Bridge mode as a guest network?

Guest Network is as separate from your other one as yours is from mine or anyone else's.

A "wirelessly extended" network extends both. There are no additional security precautions you need to take, other than the usual: WPA/WPA2 encryption with a reasonably secure password, and physical inaccessibility of the routers to preclude unauthorized tampering.

Can I set up extreme #1 with a guest network and bridge extreme #2 to allow access to that guest network?

Yes.

I understand what you are proposing and it doesn't change the answer. I also understand HIPPA implications. Guest Network clients do not have any more ability to use your other wireless network than they would if you choose not to enable Guest Network.

However these articles usually involve a gateway type modem/router which I am not using.

I understand that too. You are proposing to use one router – the Extreme. It will create two separate and distinct wireless networks, as separate and distinct as any other, and they will not be "bridged". The second Extreme is not acting as a router so there will be no "double NAT" concerns.

Remember to keep the Extreme physically secure. Leaving it accessible to unauthorized others would be no different than leaving a back office computer accessible to unauthorized others.

The firmware required to extend Guest Network was released over two years ago.

That's the first time you mentioned a switch though. How do you propose to use it?

the optimum setup is to connect base stations through Ethernet and bridge them.

That's correct. A switch won't change the nature of a "roaming network". Bear in mind it has to be just as inaccessible as any other device to ensure the security of your network.

To be completely, over the top technically accurate, a "network bridge" describes a link between two networks. Merely connecting Ethernet devices to one another doesn't create a bridge, but a new or previously unconfigured Extreme will automatically be configured as a bridge as long as you connect it to your router using Ethernet, and you set it up that way.

I mention that only so that you don't confuse yourself when describing your network topology. You wouldn't call a crown a bridge, right? Or would you... I don't know 🙂

What's important for you to realize is that an Extreme's Guest Network is not bridged to its other one. I surmise that may be the source of your concern.

Apple doesn't help matters by applying the same "extend" terminology to both wired and "wirelessly extended" networks, but you are correct in that a "roaming network" specifically describes access points that communicate with a router using Ethernet. I suppose they reason that users shouldn't have to burden themselves with such minutia. Each of those configurations is an "extended" network to them, even though they accomplish it very differently.

If I turn on the guest network feature on the extreme/router will that guest network carry over to the ethernet connected extreme 2 that is "roaming" connected device.

Yes it will.

In order to do what you want, you would have to first turn on the guest network feature on your "main" AirPort Extreme and get that working correctly first.

Then, when you add the second AiPort Extreme, the setup "wizard" will automatically extend both the private and guest networks using Ethernet with the second AirPort Extreme. You don't have to worry about jargon like "roaming" or "create" or "bridge mode".

The end result is that you will have greater wireless coverage for both the "private" and "guest" networks. They will still be completely separate in that devices on the guest network will not be able to "see" any devices on the "private" network and vice versa.

However, if you do not turn on the guest feature on the "main" AirPort Extreme first.....then you will not be able to set up a "guest" network on the second AirPort Extreme and have it do what you want.

I think that part of the problem that you appear to be having with understanding all of this is that you are looking at a 3+ year old Apple support document that has little to no relation to the way that newer operating systems and newer versions of AirPort Utility operate. Unfortunately, Apple has not updated the document to include the newer operating systems and AirPort Utility versions.

The bottom line here is that if you get the "main" AirPort Extreme working with both the "private" and "guest" networks, then it will take about 2 minutes to set up the second AirPort Extreme to do the same thing.......virtually automatically. All that you need to do is connect the AirPorts using the Ethernet cable, start up the setup wizard, and assign a device name to the second Extreme. The setup wizard takes care of all the rest, you just sit back watch the setup happen on your screen.

If you want step by step, we can provide that.

It sounds like you may be confusing AirPort Utility with the setup "wizard". They are two different things. Use the wizard to set this up. Use AirPort Utility to change a setting or change a name after you have things set up.

Assuming that you have the "main" AirPort setup and working with both a private and guest network........

Connect an Ethernet cable from a LAN <--> port on the main AirPort to the WAN (circle of dots) port on the new Extreme.

Click the WiFi icon at the top of the screen and look for a listing of New AirPort Base Station

Click on AirPort Extreme

That will get the setup wizard running, and after a few seconds it will display a screen that looks similar to this, except that you will see icons of your devices

Type in a name that you want to call the new AirPort Extreme and click Next

Then, watch the next screen to verify that the new AirPort Extreme is being set up to "extend using Ethernet"

Then, when you see the screen with the message of Setup Complete, click Done. And, you are done. Everything is now set up perfectly.

May be time to hard reset or factory reset that device.

Yes, absolutely.

It's almost as though Apple has given up on attempting to document AirPort Utility or how to configure a network, perhaps due to the unpredictable complexities of even small networks. You really are better off starting with a "hard reset" for both devices and just answering the prompts. Its automatic setup is actually pretty good. Don't overanalyze it. If the result is unexpected, write back for instructions, which will probably start with another "hard reset".

For reference:

To "hard reset" an AirPort Base Station: make sure it's powered up, then gently press and hold its tiny reset button. Don't apply any more force than required to feel a tactile click. Keep it depressed for five to ten seconds, long enough for its LED to flash amber rapidly. Release the reset button. Then, the LED will glow amber steadily for about a minute. Then, it will flash amber, slowly, about once every second or two, waiting for you to configure it with AirPort Utility.

In order to run the setup wizard, you have to start from a factory default state with the AirPort device. The "new" AirPort that you will be adding will already be set this way when you take it out of the box, so it is ready to be set up.

If you are going to use another AirPort Extreme for your "second" Extreme, and that device has been set up previously, then you would need to first "Hard Reset" the AirPort. Then, the setup "wizard" will recognize the "new" AirPort and the setup will run quickly and correctly.