Erik Eckel explains the basics of how to set up and configure VLANs on Mac OS X networks. Apple has included support for the IEEE 802.1Q standard within Mac OS.
Enterprise administrators, particularly those most familiar with Windows, may not be aware that Mac OS X Snow Leopard systems can be configured to create virtual local area networks (VLANs). Apple has included support for the IEEE 802.1Q standard within Mac OS.
Why might an enterprise admin want to even consider VLANs? Using a VLAN, the same physical network can be used to connect multiple departments. The implementation of software-based VLANs, however, enables segmenting workstations into wholly separate logical local area networks. Supported by a layer-3 capable switch, these workstations then become segmented by department. That means systems within one department can't snoop information on workstations within other departments. Security is bolstered, and administrators enjoy much greater control routing network traffic.
Configuring VLAN Settings
To implement a VLAN within Mac OS X, you must know the administrator username and password. With sys admin credentials in hand, open System Preferences and select Network from within the Internet & Wireless section. If the lock in the lower left hand corner of the Network applet is locked, double-click it, supply the system administrator username and password and click OK to enable changes.
Once the Network applet is opened and unlocked to enable administrative changes, select the appropriate network location (default options are AirPort, Ethernet and FireWire), or create a new one.
With the correct network location highlighted within the Network preferences applet, create a VLAN interface by clicking the gear icon found at the bottom of the window. Scroll to the bottom of the resulting pop-up window and select Manage Virtual Interfaces.
A new window featuring two columns (Interface and BSD Name) will appear. Click the + icon found at the bottom of the window and select New VLAN. Enter a name for the VLAN within the VLAN Name field. Specify the VLAN Tag (the tag must be a whole integer between 1 and 4094 and match the remaining network VLAN configuration). Then ensure the appropriate network interface is selected from the provided drop-down menu, click Create, then click Done. The new VLAN will appear listed with the other network interfaces.
If you later need to edit any of the VLAN settings, double-click the respective VLAN from within the network interfaces listed within the Network preferences console. When all VLAN settings are properly configured, click the Apply button. Then save and activate the changes.
VLANs will attempt to join the existing network using DHCP, by default. If you need to specify network settings manually, highlight the VLAN within the listed network interfaces and select Manually from the provided Configure IPv4 drop-down menu. You'll then need to supply the IP address, subnet mask, router, DNS server, and any search domains.