This document describes how to configure the network portion of Apple OS X 10.10.x for use with the Princeton University campus network. Specifically, it covers configuration for use with OIT Ethernet Service and OIT Wireless Service.
Versions of Apple OS X 10.10.x considered "current" at Princeton at this time are:
Presently we are testing version 10.10.5, and have not yet announced support for it. If all goes well, we expect to announce support for it at the end of August 2015.
All older versions of 10.10.x are no longer considered "current" at Princeton, and should be updated. This documentation assumes you are using a current version of Apple OS X.
If you are not sure what version of Apple OS X your device is running, use the About this Mac command under the Mac's Apple menu.
If you are running a version that we no longer consider current, we recommend you upgrade to a current version; our documentation assumes you are running a current version.
To upgrade from version 10.10.x to version 10.10.4, Select App Store... in the Apple menu. Within the App Store..., select the Updates button in the application's toolbar. A standalone updater may also be available for download from Apple.
Use the System Preferences application to perform network configuration. You will find this application in Apple OS X's Applications folder, as well as in the Apple menu. It may also be in the Dock.
Launching the System Preferences application displays the main System Preferences window. Within this window, click the Network icon; the Network pane of System Preferences is displayed. Most network configuration steps will be performed within this pane, sometimes called the "Network preferences pane" or simply "Network preferences."
When you have finished making changes (described below), click the Apply button in the window's lower right corner (if you have made changes you wish to keep).
You may then select Quit System Preferences from the System Preferences menu, or click the window's Close button.
In Apple OS X, a network location (or simply a location) is a group of saved configurations for one or more network ports.
Commonly-used kinds of network ports (also called interfaces) include a (built-in) Ethernet port, a Wi-Fi (a.k.a. Wireless) port, and an Ethernet port built into a Thunderbolt Ethernet adapter ("Thunderbolt Ethernet"). Several other kinds of network ports include an Ethernet port built into an external display ("Display Ethernet"), a (built-in) Thunderbolt port, a (built-in) FireWire port, and a Bluetooth port.
Throughout this documentation, we use the terms network location or location as Apple OS X does (rather than in the conversational sense to mean a physical location).
In its simplest form, you may use a location to correspond to a single way of connecting your Mac to the network; e.g. "Ethernet in my office," "Ethernet at home," "Wireless using OIT Wireless Service," or "Wireless at a cafe". Each time you connect your Mac to the network in a different way, you would select a different location.
Because a single location can include configurations for multiple network ports, sometimes a single location can be used when connecting your Mac to the network in more than one way (e.g. "Ethernet in my office" and "Wireless on the road", or "Ethernet or Wireless, whatever happens to be available"). Making a single location perform double duty may be convenient, saving you the trouble of selecting a different location each time you connect your Mac in a different way. But it may also lead to unexpected behavior if it results in multiple network ports active simultaneously.
At the top of the Network pane of System Preferences is a Location pop-up menu. This is where you may select the current network location, create new locations, and delete uneeded locations. Initially this menu contains one location named Automatic. The pop-up menu may list additional locations, if you have created any previously.
The Location pop-up menu also contains an Edit Locations... command. This command displays the Locations sheet; that sheet displays a list of all location names, along with buttons to create a new location name, delete an existing location name, rename an existing location name, and to create a new location name by duplicating an existing one. When you are done performing these operations, close the sheet with its Done button. Once a location name exists, to view or edit its configuration, you select the location name in the Location pop-up menu; the remainder of the Network pane will display that location's configuration.
A single Automatic location may meet your needs, or you may need to create additional locations:
This would happen, for example, if your Ethernet port is attached to the campus network, but your Wi-Fi port also happens to be within range of an OIT Wireless Access Point, so both are simultaneously attached to live (but different) IP networks. (For the curious, a technical explanation for why the traffic is discarded is at Apple OS X Network Configuration: OIT Notes and Caveats.)
You can avoid this problem by creating a unique location for each network port, designating that only one port be active in each location.
This is a variation of the previous problem, but is particularly bad when both interfaces are attached to the same IP network. Few operating systems support having two physical network interfaces simultaneously attached to the same IP network.
