ER8411
Omada VPN Router with 10G Ports
- Integrated into Omada SDN: Zero-Touch Provisioning (ZTP)*3, Centralized Cloud Management, and Intelligent Monitoring.
- Centralized Management: Cloud access and Omada app for ultra convenience and easy management.
- Two 10GE SFP+ Ports: 1× WAN and 1× WAN/LAN 10GE SFP+ ports provide high-bandwidth aggregation connectivity.
- Up to 10 WAN Ports: Fiber and RJ45 WAN ports with load balance raise the utilization rate of multi-line broadband.
- Highly Secure VPN: Enterprise-standard SSL/ IPSec / PPTP / L2TP VPN & OpenVPN / WireGuard / L2TP over IPSec VPN are ideal for use across multiple branches and for WFH.
- Abundant Security Features: Powerful Firewall, DoS defense, IP/MAC/URL filtering, and IP-MAC Binding, and One-Click ALG Activation provide world-class security.
-
Centralized Cloud Management
Seamless integration into the Omada SDN platform
-
Quad-Core 2.2 GHz CPU
Enterprise–level hardware design provides maximum performance
-
Two 10GE SFP+ Ports
High-bandwidth aggregation with 1× WAN and 1× WAN/LAN ports
-
Up to 10 WAN Ports
Multi-WAN Load Balance raises the utilization rate of multi-line broadband*1
-
Two USB 3.0 Ports
Available 4G/3G Modem connection for LTE WAN backup
-
High-Capacity Performance
Supports up to 2,300,000 concurrent sessions
-
High-Security VPN
Enterprise-standard SSL / IPSec / PPTP / L2TP VPN & OpenVPN / L2TP over IPSec VPN / WireGuard
-
Enhanced Security
Powerful Firewall, DoS defense, IP/MAC/URL/ Keyword filtering
-
Dual Redundant Power Supplies
Carrier-class reliability for enterprise networking
High-Capacity Performance with Quad-Core 2.2 GHz CPU
Manage your entire business network with the right amount of processing power. Dual redundant power supplies further ensure carrier-class reliability for enterprise networking.
Dual Redundant Power Supplies
Quad-Core 2.2 GHz CPU
Maximize the 10G Broadband with Omada Enterprise Gateway
Maximized 10G Broadband with the Omada Enterprise Gateway Build your lightning-fast network with Omada ER8411 — an enterprise VPN router with 10G ports. It surpasses the need for high-speed, reliable, and safe enterprise networks, ideal for large-scale deployments such as offices, schools, and hotels.
1× 10G SFP+ WAN/LAN Port
1× 10G SFP+ WAN Port
Easily Build a Whole 10G Enterprise Network
10G Router
Full 10G Fiber Switch
Core Server / NAS
-
PoE Switch with 10G Uplink
Connects PoE Devices, Hassle-Free
-
WiFi 6E and WiFi 6 Access Points
With 10G or 2.5G PortsConnect WiFi 6 APs with 10G or 2.5G PoE Switches
-
Switch with 10G Uplink
Lightning-Fast Wired Connections
10× WAN Ports & One USB WAN for Mobile Broadband
Up to 10× WAN SFP+, SFP, and RJ45 ports allow the router to support various internet access requirements.*1 Multi-WAN Load Balancing distributes data streams according to the bandwidth proportion of every WAN port to raise the utilization rate of multi-line broadband. Connect a 4G/3G modem to one of the USB 3.0 ports for LTE WAN backup.
Note: At least one of the ten WAN/LAN ports needs to function as a LAN.
