Setup Guest Network with OS X Server and Airport Extreme - NEED HELP!

Can the guest network route IP to the private network? (That's not usually the case, after all.)

I don't know off-hand if the Airport Extreme can have two sets of DNS servers, one for private and one for the guest LAN.

And I'd tend to keep away from having ISP DNS and local DNS in the same client configuration as you might not be getting your translations from where you think you're using.

The Airport's DHCP settings just needs to utilize one of your ISP DNS servers to feed the guest network DNS data.

Check the DNS server logs and the firewall logs on the local DNS server, and see if you're getting queries forwarded from the subnet the Airport is operating for guests.

From OP, I'm assuming it does not; that the devices make the assumption that there is one set of addresses.

Another potential option is to move DHCP off the Airport or Time Capsule device for the private LAN

After trying for days to figure this out I was finally able to get a working solution and I now have my APE providing a guest and main network while using my lion server as the Dsn server for the main network.

The setup is a bit of a hack and does require you to have at least two devices with staticly assigned ip information on the main network but it does allow you to serve dhcp for both networks from the server and make some services available to the guest network such as iTunes remote for parties.

1) delete your custom Dns entries from the Internet settings in the APE and set two dhcp reservations for .2 and .3 (in this case my Mac mini server and my airport express)

2) reduce the dhcp range to only have 2 available IPs (10.0.1.2-10.0.1.3) and save settings

3) on a computer connected to the main network install wireshark and begin sniffing for packets. Connect at least one device to your guest network and look for any packets that have an ip from your guest network (usually 172.16.42.x) once you capture one of these packets expand the vlan information. This should list a vlan ID ( in my case this was 1003. I would suspect this is universal but do not know)

4) on your server open network preferences, click the gear at the bottom and click "manage virtual interfaces", add a vlan that matches the vlan ID from above. Click ok and apply your settings. The vlan interface should get an ip in the guest network range from your APE.

* if you are running lion you will need to install server admin tools before proceeding*

5) open server admin and add the dhcp service. Create an entry for your primary network (ex: 10.0.1.x) make the dhcp range one higher than the settings in step 2 ( ie: 10.0.1.4 to 10.0.1.253) assign this to the physical interface. Make sure this entry has your internal DNA servers

6) add another entry for the guest networks ip range (ex: 172.16.42.x) again set it one ip higher than step 2 ( 172.16.42.4 to 172.16.42.253) save and activate both ranges. Assign this range to the vlan interface. Make sure this entry either contains your isps dns servers or another public dns server. Turn on dhcp.

Because you have now assigned the only two addresses in the APEs pool for your primary network to static entries there will not be any addresses to assign and the APE will not respond to requests. This will allow your server to pick up the work of assigning IPs. As for your guest network, the APE will assign IPs for two host and then stop. Your clients may either get an IP from the APE or the osx server so both should have the same info. Just make sure the two static clients on your main network have the local DNA servers entered manually.

Thank you so much Robert! It took me hours to find your post, but it was very helpful! I might add that the VLAN ID of my newly purchased Airport Extreme also was 1003, so it's possible that's a universal setting.