Connect. Communicate. Collaborate. Securely.

Home » Kerio User Forums » Kerio Control » Vlan configuration with DHCP
  •  
NewToKerio

Messages: 3
Karma: 0
Send a private message to this user
Hi,

Happy New Year.

I'm new to Kerio and I'm trying to implement vlan between Kerio 3110 and a Netgear ProsafeGS724T Switch.

Configuration

Kerio:
• Port 1 connected to Internet Router 10 (192.168.1.2 255.255.255.0 192.168.1.1)
• Port 2-7 10 (192.168.3.1 255.255.255.0 No gateway)
• Port 8 Vlan Configuration (Should I configure Port 8 with an IP address)
o Vlan 10 (192.168.0.1 255.255.255.0 No gateway)
o Vlan 20 (192.168.2.1 255.255.255.0 No gateway)
o Vlan 30 (192.168.3.1 255.255.255.0 No gateway)
• DHCP enable for all Vlan's


Switch:
• Port 1 is Tagged for all this 3 Vlan's
o Vlan 10 (Port 2-6)
o Vlan 20 (Port 7-11)
o Vlan 30 (Port 12-16)

When I plug a laptop in a Vlan port in the switch I want it to get the correct vlan IP address from kerio DHCP, but this is not working.

I've made a link between Kerio Port 8 to Switch port 1, is this correct?

Am I doing this right?

Thank you

Best Regards.

  •  
ICT and Me

Messages: 940

Karma: 53
Send a private message to this user
Jorge,
Take a very good look at your config. Don't use the same IP ranges on VLAN and Physical ports Wink
VLAN 30 and port 2-7 on the Physical ports.
And why only on Port 8 the VLAN's. I think you make your network to complicated. Keep it simple.
First make a drawing how you want to connect. VLAN's is on top of existing LAN connection.

But try first to change the IP ranges. Because you get nice a IP but when you tried to get data it won't work.
Reason, the requested data is been send out on the physical layer. Not to the VLAN layer.

ICT and Me
Carlo Turk
The Netherlands
www.ictandme.nl
  •  
NewToKerio

Messages: 3
Karma: 0
Send a private message to this user
Hi Carlo,

thank you for your reply,

sorry, that was a copy paste, Vlan 30 is (192.168.4.1 255.255.255.0 No gateway).

So I should create Vlan's for each Phisical port?

I made another test with just one vlan on port 8 (Vlan 10) and I link it to the trunk port of the switch But DHCP traffic is not going trough the switch and then I tried to link it to a Vlan 10 switch port, and again with no success.

Thank you
  •  
Shwarmagedon

Messages: 9
Karma: 1
Send a private message to this user
Some original questions were not answered - I'm in a similar situation.

I'm new to Kerio and I'm trying to implement vlan between Kerio 3110 and a Netgear ProsafeGS724T Switch.

Configuration

Kerio:
• Port 1 connected to Internet Router 10 (192.168.1.2 255.255.255.0 192.168.1.1)
• Port 2-7 10 (192.168.3.1 255.255.255.0 No gateway)
• Port 8 Vlan Configuration (Should I configure Port 8 with an IP address)
o Vlan 10 (192.168.0.1 255.255.255.0 No gateway)
o Vlan 20 (192.168.2.1 255.255.255.0 No gateway)
o Vlan 30 (192.168.3.1 255.255.255.0 No gateway)
• DHCP enable for all Vlan's

1. Typically, do you leave the physical port WITHOUT an IP address (see his port 8 details above) and assign the vlans associated to that port an addres and a vlan id? I've been doing it in reverse and therefore lacking inter vlan routing.

2. How do you enable dhcp for vlans in Kerio? I thought you could only do this on the LAN switch.

3. Once vlans are successfully set up, where can you monitor/manage new & existing users? The only way I know how to do this is on the LAN switch on the dhcp server page.

Thanks!
  •  
silars

Messages: 429
Karma: 59
Send a private message to this user
1. You would add the IP address to the physical port to deal with untagged framing.