2× USB 3.0 Ports
(Single 4G/3G Modem connection for LTE WAN backup)
1× Gigabit SFP WAN/LAN Port
1× 10G SFP+ WAN/LAN Port
1× 10G SFP+ WAN Port
8× Gigabit RJ45 WAN/LAN Ports
High-Security and High-Performance VPN
ER8411 supports pass-through traffic and multiple VPN protocols, including SSL, IPSec, PPTP, WireGuard, and L2TP in Client/Server mode. One-click auto IPSec VPN simplifies VPN configuration and facilitates network management and deployment.*2 The router also features built-in VPN engine hardware, allowing support and management of hundreds of IPSec, PPTP, L2TP, SSL VPN, and OpenVPN Tunnels.
Robust Security Features
Powerful Firewall
Advanced firewall policies
protect your network and data.
IP/MAC/URL/Keyword Filtering
Forcefully prevent viruses and attacks from intruders.
Convenient VLAN Support
Create virtual network segments for
enhanced security and simplified
network management.
IP-MAC Binding
Reserves static IP assignment for
clients to defend against ARP
attacks and spoofing.
DoS Defense
Automatically detects and blocks
Denial of Service (DoS) attacks such
as TCP/UDP/ICMP Flooding, Ping of
Death, and other related threats.
One-Click ALG Activation
One-Click ALG Activation for
applications such as FTP, H323, SIP,
IPSec, and PPTP.
Seamless Integration into Omada SDN
The Omada Software Defined Networking (SDN) platform integrates network devices including access points, switches, and routers to provide 100% centralized cloud management and create a highly scalable network—all controlled from a single interface.
-
Hardware, Software, or Cloud-Based Controllers
-
Centralized Cloud Management
-
Intelligent Monitoring
-
Zero-Touch Provisioning (ZTP)*3
Internet
Cloud Access
Wall Plate AP
WiFi 6 Ceiling Mount AP
Outdoor AP
JetStream PoE Switches
Omada VPN Router
ER8411
Web Browser
Omada App
Omada Hardware Controller
Or
Omada Software Controller
SEGURIDAD | |
---|---|
Control de acceso | Control de acceso basado en IP de origen/destino |
Filtración | • Filtrado de grupos WEB * 5 • Filtrado de URL • Seguridad Web * 5 |
Inspección ARP | • Envío de Paquetes GARP * 5 • Escaneo ARP * 5 • Enlace IP-MAC * 5 |
Defensa de ataque | • Defensa contra inundaciones TCP/UDP/ICMP • Bloquear escaneo TCP (Stealth FIN / Xmas / Null) • Bloquear ping desde WAN |
CARACTERÍSTICAS DE HARDWARE | |
---|---|
Estándares y Protocolos | • IEEE 802.3, IEEE802.3u, IEEE802.3ab, IEEE802.3z, IEEE 802.3x, IEEE 802.1q• TCP/IP, DHCP, ICMP, NAT, PPPoE, NTP, HTTP, HTTPS, DNS, IPSec, PPTP, L2TP, OpenVPN, SNMP |
Interface | • 2 × 10GE SFP + Puertos (1 WAN, 1 WAN/LAN) • 1 puerto WAN/LAN SFP de 1 GE • 8 puertos WAN/LAN 1GE RJ45 • 1 puerto de consola RJ45 • 2 puertos USB (conexión de módem 4G/3G como respaldo WAN) |
Medios de red | • 10BASE-T: UTP category 3, 4, 5 cable (Max 100 m)EIA/TIA-568 100Ω STP (Max 100 m)• 100BASE-TX: UTP category 5, 5e cable (Max 100 m)EIA/TIA-568 100Ω STP (Max 100 m)• 1000BASE-T: UTP category 5e, 6 cable (Max 100 m) |
Cantidad de ventiladores | 2 |
Botón | Botón de reinicio |
