Small Networks Without Big Headaches

These days, it is so easy to just plug in your router, Macs, and Time Capsule, and let them set themselves up. But in doing so, you could be making serious mistakes. Here’s how to get networking right from the start.

Every hardware vendor claims that their product needs little or no configuration, that you can plug it in and it plays right first time. Although this can be true of networks, it can get you into deep trouble as your network grows beyond the most basic. Technologies like Bonjour and DHCP can lure you into thinking that you do not need to mess with IP addresses or subnets, as they all get assigned automatically, and everything just works.

IP addresses

At its simplest, a network might consist of a single Mac and a broadband connection to a modem-router. By default the great majority of modem-routers contain a DHCP server looking for clients on the 192.168.0.x subnet of IP addresses, one of the reserved block of addresses from 192.168.0.0 to 192.168.255.255 reserved for local use. The chances are that your Mac will find that, lease its own IP address, and you are up and running just like that.

Computers and other devices have a standard sequence that they follow to get an IP address, as without a unique IP address they will be unable to make use of a network. They first look to see if they have been assigned a fixed address, next for a network service that will provide them with an address, as a DHCP server will.

If those fail, left to their own devices they will self-assign an IP address, typically starting with 169 (also used by Bonjour for ‘link-local’ purposes). If you ever ‘lose’ a device that is physically connected to a network, you can hunt for it by changing your IP address to something like 169.254.198.1, and you might locate it alive, well, and with IP address self-assigned.

In theory, you can go on adding computers and similar devices like iPads and iPhones to your heart’s content, so long as there are no more than 256 in total. After that (or in practice slightly fewer) you run out of possible IP addresses that can be assigned by the DHCP server, between 192.168.0.0 and 192.168.0.255. If that limit concerns you, you should be designing a real network with more than one subnet and additional routers.

Too many DHCP servers

When you need to know a device’s IP address, for example if there is a network problem, this approach gets very messy, because the DHCP server has assigned them, and can terminate leases and shuffle all the numbers around. Furthermore when you add devices such as an extra wireless router (AirPort or third party), or a Time Capsule, your whole network can collapse in a clash of IP addresses.

This is usually because the new device that you have added also contains a DHCP server, and defaults to providing that service. When the next computer joins the network and asks for an IP address, you do not know which of the two DHCP servers will provide one first.

If all the other devices have leased IP addresses from your modem-router, and an iPhone is then handed an IP address by your new Time Capsule, that address may be the same as one of the iMacs already connected. The moment that you have two devices with the same IP address, all hell breaks loose.

Thus the more complicated your network becomes, the greater the need for you to design it robustly, so that you can tell which device is which, and so that all the IP addresses stay in kilter. Trusting that to a DHCP server is building your network on software sand.

If you really do want to stay with IP addresses assigned by DHCP, then you should learn where that server stores its list of assigned addresses, so that you can look them up when you need to. This is usually one of the pages in its browser control interface. Keep a watch on this and you will probably see that regular visitors usually get assigned the same IP addresses repeatedly, although you cannot rely on that happening every time.

Fixed IP addresses

If your network is ever likely to grow, you are much better off assigning your own IP addresses. Then, whenever you have any network problems, you can quickly test each connected device: you know its IP address, so you can sit at another connected computer and ‘ping’ the IP address that it should have, to see whether it is reachable over the network.

This is a fundamental and essential initial step in diagnosing the great majority of network problems. You also know that no other device on your network can have the same IP address, so when you try to connect to 192.168.0.12, it can only be (say) the MacBook Pro in your office. This makes file sharing and everything else much easier.

Your network may though have frequent visitors, these days most probably iPads and iPhones which regularly connect to different WiFi base stations, from home, to office, to anywhere that you happen to be. A neat and sound way to cater for that more mobile population is not to turn your DHCP server off completely, but to restrict the range of IP addresses that it can assign, say between 192.168.0.50 and .240.

A basic fixed IP address setup in the Network pane.
A basic fixed IP address setup in the Network pane.

You can then put fixed devices such as your iMacs, and regular visitors including your own MacBooks, on fixed IP addresses between 192.168.0.1 and .49. Put special devices, such as your modem-router itself (running the sole DHCP server), any WiFi base stations or Time Capsules, between 192.168.0.241 and .253, leaving .254 and .255 free in case they are needed for special purposes.

Check that only one device is serving DHCP to your network. Ideally allocate a block of addresses for static IP address assignment for fixed devices.
Check that only one device is serving DHCP to your network. Ideally allocate a block of addresses for static IP address assignment for fixed devices.

Choosing a subnet

Conventionally, most networks use the default subnet on which their DHCP server starts up, but it can help security if you use another subnet within the block allocated for such local use; this could be 192.168.5.x, for example. Setting this up at first can be more fiddly, but once you have done so, it is easy to maintain.

Start the process by pointing your browser at the DHCP server’s configuration page, and there change its local (LAN) IP address to, say, 192.168.5.253. Once you have done this, your Mac will be unable to connect to it again until you have changed the Mac’s IP address to the same subnet, such as 192.168.5.1, assuming that you are using the standard mask of 255.255.255.0 which only lets your Mac see addresses starting with 192.168.5.

This may all seem unnecessarily complex, and a far cry from the claims of your hardware manufacturers. But once you have set it up, it is a doddle to maintain, you can quickly tell exactly which system has any given IP address, and when things go awry, you can use free standard diagnostic tools to work out where the problem lies.

If you are browsing your firewall log and notice that there are some strange exchanges going on between 192.168.0.15 and a remote IP address, you know exactly which computer on your local network is involved.

Setting up and maintaining networks is seldom that tricky, but because IP addresses seem complex and everything is ‘invisible’, many users find them daunting and scary. Keeping it simple with fixed addressing remains a sound basis for small networks, and blends well with services like DHCP and Bonjour.

Technique: Network Fault Diagnosis

The strongest case for fixed IP addresses is that they make it easier to diagnose and solve faults. Once you have set your network up, write down all the IP addresses that are allocated to devices, those available to your DHCP server, and sketch the cable and router layout. When a device is not performing properly on your network, whether over connections via your router to the Internet, or inside your local network, the first step is to see whether it is properly connected.

After checking network cables, base stations, and other hardware that lies between your computer and its target, prove those are working correctly by pinging in both directions along that path. For instance, an iMac with an IP address of 192.168.5.7 loses Internet connectivity.

Enter the IP address of the device you wish to ping, and click on the Ping button.
Enter the IP address of the device you wish to ping, and click on the Ping button.

Open Network Utility, select the Ping tab, type in the IP address of your router, and click on the Ping button. You should soon see three correct responses, confirming the integrity of the path. As that is to a router, use another device connected to that same router to ping back to 192.168.5.7.

Total packet loss on pinging indicates there is a blockage in the path; this could be a faulty cable, IP address error, router misconfiguration, or worse, and you should then explore the rest of the network to pin down where the problem lies. Partial loss could be the result of an intermittent fault, or running two devices with the same IP address, for example.

Once you have followed up the clues from pinging around your network, if you are still struggling to account for the problem, work round every device on the network, checking their IP address and network configuration. If those are all correct and compatible, you may need to inspect network packets using a ‘packet sniffer’, which gets more painstaking and complex.

More detailed information is here.

Technology: IPv6

We have been warned that the world is running out of unique IPv4 addresses like 200.214.106.5. The solution is switching to IPv6, with its longer and more complex addresses, such as 2001:0db8:0000:0000:0000:ff00:0042:8329. Gone will be the days that you could remember the IP address of key devices on your local network!

Some countries, in the Far East, have already run out of their IPv4 allocation, and the rest of the world is gradually making the transition so that it will cope with the switch when it is needed. On 6 June 2012, World IPv6 Launch Day, ISPs issued blocks of new addresses to a small proportion of their users, so that users and networks could start migrating.

All recent Macs and releases of OS X, and all iOS devices, are fully compatible with IPv6, thus ready to make the switch. The physical fabric of networks, cabling and wireless protocols, copes fine, but some devices remain incompatible. The most common that will affect us, when we eventually switch, are modem-routers (and cable equivalents).

Until you are warned that you will be switching to IPv6, leave the Configure IPv6 setting in the Network pane set to Automatically.
Until you are warned that you will be switching to IPv6, leave the Configure IPv6 setting in the Network pane set to Automatically.

Because the market for IPv6 peripherals is still relatively small, only a small selection of recent models from manufacturers such as D-Link, Asus, and Buffalo are currently IPv6-ready. Many older models may be able to accommodate the switch if they are provided with new firmware, and there is speculation whether vendors of home and lower-end business routers will provide updates, or expect us to replace those older models.

One of the great advantages of IPv6 is that it makes special address blocks, like 192.168.x.x, that are reserved for local networks redundant. Because every device can be allocated its own unique IPv6 address, DHCP becomes a service of the past.

Updated from the original, which was first published in MacUser volume 28 issue 17, 2012.