I recently had to replace my Linksys WRT-1900-AC router after less than a year due to a failure in the 2.4GHz radio.  I opted to try the Apple Airport Extreme again, expanding my two Apple Airport Express network.  Since I am running a Ubiquiti Edge Max router, I run everything in bridge mode.  I wanted a guest network, but when I turned it on, I could connect but DHCP wouldn’t work.  A little digging revealed that Apple uses VLAN 1003 for their guest network.

I am running TP-Link managed switches which support VLAN tagging, so I tagged the ports to VLAN 1003 and configured the VLAN on the Router as a child of my primary internal interface.

After Assigning DHCP, I tested, and while I got an IP and could ping by address, I was still having DNS issues.  Since I could ping google’s DNS, I assumed it was not appropriately forwarding DNS.  I looked in the router configuration and under DNS I added the new VLAN interface as a listening interface.  Problem solved.

A few final thoughts, I put in firewall rules to block traffic to and from the guest and management VLANs I run.  I am going to test out the Circle with Disney, http://www.disneystore.com/circle-with-disney/mn/1026902/, as a network monitor, so I am using the guest plan for my children, and guests, so it was important to ensure the VLAN was isolated.  The only major downside is I have to leave VLAN 1 untagged for my standard VLAN, and there are some limitations around AirPlay, AirPrint, and anything using mDNS, but all in all not bad, a good temporary solution until I can find my Ubiquiti UAP-AC-PRO-US Access Points.