Fuente de alimentación | Fuentes de alimentación dobles redundantes (100–240 VCA, 50/60 Hz) |
Presupuesto PoE | - |
Flash | 4MB SPI NOR + 256 MB NAND |
DRAM | 4 GB DDR4 |
LED | PWR, SYS, WAN, LAN, USB, FAN |
Dimensiones (An x Pr x Al) | 17.3 × 8.7 × 1.7 in (440 × 220 × 44 mm) |
Protección | 4 kV surge protection |
Recinto | Steel |
Montaje | Rack Mountable |
Consumo máximo de energía | • 26,36 W (con USB 3.0 conectado) • 19,12 W (sin USB 3.0 conectado) |
DESEMPEÑO | |
---|---|
IPS Throughput | TCP: 4924 Mbps;UDP: 4521 Mbps |
DPI Throughput | TCP: 5524 Mbps; UDP: 3547 Mbps |
WireGuard VPN | 1411 Mbps |
Sesión concurrente | 2,300,000 |
New Sessions /Second | 20,000 |
NAT (Static IP) | • Carga: 9445,82 Mbps • Descarga: 9449,26 Mbps |
NAT(DHCP) | • Carga: 9426,83 Mbps • Descarga: 9426,20 Mbps |
NAT(PPPoE) | • Carga: 9413,96 Mbps • Descarga: 9102.01 Mbps |
NAT (L2TP) | • Carga: 4230,62 Mbps • Descarga: 4169,53 Mbps |
NAT (PPTP) | • Carga: 3933.86 Mbps • Descarga: 3821,97 Mbps |
64 Byte Packet Forwarding Rate | • Carga: 1080 Mbps • Descarga: 1030 Mbps |
Rendimiento de VPN IPsec | • SHA1-AES256: 2140,45Mbps • SHA2-AES256: 2080,20Mbps |
OpenVPN | 1665,64Mbps |
L2TP VPN Throughput | • Sin cifrar: 5013,50 Mbps • Encriptado: 2274.74 Mbps |
PPTP VPN Throughput | • Unencrypted: 3933.86 Mbps• Encrypted: 3821.97Mbps |
SSL VPN Throughput | 1511.10 Mbps |
66 Byte Packet forwarding rate | - |
1,518 Byte Packet forwarding rate | • Upload: 9970 Mbps• Download: 9970 Mbps |
FUNCIONES BÁSICAS | |
---|---|
Tipo de conexión WAN | • IP Estática / Dinámica • PPPoE • PPTP • L2TP • Túnel 6to4 • Pasar por • Banda ancha móvil: módem 4G / 3G para respaldo a través del puerto USB |
Clon de MAC | Modificar dirección MAC WAN/LAN * 4 |
DHCP | • Servidor/Cliente DHCP • Reserva de direcciones DHCP • DHCP multired • Interfaces IP múltiples |
IPv6 | Conexión WAN |
VLAN | 802.1Q VLAN |
IPTV | IGMP v2/v3 Proxy |
FUNCIONES AVANZADAS | |
---|---|
ACL | Filtrado de IP/Puerto/Protocolo/Nombre de Dominio |
camino avanzado | • Enrutamiento estatico • Enrutamiento de políticas |
Control de Ancho de Banda | • Control de ancho de banda basado en puerto/IP • Garantía y ancho de banda limitado |
Equilibrio de carga | • Equilibrio de carga inteligente • Enrutamiento optimizado para aplicaciones • Copia de seguridad de enlace (tiempo * 5 , conmutación por error) • Detección en línea |
NAT | • NAT uno a uno * 5 • NAT multired • Servidor virtual • Activación de puertos * 5 • NAT-DMZ • FTP/H.323/SIP/IPSec/PPTP ALG • UPnP |
Seguridad | • SPI Firewall • VPN Passthrough • FTP/H.323/PPTP/SIP/IPsec ALG • DoS Defence, Ping of Death • Local Management |
Límite de sesión | Límite de sesión basado en IP |
VPN | |
---|---|
SSL VPN | • Servidor VPN SSL • Cliente VPN SSL • 500 túneles OpenVPN |
IPsec VPN | • 300 Túneles VPN IPSec • LAN a LAN, Cliente a LAN • Modo de negociación principal y agresivo • Algoritmo de cifrado DES, 3DES, SHA1, SHA2, AES128, AES192, AES256 • IKE v1 / v2 • Algoritmo de autenticación MD5, SHA1 • NAT transversal (NAT-T) • Detección de pares muertos (DPD) • Perfect Forward Secrecy (PFS) |
