Setup guest network when Netgear router have DHCP and NAT?

You basically have two choices to set up Guest networking with your current equipment:

1. Disable router functions on the Netgear router and assign them to the AirPort Extreme base station. The biggest issue here is that the AirPort base stations have very limited firewall functionality. If your networking goals requires the ability to fine-tune a firewall, then you will want to stick with the Netgear performing as your "main" router.
2. Leave the router functions on both the Netgear and the AirPort Extreme. The biggest issue here is that you would be running your network in a "double NAT" condition that would not be efficient.

The router is Netgear model WNR834Bv2

Yes.. very old and limited model.

If I drop the router and connect the AirPort Extreme base station directly to the internet, am I as secure as with the Netgear router

The airport router is actually fine for most people.. A standard NAT router provides lots of protection to your network. The only situation where you really need a more substantial firewall is when your client devices are subject to virus infection due usually to visiting dubious websites or downloading infected email attachments.. these come straight through the standard firewall anyway. What the firewall does is prevent those infections from connecting back out to compromise your network.

Apple placed the protection at the client. And most problems are on Windows and Android.. like I mean 98%.. Mac OS and iOS are still very secure OS.

I used to work as a computer tech.. and one of the main reasons I jumped ship and went Mac was to escape lousy windows security. I have run Macs now for several years and never had infection. Not that I had huge infection issues with windows.. but my kids were always downloading infected stuff. And repairing PC with infections where people never did backups eventually drove me around the bend. People allow kids to use their business computers for downloading illegal music, videos, prawns etc.. and hence end up with badly infected computers.

All ports closed and I cannot get incomming traffic, so no possibility to access my network when I am on the road? Total blocked for hackers?

NAT alone prevents unwanted incoming traffic. It is possible to break.. you should never say never.. but it is so difficult the problems of doing so are only worth it when the rewards are great. Frankly nobody is likely to be that interested in your family photos. Or naughty emails. Or hacking your computers for bots. Of course if you do run windows and android stuff take all the precautions you can with proper security settings and AV software. If you are running mostly Apple stuff you are over worrying about the problem.

If you do want to access your computer on the road Apple do have secure systems.. Back to My Mac uses same security as normal VPN. As long as you are using Mac OS it is easy to use and setup.

There are other secure methods so if you need remote access tell us. But they will not compromise the security of the network.

34 did sound excessive.. I know we all end up with an amazing number of devices connected to the internet but unless you run a dorm I could not imagine 34 Macs.

For the business.. IMHO you should be running pro systems. You can get away with Apple routers if the needs are not so great.. but if you need remote access on anything like continual basis.. then a pro level router with built in vpn and security is well worth the expense.

Apple removed SNMP which is used for tracking usage for example.. in the latest AC version.. which reinforces it is domestic router. Most business situations need better controls and tracking.

There is a perhaps another option.. if you can set the Netgear to handle vlan it is possible to get around the Apple limitation. This is not so easy to setup.. !!

What model is the Netgear?

The netgear itself can do guest wireless if it covers sufficient area of the house.

For business.. you should be using pro systems.. not Apple routers at all..

Here is the scenario.. you setup this system all safe and secure like.

Let's say I am one of your employees with nefarious desire to download illegal movies.

On an Apple system I cannot be prevented from doing so. No matter what changes you make to the Apple routers I am free to do anything I like and you cannot discover when the police arrive and ask about the illegal downloading. You are held responsible.. and when they look at your domestic level routers and explain it has no ability to anything useful to block anyone doing anything.. and even the security is easy to eliminate because I can bring up all your security passwords without you knowing.. they may suggest you are still responsible.

Pro level stuff with real firewalls and using a couple of decent WAP will cover your business and give you guest network. It will not even cost that much nowadays with latest equipment from ubiquiti for example. Plus in business you could lease it.. and claim it on tax anyway.

Domestic systems are fine for home.. mostly.. although I am not pleased at all with Apple's direction in removing functionality from routers instead of adding it.

If you use Domestic routers in your business setup.. that means you are absolutely trusting all your employees. And any savvy ones know you don't even have the ability to hold them accountable for actions they take.

You can mix apple routers into the system.. just as WAP that is easy. (wireless access point).

You could setup one Airport as part of your main full access wifi. And setup another airport as guest. Assuming the new router has a fairly easy to configure guest configuration. Ie the setup is not on the airport but on the router.. which has one ethernet port dedicated to guest wireless WAP. Then your airport can easily work without a lot of messing around.

Trying to combine both guest and main wifi in one airport is done with vlan. But Apple provides NO ACCESS to vary settings for this. It is totally hidden from end user and is only because people love to hack things we know any details at all. Without vlan selection it is very difficult.

If your main router or managed switch is correctly setup with vlan (1001 from memory but I would need to check), it might work OK.. !!

Each pro router will have its own method of setting up guest wireless. (There is no standard set set by IEEE etc) And will be extremely unlikely to use identical vlan to the Apple router.. that means you are on your own configuring this. And while most pro routers have great interface.. and you can do amazing number of variations.. do you have the time to waste learning a new router OS.. or would it be easier to simply buy a package with all the bits integrated together.

Think cost in time and work out a monetary value to that. If your time costs 0 spending infinite time configuring it is fine.. if your time is worth more than 0.. it is important to understand what you are saving .. vs what % of your life is spent on unproductive.. unbillable hours.

Is it going to end up better than a properly managed pro system? The answer is clearly NO. And your saving in hardware cost are totally outweighed by your needing to configure the main router yourself from scratch without help.

(No pro hardware manufacturer will include setup using Apple routers as WAPs).

Then you have the problem if it fails.. Apple blames the router manufacturer and the router manufacturer blames Apple. It is impossible to get resolution when you give these companies an out. Mixing hardware is so easy for them to refuse support.

BTW go into any Apple store and ask what hardware they use for networking and wifi in the store.. hint.. it aint Apple.

It is most famous pro system.