This would happen, for example, if your Ethernet port is attached to the campus network, and your Wi-Fi port also happens to be within range of a private Wireless Access Point attached to the same IP network and operating as a bridge. (It doesn't happen with OIT Wireless Service, as OIT's Wireless Access Points are attached to an IP network that provides no customer Ethernet connections.)
As the resulting network activity is not acceptable on the campus network, you must avoid this problem, typically by ensuring that only one of your network interfaces is active at a time; the simplest way to do this is by creating a unique location for each network port, designating that only one port be active in each location.
If based on the previous section, you believe the single Automatic location should meet your needs, you are welcome to use it; you may skip this section, and proceed to the Configuring Locations section below.If the single Automatic location does not meet your needs, we recommend creating a unique location for each of the different ways you may connect your Mac to the network. This section describes how to create new location names; after you create these locations, proceed to the Configuring Locations section below to configure each location.
On the Network pane in System Preferences, use the Location pop-up menu to create a new location name as follows:
Click the + (plus) button to create a new location. A new name will appear in the list of locations in the sheet. The new location will be named Untitled. (If you already have a location with that name, the new one will be named Untitled 2, etc.)
Select the name of the new location in the sheet, and edit it to give it a more descriptive name. For example: Ethernet Only, Wireless Only, Modem, At Cafe, At Hotel, Offline, etc.
You may use different names than these; throughout our documentation, we often assume you are using these names. For example, if you use OIT Wireless Service on-campus, but a private wireless network at a cafe, you might choose to create locations named Wireless Only - OIT and Wireless Only - Cafe.
Apple does not document the default settings it creates when you create a new location. It appears these settings may be the same as the Automatic location that originally comes with Apple OS X, although we do not know if the settings vary depending on the Macintosh hardware you are using and any ports connected to a network at the time you create the location.
If you need to create additional locations, repeat the steps above.
You need not immediately create all the locations you might eventually need; you may choose to create just the location(s) you need initially, then return to this procedure in the future when you need to create other locations.
If there are any locations you will not be using (for example, perhaps you have decided not to use the Automatic location), delete them to avoid confusion. You may do so by selecting the Edit Locations... command from the Location pop-up menu. The Locations sheet will appear, listing all location names. For each location you wish to delete, select the location name, then click the - (minus) button. When you are done deleting locations, click the Done done button to dismiss the sheet. Finally, click Apply in the Network pane to save your changes.
At this point you have one or more locations created, but have not yet configured them properly for use with the campus network. (When you create a new location, its initial configuration has settings that are usually inappropriate for use with the campus network. For each location, you will need to configure it appropriately, as described in the next section.
Any location you create, as well as the Automatic location, begins initially with a default configuration. The initial configuration usually is not appropriate for use with the campus network. You should reconfigure the location (even the Automatic location) appropriately for use with the campus network.
For each location, configure it as follows:
Confusingly, OS X refers to the items in this list as services, rather than as network ports or network interfaces.
Some common names of network ports include Ethernet (for an Ethernet interface built into the Mac's motherboard), Wi-Fi (for an 802.11 Wireless interface), Thunderbolt Ethernet (for an Ethernet interface provided by a Thunderbolt Ethernet adapter), FireWire (for a FireWire interface built into the Mac's motherboard), Display Ethernet (for an Ethernet interface built into an attached display), and Thunderbolt. If your device has more than one Ethernet port, those ports may be named Ethernet 1, Ethernet 2, etc.
If your Mac has a third-party network port, the port's name may be less intuitive. If you find the name unintuitive, you can give it a better name; select it from the list, then choose the Rename Service... command in the Action (gear) pop-up menu below the list, and enter a new name for the network port.
In addition to displaying the name of each network port, the list may also indicate whether the port is Connected, Not Connected, Inactive, Not Configured, Off or in some intermediate state.
Each network port in a location is designated as Active, Inactive, Off, or Not Configured. The Mac tries to use ports designated as Active.
Just because a network port is designated as Active doesn't mean it will actually be carrying traffic. For example, an Ethernet port may be designated as Active, but if no Ethernet cable is plugged into it, the port will not carry any traffic. The Mac considers the port Active, but not connected.
