Home » Kerio User Forums » Kerio Control » Inter VLAN Routing on kerio.... (Can't Do it :()

Messages: 3
Karma: 0
Send a private message to this user
Hi all

need help on Inter Vlan routing Via kerio controll 7.4.1. here is a topology.


There is a several Vlans: Vlan 10, 20, 100 and so on ( no matter).
I can ping hosts and server in same Vlan via several switches. From switch to host, port is in access mode and between switches ports is in Trunk mode. Also port is in Trunk mode between KERIO and IT-SW (switch). interface is in TRUNK mode from switch's side because i don't know how configure interface TRUNK mode on kerio.

On kerio i have configed one physical interface with IP - and on the same interface i have created VLAN 10 and VLAN 20.
static IP's for this interfaces:
1. VLAN 10
2. VLAN 20

also i have created DHCP Lease for each VLAN, but i cannot get IP's from DHCP. So i assigned static IP's to computers but they cannot ping each other, nor same VLAN, nor another VLAN.

so pls tell me how i must configure inter vlan routing on kerio, is it possible?
or what must i do? where is my mistake? maybe when i put IP on pysical interface? but without it i cannot connect Kerio right?

so pls tell me config and if its possible with screenshots.

[Updated on: Tue, 05 November 2013 13:34]

Petr Dobry (Kerio)

Messages: 405
Karma: 61
Send a private message to this user
If you can't ping two computers in the same VLAN, the problem is somewhere in VLAN/trunk settings on the switches.

Petr Dobry
Product Development Manager | Kerio

Messages: 1
Karma: 1
Send a private message to this user
systemunicast, not sure if you ever got a reply. I had similiar issues and here is how I solved them.

the way I found this works correctly is if you set the static ip address on your firewalls physical interface and use that as your default gateway for your primary native vlan default gateway.

for example set kerio physical port 1 to (this is will act as the untagged vlan ip) and set it to be assigned (tagged) to vlan 10 and vlan 20.

the switch ports should be untagged for vlan 1 and tagged for vlan 10 and vlan 20. clients on vlan 10 need to use the vlan10 virtual interface ip as their default gateway

this only works if the the vlan1 (default or native vlan) ip is configured on the physical port of kerio which is being used as the trunk to a switch.

also make sure you have traffic rules allowing dns, dhcp or "all" traffic to&from the virtual vlan interfaces to&from the firewall. example rule is source:vlan10&vlan20&firewall<--->destination:vlan10&vlan20&firewall, allowed, all.
Previous Topic: Add users by external php file!
Next Topic: Installation problems with CF and IDE-Flash
Goto Forum:

Kerio discussion forums are intended for open communication between forum members and may contain information and material posted by members which may be useful in learning about Kerio products. The discussion forums are not intended to provide technical support for any specific product. Any information implied or expressed in the discussion forums is that of the posting member. Kerio is in no way responsible for the information posted in the forums, or its accuracy. Kerio employees may participate in the discussions, but their postings do not represent an offical position of the company on any issues raised or discussed. Kerio reserves the right to monitor and maintain the forums to promote free and accurate exchange of information.

Current Time: Mon Nov 19 16:09:52 CET 2018

Total time taken to generate the page: 0.93386 seconds
.:: Contact :: Home ::.
Powered by: FUDforum 3.0.4.