Sidebar Sidebar
Become a MacRumors Supporter for $50/year with no ads, ability to filter front page stories, and private forums.

Guest Network on AEBS that's not main router?

D

DaveF

macrumors 6502a
Original poster
Aug 29, 2007
786
21
NoVA
How do I setup a Guest Network on an Airport Extreme Base Station (AEBS) that's the secondary router on a home LAN?

I've got Verizon FIOS into the home. The verizon modem / router is in the basement (its wifi is off). It's output goes to an 8-port switch / router which feeds the house's LAN. The AEBS is connected to one of the ethernet outputs of the LAN, and provides home wifi. Normally, I have its Network->Router Mode set to Off (Bridge Mode).

I turned on Guest Mode (for some guests), and it doesn't work. No one can connect.

Apple says to set Router Mode to DHCP and NAT. But doing that creates errors that my router is in Double NAT mode. The Guest Networks seems to work erratically.
http://support.apple.com/kb/HT3477?viewlocale=en_US&locale=en_US

I'm lost. Can I setup Guest Network on my AEBS, if it's not the fundamental router in the house?
 
eduardrw said:
The answer is NO.
http://support.apple.com/kb/HT3477?viewlocale=en_US&locale=en_US
it has to be the primary router - try to setup the FIOS router to bridge mode or put the Airport Exterme in the DMZ zone!
Click to expand...

Thanks. But that's disappointing. I'll try the other way but I don't think it will work. The FIOS router is the one device that serves the entire house for ethernet; and is a back corner of the basement. The AEBS is for wifi and a local switch in the living room. The AEBS can't go in the basement and prove house-wide wifi.
 
Your only other option would be running in Double-NAT mode (i.e. both routers providing NAT).
The only way to run Guest network is in NAT mode (Share a public IP address in AirPort parlance).
 
priitv8 said:
Your only other option would be running in Double-NAT mode (i.e. both routers providing NAT).
The only way to run Guest network is in NAT mode (Share a public IP address in AirPort parlance).
Click to expand...

What are the downsides to running in double NAT mode? It issues warnings at me and it wasn't obvious if it was working correctly when I did that. I haven't had time to experiment.
 
DaveF said:
What are the downsides to running in double NAT mode? It issues warnings at me and it wasn't obvious if it was working correctly when I did that. I haven't had time to experiment.
Click to expand...

The downfall of Double NAT is slightly higher ping times (usually no more than 1ms) and issues with some port-specific applications. There are three ways you can deal with this problem. The first is simply run Double NAT and dismiss the error. The second is to plug the cable from the FIOS router into the Extreme and the switch into the Extreme and add the Extreme to the DMZ. The third is run DHCP and NAT on the Extreme and add to the DMZ of the Verizon router.

If you enable DHCP and NAT on the Extreme you will no longer access shared resources on the Verizon router's network. This may or may not affect you.
 
Altemose said:
The downfall of Double NAT is slightly higher ping times (usually no more than 1ms) and issues with some port-specific applications. There are three ways you can deal with this problem. The first is simply run Double NAT and dismiss the error. The second is to plug the cable from the FIOS router into the Extreme and the switch into the Extreme and add the Extreme to the DMZ. The third is run DHCP and NAT on the Extreme and add to the DMZ of the Verizon router.

If you enable DHCP and NAT on the Extreme you will no longer access shared resources on the Verizon router's network. This may or may not affect you.
Click to expand...

Thanks. I can do the first (run double NAT and dismiss the error). The second isn't practical, because of physical locations of hardware. The third I'm ignorant of what it means; but I think it would cause problems if it would mean I'd lose access to the networked printers.

So I can enable a guest network for specific durations, with double NAT, as needed. It's a pity it's not really a trivial feature, as I'd expected, that I can simply toggle on and off as needed.
 
DaveF said:
Thanks. I can do the first (run double NAT and dismiss the error). The second isn't practical, because of physical locations of hardware. The third I'm ignorant of what it means; but I think it would cause problems if it would mean I'd lose access to the networked printers.

So I can enable a guest network for specific durations, with double NAT, as needed. It's a pity it's not really a trivial feature, as I'd expected, that I can simply toggle on and off as needed.
Click to expand...

If the networked printers are on the Verizon then it may be blocked when in Double NAT mode from behind the AirPort. If you add the AirPort to the DMZ on the Verizon router, essentially it will bypass the firewall and let the AirPort handle that. If in Bridge Mode you do not want the AirPort in the DMZ.
 
You have pretty much 2 choices:
1. FIOS box is the router: Apple routers connected via ethernet are just simple WIFI extenders without advanced features like guest network, Back to my Mac, Wake up on Lan for apple devices, .....

2. FIOS box is in Bridge mode or DMZ is setup (acts as a modem only) - this allows the Apple router to be the main router. This will allow all the above mentioned advanced features to work.