2. You use scopes.

3. You will need to describe what you mean monitor/manage new/existing users. The default answer would have to be through the Traffic Rules and/or Users tabs.
  •  
Shwarmagedon

Messages: 9
Karma: 1
Send a private message to this user
1. Thanks!
2. Thanks!
3. In a basic config, you only have 1 scope active in the entire network. This scope is setup on the LAN switch. Therefore, I'm accustomed to going to 'dhcp server' / 'LAN 'switch' to see which dhcp clients have joined the network. here I can see their hostname and therefore confirm "who" this device is (mikes ipad) and finally double click on that device and edit their name if necessary and assign them a static ip.( Finally, I go to "users" and finish adding the user)....

.that said can I;
- do the same thing for devices/users in the vlan scope?
- if yes, what about devices w/static ips? I'd have to go to the traffic page to locate them?
  •  
silars

Messages: 429
Karma: 59
Send a private message to this user
I preface: I don't use Kerio's DHCP server. I use Active Directory.

However, for #3, you should see all the active leases in Control. How it displays? I'm not sure.

For static IPs, have you considered reservations? I rarely static IP since reservations give you a means to centralize managing a static IP environment. You will also be able to see the leases/reservations in one location.

You also have the option to set a reservation even for a device with a static IP. Though, you risk a duplicate IP if not careful. Reservations are also persistent, as you would expect. The downside is that they'll always appear to be online, even when offline.

If reservations aren't possible, then your next option would be to check the "Status" tab and click on "Active Hosts". That will show you all hosts going through Control. If the device only communicates on the local LAN and uses a static IP, Control will never record it.
  •  
Shwarmagedon

Messages: 9
Karma: 1
Send a private message to this user
Silars - Thank you for all your help. Much appreciated!

Please see my replies/questions to your last reply.


I preface: I don't use Kerio's DHCP server. I use Active Directory.
- I don't use active directory.

However, for #3, you should see all the active leases in Control. How it displays? I'm not sure.
- Yes in the lan switch I see all the active leases.

For static IPs, have you considered reservations?
- I should clarify. I do use reservations (instead of static ip's) on the lan switch. However, I do have clients with permanent static ips on subnet #2 that is connected to a standalone interface on the Kerio control 3110 box.
- If I understand you correctly, I would only be able to see traffic from these devices with static IP's in the 'active hosts' page correct?

I rarely static IP since reservations give you a means to centralize managing a static IP environment. You will also be able to see the leases/reservations in one location.
- You can only see these leases/reservations in the lan switch section of the dhcp server page correct?

You also have the option to set a reservation even for a device with a static IP.

- This is done in the lan switch section of the dhcp server page for the vlan correct?

Though, you risk a duplicate IP if not careful. Reservations are also persistent, as you would expect. The downside is that they'll always appear to be online, even when offline.[/i]
- On what page would they appear to always be online?
- For the subnet I mentioned above, I would not be enabling Kerio's dhcp service so I don't think there is risk for a duplicate.

If reservations aren't possible, then your next option would be to check the "Status" tab and click on "Active Hosts". That will show you all hosts going through Control. If the device only communicates on the local LAN and uses a static IP, Control will never record it.
- Why wouldn't traffic from a static ip device on the local lan show up on 'active hosts' page?

[Updated on: Sun, 09 June 2013 00:28]

  •  
silars

Messages: 429
Karma: 59
Send a private message to this user
Ah, my apologies. I thought you were trying to use Kerio's DHCP server. Ignore most of my comments then.

"Active Hosts" is what you'll view in Kerio then. Kerio will only report on devices that try to communicate "through" it. A device that *only* communicates on the LAN it is attached never goes "through" Control. Therefore, Control will never report it in "Active Hosts". I have quite a few of those types of devices myself.
Previous Topic: Exclude by ip?
Next Topic: How can I use the OpenDNS.Com in Kerio ?
Goto Forum:
  


Disclaimer:
Kerio discussion forums are intended for open communication between forum members and may contain information and material posted by members which may be useful in learning about Kerio products. The discussion forums are not intended to provide technical support for any specific product. Any information implied or expressed in the discussion forums is that of the posting member. Kerio is in no way responsible for the information posted in the forums, or its accuracy. Kerio employees may participate in the discussions, but their postings do not represent an offical position of the company on any issues raised or discussed. Kerio reserves the right to monitor and maintain the forums to promote free and accurate exchange of information.

Current Time: Mon Nov 20 08:37:13 CET 2017

Total time taken to generate the page: 0.00476 seconds
.:: Contact :: Home ::.
Powered by: FUDforum 3.0.4.