Connect. Communicate. Collaborate. Securely.

Home » Kerio User Forums » Kerio Control » Guest network and DHCP
  •  
Dukeman

Messages: 57
Karma: 6
Send a private message to this user
I've configurated the guest network as found in the KB article ( http://kb.kerio.com/product/kerio-control/server-configurati on-kerio-control/configuring-the-guest-network-1654.html): the rules are created, the DHCP server has been activated with a scope for the guest network, the interface has been setup and the DNS forwarding service is activated.

The interface/port is connected to a swich where this port is assigned to a dedicated VLAN. An other port is connected to a WIFI router, with multiple SSID's where each SSID is assigned to a VLAN, the port is on the switch uses the tag to set traffic to the correct VLAN.

When I setup a dedicated IP on a device connected through this guest wifi, all traffic goes without any problem, I can use internet.

When I want to use DHCP on any device in the guest network, no IP address is assigned. I see the following line in the filter log:

[25/Oct/2015 15:41:47] DROP "Block other traffic" packet to WIFI-Guests, proto:UDP, len:330, 192.168.22.1:67 -> 255.255.255.255:68, udplen:302

192.168.22.1 is the network address of the nic in Kerio connected to this VLAN/guest network.

What am I doing wrong and why aren't any DHCP addresses assigned?

Edit:
I've attached an image of the setup.

When connecting to the VLAN 1 WIFI the DHCP request is send to an internal server (ON VLAN 1, not tagged) and receives an IP Address, in VLAN 1 everything works alright, in the second VLAN (with Kerio as DHCP server) it is not...

[Updated on: Sun, 25 October 2015 16:24]

  •  
Brian Carmichael (Kerio)

Messages: 682
Karma: 69
Send a private message to this user
The log event indicates that your traffic rules are blocking the DHCP request. Make sure you have a rule allowing access from the Guest network to the firewall.

Brian Carmichael
Senior Technical Marketing Engineer | Kerio
Stay Connected Anytime, Anywhere. Discover Kerio Cloud!
  •  
Dukeman

Messages: 57
Karma: 6
Send a private message to this user
Thanks for your reply! The Guest interface however has access to the firewall with the "Guest services" services group, which contains the DNS, DHCP, Webinterface and webadmin services.

When setting up an IP fixed on a device, I can see the Guest -> Welcome/Continue page and DNS queries are send to the guest interface and forwarded to the internal DNS server.

With DHCP no IP is given.

On VLAN 1 (the internal network) an IP is given, the network setup is nearly the same (an internal windows server runs the DHCP server instead of Kerio and the VLAN setup is identical for both VLAN 1 and 2).
  •  
Brian Carmichael (Kerio)

Messages: 682
Karma: 69
Send a private message to this user
You could add a rule that allows DHCP from the Firewall to your Guest network, but this should not be necessary. In the debug log you can enable DHCP messages and DHCP requests. This could help to identify how the incoming request is received.

Brian Carmichael
Senior Technical Marketing Engineer | Kerio
Stay Connected Anytime, Anywhere. Discover Kerio Cloud!
  •  
Dukeman

Messages: 57
Karma: 6
Send a private message to this user
The extra rule to enable traffic from the firewall to the guest interface did the trick! When this rule was added the IP was assigned immediately!

Thank you for your help!
Previous Topic: System Fault
Next Topic: IPsec between Control 8.3.3 and Vshield Edge not working
Goto Forum:
  


Disclaimer:
Kerio discussion forums are intended for open communication between forum members and may contain information and material posted by members which may be useful in learning about Kerio products. The discussion forums are not intended to provide technical support for any specific product. Any information implied or expressed in the discussion forums is that of the posting member. Kerio is in no way responsible for the information posted in the forums, or its accuracy. Kerio employees may participate in the discussions, but their postings do not represent an offical position of the company on any issues raised or discussed. Kerio reserves the right to monitor and maintain the forums to promote free and accurate exchange of information.

Current Time: Thu Jun 29 03:53:05 CEST 2017

Total time taken to generate the page: 0.00366 seconds
.:: Contact :: Home ::.
Powered by: FUDforum 3.0.4.