GFI Software Aurea SMB Solutions


Home » GFI User Forums » Kerio Control » VLAN Problem (Configuring VLAN With SRW2016)
VLAN Problem [message #145529] Thu, 11 April 2019 14:09 Go to next message
NETGRAMMER is currently offline  NETGRAMMER
Messages: 7
Registered: April 2019
Hello Friends, Need your Help / Suggestion.

So I configured VLAN on Kerio (I want To set all of my wi-fi ap's on VLAN).
Step 1.

b]Kerio Config:[/b]
VLAN ID: 10
VLAN IP: 192.168.10.1/22
On DHCP Server Created Scope for VLAN10 (192.168.8.11-192.168.11.254).
Finally Moved VLAN10 to Guest Interface Section (By default Kerio Have default rule in Traffic policy for Guest Network).
From pc, I can ping 192.168.10.1

Step 2.
b]SRW2016 Switch Config.[/b]

VLAN Management > Create VLAN
VLAN ID: 10 (As I set on Kerio)
VLAN Name: AP-03 (the name of AP which is connected to the switch)

VLAN Management > Port Setting
Port (G2) The port on which is connected the AP
Modes (General, Access, Trunk) I tried all of them.

VLAN Management > Port To VLAN

Selected VLAN: 10, AP-03 (Which I created above)
Switch Port Mode (Tagged)

VLAN Management > VLAN To Ports

Port: G2, Mode: Trunk (I also tried other options: General, Access)
Join To VLAN (Joined the VLAN I created)

Step 3.
UNIFI AP Config.

Controller > Settings > Wireless Networks.
Advanced Settings > Use VLAN (VLAN ID: 10)
I showed my AP config to UNIFI Support and they assumed and confirmed that UNIFI AP is configured correctly.


So what is my issue, why AP-03 is not getting VLAN10 DHCP?
Did I miss something?

Thank you all for support

Re: VLAN Problem [message #145539 is a reply to message #145529] Fri, 12 April 2019 14:08 Go to previous messageGo to next message
NETGRAMMER is currently offline  NETGRAMMER
Messages: 7
Registered: April 2019
Is this forum dead?
No answer, no Support, no nothing!

can't make VLAN work.


I made a simple LAB test.

Created VLAN on CISCO SRW2016 (Connected some users to VLAN, it worked), Then I connected TL-ER6120 Router to the switch, then I created another VLAN for APS and they worked too.

So I came across that there is something wrong in Kerio because the test showed that VLAN configuration with CISCO SRW2016, TL-ER6120 Router and Unifi AP LR was successful.

I can't understand what problem is in Kerio (I reset the Traffic Policy to default), I dragged the VLAN Interface to "Guest Interface" Section and in "Trusted Local Interface" Section too, but the result is the same!

Kerio VLAN Config:
VLAN ID: 10
VLAN Address: 192.168.10.1/22

The address is pingable from computers.

Re: VLAN Problem [message #145615 is a reply to message #145539] Tue, 23 April 2019 17:46 Go to previous messageGo to next message
pavel-v is currently offline  pavel-v
Messages: 9
Registered: December 2018
Support for GFI - Kerio products is close to nothing. They are not able to answer, i am not able to spell correctly. It is what it is.

So, the best option for you is NOT to use "Guest Interface" in Kerio Control as it is useless functionality.

In first step create a VLANs. So you end up with default VLAN1 (this is the actual interface) and VLAN10 for guests. Than set the VLAN10 as other interface so client connected to it can not reach trusted interfaces. Than you have to do two new rules. One has to have source VLAN10 and destination firewall with DNS and DHCP allowed. And the second one is a copy of NAT rule with a VLAN10 source so later you can trafic control the host interface to slower speed. That is about Kerio.

Now the Ubiquity. Do not use guest portal or such. Create two WiFi. One lets say MyLAN with no VLAN ID set so it would be the default VLAN1. And a second one for the show lets say MyGUESTS and you check use VLAN10. Dont check guest policy.

And third of course. There is a need of a VLAN capable switch. For Kerio port and Ubiquity port you set default VLAN1 untagged and VLAN10 tagged.

Re: VLAN Problem [message #145638 is a reply to message #145615] Wed, 24 April 2019 20:25 Go to previous messageGo to next message
NETGRAMMER is currently offline  NETGRAMMER
Messages: 7
Registered: April 2019
Thanks for your reply! I did it and everything works perfectly! (I moved everything in VLANs: Wi-Fi users, departments, classrooms, labs, etc), now the network is very optimized and easy for debugging Smile
VLAN is a perfect network invention and solution.
Re: VLAN Problem [message #145699 is a reply to message #145638] Fri, 03 May 2019 12:05 Go to previous messageGo to next message
malina is currently offline  malina
Messages: 7
Registered: May 2019
Hi, a have a same problem like NETGRAMMER. Easier configuration on Switch side. I have i small subnet with 1 AP UniFi AP-LR (for now) connecting directly to physical ethernet card on server.
I need two WiFi. One for workes (VLAN:51) and one for quests (VLAN:52).

On Ubiquiti side:
I setup this on AP. Two new WiFi. Both with VLAN. VLAN:51 for workers and VLAN:52 for quests. No use quest portal or policy on AP, just simple WiFi.

On kerio side (Kerio Control 9.3.0.3273 running under hyper-v):
I created two VLANs, ID:51 and ID:52. So i see three interfaces in kerio. 1. Physical interface, 2. VLAN:51, 3. VLAN:52. On DHCP created scopes for each one. Communication rules defined. All can communicate with firewall and firewall can communicate with all for DHCP and DNS services. Firewall can comunicate with AP for manage without restrictions.
When i put this ON, than i can manage AP, i see AP and AP got IP from DHCP from defined scope on physical interface. But WiFi clients after loging to Wifi not getting IP from DHCP defined on VLANs. They wont get any IP address.

I dont understand in post from pavel-v "In first step create a VLANs. So you end up with default VLAN1 (this is the actual interface) and VLAN10 for guests."
Is It mean, that i must create VLAN:1 on physical interface and use it instead physical interface for manage AP and delete DHCP scope from physical interface and put it on VLAN:1 ? It makes no sense.
In the manual for Kerio Control is Each VLAN works as a standalone interface. The physical Ethernet interface works the standard way (as an untagged VLAN).

I working with Kerio Control many years, but with VLANs first time.
Thanks for any answer or idea what is wrong.
Re: VLAN Problem [message #145708 is a reply to message #145699] Sun, 05 May 2019 18:14 Go to previous messageGo to next message
billybob is currently offline  billybob
Messages: 27
Registered: October 2018
Yes, the vlan creation is kind of confusing specially in a vm. How are you defining your networks in hyper-v? I had to create the vlan directly in hyper-v and connect it to kerio and not define vlan in kerio but ended up with the same problem of not getting dhpc and used my access point for dhcp. It works like that but is not the way I want.
Re: VLAN Problem [message #145725 is a reply to message #145708] Tue, 07 May 2019 09:20 Go to previous messageGo to next message
malina is currently offline  malina
Messages: 7
Registered: May 2019
Thank you billybob for answer. Interesting idea. I can try it too. I have virtual private switch in hyper-v with two connections. 1.Physical ethernet card for AP, 2.Virtual ethernet card in VM with Kerio Control Appliance. Very simply and basic setting. I used this for all physical ethernet cards in server. All have own virtual switch (private or external). Routing and communication rules between subnets care Kerio Control. Until now, i did not need to use VLAN.
Re: VLAN Problem [message #145831 is a reply to message #145725] Tue, 21 May 2019 19:47 Go to previous message
malina is currently offline  malina
Messages: 7
Registered: May 2019
billybob, if you're still interested, I found a solution.
In my case it is working.
Adapter in virtual switch in hyper-v must be correctly defined.

I can not use link for picture, because i have less than 5 posted messages (Ohhhh !!!)
Try copy/paste and go for view scrennshot.
h.t.t.p.s://i.ibb.co/1qJm9yp/hyper-v-trunk-kerio-control.png

I used the Powershell CMDLET:
Get-VM KERIO-CONTROL | Get-VMNetworkAdapter -Name 50 | Set-VMNetworkAdapterVlan -Trunk -AllowedVlanIdList 51-54 -NativeVlanId 0
You can customize it to your configuration.
This parameter is important
-NativeVlanId 0
because hyper-v uses VLAN:0 as native for untagged packed and must be set when trunk is defined.
If not work on you, just use this command to take back.
Get-VM KERIO-CONTROL | Get-VMNetworkAdapter -Name 50 | Set-VMNetworkAdapterVlan -Untagged
On kerio side just create vlan tagged adapters under "physical" interface and create scopes in DHCP for that. But you know that. I guess.
Previous Topic: Import Users From Excel File
Next Topic: remote user management
Goto Forum:
  


Current Time: Fri Jul 19 18:58:04 CEST 2019

Total time taken to generate the page: 0.03723 seconds