If multiple network ports are designated as Active and more than one is presently connected to a working network and capable of carrying traffic, the Mac may simultaneously use more than one network port. It may send some of its traffic out each port, and receive traffic via both ports. In some situations, this will work; in others, it will not behave as you might expect.
When you create a new location, the Mac assumes it should designate all network ports as Active; you will change this next.
To make a network port Inactive for this location, select the port from the list of ports on the left side of the pane. Then from the Action (gear) pop-up menu below the list, select the Make Service Inactive item.
Since most often you create a new location to be used with a single network port, you will usually want only that one network port active. For example, if this location will be used when you are attached via the Ethernet port, you should make inactive all ports except the Ethernet port.
The Mac often re-orders a location's network ports on its own. We have not found any Apple documentation explaining this behavior.
When only one port is active, it does not matter in which order the ports are listed.
If more than one port remains active, the order matters, but not in the way one might expect. We have not found definitive documentation explaining how this works. (In the past, relevant Apple documentation indicated that the OS tries the network ports in the order they appear in the list, but this appears to be incomplete or inaccurate. It appears instead that the OS will make simultaneous use of the enabled ports, at least for some kinds of ports. The effect of the ordering is unclear.)
Having multiple ports simultaneously active could lead to unexpected behavior, as mentioned above in About Network Locations. You can avoid these issues by ensuring that each location has only a single network port designated as active. (If you do choose to have multiple ports active, you should be prepared to decide the order in which they should be listed, taking into consideration which port you want associated with the Mac's default IP route.)
If earlier you specified that this is the only network port that is active in this location, then this is the only port you will need to configure for this location.
Otherwise you will need to configure each active network port separately. Start by selecting one of the active network ports to configure first; when you have completed configuring this port, you will need to come back this step later to configure each additional active port.
For example, if you are configuring an Ethernet port, ensure the Ethernet cable is attached. If you are configuring a Wi-Fi port, ensure you are within range of an OIT Wireless Access Point.
If this is not possible at this time, you can still perform most of the configuration steps below.
(If you had made any changes to the configuration that you have not yet "applied", when you try to turn on the Wi-Fi interface, the Mac may alert you that Switching Wi-Fi power will cause any unsaved changes to be lost. Would you like to apply your changes before switching Wi-Fi's power?. If this alert is displayed, do respond by clicking Apply. That will saves your outstanding changes before turning on the Wi-Fi interface.)
Network names that begin with puwireless are those that are part of OIT Wireless Service. (In some areas of campus, the correct name to use is puwireless2.)
If you turned on the Wi-Fi interface only a few moments ago, it may take a few more seconds before any network names appear in this pop-up menu. Sometimes clicking the popup-menu a few times will cause more names to appear in the menu.
If the network name does not appear in the pop-up menu, you will not be able to complete this configuration step. This may be because you are not currently within range of OIT Wireless Service.
Within the advanced configuration sheet for this network port is a series of tabs. Each tab causes a different subset of items to be displayed. In the steps below, you will click each tab, and configure its associated items.
If this is an Ethernet port or a Wi-Fi port, in the Configure pop-up menu, select Automatically.
Configure as following (for use with OIT Wireless Service):
It is particularly important to remove any wireless network names beginning with puvisitor, as those are part Temporary Visitor Wireless Network Access (TVWNA). Allowing your device to try to connect to any of those will interfere with your device's ability to connect to OIT Wireless Service.
To a remove a wireless network name from the table, select the name in the table, then clicking the - (minus) button below the table.
Unchecking this box is intended to reduce the chances your Mac will connect to a wireless other than the one you currently intend for it to connect.
In nearly all circumstances, configure TCP/IP as follows (for use with OIT Ethernet Service and OIT Wireless Service):
The instructions above for configuring TCP/IP are appropriate for nearly all circumstances. However, if this location's network port is Ethernet, and you choose to use BootP or manual configuration (neither is normally recommended) instead of using DHCP, you will need to configure TCP/IP differently than described above. In that event, follow these more general instructions instead.
In nearly all circumstances, configure DNS as follows (for use with OIT Ethernet Service and OIT Wireless Service):
If any address appears which you entered yourself, remove that IP address by selecting it and then clicking the - (minus) button below the list. Once all addresses you entered yourself have been removed, any addresses the Mac learned via DHCP or BootP will (re-)appear; that's OK. (These addresses will not be possible for you to select.)
