guest network does not work when bridging airport express to extreme

7.6.4 does work. This update solved all the problems with the MTU that Spiff was talking about earlier. Thanks Apple for fixing the problem. It would have helped us all if you could have mentioned it in the information about what the patch was fixing.

Agreed with gs-nc.

I installed version 7.6.4 eight days ago and my system is stable. The guest network for Airport Express in bridge mode with Airport Extreme as primary router is working.

Previously it did not work. Clients did receive DHCP, but could usually connect only to Google sites because of the MTU issue. Spiff explained this very well.

If you are not getting a DHCP address, something else is going on ... you are experiencing a different issue. If there is a bridge between your Airport Extreme and Express, then you might have the VLAN 1003 routing issue that I mentioned in this thread.

I would suggest creating a new discussion thread and provide a more detailed explanation of your configuration instead of assuming that your experience is identical to the one that was discussed here.

Hello,

I'am sorry the error could be anything.

My network is in Bridged mode.

I use all default settings.

DHCP is from an external router.

The airports are good configured and there are no errors in the network.

But event when i type manual my IP,GATEWAY and NETMASK address it still not works on my

Airport Extreme and Airport Express (latest model)

Very strange.. so now i offer an Airport Extreme for WPA/WPA2 fpr personal usage.

When an Airport router is in bridge mode, the guest network will only work if DHCP and NAT for that bridged Airport is being provided by another Airport router.

So if DHCP for your network comes from some other router, that router will simply not see your guest network.

That's just how it works. There are inherent technical reasons for this, as the guest traffic is isolated from the rest of your network (using VLAN 1003).

Thanks. i understand

Thanks for everyone’s help in tracking down the issues here with the guest networking & bridging mode.

I wanted to add one additional comment on how I was able to make it work for my scenario using a non-apple router / DHCP server.

I’ve got two Airport Express devices (one Extreme, one 5g) which are both set up in bridging mode.

After upgrading to version 7.6.4, I was still having trouble getting a DHCP address from my Netgear router (SRX5308).

Based off skippythelizard’s comment about the VLAN setting, I added a new VLAN (1003) to the Netgear configuration and enabled a separate DHCP address pool (10.10.10.X in my case) for the 1003 VLAN.

Once I added the new 1003 VLAN to the netgear configuration, I was able to join the guest network and get a DHCP address (e.g. 10.10.10.2) from the netgear router .

Everything is now working fine – so basically if your non-apple router can support additional VLAN’s, just make sure you create a new VLAN for 1003 and enable a DHCP server option for it.

Cheers

I seem to have the same issue as outlined in this post. My situation is as follows.

• We are in a small office with three floors. Our router (provided by our ISP) is in bridge mode and linked to our Airport Extreme. The AE provides IPaddresses via DHCP.
• For additional wireless coverige we have three additional Airport Express stations. They are all hard-wired in our network (with a fixed IP address and in bridged mode).
• We previously had the guest network actived on the AE. This worked (and still works) fine, accept that the wireless signal is not strong enough to cover the third floor.
• After the firmware update several months ago, we actived the guest network on the three Airport Express stations. At this point it is not possible to connect to the guest network anymore.
• All firmware is up to date.

Since I have only basic knowledge of networks I would appreciate your help.

• Is the problem outlined above the same is described in this post?
• Can it be fixed, and if so how?

Please see below a screenshot of our network.

Hi _Laohu_,

Yes, I do think your scenario fits in with the discussions here. It does not sound like the problem expressed by the original poster, but it might fit in with some of the discussions that followed.

With firmware version 7.6.3, there was an issue that Guest connections on an Airport Express bridged to an Airport Extreme would receive an IP address and could connect to Google sites, but were often unable to connect to anything else. This was the MTU problem described by Spiff.

Firmware 7.6.4 fixes that issue. As long as your main router (providing DHCP and NAT) is an Airport Extreme, guest networking will work on other Airports bridged to that Extreme.

You are most likely experiencing a different issue from the MTU issue, which is not really a bug, but more likely a configuration issue that is not very well documented (if at all).

I assume that none of your 3 Airport Express are hard wired directly into the Extreme, but instead all are connected to a network switch.

If possible, try to patch one of the Airport Express directly into one of the ports on the back of the Extreme.

I'm expecting that if you do, the guest network will start working immediately on that Express.

Unfortunately, it's probably not practical for you to wire all 3 Express into the Extreme ... because you also need to connect your switch for wired clients.

To fix this issue, you need to enable VLAN 1003 on your switch. Guest networking on the Airport uses VLAN 1003.

Simple dumb switches will usualy route all VLAN traffic transparently. But smart switches and managed switches require explicit configuration to allow VLAN traffic to be routed. After all, the idea of using a guest network is to completely isolate guest clients from your internal network (guests can't see the internal clients and internal clients don't see the guests). Therefore a smart switch filters VLAN traffic so that it is never broadcast or routed to a port unless the switch is configured to do so. This is all by design.

