings to two different websites, with each ping representing a different session. I then disconnected the WAN1 interface. As you can see in the screenshot below on the left, only one of the ping sessions was interrupted, the other ping session continued without interruption. Moreover, the ping session that was interrupted only lost one packet. I repeated the test multiple times with similar results.
Load balance ping test
Based on my simple tests, the TL-ER6020 can fail over to the other WAN connection quite quickly. I like the fact that it automatically uses both connections by default, instead of leaving one connection as an idle backup.
The TL-ER6020 dual-WAN default mode assumes equal ISP connection bandwidth. If your ISP connections have different bandwidth capabilities or if one is usage sensitive or if one is more reliable than the other or if you have a requirement to send specific traffic out a specific connection, you may want to adjust the load balancing scheme. Load balancing on the TL-ER6020 can be customized based on bandwidth, source or destination IP address, TCP or UDP, tine of day/week schedule and primary/backup designation.
Firewall and Security
There are five main options on the TL-ER6020 firewall: Anti ARP Spoofing, Attack Defense, MAC Filtering, Access Control, and App Control.
Anti ARP Spoofing is a feature more commonly found on switches, but is useful on a router, too. With this feature, you can bind IP addresses to specific MAC addresses and permit only traffic that matches those bindings.
The Attack Defense feature allows for blocking excessive or potentially fraudulent traffic flows. Traffic floods can be blocked based on six types of traffic flows and configurable packet per second thresholds. Anomalous packets can also be blocked. Below is a screenshot of the Attack Defense options.
Firewall attack defense options
MAC filtering provides both allow / deny options for listed MAC addresses. For a small network (less than 10 users), MAC filtering based on a list of permitted devices can be an effective way to control access to the network, although somewhat resource intensive.
Access Control options on the TL-ER6020 are basic. The URL filtering option filters Internet traffic based on keywords or URLs, while the Web filtering option filters Internet traffic based on the presence of Java, ActiveX, or Cookies. The Access Rules option allows for creating rules to block or allow traffic based on ten predefined services (ICMP, FTP, SSH, TELNET, SMTP, DNS, HTTP, POP3, SNTP, H.323), source and destination IP address, and schedule. Additional services can be defined by protocol and port.
App Control allows for blocking various well-known Internet traffic types including Instant Messaging, Social Networking, Peer to Peer, Media, and other Internet sites. The list of applications are defined by a database file provided by TP-LINK. I tested this feature with a basic rule to block all traffic to all of the apps shown below and could no longer access YouTube once my basic rule was applied.