Networking

How to configure a Mac VLAN

Erik Eckel explains the basics of how to set up and configure VLANs on Mac OS X networks. Apple has included support for the IEEE 802.1Q standard within Mac OS.

Enterprise administrators, particularly those most familiar with Windows, may not be aware that Mac OS X Snow Leopard systems can be configured to create virtual local area networks (VLANs). Apple has included support for the IEEE 802.1Q standard within Mac OS.

Why might an enterprise admin want to even consider VLANs? Using a VLAN, the same physical network can be used to connect multiple departments. The implementation of software-based VLANs, however, enables segmenting workstations into wholly separate logical local area networks. Supported by a layer-3 capable switch, these workstations then become segmented by department. That means systems within one department can't snoop information on workstations within other departments. Security is bolstered, and administrators enjoy much greater control routing network traffic.

Configuring VLAN Settings

To implement a VLAN within Mac OS X, you must know the administrator username and password. With sys admin credentials in hand, open System Preferences and select Network from within the Internet & Wireless section. If the lock in the lower left hand corner of the Network applet is locked, double-click it, supply the system administrator username and password and click OK to enable changes.

Once the Network applet is opened and unlocked to enable administrative changes, select the appropriate network location (default options are AirPort, Ethernet and FireWire), or create a new one.

With the correct network location highlighted within the Network preferences applet, create a VLAN interface by clicking the gear icon found at the bottom of the window. Scroll to the bottom of the resulting pop-up window and select Manage Virtual Interfaces.

A new window featuring two columns (Interface and BSD Name) will appear. Click the + icon found at the bottom of the window and select New VLAN. Enter a name for the VLAN within the VLAN Name field. Specify the VLAN Tag (the tag must be a whole integer between 1 and 4094 and match the remaining network VLAN configuration). Then ensure the appropriate network interface is selected from the provided drop-down menu, click Create, then click Done. The new VLAN will appear listed with the other network interfaces.

If you later need to edit any of the VLAN settings, double-click the respective VLAN from within the network interfaces listed within the Network preferences console. When all VLAN settings are properly configured, click the Apply button. Then save and activate the changes.

VLANs will attempt to join the existing network using DHCP, by default. If you need to specify network settings manually, highlight the VLAN within the listed network interfaces and select Manually from the provided Configure IPv4 drop-down menu. You'll then need to supply the IP address, subnet mask, router, DNS server, and any search domains.

About

Erik Eckel owns and operates two technology companies. As a managing partner with Louisville Geek, he works daily as an IT consultant to assist small businesses in overcoming technology challenges and maximizing IT investments. He is also president o...

6 comments
Unique Design
Unique Design

It was working ok with 10.6.8 but failed with 10.7.5. Out of a classroom of 25 imacs on started up 10 came up with a red dot at login prompt, had not obtained an ip address but could be seen from the router via their mac ethernet address. After restarting numerous times these 10 machines reduced to 5. University network guru checked it all out and said sorry its the macs. My only recourse is to install 10.8 and pray it continually pings the dhcp to get an ip address. Installed 1, lost all templates and refined settings and although it comes up with a red dot on login, this fades after 2 minutes. If anyone knows how to get the os to request dhcp on boot with a virtual interface.

stre0539
stre0539

The article goes a long way to tell you just enough that the feature is available and where to find it, but lacks a concrete example on how to use and implement it that people can take from reading this article. It shows great promise, but fails to really show how it really works in a networked environment.

david.franck
david.franck

This is cool! Yet another reason I am impressed with mac. The other responses are correct; "what would this be used for?" Then I began thinking, maybe moving back and forth between VLANs as a administrator would be useful. Could this be the first steps in prepping the OS for server features or virtualization possibly? Nonetheless, a cool feature.

b.sikkes
b.sikkes

why exactly do you want to do this on the workstation? wouldnt the network be more logical to implement vlan?

Dalece
Dalece

The article is all fine; but, it does not explain why a step is done and the impact of doing the step. Example: tags 1 through 4094 or whatever. What is a tag, what does it do, how does it relate to VLAN on W XP, etc? Unless you are already an expert in VLAN, this article is not understandable. And if you are already an expert, you don't need this article because you already know what to do.

wizard57m-cnet
wizard57m-cnet

the author is going to bother with re-writing it...he/she might post a new article with more detail, but there is no reason to "append" this old one.

Editor's Picks