User profile for user: l008com
l008com Author
User level: Level 1
94 points

Guest Network in Bridged Mode?

I'm wondering if you can use the Guest wifi network feature on an Airport Extreme that is in bridged mode. When I say bridged mode, I do NOT mean "extending" a wireless network (like many threads with a smiliar title seem to mean). What I mean is that I have a single Airport Extreme. I want to use it as a wireless access point, while continue to use my ISP's modem/router combo as the DHCP provider. The ISP box will have no wifi enabled. The Airport will connect to that box (via a large switch) and be convfigured as a bridge, instead of "distributing IP addresses" itself.


I know that in this setup, a regular wireless network is not a problem. But I've never tried a regular and a guest network together, while in bridged mode. I'm hoping this is do-able, because I don't think the DHCP in the ISP box can be turned off. Plus we only planned for a single ethernet cable going up a floor to where this airport is going to live. If it is going to be the DHCP provider too, then there would have to be a second ethernet cable, so the airport can logically be between the ISP box and the switch.

Posted on Jun 4, 2013 2:09 AM

Reply
13 replies
Sort By: 
User profile for user: Bob Timmons
Bob Timmons
Community+ 2025
User level: Level 10
175,658 points

Jun 4, 2013 5:07 AM in response to l008com

I'm wondering if you can use the Guest wifi network feature on an Airport Extreme that is in bridged mode.

Sorry, but no. The AIrPort Extreme will have to be in router mode providing DHCP and NAT services if you want it to create both a "main" and "guest" network.

Reply
User profile for user: l008com
l008com Author
User level: Level 1
94 points

Jun 16, 2013 8:20 AM in response to l008com

So as it turns out, you can use the guest network feature while the airport is in bridged mode. I just unwrapped the one I bought for this job and tested it out by piggy backing it into my wired network and putting it in bridged mode. I was able to create a primary and a guest network.

Reply
User profile for user: Bob Timmons
Bob Timmons
Community+ 2025
User level: Level 10
175,658 points

Jun 16, 2013 9:18 AM in response to l008com

Tried this with 3 different 3rd party routers, but no go.


If you have another Apple router on the wired network that is set up with the Guest Network, then you can add a second AirPort and the guest network will work in Bridge Mode.


Might that be the case?


If not, have you tested to verify that you can get an Internet connection on the Guest Network?

Reply
User profile for user: l008com
l008com Author
User level: Level 1
94 points

Jun 24, 2013 12:40 PM in response to Bob Timmons

Turns out you can connect to both networks, but you only get an IP over the private network. Public just gives you a self-assigned IP. That is particularly annoying. Even running DHCP only for the guest network would be an OK option. But we can't double-nat the primary network, and the comcst modem has a router built in that I don't think you can disable.

Reply
User profile for user: Bob Timmons
Bob Timmons
Community+ 2025
User level: Level 10
175,658 points

Jun 24, 2013 1:44 PM in response to l008com

As I mentioned previously, the AirPort must be in a Router Mode of DHCP and NAT to enable the Guest Network feature....and have both the "main" "guest" networks operate correctly with Internet access.


You might check with your ISP about the possibility of obtaining a simple modem.

Reply
User profile for user: l008com
l008com Author
User level: Level 1
94 points

Jun 24, 2013 2:51 PM in response to Bob Timmons

Yeah that's the plan. Everything with comcast is a pain in the *** but hopefully I can just buy a modem and have then enable it over the phone. I've done things that way before but this is a business account and they like to do things differently just to mess with people with business accounts.

Reply
User profile for user: dennypage
dennypage
User level: Level 1
23 points

Sep 23, 2013 12:50 PM in response to l008com

Yes, you can have both private and guest in bridged mode.


The reason that a DHCP address is not received on the guest network is because packets originating on the guest network are 802.1Q tagged as vlan 1003. In order for your firewall/dhcp server to process these packets, you will need to add a virtual interface for that vlan.

Reply
User profile for user: dennypage
dennypage
User level: Level 1
23 points

Sep 28, 2013 8:24 PM in response to nrh

I was referring to the Aiport Extreme. I don't know if the Express works the same way or not.


Wi-Fi access points that have the capability to host multiple SSIDs often have VLAN as a configuration option. But most retail access points designed for home use do not.

Reply
User profile for user: name99
name99
User level: Level 1
15 points

Nov 7, 2013 2:16 PM in response to dennypage

This is a valuable answer because it clarifies the one piece of the puzzle as to how this might (or might not) work.


It is obvious that a device connecting to the base station informs the base station as to whether it is on the guest or private network through the SSID it connects to. It's obvious how one can create two overlaid networks through using two different (non-routable) IP address ranges. It's obvious how the base station --- AS DHCP and NAT HOST --- can allocate addresses in these two ranges.


What was not obvious is how this can all propagate out to a third party DHCP server --- how would that server know to allocate IP addresses in one range rather than the other?

But use of a VLAN tag answers that question. Very cute use of a (to home users) rather obscure part of the ethernet spec.

Reply

This thread has been closed by the system or the community team. You may vote for any posts you find helpful, or search the Community for additional answers.

Guest Network in Bridged Mode?

Welcome to Apple Support Community
A forum where Apple customers help each other with their products. Get started with your Apple Account.
Learn more Sign up