NetBoot & NetInstall across subnets

Similar Messages

• Can not get Netboot working across subnets

  On the same subnet all my images work correctly, but once I try to netboot form a different subnet it doesn't work anymore.  I am correctly using the bless command, and I have tried both specifying the server (to get the default image) and specifying the booter file (to get the specific image).  If I just use the --server option the log shows BSDP inform and BSDP ACK[LIST] but nothing after that... there is no select.  Again, on the same subnet it will use select and work normally.  If I use the --booter option then sometimes I can get the netboot to start but I get an error (for example, AST says there was a network error and NetInstalls do not start).
  I do know that this used to work, and in the process of changing computers and upgrading to Lion server it stopped working.  Any ideas?

  Depending on your network configuration it maybe that the simplest option is to multi-home your NetBoot server so it is visible on each subnet. Multiple servers is of course another option.
  However have a look at the information on the following links and see if any of it helps.
  http://macadmincorner.com/3-ways-to-netboot-across-subnets/
  http://afp548.com/forums/topic/netboot-across-subnets-intel/

• Netinstall across subnets?

  NO, YES,
  can this be done?
  I heard no, but I think bombitch dude was sayin otherwise...
  thanks

  We have this working just fine at my company. What we had to do was politely ask the Network Admins to add the IP of our server to the Helper Address list on the switches and routers. It only needs to be added to the first network device that is subneting the network that the client is on. (could be switch or router, most likely not a hub)
  The Helper Address list is used for various discovery protocols, DHCP being one of them.
  What this does is when the client is looking for the server, the switch/router takes that request and knows that at xxx.xxx.xxx.xxx (the server) there might be a device to help the client and passes that request on to the server on the other part of the network. So for every subnet of computers that needs access to the server you must add the IP of the server to the first device that divides that subnet.
  sidenote DO NOT add the IP of the server to the Helper list for the subnet it is actually on, only for subnets that the server is NOT ON. This one drove me crazy for diskless booting. The server ends up getting the request from the client twice. Network guy got overly excited when he was helping us.

• NetBoot across subnets with a bootpd relay

  Hello Apple Community!
  I've got 4 subnets at my school, each with various Macs around campus.  I have a Mavericks server on each subnet currently, each with their own NetBoot images.  It's a pain to keep everything updated.  I can get a single client Mac (pre-2011) to boot across subnets using the bless command, but that's not really a viable solution for us to run a bless command on each client every single time we want to netboot.  So far, the solution has been just to have dedicated netboot servers on each subnet, but I know there has to be a better way.
  This article (OS X Server: How to use NetBoot across subnets - Apple Support) describes three different methods for netbooting across subnets, but two of them are not really viable for us.  Those involve reconfiguring the network to allow BootP data to pass across subnets or configuring one server with multiple network connections, one for each subnet.  However, option #2 describes configuring a bootpd relay.  Based on my reading, this sounds like exactly what I need.  However, I can't find any good documentation to walk me through setting it up.
  I've thoroughly read the bootpd man page, which has had me editing the /etc/bootpd.plist on multiple servers.  This hasn't gotten me very far.  My clients still don't see the remote NetBoot server.  It seems like the relay is supposed to redirect broadcasts from the remote Netboot server, through a local NetBoot server to the client.  But I have no idea how to make this work.
  Could someone please give me more guidance on what I'm supposed to be doing here?  I'd like to host a single NetBoot server and have any client on any subnet be able to option-boot to see the NetBoot startup options (I have multiple NetBoot images, from Apple Service Toolkit to DeployStudio and Mavericks/Yosemite installers in between).  Even if I could get it to just netboot to one default source (AST), I could deal with that.  I'm also happy to host multiple NetBoot servers, but with all my NetBoot images in one location.  I'm stumped in this multiple subnet environment and I need help.  Please help.

  Thanks again for your feedback.  I had forgotten I left the "tftp://" on the IP address.  Though, I've tried that multiple ways, starting with IP only.  Also, per the bootpd man page (https://developer.apple.com/library/mac/documentation/Darwin/Reference/ManPages/ man8/bootpd.8.html), <allow/> and <deny/> are lists for MAC address allowances and when nothing is defined everything goes through.  These are there by default, though I will remove them and see what happens.  Also, according to the man page, bootp_enabled enables on all connections when a boolean is set rather than an array.  Though I will still change this also and see what happens.  The array that comes after the netboot_disabled key is auto-generated by NetInstall when you turn the service on in Server.app.
  Essentially, that plist comes from a fresh activation of NetInstall.  I deleted the previous .plist, rebooted the server and when I turned on NetInstall, that's what was created, plus my bootp modifications.
  All that said, you said that you assumed I started the relay with the 'debug & logging' options enabled.  I haven't started the relay in any active sense.  So far, I've just been modifying this .plist, and rebooting a bunch of times, but that's where I seem to get lost.  Is there a way to actively "start" the relay?  I'd love to look at these 'debug & logging' options.  As for the 'Startup Disk' prefs on the client Mac, they do not show any significant change.  Basically, they just don't see the remote server as a startup option.  I have not gleaned any pertinent info from console, though I'm not sure I know what I'm looking for.
  On a side note, I had a wild hair to try something different.  I set my local subnet's server to look at a NetBootSP0 folder that was actually a symlink to a NetBootSP0 folder that was mounted as a file share from the remote NetBoot server.  This really looked like it might work.  When you boot the client, it saw the startup volumes from the remote server.  However, upon boot, it doesn't seem to make the connection and winds up booting back to the internal hard drive.  It was worth a try...

• I-Series chipsets netbooting across subnets

  Hello all,
  Is anyone having issues attaching to tftp served netinstall images across subnet's with i-series hardware? Here's the situation, the netinstall.dmg was created form a factory build core i7 macbook pro mid 2012. Imaging on the same subnet as the server works fine for all hardware type. Older hardware, for example core2duo or xenon's, can image  iacrros subnet's and on the servers subnet without issue. The problem only appears to occur when imaging an i-series device across subnet's. Anyone have any ideas? Could really use some help here.
  Thanks

  Hi Steve,
  While in most sites I have them in the same subnet there is a site where they are in 2 subnets. I was hoping to be able to make the roam seamless. If you have to disable and enable the wireless or perform an ipconfig /renew it takes away from the seamlessness :-).
  Any suggestions would be welcome. However, I can understand what Scott is saying also as that is how it currently works.
  The environment consists of all Anonymous AP various Aironent 1200 series, i.e. 100, 1250, etc.

• Netinstalling across Campuses

  I'm fairly new to this OSX server stuff--- so here is the deal
  I'm running OSX Server 10.4 Tiger at a corporate campus, I have successfully created a netinstall volume and am able to utilize ARD 2.2 and control machines locally to change startup disk to Audio Image Volume and thus Installing the new image on the computers. GREAT!! So far so good.
  However
  Now I am wanting to do this ACROSS CAMPUSES (6). (far away) We have a communication through put of like 3mb across campuses (weak i know). But can I use ARD and still Netinstall these machines across campus? (just super slow). OR do I need to have OSX Server at each Individual Campus location?
  We are backed by a Windows Server 2003 at each campus.
  Do I need an Xserve or more Servers at each campus or could I use VNC or what???
  HELP!
  G5 1.6   Mac OS X (10.4.6)   OSX SERVER 10.4 and ARD

  thank you.. its very much appreciated!
  So I should be able to utilize ARD for Administration and Software installs, (but no Netbooting across subnets.)(or across campuses....)
  So would I need OSX Server at each Campus then?... OR could I just send the image in the SP0 folder to a computer at another campus via ARD, and then as far as NetInstalling locally at the other campuses (OSX Server 10.4 is only at 1 campus), I would have to use 3rd party stuff or what?!? I would like to NetInstall as much as possible is the thing. Maybe NetRestore at the others or something!! Arrrgh...
  does this make sense.
  oh I didnt see a check box in sharing, system prefs. for enabling ARD on one of our labs, it was running Jaguar>?!? apple file sharing should be check boxed or what?
  thanks
  G5 1.6   Mac OS X (10.4.6)  
  G5 1.6   Mac OS X (10.4.6)  

• Netboot/Netinstall using MS DHCP

  I am trying to configure netboot/netinstall to work across subnets using MS DHCP.  Netboot/Netinstall has been working for several years on the same subnet, but we need to expand it to more of our network at this point.
  I have read numerous articles and posting about this and the only thing that I am missing seems to be the proper syntax to add the options into DHCP.  I believe I need to have option 43 and option 60 configured in DHCP.  Option 43 seems to provide the FQDN or IP address of the netboot server.  Option 60 provides the Vnedor Class Identifier information including the string AAPLBSDPC and the architecture i386 (not ppc for me).  I can find conf entries to enable the options in Linux DHCP in several different places on the web, but I can only find mentions that it is possible with MS DHCP.  No one seems to expand on how to do it.  I know I need to manually configure Option 60, I had to manually configure DHCP options for some of our Cisco Wireless prodcts before, I just need some help on the syntax when confguring.
  Can anyone shed any light on this?

  I have not gotten a full solution implimented yet.  I believe I have put some of the pieces together but I'm still not there yet.  I will gather my notes and update what I have so far.

• Solution to use Airprint across subnets wired/wireless

  A lot of companies are trying to figure out how to setup airprint to print
  in the workplace, wired+wireless across subnets.
  We finally figured it out with some DNS magic and a CUPS server.
  I have documented the solution at a live document hosted at
  http://sites.google.com/site/iwastepaper/
  Hopefully it helps a few folks.
  <Edited by Host>

  You will want to make sure your APs can route from where ever you install them to the WLC managment address.
  How APs find the controller can happen a few different ways:
  1) DNS A record
  2) Layer 2 broadcast (which you seen already)
  3) IP Route Forward
  4) DHCP Option 43
  5) Manual Prime the AP
  Most folks lead with option 43.
  http://www.my80211.com/cisco-wlc-labs/2009/7/4/cisco-dhcp-option-43-configuration-nugget.html
  if you check the config guide you will explain the other processes.

• Jumpstart across subnets

  Hello
  I am having trouble configuring my jet toolkit to boot across subnets.
  It works fine in the same subnet but when it goes across subnets it seems to lose the default router for the client.
  {0} ok boot net:dhcp - install
  Resetting...
  POST Sequence 01 CPU Check
  POST Sequence 02 Banner
  LSB#00 (XSB#00-0): POST 2.12.0 (2009/09/09 15:17)
  POST Sequence 03 Fatal Check
  POST Sequence 04 CPU Register
  POST Sequence 05 STICK
  POST Sequence 06 MMU
  POST Sequence 07 Memory Initialize
  POST Sequence 08 Memory
  POST Sequence 09 Raw UE In Cache
  POST Sequence 0A Floating Point Unit
  POST Sequence 0B SC
  POST Sequence 0C Cacheable Instruction
  POST Sequence 0D Softint
  POST Sequence 0E CPU Cross Call
  POST Sequence 0F CMU-CH
  POST Sequence 10 PCI-CH
  POST Sequence 11 Master Device
  POST Sequence 12 DSCP
  POST Sequence 13 SC Check Before STICK Diag
  POST Sequence 14 STICK Stop
  POST Sequence 15 STICK Start
  POST Sequence 16 Error CPU Check
  POST Sequence 17 System Configuration
  POST Sequence 18 System Status Check
  POST Sequence 19 System Status Check After Sync
  POST Sequence 1A OpenBoot Start...
  POST Sequence Complete.
  Sun SPARC Enterprise M4000 Server, using Domain console
  Copyright 2009 Sun Microsystems, Inc. All rights reserved.
  Copyright 2009 Sun Microsystems, Inc. and Fujitsu Limited. All rights reserved.
  OpenBoot 4.24.12, 32768 MB memory installed, Serial #91113890.
  Ethernet address 0:21:28:6e:49:a2, Host ID: 856e49a2.
  Rebooting with command: boot net:dhcp - install
  Boot device: /pci@0,600000/pci@0/pci@8/pci@0/network@2:dhcp File and args: - install
  1000 Mbps full duplex Link up
  Timed out waiting for BOOTP/DHCP reply
  Timed out waiting for BOOTP/DHCP reply
  Timed out waiting for BOOTP/DHCP reply
  Timed out waiting for TFTP reply
  Timed out waiting for TFTP reply
  Timed out waiting for TFTP reply
  Timed out waiting for TFTP reply
  I have entered the router info in the defaultrouters file
  kenapps08g:global# cat defaultrouters
  # You can use this file to allow templates to be auto-populated with additional
  # default router settings, especially useful for managing large numbers o
  # server templates.
  # Format:
  # <subnet> <mask> <default router>
  # Example:
  # 192.168.1.0 255.255.255.0 192.168.1.254
  10.0.1.0 255.255.255.0 10.0.1.1
  10.0.2.0 255.255.255.0 10.0.2.1
  10.0.3.0 255.255.255.0 10.0.3.1
  </opt/SUNWjet/etc>
  kenapps08g:global# more dhcp.conf
  # This file is used to control some of the options for the DHCP boot
  # environment
  # DHCPDIR: The replies sent out by DHCP are limited in length; we use
  # this directory to create symlinks to the actual Solaris
  # media dirs; the intention is to keep paths short!
  # N.B. If you change this, please make sure the new area is
  # properly shared in /etc/dfs/dfstab
  DHCPDIR="/dhcp"
  # DEBUG_DHCP keep temporary files around after client_allocate_pdhcp.SunOS
  # has run. Non-null invokes debug
  DEBUG_DHCP=""
  # REMOTE_DHCP define the hostname of the Sun server running Sun's DHCP daemon
  REMOTE_DHCP="kenapps08g"
  # REMOTE_DHCP_METHOD define what method to use to propogate. ssh is currently
  # supported and requires you set up a trust relationship
  # between this server and it.
  REMOTE_DHCP_METHOD="ssh"
  # DHCP_FORMAT Which dhcp server type is supported. SUN is currently supported,
  # however, ISC is still in development. If REMOTE_DHCP is set,
  # you must set DHCP_FORMAT to SUN. Valid entries are "SUN"
  # and "NOOP". NOOP can be used if you are manually setting
  # up your own DHCP server with the required parameters.
  DHCP_FORMAT="SUN"
  kenapps08g:global# more dhcp_servers
  # You can use this file to define the DHCP servers responsible
  # for different subnets.
  # This is only required if you have multiple DHCP servers.
  # If a match is found, the settings in this file will be used,
  # otherwise the DHCP server defined in dhcp.conf will be used.
  # Format:
  # <client network> <client mask> <dhcp-server-name> <dhcp-server-tyep> <method>#
  # <dhcp-server-name> overrides the REMOTE_DHCP setting
  # <dhcp-server-type> overrides the DHCP_FORMAT setting
  # <method> overrides the REMOTE_DHCP_METHOD setting
  # Example:
  # 192.168.1.0 255.255.255.0 dhcpserver1 SUN ssh
  10.0.1.210 255.255.255.0 kenapps08g SUN ssh
  10.245.64.10 255.255.255.0 lisjump01g SUN ssh
  kenapps08g:global# more jumpstart.conf
  # This config file defines the jumpstart specific variables.
  # Version: $Revision: 1.8 $
  # Last Updated; $Date: 2009/04/15 12:41:29 $
  # Location of the additional media for patches and packages:
  # These paths should be URI form e.g. nfs://<serverip>/<path> or <path>
  # Currently only PKG_DIR and PATCH_DIR can be on a remote NFS server.
  # If they are just <path>, the appropriate address of the JumpStart server
  # will be added.
  # N.B. if the media location is on a different server, please ensure it is
  # routable from the client !
  # You can specify an alternative location for where the client can
  # NFS mount the /opt/SUNWjet directory. Simply provide the IP address
  # of the server or the IP address and path on the remote server
  # in the JS_CFG_SVR variable. However, this MUST be mounted
  # on the JET server in /opt/SUNWjet as well, and be rw by root.
  # e.g. JS_CFG_SVR="nas_server1" or
  # JS_CFG_SVR="nas_server1:/unixshare/SUNWjet"
  # When using an NFS server for images, even though the JET server
  # MUST have the boot media locally, it is possible to have the client
  # net boot from the remote NFS server. By default, clients will boot from
  # the JET server. To override this, set JS_CLIENT_BOOT to "remote".
  JS_Default_Root_PW=M4JVhMPO9CaQw
  JS_BUILD_DIR=/var/opt/sun/jet
  JS_PKG_DIR=/vendor/jumpstart/pkgs
  JS_PATCH_DIR=/vendor/jumpstart/patches
  JS_CFG_SVR=
  JS_SOLARIS_DIR=/vendor/jumpstart
  #JS_DHCP_VENDOR="SUNW.Ultra-5_10 SUNW.Ultra-30"
  JS_DHCP_VENDOR="SUNW.Sun-Fire-T1000 SUNW.Sun-Fire-V240 SUNW.SPARC-Enterprise"
  #JS_CLIENT_MANAGEMENT="bootp"
  JS_CLIENT_BOOT="local"
  kenapps08g:global# more server_interfaces
  # You can use this file to help JET determine the correct IP address to
  # use when it is configured on multi-homed hosts. It is also used to
  # define which servers on different subnets whcih can be used in conjnction
  # with dhcp.
  # As we don't know which side of the server clients will connect through,
  # you can set things up here - especially useful if this server is not
  # a router either.
  # Format:
  # <client network> <client mask> <our preferred ip address>
  # Example:
  # 192.168.1.0 255.255.255.0 10.0.0.1
  10.245.64.0 255.255.255.0 10.0.1.210
  10.0.3.0 255.255.255.0 10.0.1.210
  It has to be a defaultrouter setting somewhere because I can ping the server during jumpstart only from its own subnet.
  during the dhcp part it looks like the traffic is coming thru and it gets its offer then during the tftp part no traffic comes across anymore
  I am stuck on this one.
  thanks

  this file is in place with the interfaces
  kenapps08g:global# cat defaultrouters
  # You can use this file to allow templates to be auto-populated with additional
  # default router settings, especially useful for managing large numbers o
  # server templates.
  # Format:
  # <subnet> <mask> <default router>
  # Example:
  # 192.168.1.0 255.255.255.0 192.168.1.254
  10.0.1.0 255.255.255.0 10.0.1.1
  10.0.3.0 255.255.255.0 10.0.3.1
  183.1.2.0 255.255.255.0 183.1.2.209
  </opt/SUNWjet/etc>
  kenapps08g:global# cat server_interfaces
  # You can use this file to help JET determine the correct IP address to
  # use when it is configured on multi-homed hosts. It is also used to
  # define which servers on different subnets whcih can be used in conjnction
  # with dhcp.
  # As we don't know which side of the server clients will connect through,
  # you can set things up here - especially useful if this server is not
  # a router either.
  # Format:
  # <client network> <client mask> <our preferred ip address>
  # Example:
  # 192.168.1.0 255.255.255.0 10.0.0.1
  10.0.1.0 255.255.255.0 10.0.1.210
  10.0.3.0 255.255.255.0 10.0.1.210
  183.1.2.0 255.255.255.0 10.0.1.210

• Not able to use Apple tv across subnet

  Hi Guys,
  I have made a test setup which contain an cisco 2600 router, apple tv and Macbook pro with 10.9.2 OSX. Its pretty simple setup. One interface(Fa0/0) of the cisco router is connected to apple TV via ethernet cable in an network 10.0.1.0/24 and another interface (Fa0/1) is connected to Macbook pro in  network 10.0.2.0/24 via ethernet cable. Apple TV network ip is 10.0.1.2 whereas macook ip is 10.0.2.2. I am able to succesfully ping from macbook to apple tv, but not able to discover apple tv at all on my macbook. I tried every method, allowed udp port 5353 on router for bonjour discovery , but still no luck. Can any gentleman help me on this?

  Yes, we can mirror it across subnet. Thats what I am trying to figure out. People had done this eariler.

• CUPS printer sharing across subnets?

  I am trying to set up my local network printer so that everyone in the house can print from it. However I have two subnets in the house and I don't see how to connect to the Linux server through a Windows 7 client.
  My network is like so:
  Upstairs: [Modem] <=eth0=> [Router 1]  Subnet of 192.168.0.*
  [Router 1]  <=wlan0 client mode=> Downstairs: [Router 2 with dd-wrt firmware] Subnet of 192.168.1.*
  [Router 2] <=eth0=> CUPS server/PC with USB printer attached IP address of 192.168.1.1XX
  This works: [Router 2] <=ath0.1 virtual wireless ESSID=> Windows 7 Laptop
  This doesn't: [Router 1] <=wlan0=> Windows 7 Laptop
  I tried
  sudo cupsctl --share-printers --remote-any && sudo systemctl restart cups
  on the host PC, but the W7 clients can't connect across subnets. Is there anyway to set it up so it can? They can easily connect to the ath0.1 network and then print, but it's inconvenient for them. The Windows users spend most of the time upstairs, and not downstairs, so they are usually connected to the wlan0 network.
  I have the option of putting [Router 2] into client bridged mode so it shares the same subnet of [Router 1], however I can't seem to set it up properly and I run into problems. It is important to have the ath0.1 network downstairs, and I am unsure that client (bridged) mode will allow for the virtual interface.
  I do not have Samba installed but I am considering trying that, but a simpler solution would be appreciated.
  *Edited for further clarification & error fixing.
  Last edited by felixculpa (2012-12-27 20:03:51)

  DiverDoc wrote:
  if I can share a printer between an XP system and a Win 7 system?
  Before I enter all the system data, I just wondered if someone already knew the answer to this one. I was successsfully sharing a non network printer plugged into an XP machine via USB and printing to it via Network Magic from my Vista machine, but since I upgraded Vista to Win 7, I cannot. Everytime I try to install the remote printer or access it in any way from my Win 7 machine, I get the Windows message: " Windows cannot connect to the printer". This also occurs form within the Network Magic Map if I try to Complete Printer Setup. It shows up on my Win 7 machine when I want to ADD a Printer, but I cannot install it. It shows as Shared on the XP machine.
  Thanks for any assistance!
  S.
  Hi S.,
  You need to use Network and Sharing Center and open up your computer. You need to use the Public Profile and turn on Network Discovery. Not sitting in front of Windows 7 at the moment.
  Otherwise, you need a Wireless Printer or All-In One Machine or a Printer that plugs into the Router using an Ethernet Port.
  thecreator - Running Network Magic version -5.5..9195.0-Pure0 on Windows XP Home Edition SP 3
  Running Network Magic version -5.5.9195.0-Pure0 on Wireless Computer with McAfee Personal Firewall Build 11.5.131 Wireless Computer has D-Link DWA-552 connecting to D-Link DIR-655 A3 Router.

• Multiple routers and subnets - can't access across subnets

  Hey all, I'm having an issue with multiple routers and subnets on my FIOS connection. Here's how everything is setup:
  Primary router:
  ActionTec MI424WR Rev D (from Verizon)
  WAN IP: From ISP
  WAN NETMASK: From ISP
  LAN IP: 192.168.1.1LAN NETMASK: 255.255.255.0
  Secondary router (WAN connected to ActionTec LAN):
  Belkin N750 gigabit w/ 802.11n
  WAN IP: 192.168.1.2
  WAN NETMASK: 255.255.255.0
  LAN IP: 192.168.2.1
  LAN NETMASK: 255.255.255.0
  With this setup, I have the secondary router's WAN port connected to a LAN port on the primary router. Each are broadcasting an SSID and each are running DHCP to assign address to their respective subnets. Everything was well and good, except that I could reach 192.168.1.* systems from 192.168.2.*, but not vice versa -- anything connected to the Primary router was blind to systems connected to Secondary. Also, I could not ping anything on .2 from .1.
  So, I added the following static route to the primary router:
  DESTINATION: 192.168.2.0
  NETMASK: 255.255.255.0
  GATEWAY: 192.168.1.2
  Once this was added to the router, I could ping everything, so that was good. However, even though .1 can now ping .2, I can't access certain things such as the web interface of my NAS (192.168.2.2). I can ping it, but accessing it in the browser from .1 doesn't work; however, accessing from .2 does work.
  I think the ActionTec router might be blocking it, but that's just a guess. The firewall on this thing has me thoroughly confused. Currently, I have 192.168.1.2 in the DMZ on the ActionTec, but that didn't make a difference. I've also completely disabled the firewall on the secondary Belkin router, but still nothing.
  Any help from the pros here? Much appreciated!
  Solved!
  Go to Solution.

  Ok, I figured it out and everything is now working. The issue appears to be that the ActionTec router doesn't recognize traffic from Subnet 1 to Subnet 2 as internal traffic -- it treats it as external traffic and closes it off. To fix this, it required some Advanced Firewall Filters that were far from unituitive and took a lot of testing to get it just right. If anyone runs into a similar situation in the future, here's a rundown of what I did to make it all work:
  Primary Router:
  ActionTec, MI424WR Rev D
  WAN IP/NETMASK:Assigned by ISP
  LAN IP/NETMASK:192.168.1.1 / 255.255.255.0
  Secondary Router:
  Belkin N750 Gigabit w/ 802.11n
  WAN IP/NETMASK:192.168.1.2 / 255.255.255.0
  LAN IP/NETMASK:192.168.2.1 / 255.255.255.0
  Plug Secondary router's WAN port into a LAN port on the Primary router.
  Setup Secondary router to have static LAN address (192.168.1.2)
  At this point, you should have 2 separate subnets: Subnet 1 (192.168.1.*) and Subnet 2 (192.168.2.*).
  Systems on both subnets should be able to reach the internet. Also, Subnet 2 should be able to ping and reach systems on Subnet 1; however, systems on Subnet 1 should not be able to ping or reach systems on Subnet 2. For this, we need to create a static route so Subnet 1 can reach Subnet 2.
  Create and apply the following static route in the Primary router:  (Advanced > Routing)
  RULE NAME:Network (Home/Office)
  DESTINATION:192.168.2.0(your secondary subnet)
  GATEWAY:192.168.1.2(secondary router's WAN IP)
  NETMASK:255.255.255.0
  METRIC:1
  The router now has a route between Subnet 1 (192.168.1.*) and Subnet 2 (192.168.2.*). You should be able to ping systems on Subnet 1 from 2, and ping systems on Subnet 2 from 1. You should not be able to access any systems, though -- the firewall is still blocking all but ping traffic from Subnet 1 to Subnet 2. We need to create some firewall rules to allow this communication.
  Make sure Primary firewall is set to at least typical/medium (Firewall Settings > General).
  We need to create some network objects to make it easier to manage the rules we'll create. Go to Advanced > Network Objects and do the following:
  1.Click Add. You are now on Edit Network Object screen. 
  2.Set Description to 'Subnet 1'.
  3.In Items section below, click Add.
  4.Set Network Object Type to 'IP Subnet'.
  5.Set Subnet IP Address to 192.168.1.0.
  6.Set Subnet Mask to 255.255.255.0.
  7.Click Apply. You are now back on Edit Network Object screen.
  8.Click Apply. You are now back on Network Objects Screen.
  9.Repeat the above steps again, but this time creating a second network object called 'Subnet 2':
  Nameubnet 2
  IP Subnet:192.168.2.0
  Subnet Mask:255.255.255.0
  Now we create the firewall rules. Go to Firewall Settings > Advanced Filtering.
  In the Inbound/Input rules section, click the Add link next to Network (Home/Office) Rules.
  Create the following Advanced Filter:
  SOURCE ADDRESSelect 'Subnet 1'
  DEST. ADDRESSelect 'Subnet 2'
  PROTOCOL:'Any'
  OPERATION:'Accept Packet'
  OCCUR:'Always'
  Click Apply. You will now be back on the Advanced Filtering page.
  In the Outbound rules section, click the Add link next to Network (Home/Office) Rules.
  Create the following Advanced Filter:
  SOURCE ADDRESSelect 'Subnet 1'
  DEST. ADDRESSelect 'Subnet 2'
  PROTOCOL:'Any'
  OPERATION:'Accept Packet'
  OCCUR:'Always'
  Click Apply. You will now be back on the Advanced Filtering page.
  Click Apply.
  You're all done. You should now have internet access on both subnets, be able to ping across subnets and also be able to access services across subnets (local webservers, SSH, telnet, mail, etc). You will not be able to see network file shares across subnets in Windows, however, as this requires a WINS server (which is well outside the scope of this post). For instance, I have a Western Digital NAS on the 192.168.2.0 subnet that I can access as \\Mybooklive\ from within Subnet 2; on Subnet 1, however, I have to access it by its IP \\192.168.2.10\. 

