11-07-2013 11:41 AM
Hello
I really need help with Inter vlan routing via Kerio Controll 7.4.1.
I have several SF300-24P switches (IOS 1.3.0.62) and i have created a several VLAN's.
Vlans: Vlan 10, 100, 200 and interface vlan 213 (for management).
I can ping hosts in the same Vlan via this switches. From switch to host, port is in access mode and between switches ports is in Trunk mode
(also i had a problem here, trunk wasn't working untill i used command: switchport trunk allowed vlan add all).
Also port is in Trunk mode between KERIO and SW1 (switch). interface is in TRUNK mode from switch's side because i don't know how configure interface TRUNK mode on kerio.
On kerio i have configed one physical interface with IP - 172.16.0.1 255.255.255.0 and on the same interface i have created
VLAN 10, VLAN 100 and VLAN 200.
static IP's for this interfaces:
On KERIO i have created DHCP Lease for each VLAN, but i cannot get IP's from DHCP. So i assigned static IP's to computers
(for example for VLAN100 PC, VLAN 200 PC and so on) but they cannot ping each other when they are in different vlans, so inter vlan routing itsnot working. but with static IP on the PC, i can ping every VLAN's IP address on KERIO.
so pls tell me how i must configure inter vlan routing on kerio, is it possible?
or what must i do? where is my mistake? maybe when i put IP on pysical interface?
here is my configs and pls help and give me config example.
----------------------------------------------------------------------
config-file-header
SW1
v1.3.0.62 / R750_NIK_1_3_647_260
CLI v1.0
set system mode switch
file SSD indicator plaintext
@
vlan database
vlan 10,100,200,213
exit
voice vlan oui-table add 0001e3 Siemens_AG_phone________
voice vlan oui-table add 00036b Cisco_phone_____________
voice vlan oui-table add 00096e Avaya___________________
voice vlan oui-table add 000fe2 H3C_Aolynk______________
voice vlan oui-table add 0060b9 Philips_and_NEC_AG_phone
voice vlan oui-table add 00d01e Pingtel_phone___________
voice vlan oui-table add 00e075 Polycom/Veritel_phone___
voice vlan oui-table add 00e0bb 3Com_phone______________
hostname SW1
username administrator password encrypted 7fc3774d79570c81cda124d5dcf80b8ae0fcdd6c privilege 15
username cisco password encrypted 1defefd1f4a214009775b2c2b6b961a77da384b5 privilege 15
!
interface vlan 10
name Staff
!
interface vlan 100
name Cards
!
interface vlan 200
name AP's
!
interface vlan 213
name Management
ip address 172.16.213.1 255.255.255.0
no ip address dhcp
!
interface fastethernet1
description MANAGEMENT-VLAN
spanning-tree disable
switchport mode access
switchport access vlan 213
!
interface fastethernet2
spanning-tree disable
switchport mode general
switchport general acceptable-frame-type untagged-only
!
interface fastethernet3
spanning-tree disable
switchport mode general
switchport general acceptable-frame-type untagged-only
!
interface fastethernet4
spanning-tree disable
switchport mode access
switchport access vlan 200
!
interface fastethernet5
spanning-tree disable
switchport mode access
switchport access vlan 200
!
interface fastethernet6
spanning-tree disable
switchport mode access
switchport access vlan 100
!
interface fastethernet7
spanning-tree disable
switchport mode access
switchport access vlan 100
!
interface gigabitethernet1
description Direction-To-SW2 <--- This port is Trunk, but its not showing here for some reason.
spanning-tree disable
!
interface gigabitethernet2
description Direction-To-KERIO <--- This port is Trunk also. i used: switchport mode trunk on both interfaces
spanning-tree disable
exit
banner login
SW1
-----------------------------------------------------------------------------------------------------------
config-file-header
SW2
v1.3.0.62 / R750_NIK_1_3_647_260
CLI v1.0
set system mode switch
file SSD indicator encrypted
@
ssd-control-start
ssd config
ssd file passphrase control unrestricted
no ssd file integrity control
ssd-control-end cb0a3fdb1f3a1af4e4430033719968c0
!
vlan database
vlan 10,100,200,213
exit
voice vlan oui-table add 0001e3 Siemens_AG_phone________
voice vlan oui-table add 00036b Cisco_phone_____________
voice vlan oui-table add 00096e Avaya___________________
voice vlan oui-table add 000fe2 H3C_Aolynk______________
voice vlan oui-table add 0060b9 Philips_and_NEC_AG_phone
voice vlan oui-table add 00d01e Pingtel_phone___________
voice vlan oui-table add 00e075 Polycom/Veritel_phone___
voice vlan oui-table add 00e0bb 3Com_phone______________
hostname SW2
username administrator password encrypted 7fc3774d79570c81cda124d5dcf80b8ae0fcdd6c privilege 15
username cisco password encrypted 1defefd1f4a214009775b2c2b6b961a77da384b5 privilege 15
!
interface vlan 10
name Staff
!
interface vlan 100
name Cards
!
interface vlan 200
name AP's
!
interface vlan 213
name Management
ip address 172.16.213.2 255.255.255.0
no ip address dhcp
!
interface fastethernet1
description MANAGEMENT-VLAN
spanning-tree disable
switchport mode access
switchport access vlan 213
!
interface fastethernet2
spanning-tree disable
switchport mode general
switchport general acceptable-frame-type untagged-only
!
interface fastethernet3
spanning-tree disable
switchport mode general
switchport general acceptable-frame-type untagged-only
!
interface fastethernet4
spanning-tree disable
switchport mode access
switchport access vlan 200
!
interface fastethernet5
spanning-tree disable
switchport mode access
switchport access vlan 200
!
interface fastethernet6
spanning-tree disable
switchport mode access
switchport access vlan 100
!
interface fastethernet7
spanning-tree disable
switchport mode access
switchport access vlan 100
!
interface fastethernet8
spanning-tree disable
switchport mode access
switchport access vlan 100
!
interface gigabitethernet1
description Direction-To-SW4
!
interface gigabitethernet2
description RESERVED-TRUNK
!
interface gigabitethernet3
description RESERVED-TRUNK
!
interface gigabitethernet4
description Direction-To-CISCOSG100-16
spanning-tree disable
switchport mode access
switchport access vlan 10
!
exit
banner login
SW
11-27-2013 09:12 AM
Hi Vladimer, this configuration is showing me the switches are layer 2. They're not capable of routing in layer 2. It means the Kerio must route for you. That being the case, you need to contact Kerio.
-Tom
Please mark answered for helpful posts
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide