Currently Being ModeratedMay 25, 2012 5:23 PM (in response to RobertM1984)
I was having this same issue and this solution fixed it. However, when I attach my iPad to the guest network and do a network scan, I can access my server and all the services on it. If I manually change the DNS server settings, I can access all my internal intranet sites. How do I configure it to only provide DHCP services, and nothing else, for the VLAN?
Currently Being ModeratedMay 26, 2012 5:21 AM (in response to MplsEE08)
You would have to configure the firewall on your lion server to allow that traffic only from the main network and block it from the guest network
Currently Being ModeratedFeb 8, 2013 12:31 AM (in response to RobertM1984)
I had the same problem, then realised it was a simple DNS issue.
Connect to the wireless Guest Network (it doesn't matter if you are using the 172.16.x.x or 192.168.x.x range) and open the advanced section of the Network settings. Click the DNS tab and enter at lest one Public DNS Servere - I use 126.96.36.199 and 188.8.131.52 and hey presto - it works just fine!!!
Currently Being ModeratedSep 29, 2013 4:25 AM (in response to RobertM1984)
This doesn't seem to work on the latest Airport Extreme 802.11ac model.
I have the internal network working, but cannot seem to get hold of the vlan ID for the guest network.
Currently Being ModeratedJan 21, 2014 8:41 AM (in response to RobertM1984)
thanks everyone for the brainstorm.
I managed to get it working.
Airport Extreeme base station with 2,4 and 5ghz modes working,
Guest network too, and the AE is set into bridge mode!
I have another router, that does the routing and dhcp. That is a mikrotik RB450 router with 5ports.
The trick is to have AE connected with 2 wires to the main router!
The main wire goes from AE Wan port to the main router lan port, and the second wire goes from AE lan port to the routers other internal lan port. The AE is set to get external ip from my router and that chain works alright.
Now the second wire is connected to an isolated port on the router. That way we make sure we serve the whole purpose of GuestNetwork. That isolated port is also set as a master port to host VLAN port with ID=1003.
The last thing to do is to make a separate dhcp service running on the VLAN port alone. (not the phisical port).
It doesn't matter what ip range you give out by your second dhcp service, as long as it plays well in your subnet scheme. You can simply put both your main and the guest networks close like 192.168.1.0/24 and 192.168.2.0/24. The dns enries stay the same for both networks.
It should work with any router capable of VLAN and with at lease two lan ports avail.
Forget about sniffing ip ranges out of your AE device. It's useless! Along with the vlan tag 1003 any dhcp service met on the vlan path will respong to your guest request.