VLans and multiple DCHP servers

Discussion in 'Mac OS X Server, Xserve, and Networking' started by Drich290195, Mar 26, 2017.

  1. Drich290195 macrumors 6502

    Drich290195

    Joined:
    Apr 2, 2011
    #1
    wondering if you can help. Run a Mac mini as my server. What I'm wanting is to keep my main network away from a test network I use for older machines.

    I have configured a dchp server for my main 192 network with no issue. However I'm trying to create a vlan as the guest network on 172.

    I create the vlan and then create a dchp server to allocAte a ip range to it no issue.

    My question is how do I connect to that vlan and dchp server. Everytime I plug a machine in it automatically connects to the 192 range. How would I get it to issue a ip range from the second dchp server.

    Finding it difficult to understand with the vlans being on the same nic. Is this even possible.

    Many thanks
     
  2. belvdr, Mar 26, 2017
    Last edited: Mar 26, 2017

    belvdr macrumors 603

    Joined:
    Aug 15, 2005
    #2
    The simplest option is to configure a router to connect the two VLANs.

    On the 172 VLAN, you need to create a DHCP helper (relay) on the router to point to the 192 subnet's DHCP server, assuming you are only using one DHCP server for both subnets. This will forward the DHCP broadcasts to the 192 subnet for allocation.

    If you're connecting a machine to a port and it's pulling a 192 address, then you are plugging into the 192 VLAN.

    For your last statement, I am confused. What VLANs are on the same NIC and what is this device?

    EDIT: Another option would be to trunk the port going to the Mac Mini (i.e. allow multiple VLANs to travel over the one cable). On the Mini, you would need to create two virtual interfaces with an IP on each subnet and tag those interfaces with the correct VLAN with 802.1Q or similar. Then you would configure the DHCP server with the two DHCP scopes. I don't even know if this is possible with macOS.

    Frankly, I think the top option is a lot simpler to do, but everyone has their preferences.
     
  3. iMouse macrumors regular

    Joined:
    Jul 23, 2002
    Location:
    Boardman, Ohio
    #3
    You could also add a second NIC through a Thunderbolt to Ethernet adapter and tell your DHCP server to provide a different range across the second interface for the same effect. If you do multiple VLANs across a single NIC, the switch you use needs to be able to understand 802.1Q trunking. You'd have to shell out a bit of cash for a managed switch with this capability rather than just buying a second Ethernet adapter and running an unmanaged switch off of each interface.
     
  4. DoFoT9 macrumors P6

    DoFoT9

    Joined:
    Jun 11, 2007
    Location:
    Singapore
    #4
    As the above posts allude, you need to have them physically segregated (or, virtually if you can justify the cost) else new devices will not be able to tell which network to join, and instead will grab the default gateway information/IP etc.

    You could have 2 wireless network devices that might be able to make this simpler.
     
  5. Flint Ironstag macrumors 6502a

    Flint Ironstag

    Joined:
    Dec 1, 2013
    Location:
    Houston, TX USA
    #5
    If you have a budget, Kerio Control firewalls do this nicely.
     
  6. DJLC macrumors 6502a

    DJLC

    Joined:
    Jul 17, 2005
    Location:
    Mooresville, NC
    #6
    Two options —

    1) If your router supports DHCP relay, enable that on the 172 VLAN and point it to the DHCP server's IP address. You may need to allow this traffic thru the firewall.

    2) Configure a VLAN interface in System Preferences -> Network on the macOS Server. Enable the 172 DHCP scope on that new interface.
     

Share This Page