SG-2440, need VLAN 1003 on LAN for Apple AirPort Extreme Guest network



  • Hello,

    I have a really simple client installation:
    Cable modem in bridge mode -> SG-2440 -> Apple AirPort Extreme AC in bridge mode

    The AP supports a guest network.  The AP uses VLAN 1003 for the guest network (not documented by Apple, but figured out by smart people:  http://bodgitandscarper.co.uk/mac-os-x/apple-airport-devices-and-guest-networks-in-bridging-mode/ & https://discussions.apple.com/thread/4787934?start=45&tstart=0

    I'm looking for guidance for all the settings I need to change for the guest network to work.  This is what I think I need to do, but not sure of all the pieces:
    1. Create VLAN 1003 (I know how to do this)
    2. Get VLAN 1003 on SG-2440 LAN interface (not sure how & need to keep existing config for non guest traffic)
    3. Create FW rule to allow traffic from WAN -> VLAN 1003 (I know how to do this)
    4. Create DHCP server to serve VLAN 1003 (not sure how)
    5. Anything else?

    Thanks in advance
    Frank



  • Create the VLAN on the same interface as LAN and assign it as an interface. Then you can configure DHCP, outbound NAT and firewall rules for that VLAN.



  • Worked like a charm!

    Thanks,
    Frank



  • One thing to note: you will experience a good deal of unidirectional packet loss on the guest vlan. This is a know well known problem with the Apple AP (not particular to pfSense) in bridge mode.



  • Hello Denny,

    I saw complaints about performance of the guest WiFi vs. regular WiFI, but hoped the issue might be resolved in the latest firmware.

    Can you point me to some reading regarding the current/past issue?

    Thanks,
    Frank



  • https://forum.pfsense.org/index.php?topic=91860.0

    There's a recommended search in that thread which will bring up a few dozen posts from Apple support forums.

    Apple's response to those that call is "The guest network feature is not supported in bridge mode." They have made it clear that they do not intend to fix the issue. Their position on the matter is rather unfortunate, as it really reduces the usefulness of an otherwise decent piece of hardware.

    Between this and the disabling of SNMP, I've purchase my last Apple network device.



  • @dennypage:

    Between this and the disabling of SNMP, I've purchase my last Apple network device.

    I hear you.  But I've tried to replace my AirPort Extreme AC's with 3 x different manufacture, top of the line AC product, and they were all CRAP - unstable, bloatware, etc.  The AirPort Extreme's just work.

    Regarding SNMP & syslog - you can still use these with the AirPort Extreme AC.  The trick is to use the old configuration tool.  The devices still support SNMP & setting a syslog server.  Configure the AP with the new tool, and get it setup the way you want it.  Might want to make a backup of the configuration.  Then launch the old 5.x tool (I've only done this on OS X, don't know about the Windows tool).  Connect to the AP.  It will complain it doesn't know the model.  Go ahead and proceed.  Set ONLY the SNMP/syslog settings you want, and save the changes - Bingo!  They just work.  I've also found that even working with the AP in the new tool, after this, does not clear the settings.

    The old 5.x tool only runs on older versions of OS X.  You may need to run an old version of OS X in a VM - I keep one around just for this purpose.



  • @nicholfd:

    … tried to replace ...with 3 ... top of the line AC product, and they were all CRAP

    I doubt that unless you give specific details.
    The three top-notch AP makers are: Aruba, Cisco & Ruckus.
    XClaim wireless as consumer sister to Ruckus may come close but I don't have experiences with them yet. Calling any of those "crap" drastically reduces your own credibility and helps nothing else.
    Apple, on the other hand, is a consumer brand not exactly known for high grade APs.



  • I did not try those brands.  I used the top end models of Ubiquiti, Linksys, Asus & Netgear.  They had to support 1.3Gb on the 5GHz band.

    My budget was a max of $300 per AP, and I needed 3.  I bought 3 of each of their top of the line models over the last nine months, and spent days trying to make them "just work".  None just worked except the Ubiquiti units (even though they ran hot).  However, the Ubiquiti units only gave me about 75% of the coverage compared to the AirPort's, and throughput was only about 66% of the AirPorts.

    I tested using Netspot Pro (http://www.netspotapp.com/).  I did a site survey with the AirPorts, and then with the potential replacements in the same locations.



  • Give the XClaim wireless devices a try. Well below your $300 price point per device.



  • Thanks for the info.

    The fastest Xclaim model is only 2 x 2 - the max speed is less than my AirPorts.  I'm not willing to pay more money ($249 for Xclaim vs. $199 for AirPort) for less potential capacity.

    I also noticed, they use "Cloud" management. I don't want my network config in the cloud or to have to rely on another company for the service.



  • I don't want to open Pandora's box as far as wireless speeds etc. is concerned … all that can only be handled in the close to very close proximity to the AP and only if there's no-one else using these frequencies/channels.
    An Xclaim Xi-3 is rated at 1.167Gbps. That's well beyond the 1Gbps CAT cable's capacity you use to uplink the AP. (yeah, I know ... but heck)

    The cloud management is an add-on you can use to enable features (what a local ZoneDirector does for Ruckus APs but without having to buy one).



  • @jahonix:

    I don't want to open Pandora's box as far as wireless speeds etc. is concerned …

    Understood.

    My statements of performance are based on real world site surveys of my property, using NetSport Pro.  So my numbers are actually tests - not manufacturers spec.  I can share heat maps and documents if you're interested…  ;)