Skip navigation

Private and Guest Access

375 Views 10 Replies Latest reply: Mar 29, 2013 9:28 AM by chaz69 RSS
chaz69 Calculating status...
Currently Being Moderated
Mar 28, 2013 6:55 AM

I have the Airport Extreme Model A1408 running Airport Utility For Windows Version 5.6.1

 

I have the AE hanging of a switch and created two networks TEST and TEST_Guest

 

I've configure TEST with WPA2 Personal for security with password

I've enable GUEST Network with  WPA2 Personal for security with password

 

I have Laptop Users running windows with domain setup.

When they connect to TEST or TEST_Guest, either setup allows the USER if previously authenticated on our network to be able to see the contents of our shared network drives.   I dont mind if that happens but I dont want the USER connecting to TEST_Guest to be able to get to our shared network drives.  How can I make the TEST as the private network and TEST_Guest as a USER that only can get internet connection but no access to network shared drives.

 

Thanks in advance,

Chuck

  • markwmsn Level 4 Level 4 (3,955 points)
    Currently Being Moderated
    Mar 28, 2013 2:08 PM (in response to chaz69)

    Where, network-wise, are these shared network drives? On TEST? On TEST_Guest? Upstream?

  • markwmsn Level 4 Level 4 (3,955 points)
    Currently Being Moderated
    Mar 29, 2013 7:23 AM (in response to chaz69)

    I wanted to know where the actual shared network drives are located, not where they are visible.

     

    Let me ask it another way:

    On what network(s) is/are the computer(s)/server(s) hosting the shared network drives located?

    On TEST, on TEST_Guest, or somewhere upstream?

     

    To make the shared drives visible only on TEST, the servers hosting them would have to reside on TEST. If they are anywhere upstream of TEST, they will appear to be part of "the internet" from the point of view of the AirPort Extreme.

  • Bob Timmons Level 9 Level 9 (75,865 points)
    Currently Being Moderated
    Mar 29, 2013 7:44 AM (in response to chaz69)

    It might be a good idea to confirm that you really do have a Guest Network set up there.....and this is not a case of you renaming the 5 GHZ band on the main network as a Guest Network.

     

    If you open AirPort Utility, select the AirPort Extreme, and click Manual Setup, does a Guest Network tab appear on the page in AirPort Utility?

     

     

    Screen Shot 2013-03-29 at 9.40.00 AM.png

  • Bob Timmons Level 9 Level 9 (75,865 points)
    Currently Being Moderated
    Mar 29, 2013 8:20 AM (in response to chaz69)

    Than you need to answer the questions from markwmsn.

     

    It appears that you have your AirPort Extreme "downstream" on your network if it is connected to a switch. That would mean that information on both the "private" and "guest" nework is flowing from the WAN port on the AirPort, so that info is combined and visible to other devices upstream on the network.

     

    You would need to connect the AirPort Extreme directly to a simple modem, then connect all of your other devices to the AirPort Extreme to keep the "private" and "guest" networks isolated from each other.

     

    You also have a Double NAT problem with the AirPort located downstream and set up as router.

  • markwmsn Level 4 Level 4 (3,955 points)
    Currently Being Moderated
    Mar 29, 2013 9:11 AM (in response to chaz69)

    chaz69 wrote:

     

    The server which hosts my network shares is connected to one of the switch ports, any ports on that switch that has a computer off it has access to the network shares when authenticated.  So if my AE is hanging of that switch, there is no way to differentiate between private and guest, correct?

     

    Then I am not sure where to hang that AE properly to segregate the PRIVATE and GUEST.

    Without knowing more about the rest of your network, there's no way for us to know what other chaos might ensue, but the simple answer would be to swap the AE and the switch:

    XXX -> switch -> AE --becomes-- XXX -> AE -> switch

    That would put the server inside the AE's network, so the AE could keep the guest traffic away from it.

     

    Of course, anything else hanging off the switch is also inside the AE's network.

    If the server also offers services out onto the Internet or whatever else might be upstream of your switch now, you may have to do some serious diddlng to the AE's configuration (and it may not be possible with current tools).

Actions

More Like This

  • Retrieving data ...

Bookmarked By (0)

Legend

  • This solved my question - 10 points
  • This helped me - 5 points
This site contains user submitted content, comments and opinions and is for informational purposes only. Apple disclaims any and all liability for the acts, omissions and conduct of any third parties in connection with or related to your use of the site. All postings and use of the content on this site are subject to the Apple Support Communities Terms of Use.