This topic describes how to deploy a Smart Access Gateway (SAG) device and configure Dynamic Host Configuration Protocol (DHCP) on the LAN port to connect private networks to Alibaba Cloud. DHCP is used to dynamically allocate IP addresses and configurations to clients. This facilitates network O&M.
Sample scenario
The following scenario is used as an example in this topic. An enterprise has created a virtual private cloud (VPC) in the China (Hangzhou) region and cloud services are deployed in the VPC. The enterprise opened a new branch office (on-premises network) in Hangzhou and wants to connect the on-premises network to Alibaba Cloud. In addition, the enterprise wants the on-premises network to access the DNS server deployed by the enterprise to use the DNS service.
The enterprise plans to deploy an SAG-1000 device in inline mode to connect the on-premises network to Alibaba Cloud. In this scenario, DHCP is enabled on the LAN port of the SAG device to manage and dynamically allocate client IP addresses. In addition, DHCP is also used to allocate IP addresses from the DNS server to clients. This facilitates network O&M.
After the enterprise deploys the SAG device, the enterprise can use Cloud Connect Network (CCN) and Cloud Enterprise Network (CEN) to connect the on-premises network to Alibaba Cloud.
Plan networks
The following table describes the network plans in this scenario. You can plan IP addresses and private CIDR blocks as needed. Make sure that the private CIDR block of the on-premises network does not overlap with that of the VPC.
Resource | Network planning and configuration |
On-premises network | 10.10.0.0/24 |
SAG device |
|
VPC | 192.168.0.0/16 |
Prerequisites
A VPC is created in the China (Hangzhou) region and cloud services are deployed in the VPC. For more information, see Create a VPC with an IPv4 CIDR block.
You have read and understand the security group rules that apply to the Elastic Compute Service (ECS) instances in the VPC. Make sure that the security group rules allow the on-premises network to access the ECS instances. For more information, see View security group rules and Add a security group rule.
Procedure
Step 1: Purchase an SAG device
After you purchase SAG devices in the SAG console, Alibaba Cloud delivers the devices to the specified address and creates SAG instances. You can use the SAG instances to manage your SAG devices.
To use SAG devices in areas outside the Chinese mainland, you must purchase SAG devices from third-party vendors that are authorized by Alibaba Cloud. For more information, see Purchase SAG devices.
Log on to the SAG console.
On the Smart Access Gateway page, choose .
On the buy page, set the following parameters and click Buy Now.
Area: Select the area where you want to use the SAG device. In this example, Mainland China is selected.
Device Spec: Select the model of the SAG device. In this example, SAG-1000 is selected.
Have SAG Devices Already: Select whether you already have an SAG device. In this example, No is selected.
Edition: Select the edition of the SAG device. By default, SAG-1000-Standard is selected.
Quantity: Select the number of SAG devices that you want to purchase. In this example, 1 is selected.
Area: Select the area of the bandwidth that is used by the SAG device. The area is the same as that of the SAG device and cannot be changed.
Name: Enter a name for the SAG instance.
The name must be 2 to 128 characters in length, and can contain digits, periods (.), hyphens (-), and underscores (_). It must start with a letter.
Peak Bandwidth: Select the maximum bandwidth value of the SAG device.
Subscription Duration: Select a subscription duration.
On the Confirm Order page, confirm the information and click Confirm Purchase.
In the Shipping Address dialog box, enter the recipient address and then click Buy Now.
On the Purchase page, select a payment method and click Purchase.
SAG devices will be shipped within two business days after you complete the payment. If the devices are not shipped after two business days, you can perform the following steps to check the shipping status:
- On the Smart Access Gateway page, find the SAG instance.
- Choose View Shipping Update in the Actions column.
- In the Order Updates panel, view the shipping updates.
After you receive the package, check the SAG devices and the accessories. If the devices or accessories are damaged or missing, contact Alibaba Cloud after-sales service. For more information about the accessories of SAG-1000 devices, see Accessories of SAG-1000 devices.
Step 2: Activate and connect the SAG device
Log on to the SAG console.
In the top navigation bar, select the region. In this example, Mainland China is selected.
On the Smart Access Gateway page, find the SAG instance and choose in the Actions column.
In the Activate dialog box, click OK.
After you activate the SAG device, you must connect it to your on-premises network based on your network plans.
Connect a modem to the WAN port (port 5) of the SAG device by using a network cable.
Connect the LAN port (port 4) of the SAG device to a Layer 2 switch by using a network cable.
If the SAG device is purchased from a third-party vendor, you must manually associate the SAG device with the SAG instance. For more information, see Add a device.
Step 3: Configure the SAG device
You must log on to the web console to configure the SAG devices. Before you perform configurations, make sure that the SAG device is started, the 4G network works as expected, and the SAG device is connected to Alibaba Cloud.
