Q: How do I properly configure an Apple Time Capsule for use on MITNet?
|IS&T provides only limited support for Apple Time Capsules.|
At the current time, IS&T is only able to provide limited support in setting up and using Time Capsules on the MIT network. This article is provided as a best effort for support. Our offically supported method of backup is with Tivoli Storage Manager. IS&T's officially supported software for backups can be found on their Backup page.
The Time Capsule can be configured in many ways. Its 2 main features are a drive for backup and a wireless router. It also has a print server.
- We want to make sure users are not using it as a wireless access point (Wireless broadcasting is not allowed at MIT).
- We want to make sure users are not using it as a router (nothing is plugged in to the 3 ports with arrows over them). The use of routers is strictly forbidden on MITnet.
- It could be used as a wireless client to the wireless network, however wired is more reliable.
- We want to make sure that it is secure.
- The best way to connect a Time Capsule to MITnet is through a wired Ethernet connection.
Independent from Network
You could use a Time Capsule independently from MITnet if you just wanted to use it for backup. The downside is that you will have to disconnect from the internet and connect to the Time Capsule to backup, making your computer unable to access the internet or the MIT network during this time. Setting up the Time Capsule as an independent wireless network is strictly forbidden, as wireless broadcasting is not allowed at MIT due to the potential for interference and the disruption of MIT sanctioned wifi networks. In addition, if you set it up as a separate wireless network, your computer may also switch back and forth between MIT's network and the Time Capsule's network automatically, leading to confusion. In sum, this is a bad idea. However, users who do not know how to set up the device may find themselves in this mode.
As an access point
DO NOT USE the Time Capsule as an access point to the MIT network. This is against the MITnet Acceptable Use policy because it adds to network congestion, and makes you responsible for anything that happens when anyone uses your network. This is the default configuration, which Apple recommends. However, this configuration is designed for small home networks and it is not for use in enterprise networks, such as the network here at MIT.
As a client on the MIT wired network
Register the device for use on the network
Help staff can use this link to look up the MAC to see if it is registered.
Create a hostname and static IP
We are not very interested in a hostname for the Time Caosule at the current time (perhaps for features beyond time machine compatibility), but we want a static IP address. Request a reserved IP address and hostname using the Request 1-4 IP Address form.
Helpdesk consultants can see this article for information on how to [hd:RCC - Create hostname with static ip address].
Initial Device Configurations
Use Apple's Airport Utility Version 5.3 or later to configure the Time Capsule using "Manual Setup mode."
- Select the AirPort category
- Select the Time Capsule tab.
- Configure the following settings:
- Time Capsule Name: <your choice>
- Allow setup over WAN: enabled
Set Static IP and confirm
- Go to Internet > Internet Connection.
- Set to Configure IP v4 manually.
- Enter the IP address, Subnet, Router Address (aka Gateway), DNS servers provided to you from your static IP setup.
- Wireless Sharing should be set to off. (confirmation required).
- Apply your changes.
- Confirm that the static IP address settings have been applied.
|The Time Capsule will now only be configurable from the same wired subnet.|
Due to the topology of MITnet, once these settings are applied, the Time Capsule will only be configurable in Airport Utility if your computer is connected to MITnet with an Ethernet cable. Plug your computer into the wall jack with an Ethernet cable before continuing setup.
Turn off wireless
|Make sure static IP settings are applied!|
Make sure the static IP settings have been applied and you are connecting to it over Ethernet. If you are connecting via radio and you turn it off, you will not be able to connect to the Time Capsule after restart! If you do this you will have to do a hard reset. No data will be deleted and you keep previous settings, fix them, and then reapply.
- Go to Airport > Wireless and turn it off.
Set up network share
(if you want to store data on only it, or backup from Windows clients)
- Select the Disks category
- Select the Disks tab.
- Choose a name
- Select the File Sharing tab
- Enable file sharing: (checked)
- Secure Shared Disks: With Disk Password, then set the password
- Airport Disks Guest Access: not allowed
- Share disks over Internet using Bonjour: (NOT checked)
Configure client access to Time Capsule
- Open Time Capsule.
- Go to Select Disk and select the Time Capsule.
- Wait until the backup actually starts comparing files to confirm.
(if set up, above)
- Open Finder and select Go > Connect to Server
- Enter afp://IP ADDRESS and add it to your favorites
- Click Connect and then enter name and password as you defined
- Click Connect
- The disk is now accessible as a typical networked share!
Need SMB instructions for Win clients
(needs confirmation: can you encrypt it, doesn't it firewall to the subnet, are packets sent to it encrypted? -MP)
Please remember that the time capsule is accessible on MITnet, so care should be taken to choose VERY good passwords for use. If you have sensitive data contained in your backups, an MITnet Time Capsule might not be the best idea; users in this case may be better off keeping it off MITnet and plugging in through a wired connection only when necessary for backup.
Also, REMEMBER that files on the Time Capsule are not encrypted. If you'd like, you can employ encryption on your hard-drive but that is beyond the scope of this tutorial. Please consult the Knowledge Base or the IS&T Helpdesk for help on encrypting your drive.
Finally, although the disk has user access control, the actual packet data you're sending over the network when you access the disk may NOT be encrypted and for the resourceful, could be intercepted and potentially read.
Feb 19, 2010
We are still missing: initial setup from fresh capsule, security setup, security best practices and uses besides Time Machine such as network share or Back to My Mac. If you have any experience, please add it. Thanks -Michael
Feb 19, 2010
Print server or external drive also needs commenting. Or a section on how to add it as a wireless client to the MIT N wireless network.
Jan 26, 2015
Time Machine will only detect the drive if you've first followed the steps indicated in "Network Share". So: Make sure to connect to the disk using Finder (with the afp:// prefix). Right afterwards the disk will be shown in Time Machine's settings dialogue as an option. If you forget this step, Time Machine will not be able to find your disk.