If any DNS domain appears which you entered yourself, remove that DNS domain by selecting it and then clicking the - (minus) button below the list. Once all DNS domains you entered yourself have been removed, any DNS domains the Mac learned via DHCP or BootP will (re-)appear; that's OK. (These DNS domains will not be possible for you to select.)
The instructions above for configuring DNS are appropriate for nearly all circumstances. However, if this location's network port is Ethernet, and you choose to use manual configuration (not normally recommended) instead of using DHCP, you will need to configure DNS differently than described above. In that event, follow these more general instructions instead.
In nearly all circumstances, configure WINS as follows (for use with OIT Ethernet Service and OIT Wireless Service):
If any NetBIOS Name appears in this list in normal type (not greyed-out), remove that NetBIOS Name by selecting it deleting it.
If any IP address whic you added appears in this list, remove that IP address by selecting it and then clicking the - (minus) button below the list.
The instructions above for configuring WINS are appropriate for nearly all circumstances. However, if this location's network port is Ethernet, and you choose to use manual configuration (not normally recommended) instead of using DHCP, you may need to configure WINS differently than described above. In that event, follow these more general instructions instead.
The campus network does not use 802.1X, so 802.1X login should be left disabled. As the default configuration for 802.1X is for it to be disabled (no profiles appear in the window's left pane), there should be nothing you need to change in this tab.
Click the OK button in the lower right corner of the network port's advanced configuration sheet to dismiss the sheet and return to the basic settings for this network port.
The Mac may prompt you for your password, or the password for the keychain, to allow it to apply and save the changes.
Repeat this process until you have configured all network ports that are active for this location.
If you created multiple locations, repeat the steps above (go back to step 1) for each each location.
You may also wish to create an additional location in which all network ports are inactive (e.g. name it "Offline"), for use when you don't want your Mac to attempt to use the network at all. Simply select each network port in the list on the left side of the preference pane, and use the Make Service Inactive command in the Action (gear) menu.
After you are done configuration all your locations, click the Apply  button in the lower-right corner of the Network pane (it will be dimmed if you have made no changes since last clicking it). Then select Quit System Preferences from the System Preferences menu.
After you have created any necessary locations, and configured all your locations, all that remains is to select your current location. You may do so in either of the following ways:
If you have several locations defined, and need to switch among them (e.g. when you change the way your Mac is connected to the network), you may use either method above to select a different location. The first method is usually more convenient, as it involves just a single click.
When you select a different location, any connections that were present at the time you switch location may be disconnected. Any network applications that was running before you switched locations may stop working; you may need to quit and restart those applications. (Some applications may be better than others in automatically handling this situation without needing to be restarted.)
Under most circumstances, you do not need to restart your computer (nor logout and login) simply because you select a different location; you might need to do so if your computer runs any network-based servers.
The firewall software included in Apple OS X offers a Stealth Mode feature. By default, even if the firewall is enabled, its stealth mode feature is disabled, but some customers may have enabled the stealth mode feature.
If your Apple OS X firewall is enabled, please be check to verify that its stealth mode feature is disabled. Do so as follows:
The reason for ensuring Stealth Mode is disabled is that Stealth Mode would cause your device to ignore IP PING requests. OIT DHCP and BootP Services explains why your device should respond to IP PING requests. (It is acceptable to use other parts of Apple OS X's firewall.)
OS X's "Wake for network access" (a.k.a. "Wake on LAN") feature should be disabled. Our experience is that when it is enabled, sometimes the device will toggle its network interface up and down at an excessive rate. That's bad as it contributes to network activity which can degrade network service for others.
The use of OIT's SSL VPN Service ("Secure Remote Access") is not configured as part of the operating system, and is not described in this document.
Pointers to information about using OIT Secure Remote Access (SRA) are available at: OIT VPN Services.
See Apple OS X 10.10.x Network Configuration: OIT Notes and Caveats for additional notes and caveats about using Apple OS X 10.10.x networking at Princeton.
For a chronology of support history at Princeton, see Apple OS X Networking: Support History at Princeton.