Log on to the web console of the SAG device.
Use a network cable to connect a computer in the on-premises network to the management port (port 2 by default) of the SAG device. Then, open a browser on the computer and log on to the web console. For more information, see Step 1: Configure the SAG client on an on-premises terminal and Step 2: Set a logon password.
Assign roles for the ports of the SAG device.
After you log on to the web console, click Setting in the top navigation bar.
In the left-side navigation pane, click Port Alloc.
On the Port Alloc page, find the port that you want to manage, select a port type, and then click OK.
Port 4: Select LAN.
Port 5: Select WAN.
Configure the WAN port.
In the left-side navigation pane, click WAN.
On the WAN page, click Port 5 (WAN), set the following parameters, and then click OK:
Link Type: Select PPPoE.
Username: In this example, 33**** is used.
Password: In this example, 1234**** is used.
Internet Access: In this example, this feature is enabled.
Use the default settings for other parameters.
Configure the LAN port.
In the left-side navigation pane, click LAN.
On the LAN page, click Port 4 (LAN), set the following parameters, and then click OK:
Link Type: Select Dynamic IP.
Private Segment: Select Custom Segment and enter the private CIDR block of the on-premises network: 10.10.0.0/24.
Interface IP: Enter the IP address of the LAN port. In this example, 10.10.0.1 is used.
DHCP Start IP: In this example, 10.10.0.2 is used.
DHCP End IP: In this example, 10.10.0.254 is used.
Address ExpireIn: In this example, 48 is used. Unit: hours.
DHCP Failover: In this example, this feature is disabled.
DHCP Option: On the right side of the page, click Add. Set the following parameters and click OK in the Actions column:
Name: Select DNS SERVER.
CODE: The default value is 6.
Data Type: The default value is ip-address, which indicates the DNS server address to be specified in the Value field.
Value: Enter the DNS server address. In this example, 47.XX.XX.80 is used.
Step 4: Set up network connections
After you configure the SAG device, you must set up network connections in the SAG console to connect the on-premises network to Alibaba Cloud.
- Log on to the SAG console.
In the top navigation bar, select the region. In this example, Mainland China is selected.
Select a method to advertise routes to Alibaba Cloud.
On the Smart Access Gateway page, find the SAG instance and click Network Configuration in the Actions column.
In the left-side navigation pane, click Method to Synchronize with On-premises Routes.
On the Method to Synchronize with On-premises Routes tab, select Static Routing and click Add Static Route.
In the Add Static Route, enter 10.10.0.0/24, which is the private CIDR block of the on-premises network, and then click OK.
Create a CCN instance and associate it with the SAG instance.
In the left-side navigation pane, click CCN.
On the CCN page, click Create CCN Instance.
In the Create CCN Instance dialog box, set the following parameters and click OK.
Resource Group: Select the resource group to which the CCN instance belongs.
Instance Name: Enter a name for the CCN instance.
On the CCN page, click the ID of the CCN instance to go to the details page.
On the details page of the CCN instance, click the Associated SAG Instances tab. On the tab, click Associate with SAG.
On the Current Account tab of the Associate with SAG panel, set the following parameters and click OK.
Resource Group: Select the resource group to which the SAG instance belongs.
SAG: Select the SAG instance.
Create a CEN instance and attach the VPC and the CCN instance to it.
In the left-side navigation pane, choose to go to the CEN console.
On the Instances page, click Create CEN Instance.
In the Create CEN Instance panel, set the following parameters and click OK.
Name: Enter a name for the CEN instance.
Description: Enter a description for the CEN instance.
Network Type: Select the type of network instance that you want to attach. In this example, VPC is selected.
Region: Select the region of the network instance. In this example, China (Hangzhou) is selected.
Networks: Select the VPC.
In the Create CEN Instance panel, click OK.
On the Instances page, find the CEN instance that you want to manage and click its ID.
Click the Networks tab and then click Attach Network.
On the Your Account tab of the Attach Network panel, set the following parameters to attach a network instance to the CEN instance and click OK.
Network Type: Select the type of network instance. In this example, Cloud Connect Network (CCN) is selected.
Region: Select the region of the CCN instance. In this example, Mainland China is selected.
Networks: Select the CCN instance.
Step 5: Test the connectivity
Find a client in the on-premises network, set the Ethernet network interface controller (NIC) of the client to automatically obtain IP addresses and DNS server addresses. For more information, see the operation guide of the client.
The Windows operating system is used in the following example.
After you complete the configuration, the SAG device automatically allocates IP addresses and DNS server addresses to clients. Run the ping command on the client to ping an ECS instance in the VPC. If a response packet is returned, it indicates that the on-premises network is connected to Alibaba Cloud.
ping <IP address of an ECS instance>