Author Topic: [Networking] Small Business Networking with macOS  (Read 353 times)

0 Members and 1 Guest are viewing this topic.

Online blueskull

  • Supporter
  • ****
  • Posts: 12076
  • Country: cn
  • Power Electronics Guy
[Networking] Small Business Networking with macOS
« on: May 27, 2019, 12:41:29 am »
I'm preparing to start a consulting startup in China, and this question is about its internal networking.

Here is a list of features that I need:

1. WiFi access to both internal and guest networks, internal using certificates, and guest using passwords.

2. Isolated zones (guest, internal, test gears, process control), with internal having access to all but guest, and guest has access to nothing but Internet.

3. Internal network can access an external VPN server to circumvent great firewall, and internal network has its own VPN server to allow working from home.

4. Test gear network and process control network can receive incoming connections from internal, but not initiate connections to internal, except for certain DMZ rules.

5. All services and employee computers are on internal network.

-----------------------------------------

I made an illustration for this, and my question is, is this achievable with macOS (with Server app, but without a Linux VM)?



Red is danger, green is safe, other colors are different zones that shouldn't access the green zone, but should also not be accessed from the red zone.
 

Offline sokoloff

  • Super Contributor
  • ***
  • Posts: 1201
  • Country: us
Re: [Networking] Small Business Networking with macOS
« Reply #1 on: May 27, 2019, 02:23:05 am »
I would treat this as a networking issue, define VLANs for each use, and use a router to enforce separation of networks as desired.

I run Ubiquiti gear at home, and it’s well capable to do what you are describing. It’s also fairly easy and low-fuss once configured. Other brands of pro-sumer level gear could do it as well. (Aero, Meraki, Ruckus, Cisco, etc)

Then the Mac becomes just a client on the network you assign it to.
 

Offline sokoloff

  • Super Contributor
  • ***
  • Posts: 1201
  • Country: us
Re: [Networking] Small Business Networking with macOS
« Reply #2 on: May 27, 2019, 02:24:26 am »
Google VLAN and watch a few videos, then get a VLAN capable switch, router, and WiFi access points. This is not really a MacOS question, at least as I understand the question.
 

Online blueskull

  • Supporter
  • ****
  • Posts: 12076
  • Country: cn
  • Power Electronics Guy
Re: [Networking] Small Business Networking with macOS
« Reply #3 on: May 27, 2019, 03:24:37 am »
I would treat this as a networking issue, define VLANs for each use, and use a router to enforce separation of networks as desired.

I run Ubiquiti gear at home, and it’s well capable to do what you are describing. It’s also fairly easy and low-fuss once configured. Other brands of pro-sumer level gear could do it as well. (Aero, Meraki, Ruckus, Cisco, etc)

Then the Mac becomes just a client on the network you assign it to.

The problem is, a managed smart ROUTER (not just an L2 switch) running at 10Gbps is gonna be expensive.

Google VLAN and watch a few videos, then get a VLAN capable switch, router, and WiFi access points. This is not really a MacOS question, at least as I understand the question.

The router shown here is VLAN capable. I know the left side of the graph works, but I'm not sure about the right side.
 

Online blueskull

  • Supporter
  • ****
  • Posts: 12076
  • Country: cn
  • Power Electronics Guy
Re: [Networking] Small Business Networking with macOS
« Reply #4 on: May 27, 2019, 04:40:57 am »
It seems like this is possible with Murus and SoftEther. I'll report back once I receive the switch.
 

Offline lty1993

  • Supporter
  • ****
  • Posts: 25
  • Country: us
    • LTY's Space
Re: [Networking] Small Business Networking with macOS
« Reply #5 on: May 29, 2019, 01:18:22 pm »
Running routing, firewall, and NAT on macOS?  :palm: |O

"The problem is, a managed smart ROUTER (not just an L2 switch) running at 10Gbps is gonna be expensive."
Why you need a 10Gbps router? Your router only needs to match your uplink speed. You can get a cheap second-hand L3 switch couple hundred CNY in China (Juniper EX4200-48T / EX2200-48T[No IPv6 Routing] / Cisco C3750X). If you need 2 or 4 10G uplink port, you can get higher end one for less than 2000 CNY (Juniper EX3300-48T / Cisco C3750X with 10G module / Juniper EX4200-48T with 10G module). If you need POE on the switch, most Juniper and Cisco switches come with POE models which cost couple hundreds CNY more (Juniper EX3300-48P / Juniper EX4200-48P / etc). It can do everything you need except NAT, which you can use a cheap router to do it (Mikrotik hEX Gr3).
« Last Edit: May 29, 2019, 01:24:42 pm by lty1993 »
 

Online blueskull

  • Supporter
  • ****
  • Posts: 12076
  • Country: cn
  • Power Electronics Guy
Re: [Networking] Small Business Networking with macOS
« Reply #6 on: June 01, 2019, 09:05:35 am »
Well, it all worked out very well!

802.11Q and PF work well with each other!
 


Share me

Digg  Facebook  SlashDot  Delicious  Technorati  Twitter  Google  Yahoo
Smf