how to test a VLAN set up under OS X Mavericks

macos networking routing vlan ifconfig
10,498

Your setup should send VLAN-tagged frames (tagged with VLAN ID 1) out en1.

Well, that's assuming en1 is a VLAN-capable Ethernet-like interface. If en1 on your machine is a Wi-Fi interface, it might not actually be VLAN-capable. I've seen lots of Wi-Fi NICs and Wi-Fi APs that don't handle VLAN tags very well, so YMMV.

Regardless of that Wi-Fi caveat, you need something on the other end of the Ethernet link that's configured to pay attention to VLAN-tagged frames with VLAN ID 1. If you have a dumb (not manageable, not VLAN-capable) Ethernet switch on the other end of the Ethernet cable out en1, it will probably blindly bridge your VLAN-tagged frames to other ports on the switch. But you still need a device out there somewhere that's also configured to pay attention to frames tagged with VLAN ID 1. Because by default, most Ethernet hosts will just drop (ignore) frames tagged with VLAN IDs that the host hasn't been preconfigured to pay attention to.

The same goes for VLAN-capable switches. While dumb switches will probably forward unknown VLAN frames by default, VLAN-capable switches will probably drop VLAN-tagged frames by default. You need to configure you VLAN-capable switch to expect VLAN ID 1 frames to come in on that port. And you need to tell it which other ports it should forward VLAN ID 1 frames to, and whether it should strip the VLAN tags off when it send it on that port (that is, an "unnumbered", or "access" port, which is expected to be part of only a single VLAN with no VLAN tagging), or if it should leave the tags on (a "trunk" port is expected to participate in more than one VLAN, either tagging them all or all but one VLAN ID).

The same thing goes for wireless-VLAN-capable Wi-Fi APs; you need to configure your AP to tell it which of its Wi-Fi interfaces it should expect VLAN-tagged frames on.

Something about the way you asked your question makes me think you didn't really want VLANs, you just wanted a second IP address on the same interface. If you just want a second IP address on the same interface (note that it doesn't have to be on the same IP subnet as the first IP address on the interface), then just use sudo ifconfig ... alias.

Share:
10,498

Related videos on Youtube

László
Author by

László

Updated on September 18, 2022

Comments

  • László
    László over 1 year

    I tried to set up an "internal" VLAN, with my mac (running Mavericks) routing this segregated traffic to one of the hardware interfaces. I think this should work irrespective of how people connect to VLANs set up on their switch/router, i.e. outside the mac.

    sudo ifconfig vlan1 create
sudo ifconfig vlan1 vlan 1 vlandev en1
sudo ifconfig vlan1 inet 10.0.0.1 netmask 255.255.255.224

    It would be great to know how to test whether the VLAN routes properly. What is there to do? Ping its assigned IP address? (That gets no response.)

    When I tried to bridge a VM to its IP address, the guest OS could not establish a connection (though it did see the virtual interface).

    Thanks!

    • Spiff
      Spiff over 10 years
      Okay, so your Mac is one of the devices on this VLAN, but what are the other devices that are going to be on this VLAN? When you say you pinged the Mac's VLAN IP address, where did you ping it from? From the guest OS in the VM? From another machine configured to be on the same VLAN and same IP subnet? Or from somewhere else?
    • László
      László over 10 years
      @Spiff Thanks. I thought this VLAN could be within the mac, only the VM being on it, and the host OS doing some internal routing. What is wrong with this?
  • László
    László over 10 years
    I must have missed alias, then, thanks. That would route the VM to the outside world with me being able to have separate rules for its traffic with pf, e.g. with IceFloor? hanynet.com/icefloor/index.html
  • Spiff
    Spiff over 10 years
    I'm not an expert on VMs or pf, so I can't help you with those details. But I'm pretty certain that whatever you're trying to do, VLANs will only complicate it for you.
  • László
    László over 10 years
    Thanks again, I will look into this. Though if I can specify "local IP"-specific rules for PF (e.g. with IceFloor) then I don't even need ifconfig, do I? I mean I know what IP the VM gets even with simple shared networking.

Recents

Why Is PNG file with Drop Shadow in Flutter Web App Grainy?
How to troubleshoot crashes detected by Google Play Store for Flutter app
Cupertino DateTime picker interfering with scroll behaviour
Why does awk -F work for most letters, but not for the letter "t"?
Flutter change focus color and icon color but not works
How to print and connect to printer using flutter desktop via usb?
Critical issues have been reported with the following SDK versions: com.google.android.gms:play-services-safetynet:17.0.0
Flutter Dart - get localized country name from country code
navigatorState is null when using pushNamed Navigation onGenerateRoutes of GetMaterialPage
Android Sdk manager not found- Flutter doctor error
Flutter Laravel Push Notification without using any third party like(firebase,onesignal..etc)
How to change the color of ElevatedButton when entering text in TextField

Related

Trying to figure out route add to mask an IP to a router/gateway in Bash
What does netstat -r on OSX tell you about gateways?
How to create persistent static route on Mac OS X 10.6?
Selectively routing traffic via ethernet or wifi, with proper DNS (Mac OS X 10.6)
OpenVPN with MacOS X Client and same subnets in local and remote net
Router cannot ping an IP-Camera attached to a switch
Route only certain IP range with VPN connection
How do I make certain web addresses use a specific network adapter on Mac OS X?
How does Mac OSX prioritize network interfaces when routing?
How do you get loopback addresses other than 127.0.0.1 to work on OS X