Crutch: Double NAT is the attempt to have 2 routers in sequence. This way anything which hangs on your Apple router with DHCP/Nat enabled has all the advanced features.
Disadvantages: The outward advanced features are typically blocked by the FIOS router. All devices which want/need to see each other have to be on the same router LAN. Setup is tricky at best.
 
I'm revisiting this thread for a quick note (and following up on the good technical input given earlier).

It's a new holiday with family visiting, so time to try again the Guest Network.

As advised, I switched from "Off (Bridge Mode)" to "DHCP and NAT" mode. After it churned on that, I then accepted the two warnings, Double NAT and WPA Setup. A quick test shows the guest network is working without obvious problem. :)
 
DaveF said:
I'm revisiting this thread for a quick note (and following up on the good technical input given earlier).

It's a new holiday with family visiting, so time to try again the Guest Network.

As advised, I switched from "Off (Bridge Mode)" to "DHCP and NAT" mode. After it churned on that, I then accepted the two warnings, Double NAT and WPA Setup. A quick test shows the guest network is working without obvious problem. :)
Click to expand...

The guest network usually is only going to work in DHCP & NAT mode. You need to set the FIOS router to Bridge Mode or add the AirPort to the DMZ for this to work fully.
 
Altemose said:
The guest network usually is only going to work in DHCP & NAT mode. You need to set the FIOS router to Bridge Mode or add the AirPort to the DMZ for this to work fully.
Click to expand...

I'll have to try that for the next holiday. Guest Network was working fine for wifi. But the ethernet LAN was affected: the Tivo plugged into the AEBS could no longer be seen by the Tivo mini.

So Guest Network is off again, and I'll give family the full wifi password. Some free weekend I'll experiment with the FIOS router settings.
 
DaveF said:
I'll have to try that for the next holiday. Guest Network was working fine for wifi. But the ethernet LAN was affected: the Tivo plugged into the AEBS could no longer be seen by the Tivo mini.



So Guest Network is off again, and I'll give family the full wifi password. Some free weekend I'll experiment with the FIOS router settings.
Click to expand...


Is the other TiVo attached to the FIOS router? If so you would need to connect both to the same router.
 
Altemose said:
Is the other TiVo attached to the FIOS router? If so you would need to connect both to the same router.
Click to expand...

Yes and I can't. (well, that's not true. I could insert a hub between the AEBS and the Roamio. I might have a spare hub to try this with) :)


The LAN is configured like this:

FIOS Fiber -> FIOS Router -> 8-port Switch -> Ethernet ports in House

-> Bedroom ethernet -> Tivo Mini
-> Living Room ethernet -> AEBS -> (Household wifi, and hub for Tivo Roamio, Xbox, Blu-ray)

The FIOS router is enclosed in a metal 'homerun' box in the rear of the basement. it is practically impossible to use it for home wifi. And I can't locate the AEBS to be the primary router in the house and provide wifi throughout.
 
DaveF said:
Yes and I can't. (well, that's not true. I could insert a hub between the AEBS and the Roamio. I might have a spare hub to try this with) :)


The LAN is configured like this:

FIOS Fiber -> FIOS Router -> 8-port Switch -> Ethernet ports in House

-> Bedroom ethernet -> Tivo Mini
-> Living Room ethernet -> AEBS -> (Household wifi, and hub for Tivo Roamio, Xbox, Blu-ray)

The FIOS router is enclosed in a metal 'homerun' box in the rear of the basement. it is practically impossible to use it for home wifi. And I can't locate the AEBS to be the primary router in the house and provide wifi throughout.
Click to expand...

There is a couple of ways you can solve this. The first is by moving the AirPort to be the main router and using another AirPort as an access point. The second is to somehow relocate the one TiVO that was connected to the FIOS router to behind the AirPort.
 
Altemose said:
There is a couple of ways you can solve this. The first is by moving the AirPort to be the main router and using another AirPort as an access point. The second is to somehow relocate the one TiVO that was connected to the FIOS router to behind the AirPort.
Click to expand...

A year later, and I upgraded and reconfigured my home network based on your advice. Fortunately, a friend gave me a leftover coax-ethernet bridge that he'd previously bought specifically for FIOS use. I swapped out the FIOS router for the bridge. I reset my AEBS and it reconfigured as the root router. This enables Guest Network without issue or Double NAT.

I also bought an Airport Express and connected it directly to the AEBS; it configured to extend the wifi network via ethernet, and can also extend the guest network.

That's the final outcome. It took three full days over two weekends to get it all working with several false starts, weird problems, a tech call to Verizon to get a DHCP Lease Renewal and a frustrated wife in the midst of wasting a weekend fighting with a network that working pretty well before I started.

This is what the network looks like now. :)
DaveF Home LAN.png
 
Last edited:
  • Like
Reactions: Altemose
You must log in or register to reply here.
Register on MacRumors! This sidebar will go away, and you'll see fewer ads.
Top Bottom
Back