Q: set up branch to main ethernet network using Airport Extreme

That should work. It would be the basis for a roaming type network.

One caveat. Except for the "main" AirPort Extreme that is performing as a router, connect the other base stations using their respective LAN ports. We have found some inconsistencies when a base station is in bridge mode and the connection is to their WAN port.

And if I use an IP range such as 10.0.1.x, there is no chance this could clash with the other building- I assume that using the WAN port when the ethernet comes into our building, an IP address clash can't go backwards, "upstream" back to the main building?

This sounds as if you plan to connect the AirPort as another router behind the "main" router. While you won't have to worry about IP address conflicts using this method, you will create what is known as a Double NAT error on the AirPort network that may.....or may not cause problems for your "branch" network......since the effects of a Double NAT error are unpredictable, and cannot be known until you try things out to see how well......or, if.....they work acceptably well for you.

Tesserax was suggested a setup using the AirPort in Bridge Mode, so that devices on the AirPort network would be using the same IP address range as other devices on the "main" network.  You never have to worry about a Double NAT issue with this type of setup.

thanks- I'm a bit unsure on NAT and what it does.

NAT = Network Address Translation. It was designed after it was determined that there would not be enough IPv4 public IP addresses for all users on the Internet. It allows you to share a single public IP address with multiple private IP addresses on a local network. That is how you can have multiple clients on your local network that can all access the Internet through the modem/router.

The building, most likely, employs a router upstream of yours that has NAT & DHCP. Like NAT, DHCP is another IP protocol, but it has the responsibility to hand out private IP addresses to clients on the local network. Your AirPort Extreme is one of these clients and has been assigned a private IP address on its WAN port. Your Extreme also has NAT & DHCP enabled, by default ... so it is doing the following two things:

1. It is using that assigned "public" IP address and sharing it with clients on its own local network, and
2. It is assigning private IP addresses to clients on its local network. By default, the Extreme will be assigning IP addresses in the 10.0.1.x range. (Note: IP addresses starting with 10, 172, or 192 are private IP addresses. They can not be routed over the Internet.)

Could I set up my network to distribute IP addresses with different pool to the main network, so no IP clashes, and then turn off NAT on my network?

Yes, and no. You can set up your network to distribute IP addresses that are different than that used by the building. As such, they will NOT interfere with them. However, turning NAT off, exposes you local network to the building's router, which will attempt to assign IP addresses from its pool of addresses ... and why the addresses "ran out."

Leaving NAT enabled, as Bob has mentioned, will result in a "Double NAT" condition. That just means that network traffic on your local network must go through multiple NAT routers. This still works, but is not as efficient so you will notice some data transfer performance loss doing so.

Ideally, the building router, if it can support it, would be configured to create multiple VLAN segments. One for each of the tenants. You would then configure your Extreme in bridge mode (disabling NAT & DHCP) and get dedicated IP addresses from the building's router. Since your network would be on a dedicated VLAN segment, the addresses would not conflict with any of the other building networks.

How would I know if NAT is on the main network?

If you connect a single computer to the building's Ethernet connection and it can access the Internet, then most likely, it is getting both NAT & DHCP services from the building's router.

and if they DO, do I need NAT on my branched network?

If you want to keep your network "private" from the rest of the building, then yes you would want your AirPort Extreme to have NAT enabled.

Could I have my own pool of IP addresses (DHCP only) and use their NAT?

Yes, as I mentioned earlier, you can configure the DHCP service on the AirPort Extreme to dole out IP addresses that are in a different IP scope than that used by the building.