[Update 30-May-2016: New Apple Firmware 7.7.7 seems to fix the performance problem, making this technique work again. See Peplink | Pepwave - Forum ]
I have a Peplink Balance One, but due to its location inside a server closet, the wifi signal isn’t reaching as far as I want. I had an old Apple Airport Extreme wifi base station, and wanted to see if I could integrate it with the Peplink, when using the Guest network feature of the Airport.
It turns out, this is not very difficult if you know the secret steps:
Make sure the Airport is on firmware 7.6.4 or later
Set the Airport to Bridge mode
connect the Airport with ethernet to your Peplink router
Enable the Airport’s Guest Wifi network feature.
What Apple doesn’t tell you (but other folks have discovered) is that the airport guest network is VLAN tagged with ID 1003. So, to make this work on the Peplink side:
Make sure your PepLink is on 6.1.2 or later
On Network/LAN click the “?” button and switch to multiple VLAN settings
Leave your default Untagged LAN alone, but click the button to make a new VLAN
Name it something descriptive “Guest VLAN”
Give it a network range that is different from your main network. For example, my main network is 10.0.AAA.x - so I set my guest VLAN to 10.0.BBB.x
Enable DHCP with a range that matches
Un-check the Inter-VLAN routing checkbox to isolate the Guest network from your default network.
Save and apply your settings, and reboot the Airport, and test. What you should see is that the guest network connects, and users will get a DHCP address in the guest network range, and they are isolated from main network.
Is it possible to put certain wired Ethernet devices on the VLAN? If so, how would I do that? Should I give them fixed IP addresses in the network range?
The Balance is capable of standard 802.1q VLAN tagging. Basically, you would create a VLAN in the Balance and define the DHCP range and VLAN ID.
If you are using a AP connected directly to the Balance then you would just need to tag VLAN ID to the SSID inside the AP device, as this is a feature in most APs.
You can set them to obtain automatically as the Balance will have a separate DHCP server for it’s VLAN network, however setting a static will work as well.
Thank you. Could you give me a bit more detail like the original post (with the exact steps). I’m not super experienced in this. The wired Ethernet devices that I’d like to isolate are plugged into a switch that is connected to one of the LAN ports on the Peplink. The wireless (wi-fi) devices that are on the Guest VLAN are connected to an Apple Airport which is plugged into another LAN port on the Peplink (in bridge mode).
I have tried this several times with Apple AP, but each time I found that even though this worked, the performance on the guest network was so bad it was unusable. Have you tried doing any network performance tests on the guest network?
I think you misunderstood my comment. What I am saying is that configuring an Apple Access Point in bridge mode with a “Guest” network with a non-apple router appears to cause network performance issues on the Guest WIFI network ONLY, the primary (non-guest) WIFI performance is still good.
I have tried this many times, and I have found references to this problem from other people that have tried the same thing.
To give an example of the performance issue, in my configuration a speedtest on the primary WIFI network might be 100 Mb/sec download, whereas the Guest network on the same AP is 1Mb/sec.
Yes, the real problem here is that Apple only supports Guest mode on their AP’s when a Apple Airport is used as the primary router. The instructions that the original poster outlined are correct, but Apple is doing something which is non standard, whatever that is, causes performance issues. If you try to talk to Apple about this, they will just say its an unsupported configuration and not be able to help you any further.
My guest network is mostly used for low bandwidth devices (Wifi thermostat etc.) so I hadn’t tested it and probably wouldn’t notice a problem.
I just ran a test from an iPad to speedTest.net, and I didn’t see a dramatic difference between the Main and Guest networks - either way I was getting about 20mpbs download (which I think is hitting the 802.11 2.4GHz wifi speed limit) and up to 7 up (which is hitting my cable modem speed limit).
This was just a single test with a single device, of course, but didn’t at all seem “so bad it was unusable”.
Test was run using an Airport Extreme (5G model) using Firmware 7.6.4.
Update: I’m seeing the problems that others mention, that with this setup the guest network is slow. It appears to only affect download speeds, not upload speeds. For example, on the regular network we can pull 100 down 10 up, but on the guest VLAN network only 4 down 10 up.
I wonder, is this purely an Apple issue or would Firmware 6.3 possibly improve this?
wow, soylentgreen, works great. I had no earthly idea why my guest network never worked to my wife’s great chagrin! Never considered it was something in my Balance 50 that was holding it up!
oops, spoke too soon. I can now sign in on the guest network, but nothing will hook up to the regular airport. I deleted the new Vlan, rebooted the airport and the 2.4 and 5.0 mhz networks work again. ( but of course, guest doesn’t work again!"
I am unsure what I did wrong. Followed the instructions above: my reg network uses 192.1.168.xx,
used 1003 for the id, turned on inter-vlan, used ip address 192.1.169.2 under ip settings, named it as requested, left it at 255.255.255.0, used 192.1.169.20-50 as my range. Is the problem perhaps that I used .2 for the IP address which was not in the range?
I am pretty sure that this is a Apple problem, as I said before Apple does not support 3rd party AP’s on the 1003 vlan, so this is a non-issue for Apple. I dont think there is a real solution to the speed issue, as I suspect Apple is doing something to keep non Apple products from using the guest feature.
I think you are probably correct, and in fact, my earlier tests were with an older Airport Extreme and guests were pulling 20mbps (which I think was OK) but after I upgraded to the latest Airport Extreme 6G) it seems to be worse (about 4mbps).
What I may try is this:
upgrade to peplink 6.3
set up port-based VLAN
use the older Airport to run a completely separate guest-only network.
Not as simple an elegant but should solve the problem.
After upgrading to Peplink 6.3 firmware, I was able to set up a port-based VLAN, using a second (older) Airport Extreme for the guest-only network, so I’m basically using two different pieces of Airport hardware for the regular and guest networks. Performance is fine in this setup… However this is not really what I wanted, as now I’m running two separate pieces of hardware, which kind of defeats the original elegance of using a single Apple hardware device.
It would be really interesting if we could figure out what exactly is going on with the VLAN 1003 slowdowns on Apple kit. I’ve seen other discussions suggesting this was an MTU issue (but this was in the context of using multiple Airport devices to extend a wireless network, and also they claim it was fixed with Airport 7.6.4).
I don’t have hard data, but it’s definitely my impression that the older Airport Extremes (5th Generation) did not suffer as bad from this VLAN 1003 performance issue, but when I upgrade to the newer 6th Generation model, it got much much worse.
