User profile for user: ChrisJenkins
ChrisJenkins Author
User level: Level 1
80 points

How to extend the guest network with a 'roaming network' setup?

I have three 802.11ac Airport Extremes running the latest firmware. One is configured as a router and the other two are configured as simple access points (bridge mode) and all are connected via my managed GigaBit switch / wired backbone. All have the same SSIDs, security, passwords etc. DHCP is *not* provided by the primary Airport Extreme but by my two Synology NAS units (configured for redundancy). This setup works beautifully and I have excellent coverage and fast WiFi everywhere in my house... Sometimes when I have visitors I like to make a guest network available to them. If I enable the guest network on the Airport Extreme configured as a router then guests can joint that network and access the Internet. I see that the on the guest network the router has an IP address of 172.16.42.1 and client get assigned IP addresses starting from 172.16.42.2. The DNS server passed to the clients is the router address 172.16.42.1. So far so good... Unfortunately, if I enable the guest network on the access points (configured in bridge mode) then clients can join the guest network (i.e. associate to the AP) but they end up with an auto assigned IP address (169.x.y.z), no DNS server and are unable as a result to access anything. Surely Apple thought of this and provide some facility to extend the guest network in a wired 'roaming network' setup?

Posted on Apr 2, 2019 3:24 AM

Reply
Question marked as Top-ranking reply
User profile for user: Bob Timmons
Bob Timmons
Community+ 2025
User level: Level 10
184,304 points

Posted on Apr 2, 2019 6:32 AM

Something is wrong somewhere, since the guest network will be automatically extended along with the "main" network when you use Apple's setup "wizard" to set up the two AirPort Extremes that will be acting as access points in a roaming network. The same is true as well when the AirPort Extreme(s) connect using only wireless and extend in that manner


Here I assume that the "main" AirPort is set up as a router.....as you say......to provide DHCP and NAT service for the network


Temporarily, power off both of the AirPort Extremes that are now acting as access points

Restart the "main" AirPort Extreme router and make sure that the guest network is enabled

Move one of the extending AirPort Extremes very close to the "main" AirPort Extreme and connect a spare Ethernet cable.....any length will do.....from one of the LAN <--> ports on the main AirPort to the WAN "O" port on the extending AirPort

Power up the extending AirPort Extreme for a minute or so, then hold in the reset button on the back of the AirPort for 7-8 seconds and release, then allow a full minute for the AirPort to restart


Click the WiFi menu at the top of your Mac's screen and look for a listing of New AirPort Base Station

Click directly on AirPort Extreme



The setup "wizard" will take a few seconds to analyze the network and then display a screen that looks like the example below, except that you will see your devices and network




Type in a name for the AirPort Extreme......you can use the same name that you used previously if you wish

Click Next


Watch the next screen very carefully to see that the AirPort Extreme is being set up to extend using Ethernet. This will confirm that the setup wizard has picked up the Ethernet connection between the main AirPort and extending AirPort so the correct settings will be applied to apply extend both the main and guest networks



When you see the message of Setup Complete, click Done


Now power off the extending AirPort Extreme and move it back to its normal location on the network and power it back up. If the Ethernet wiring and switch are working correctly, so too will the extending AirPort Extreme be operating correctly. Both the "main" and "guest" networks should now be available from the AirPort Extreme acting as an access point.


Set up the second extending AirPort Extreme the same way.


In theory, you do not need to connect the extending AirPort(s) directly to the main AirPort for the setup, but it is a good idea to do things this way since it simplifies the process.








View in context

Similar questions

9 replies
Question marked as Top-ranking reply
User profile for user: Bob Timmons
Bob Timmons
Community+ 2025
User level: Level 10
184,304 points

Apr 2, 2019 6:32 AM in response to ChrisJenkins

Something is wrong somewhere, since the guest network will be automatically extended along with the "main" network when you use Apple's setup "wizard" to set up the two AirPort Extremes that will be acting as access points in a roaming network. The same is true as well when the AirPort Extreme(s) connect using only wireless and extend in that manner


Here I assume that the "main" AirPort is set up as a router.....as you say......to provide DHCP and NAT service for the network


Temporarily, power off both of the AirPort Extremes that are now acting as access points

Restart the "main" AirPort Extreme router and make sure that the guest network is enabled

Move one of the extending AirPort Extremes very close to the "main" AirPort Extreme and connect a spare Ethernet cable.....any length will do.....from one of the LAN <--> ports on the main AirPort to the WAN "O" port on the extending AirPort

Power up the extending AirPort Extreme for a minute or so, then hold in the reset button on the back of the AirPort for 7-8 seconds and release, then allow a full minute for the AirPort to restart


Click the WiFi menu at the top of your Mac's screen and look for a listing of New AirPort Base Station

Click directly on AirPort Extreme



The setup "wizard" will take a few seconds to analyze the network and then display a screen that looks like the example below, except that you will see your devices and network




Type in a name for the AirPort Extreme......you can use the same name that you used previously if you wish

Click Next


Watch the next screen very carefully to see that the AirPort Extreme is being set up to extend using Ethernet. This will confirm that the setup wizard has picked up the Ethernet connection between the main AirPort and extending AirPort so the correct settings will be applied to apply extend both the main and guest networks



When you see the message of Setup Complete, click Done


Now power off the extending AirPort Extreme and move it back to its normal location on the network and power it back up. If the Ethernet wiring and switch are working correctly, so too will the extending AirPort Extreme be operating correctly. Both the "main" and "guest" networks should now be available from the AirPort Extreme acting as an access point.


