Airport Extreme: Guest Networking

Discussion in 'Mac Basics and Help' started by Koinu, Sep 18, 2009.

  1. Koinu macrumors newbie

    Joined:
    Nov 13, 2006
    #1
    Greetings,

    I need some help with setting up Airport Extreme Guest Networking... (warning, long description ahead).

    Background: I have a long background in computing and networking, but am new to the specific operation of the Apple Airport Extremes.

    I have a network with an existing router in place that connects to the internet, and provides DHCP for the network. I want to add (potentially many) Airport Extremes to this network to provide two basic functions:

    1) Wireless access to the existing network over a large office area (preferably on the same subnet as the existing, wired network, with the current router [NOT the AEs] providing DHCP services) and

    2) Guest network access such that users joining the guest network can access the internet, but NOT any of the addresses on the main network.

    I can find no way to do this trivially. It seems that if I set the AEs to BRIDGE mode, the option to set up a guest network disappears (perhaps reasonably so, since the AE would need to be able to manage the address range for the two networks).

    Thus, it appears I need to have it set to Share a public IP address. If I set it this way, I can then manually fix the IP address of the AE to an address on the existing network and fill in the router address with the address of my main router, but then I cannot have the AE serve DHCP addresses on the same subnet -- I get configuration errors telling me that the DHCP range conflicts with the WAN address for the router. (Understandable, but if I have the main router restricted to a subset of the IPs on the subnet, and the AE set to a different subset, there is, in fact, no conflict.).

    So, I end up having to have the AE serve a different subnet -- inconvenient, but not the end of the world.

    I set things up as follows:

    Main network range (served by existing router): 192.168.1.XXX
    Address of main router: 192.168.1.254
    Address of AE: 192.168.1.253, router address and DNS set to 192.168.1.254
    DHCP addresses served by AE: 192.168.2.XXX
    Guest Network on AE: 10.0.0.XXX

    Configured this way, almost everything works, EXCEPT for one of the main features I want... If I connect to the MAIN DHCP network on the AE (the 192.168.2.X network), I am able to access a Mac with file sharing enabled on the 192.168.1.X network -- that seems ok.

    But, if I connect to the GUEST network station ID (and airport shows a 10.0.0.X address), I am STILL able to access a Mac with filesharing enabled on the 192.168.1.X network... I thought this wasn't supposed to be possible.

    I can probably live with having to have the separate subnets between the main DHCP network on the AE and the principal network, as long as machines on either subnet can get to each other... But the whole purpose of the Guest Network (I thought) was to isolate guests from the private network.

    The plan is then to add additional AEs to extend the range of the wireless networks (both main and guest) to cover a significant area. Ideally, I'd like the "roaming" feature, so there is seamless movement across the whole range for both networks.

    I am using the latest firmware on the AEs (which I just purchased and successfully updated last evening).

    Can anyone offer thoughts as to what I have done wrong?

    Alternatively, I would welcome any brilliant ideas as to how to set up the network I have described.

    Many thanks,
    Scott Hurd
     
  2. plingle macrumors newbie

    Joined:
    Jun 11, 2010
    #2
    Solution?

    Did you ever figure out a solution to this problem?
     
  3. hugohs macrumors newbie

    Joined:
    May 28, 2011
    #3
    Same question here - did you ever figure this out?

    I've got the same situation... and had the same expectation.

    Thanks,

    Hugo

     
  4. tanvir866 macrumors newbie

    Joined:
    Jun 20, 2011
    #4
    Working as designed

    I think it is working as as expected. If you look at the original post, the isolation will be between 10.0.0.x network and 192.168.2.x. As far as the AE is concerned, the 192.168.1.x is THE internet (that is the WAN side of the AE).

    Thanks
    Tanvir
     

Share This Page