• Connect mac client to mac printer share across subnets

  I need to share printers from a Mac.  I need to connect
  Mac clients on different subnets to the Mac shared printers.  I installed
  a Mac mini, connected to printers via HP JetDirect Socket (port 9100), and
  shared them.  I was able to print from the Mac mini, and connect Mac
  clients on the same subnet to the shared printers with Bonjour and print.
  I moved the Mac mini to its intended location on another subnet.  I
  immediately learned that Bonjour does not publish services across
  subnets.  I could not find documentation on how to connect to a Mac shared
  printer across subnets, but I did find some third party documentation (only some incomplete
  documentation from Apple) on how to implement DNS-SD Service Discovery.  I
  enabled DNS-SD and was able to publish the printer shares across subnets, but I
  was still unable to connect to the printer shares from a Mac client.  I
  found some third party documentation (none from Apple) on how to manually connect to a Mac
  printer share by specifying the IP address of the server, specifying the CUPS
  default IPP protocol, and the print queue name.  I was unable to connect
  to the shared printers.  I receive ping replies from my Mac mini, and port
  scan reveals that port 631 for IPP, CUPS default, is open.  Printer
  sharing is configured so everyone can print. I am able to connect to the Mac
  mini with VNC Screen Sharing.  I don’t see how this can be a network
  issue.
  Macs don’t seem to like to connect to our Windows
  shared printers because of our PaperCut software, and connecting Mac clients to
  Windows printer shares and authentication is beyond the average user,
  exacerbated by Macs not behaving the same as Windows when bound to an Active
  Directory domain.
  I called Apple support, they escalated to Apple Enterprise
  support.  Apple Enterprise support said they couldn’t help me beyond a
  single network with no subnets, but Apple Engineering might be able to solve
  the problem for $695.
  Why do I need to pay $695 to learn how to connect Mac
  clients to Mac shared printers, something that should be easy and intuitive and
  have documentation readily available?  Windows printer sharing is easy and
  intuitive and documentation is readily available, and services are published
  across subnets without have to implement DNS-SD.

  Thank you for your reply.  I followed the instructions in the sybaspot.com site and in some of the included references to set up DNS-SD.  DNS-SD worked, but I couldn't connect the Mac client to the Mac shared printers.
  I also found http://www.papercut.com/products/ng/manual/ch-mac-printing-10-8-9.html#ch-mac-pr inting-10-8-9-sharing-printers.
  I expanded my search and found this: http://support.apple.com/kb/PH13940, last modified May 8, 2014.  I started work on my project February 2014.  Apple Support could have told me about this document.
  PH13940 says: "The computers must be on the same local network as your Mac".  Apple must not consider multiple subnets one network.
  PH13940 says: "Printer sharing is for printers attached directly to your Mac. You don’t need to share network printers, because they are already shared on the network."
  Apple must define "network printers" as any printer with a network interface.  Microsoft defines network printers as printers shared by another computer.  TCP/IP ports are local ports on a Windows computer, so TCP/IP connected printers are local printers that can be shared.  Multiple users on a Mac all see the same connected printers.  Multiple users on Windows all see the same local printers, but network printer connections can be different for each user.
  Apple must not see any value in accounting for printing and assigning the cost to the user or department.  We need to account for printing and cannot have any users bypassing the system by printing directly to printers.  I have created Access Control lists on the printers to limit connections to the specific IP addresses of our print servers.
  The documents about setting up DNS-SD and IPP connections must have assumed USB connected printers on a Mac.  The odd thing is that I was able to share a network printer from the Mac mini when the client Mac was on the same subnet.  Is PH13940 wrong?
  I am Microsoft Certified Systems Engineer 1999 and Apple Certified Technical Coordinator 2013.

• How to Fetch MAC-Adresses across Subnets

  Hi All,
  for some reason we have a number of Machines out there where we would like to install a Package via ARD instead of Casper. We have a list of Hostnames from this Machines. Now, the first idea was to ping them and to get the MAC-Adress out of the ARP Cache via arp -a. All together could be used as an Import-File for Remote-Desktop.
  But ARP does not work across Subnets.
  Now i was wondering - how does for example ARD read the MAC-Adress from a Machine if i do a scan to a specific Network-Range. Could i use this process to fetch the MAC-Addresses? Or could there be another way.
  bye
  joe

  Hi
  You could try installing ARD on a client within that range? Poll workstations within that range for relevant information. Save it to the Desktop of that ARD workstation. Transfer it to a memory stick etc. Or if you know the IP address of that workstation you may be able to add it using the network address option from another workstation that's in a different subnet.
  Tony

• Unable to wake emacs across subnets

  We have several emac labs w/ ard active on them, however, we are unable to wake them up from our central office location. If the client is available we can observe, control and just about anything else we need to do to them. Our biggest issue is that we can't wake them up across subnets. We also have a mini running server 10.4.7 as a task server out there...any ideas

  First, make sure that "wake on network administrator access" is active in the Energy Saver -> Options on your clients.
  If it is, try WakeOnLan or WakeOnMac and see if either of those work. If those don't work either, then the routers on your network are probably not correctly passing the necessary packet.
  Hope this helps.