Set up the second extending AirPort Extreme the same way.


In theory, you do not need to connect the extending AirPort(s) directly to the main AirPort for the setup, but it is a good idea to do things this way since it simplifies the process.








Reply
User profile for user: Bob Timmons
Bob Timmons
Community+ 2025
User level: Level 10
184,304 points

Apr 2, 2019 7:51 AM in response to ChrisJenkins

Appears to be 1003.


https://www.chriscolotti.us/technology/apple-airports-dirty-little-secret/


Apple does not provide any documentation or information about their use of VLAN that I can find on a quick search. If you contact Apple, I imagine that they will say that guest extension is supported when the AirPorts connect directly to the main AirPort or via an unmanaged switch.

Reply
User profile for user: Bob Timmons
Bob Timmons
Community+ 2025
User level: Level 10
184,304 points

Apr 2, 2019 7:20 AM in response to ChrisJenkins

my entire network was hosed!


It sounds like you tried to manually set up the extending AirPort. There is no setting to "extend using Ethernet" this way, and you likely used the "extend a wireless network" setting, which is incorrect and would have caused a network crash.


I don't have a managed switch here to test with, but I have used an unmanaged switch for years with no problems. I suspect that the managed switch may be culprit on your network. If the setup works correctly when you connect an AirPort directly to the main AirPort and bypass the switch, then you will have to look into the settings on your managed switch.


Does the 'extension' mechanism use/require VLANs do you know?


Apple uses a simple VLAN for the guest network operation and extension, but there are no settings to access this or control this.



Reply
User profile for user: LaPastenague
LaPastenague
User level: Level 9
67,256 points

Apr 2, 2019 1:57 PM in response to ChrisJenkins

If you do a search you will find a fair bit of detail about this problem.. it has a long history.


One solution is using managed switch.. which you do have so that might work great.

The vlan is 1003 as Bob pointed out.. and that is fixed and hidden from view in the airport firmware.


Here is a tutorial which was posted ages ago which may help you through this.


https://www.precursor.ca/precursor/resources/RAIS/Tutorials/AEBS_Guest_WiFi.pdf


Note if your setup is correct.. there is a chance your managed switch is actually causing trouble..

Reply
User profile for user: ChrisJenkins
ChrisJenkins Author
User level: Level 1
80 points

Apr 3, 2019 4:27 AM in response to LaPastenague

Hi Bob,


I just wanted to update you in case you were interested... I am tantalisingly close now. I did as you suggested and both 'AP' Extremes were successfully 'extended via Ethernet'. The Guest network (on VLAN 1003) is now working perfectly well through my managed switch but only if I use statically assigned IP addresses. With state addresses I can ping the router (which assigns itself as 172.16.200.1 based on my guest network IP range defined via the Airport utility and this actually works for both Wifi and wired connections via the AP switches or directly connected to the router. The biog stumbling block is DHCP... DHCP address assignment for the guest network only works when the devices are connected to the router (wired or WiFi) and not when they are connected to the APs. I have looked at all sorts of options in the switch but there is nothing obvious (I even played with DHCP relay settings though that should not be needed). I also tried configuring a dedicated DHCP server on my Synology NAS and connected it to VLAN 1003; I can ping the Synology interface just fine but again no DHCP address assignment. I have a case open with D-Link Support; fingers crossed that they can help me figure this out.


Thanks for all your help!


Chris

Reply
User profile for user: ChrisJenkins
ChrisJenkins Author
User level: Level 1
80 points

Apr 2, 2019 7:10 AM in response to Bob Timmons

Hi Bob, many thanks for the detailed reply. I did try something similar a couple of days ago but I didn't move the second (bridge mode) airport and connect it directly to the router Airport; I left it where it was os it was connected to the router via my L3 managed switch. I did the 'extend' step, though I don't recall if it actually said 'extend via ethernet' and after that my entire network was hosed! Nothing was working and in the end I had to reset the 'bridge mode' airport and restore its original config from backup. I have no idea how/why things wen't totally screwy after extending the network but it sure scared me... Does the 'extension' mechanism use/require VLANs do you know? Currently my main switch is not configured for any specific VLAN usage; it assumes everything is on VLAN 1 by default. Maybe I will try what you suggest if I can pluck up the courage...

Reply

This thread has been closed by the system or the community team. You may vote for any posts you find helpful, or search the Community for additional answers.

How to extend the guest network with a 'roaming network' setup?

Welcome to Apple Support Community
A forum where Apple customers help each other with their products. Get started with your Apple Account.
Learn more Sign up