DocsICP FilingConsole
官方文档
首页

Wuying virtual private line CPE configuration

更新时间:
复制 MD 格式
产品详情
我的收藏

By deploying a Wuying Virtual Private Line customer-premises equipment (CPE) hardware device, you can connect your on-premises enterprise network to a Wuying advanced office network on Alibaba Cloud. This enables mutual access between your cloud resources and on-premises devices.

Prerequisites

  • CPE device: One CPE device. Purchase multiple devices if you need them for active-active disaster recovery or load balancing.

    Note

    This guide applies to the AL88-60/AL88-80/AL88-200/AL88-400 models.

  • PC: A PC to access the CPE management console. If your PC does not have an RJ45 port, you need a USB-to-RJ45 adapter.

  • Ethernet cables: Two Cat 5e or higher Ethernet cables. Use one to connect the CPE's WAN port to your enterprise network egress and the other to connect a LAN port on the CPE to the PC used for configuration.

  • Network port: An RJ45 port with internet access.

    Important

    If your enterprise network uses access control policies such as MAC address allowlists, you must configure them in advance to ensure the CPE device can access the internet.

Initialize the device and connect to the network

  1. Connect the device

    1. Use an Ethernet cable to connect the WAN1 port of the CPE device to an enterprise network port with internet access.

    2. Use another Ethernet cable to connect any LAN port of the CPE device to the PC used for configuration.

    3. Connect the CPE device to a power source.

      Note

      After you connect the hardware, your PC automatically obtains an IP address in the 192.168.9.0/24 CIDR block from the CPE via DHCP. If an IP address is not automatically obtained, you must manually configure the wired network adapter on your PC with the IP address 192.168.9.100 and the subnet mask 255.255.255.0.

  2. Log on to the management console

    1. In a web browser, navigate to the device's default management address: http://192.168.9.1.

    2. Log in with the initial username and password admin/admin. When prompted on your first login, set a new username and password according to your company's requirements and store them securely.

  3. Configure the internet connection method

    1. Navigate to Network Settings > WAN/LAN Settings and click wan1.

    2. Deployment recommendations:

      • Static IP (Recommended): In a side-by-side deployment, a static IP address prevents cloud routing failures caused by IP address changes and simplifies remote management. If you select this option, you must enter the planned IP Address, Subnet Mask, Gateway, and other required information.

      • DHCP (Default): Select this option for temporary testing or if your network environment permits dynamic IP assignment.

    3. After you complete the configuration, click Save.

  4. Verify network connectivity

    1. Navigate to Application Tools > PING Test.

    2. Enter a public domain name and click Start Test to confirm that the device is connected to the internet.

  5. Upgrade the firmware

    After establishing network connectivity, navigate to System Settings > Upgrade & Backup > Version Upgrade, and then click Online Upgrade.

Bind the CPE to the Wuying console

Obtain a registration code

Wuying Workspace enterprise edition

  1. Log on to the Elastic Desktop Service Enterprise console.

  2. In the left-side navigation pane, choose Networks & Storage > Office Networks.

  3. In the top navigation bar, select a region.

  4. Click the ID of the target office network, and then in the Network Information section, click Configure Rules.

  5. Click Generate Binding Code and then click Copy.

Wuying Workspace business edition

  1. Log on to the Wuying Workspace Business Edition console.

  2. In the left-side navigation pane, choose Network Management > Office Network.

  3. In the top navigation bar, select a region.

  4. Click the ID of the target office network. In the Network Information section, turn on the Virtual Private Line Rule switch.

  5. Click Add On-premises Network Device and then click Copy.

Complete binding in the CPE console

  • Return to the CPE management console and navigate to Network Settings > VPN Client > Wuying Virtual Private Line.

  • Paste the registration code you copied into the Binding Code input field.

  • In the Remarks field, enter a descriptive name (for example, Hangzhou-Office-CPE-01) to distinguish the device in the console's device list.

  • Click Save.

Configure and verify service traffic routing

Configure cloud-to-on-premises traffic redirection

After you configure traffic redirection rules, traffic from Wuying Workspaces that matches these rules is redirected through the CPE to egress from your on-premises network.

  1. After you complete the binding in the CPE console, return to the office network details page in the Wuying Workspace console.

  2. In the Network Information section, click Configure Rules.

  3. Next to Configure Traffic Redirection Rules, click Edit and select a redirection rule:

    • Global traffic redirection: All public internet requests from Wuying Workspaces in the office network are redirected to the egress of the on-premises network device connected via the Wuying Virtual Private Line.

    • Whitelist-based traffic redirection: Public internet requests from Wuying Workspaces in the office network that match the whitelist rules are redirected to the egress of the on-premises network device connected via the Wuying Virtual Private Line.

  4. Click OK.

  5. On the office network details page, enable the Virtual Private Line Rule switch.

Configure on-premises-to-cloud access

Configure a static route on your core routing device in your on-premises network to allow local computers to access Wuying Workspaces. Two deployment modes are available: side-by-side deployment and gateway mode.

Mode 1: Side-by-side deployment

In this mode, the CPE device connects to the enterprise core switch or router through a single port without changing the existing network topology.

Configuration: On your enterprise's Layer 3 switch or router, configure a static route to direct traffic destined for the Wuying office network to the CPE's WAN port.

Important

The CPE's WAN port must be configured with a static IP address to prevent routing failures caused by IP address changes.

Mode 2: Gateway mode

In this mode, the CPE device acts as the egress gateway for a local subnet. All traffic from downstream devices is forwarded through the CPE, eliminating the need to configure additional routes on external devices.

Important

If your enterprise office network's CIDR block overlaps with 192.168.9.1/24, a routing conflict will occur. In this case, you must change the CPE's LAN CIDR block.

Service port requirements

Domain/service

Port

Description

Public IP address of the Internet access pack

TCP: 443

Connection endpoint for the Wuying Virtual Private Line

wuying.aliyun.com

TCP: 443

For traffic between Wuying Workspaces and on-premises networks

wyota.cn-hangzhou.aliyuncs.com

TCP: 443

Wuying Workspace management API endpoint

wy-ota-ufb-cn-hanghzou.oss-cn-hangzhou.aliyuncs.com

TCP: 443

Used to download Wuying Virtual Private Line policies

post-cn-7mz2njrln01.mqtt.aliyuncs.com

  • TCP: 8883

  • TCP: 1883

  • TCP: 443

Used to push Wuying Virtual Private Line policies

Previous:Network FAQNext:Manage storage