Currently Being ModeratedJun 4, 2013 5:07 AM (in response to l008com)
I'm wondering if you can use the Guest wifi network feature on an Airport Extreme that is in bridged mode.
Sorry, but no. The AIrPort Extreme will have to be in router mode providing DHCP and NAT services if you want it to create both a "main" and "guest" network.
Currently Being ModeratedJun 16, 2013 8:20 AM (in response to l008com)
So as it turns out, you can use the guest network feature while the airport is in bridged mode. I just unwrapped the one I bought for this job and tested it out by piggy backing it into my wired network and putting it in bridged mode. I was able to create a primary and a guest network.
Currently Being ModeratedJun 16, 2013 9:18 AM (in response to l008com)
Tried this with 3 different 3rd party routers, but no go.
If you have another Apple router on the wired network that is set up with the Guest Network, then you can add a second AirPort and the guest network will work in Bridge Mode.
Might that be the case?
If not, have you tested to verify that you can get an Internet connection on the Guest Network?
Currently Being ModeratedJun 24, 2013 12:40 PM (in response to Bob Timmons)
Turns out you can connect to both networks, but you only get an IP over the private network. Public just gives you a self-assigned IP. That is particularly annoying. Even running DHCP only for the guest network would be an OK option. But we can't double-nat the primary network, and the comcst modem has a router built in that I don't think you can disable.
Currently Being ModeratedJun 24, 2013 1:44 PM (in response to l008com)
As I mentioned previously, the AirPort must be in a Router Mode of DHCP and NAT to enable the Guest Network feature....and have both the "main" "guest" networks operate correctly with Internet access.
You might check with your ISP about the possibility of obtaining a simple modem.
Currently Being ModeratedJun 24, 2013 2:51 PM (in response to Bob Timmons)
Yeah that's the plan. Everything with comcast is a pain in the *** but hopefully I can just buy a modem and have then enable it over the phone. I've done things that way before but this is a business account and they like to do things differently just to mess with people with business accounts.
Currently Being ModeratedJun 24, 2013 3:00 PM (in response to l008com)
Please post back when you get the new modem that should get you in business.
Most ISPs will activate a new modem over the phone if you have the MAC Address of the modem, which should be clearly marked on the back or bottom of the device.
Currently Being ModeratedSep 23, 2013 12:50 PM (in response to l008com)
Yes, you can have both private and guest in bridged mode.
The reason that a DHCP address is not received on the guest network is because packets originating on the guest network are 802.1Q tagged as vlan 1003. In order for your firewall/dhcp server to process these packets, you will need to add a virtual interface for that vlan.
Currently Being ModeratedSep 28, 2013 8:24 PM (in response to nrh)
I was referring to the Aiport Extreme. I don't know if the Express works the same way or not.
Wi-Fi access points that have the capability to host multiple SSIDs often have VLAN as a configuration option. But most retail access points designed for home use do not.
Currently Being ModeratedNov 7, 2013 2:16 PM (in response to dennypage)
This is a valuable answer because it clarifies the one piece of the puzzle as to how this might (or might not) work.
It is obvious that a device connecting to the base station informs the base station as to whether it is on the guest or private network through the SSID it connects to. It's obvious how one can create two overlaid networks through using two different (non-routable) IP address ranges. It's obvious how the base station --- AS DHCP and NAT HOST --- can allocate addresses in these two ranges.
What was not obvious is how this can all propagate out to a third party DHCP server --- how would that server know to allocate IP addresses in one range rather than the other?
But use of a VLAN tag answers that question. Very cute use of a (to home users) rather obscure part of the ethernet spec.
Currently Being ModeratedNov 11, 2013 11:27 AM (in response to dennypage)
Dennypage, you mentioned "you will need to add a virtual interface for that vlan.", where does one set this up? In Airport? or in the device supplying the DHCP, ie. the firewall device?
Thanks - Lewis