PPTP VPN | • Servidor VPN PPTP • Cliente VPN PPTP (32) * 6 • 300 Túneles (Compartido con L2TP) • PPTP con cifrado MPPE |
L2TP VPN | • Servidor VPN L2TP • Cliente VPN L2TP (32) * 6 • 300 Túneles (Compartidos con PPTP) • L2TP sobre IPSec |
VPN abierta | • Servidor OpenVPN • Cliente OpenVPN (10) * 6 • 110 túneles OpenVPN |
WireGuard VPN | • 300 Tunnels |
AUTENTICACIÓN | |
---|---|
Autenticación web | • Sin autenticacion • Contraseña simple * 2 • Hotspot (Usuario local / Cupón * 2 / SMS * 2 / Radius * 2 ) • Servidor de radio externo • Servidor de Portal Externo * 2 • Registro en Facebook * 2 • Seguimiento de Instagram * 2 |
ADMINISTRACIÓN | |
---|---|
Aplicación Omada | Sí. Requiere el uso de OC300, OC200, Omada Cloud-Based Controller o Omada Software Controller. |
Gestión centralizada | • Controlador de hardware Omada (OC300) • Controlador de hardware Omada (OC200) • Controlador de software Omada • Controlador basado en la nube Omada |
Acceso a la nube | Sí. Requiere el uso de OC300, OC200, Omada Cloud-Based Controller o Omada Software Controller. |
Servicio | DNS dinámico (Dyndns, No-IP, Peanuthull, Comexe) |
Mantenimiento | • Interfaz de administración web • Gestión remota • Configuración de exportación e importación • SNMP v1/v2c/v3 • Diagnósticos (Ping y Traceroute) * 5 • Sincronización NTP * 5 • Compatibilidad con registro del sistema |
Aprovisionamiento sin intervención | Sí. Requiere el uso del controlador basado en la nube de Omada. |
Funciones de gestión | • Detección automática de dispositivos • Supervisión de red inteligente • Advertencias de eventos anormales • Configuración unificada • Horario de reinicio • Configuración del Portal Cautivo |
OTROS | |
---|---|
Certificación | CE, FCC, RoHS |
contenidos del paquete | • Omada 10G Puerta de enlace de seguridad WAN múltiple ER8411 • Cable de alimentación • Juego de montaje en bastidor • Guía de Instalación Rápida |
Requisitos del sistema | Microsoft Windows 98SE, NT, 2000, XP, Vista™ o Windows 7/8/8.1/10/11, MAC OS, NetWare, UNIX o Linux |
Ambiente | • Temperatura de funcionamiento: 0–40 ℃ (32–104 ℉); • Temperatura de almacenamiento: -40–70 ℃ (-40–158 ℉) • Humedad de funcionamiento: 10–90 % de HR sin condensación • Humedad de almacenamiento: 5–90 % de HR sin condensación |
1. At least one WAN/LAN port needs to function as a LAN port.
2. These functions requires the use of Omada Hardware Controller, Software Controller, or Cloud-Based Controller.
3. Zero-Touch Provisioning requires the use of Omada Cloud-Based Controller. Please go to Omada Cloud-Based Controller Product List to find all the models supported by Omada Cloud-Based Controller.
4. LAN MAC Address can be modified only in Standalone Mode.
5. These functions are supported only in Standalone Mode.
6. ER8411 can work as a VPN client and can connect with up to 32 PPTP/L2TP VPN servers and 10 OpenVPN servers.
7. For the complete compatibility list of 4G/3G modem, go to https://www.tp-link.com/er8411/compatibility/
Attention: It is recommended to use only one TL-SM5310-T module for the ER8411.