You need to go into your switch configuration and enable VLAN 1003 for any ports on the switch to which the Airport Extreme and Airport Express are connected. If you have multiple switches between Extreme and Express, you must also enable VLAN 1003 for the ports used to connect the switches.

How exactly you do that is going to depend on what switch you're using. I have a semi-complex network with 4 D-Link DGS-1210-24 switches and two different Cisco 8 port switches, and it wasn't difficult to configure them (just needed to remember to save configuration after applying, otherwise these switches reset when rebooted). And I have 3 Express, 2 Extreme and 1 Time capsule bridged to an Extreme. Guest networking works on all of these devices, provided VLAN 1003 is enabled for all ports involved in "switch to switch" or "switch to Airport" connections.

With firmware 7.6.3, guest networking did not work in this configuration for bridged Express devices because of the MTU issue. With 7.6.4 (and I assume 7.7.1 on the new "ac" compatible units), the issue you need to be aware of is VLAN configuration if you are using any smart or managed switches.

I hope this helps ...

Good luck!

Hi skippythelizard,

Thank you very much for helping me.

We use an 8-port switch and it could very well be possible that the Airport Expresses are all wired through the switch instead of directly to the Airport Extreme. I will check it out.

I have a similar setup at home (Airport Extreme > a 4 port Netgear switch > Airport Express) by the way which works fine, i.e. the bridged guest network works flawless.

Thanks again!

Hi skippythelizard,

The options on our switch are a little bit intimidating :-)

Are you familiar with the settings set out below? My guess I will need to change some settings under the "port setting" tab (first link) but I'm not sure.

http://snag.gy/mbM7Q.jpg

http://snag.gy/oD6Jt.jpg

http://snag.gy/SSjSh.jpg

Kind regards

Hi _Laohu_,

Yes, that switch is probably overkill for your environment.

I have never worked with that switch, but I looked up the SRW2008 manual on the web.

Based on the manual, I believe what you need to do is the following:

Create VLAN - Enter an ID of 1003 and press Add. (Give it a descriptive name of Guest Network if you wish.)

Now go to "Ports to VLAN", and select VLAN 1003. Make sure that any ports to which your Airports are connected are marked as Tagged for this VLAN. This will allow guest traffic to be sent/received over those tagged ports.

(A note for people using other switches, some switches use the term "member" instead of tagged.)

Thank you, I wil give that a try. Any ideas whether the should be marked Access, Trunk or General?

You should be able to just leave the port with its existing setting and tag/member the port for VLAN 1003 under "Ports to VLAN".

In addition to my D-Link DGS-1210-24 switches, I have two different Cisco 8 port smart switches ... an SLM2008 and SG200-08.

With the D-Link switches, it is just a matter of creating the VLAN, and then tagging the ports.

The Cisco SLM2008 is similar, but it uses the term "member" instead of "tagged".

The Cisco SG200-08 does also use the terms "Access", "Trunk" and "General". In my configuration, all ports are in trunk mode (this was the default). Under the VLAN 1003, the Airport ports are "member" and "tagged".

I believe you could use "Trunk" or "General" mode ... I'd stick with whichver was the default setting in the switch.

Many thanks for your help! Our guest network is functioning properly on all devices.

Hello skippythelizard,

I have a very similar problem to the one _Laohu_ had: I have a 4th generation TC that I use as my main router it is connected directly to my ISP modem a Motorola Surfboard SB5100i, I just bought an airport extreme 802.11ac latest generation to extend my network to a far corner of my house that I dont get wifi, currently the AE is connected to the TC via ethernet and is set up to extend my network in bridge mode and it does that very well, I decided to create a guest network to keep guests away from the resources inside my main network and here is the problem:

When I connect to my main network on the TC it works well and fast, same when I connect to the main network on the extended AE, when I connect to the guest network on the TC it works well and fast as well but when I connect to the guest network on the AE the speed gets down to 0.5 Mbps (I have a 9 Mbps connection), in other words:

Speed in main network conected to TC: 9.0 Mbps

Speed in main network connected to Airport Extreme: 9.0 Mbps

Speed in guest network connected to TC: 9.0 Mbps

Speed in guest network connected to Airport Extreme: 0.5 Mbps.

Different from _Laohu_ case my AE its directly connected to my TC via ethernet, no switch. both are running latest FW versions TC is runing firmware 7.6.4 and Airport is runing firmware 7.7.1.

I have look for information on the web and on apple support comunities but must of the similar cases i have found are related to slow speed on main and not guest extended networks. I dont know what to do i have restored both the TC and the AE, i have removed the security from the guest network, change channels, and nothing seems to work.

Do you have any idea what may be causing this issue?

Thanks