Posts Tagged ‘AirPort Extreme’

Apple Airport devices and guest networks in bridging mode

Friday, January 9th, 2015

The feature of being able to configure a separate guest Wi-Fi network has been present for a while now on Apple Airport gear. However, the documentation only ever alludes to this feature working when the Airport device is running in router/NAT mode, i.e. it’s in charge of connecting directly to the Internet and sharing the connection from your ISP.

Quite often people (like myself) use the Airport device(s) in bridging mode, i.e. as regular access points to attach Wi-Fi clients onto the Local Area Network and then some other device handles the routing and NAT function, (in my case an OpenBSD host), and it would be nice if you could also create a guest Wi-Fi network in this mode. The obvious way I would expect it to work is to utilise VLANs; the Airport device uses a single unique VLAN ID to tag Ethernet frames from clients on the guest Wi-Fi network. As the administrator you can then use that tag to segregate the traffic on your network; usually to allow guests some form of heavily-restricted Internet-only access, and not be able to access the rest of the network. The Airport Utility lets you create the guest network in bridging mode but doesn’t give you any details as to the mechanics of it.

Well it turns out my hunch was correct, it does use VLANs; Ethernet frames from clients on the normal Wireless network stay untagged so they Just Work on your network as before, however Ethernet frames from clients on your guest network are tagged with the VLAN ID 1003. This ID is not mentioned anywhere, nor can it be changed so you’d better hope you’ve not already used that ID for something else.

Armed with that information, I configured my Cisco SG300 switch like so:

switch#configure terminal
switch(config)#vlan database
switch(config-vlan)#vlan 1003
switch(config)#interface vlan 1003
switch(config-if)#name wifi
switch(config)#interface GigabitEthernet 1
switch(config-if)#switchport mode trunk
switch(config-if)#switchport trunk allowed vlan add 1003
switch(config)#interface GigabitEthernet 2
switch(config-if)#switchport mode trunk
switch(config-if)#switchport trunk allowed vlan add 1003
switch#show vlan
Created by: D-Default, S-Static, G-GVRP, R-Radius Assigned VLAN, V-Voice VLAN
Vlan       Name           Tagged Ports      UnTagged Ports      Created by    
---- ----------------- ------------------ ------------------ ---------------- 
 1           1                               gi1-8,Po1-8            D         
1003       wifi             gi1,gi2                                 S

This creates the VLAN, names it, configures two trunk ports where my Airport and OpenBSD router are attached and adds the new VLAN to the list of allowed ones on each port. Finally all that is left to do is to create a VLAN interface on the OpenBSD router:

# cat /etc/hostname.vlan1003
inet vlan 1003 vlandev em0

Providing any DHCP and/or DNS services and firewalling the traffic is outside the scope of this post but you now have a separate interface and subnet that you can treat it like any other regular network.

So now I have two separate wireless networks; one that gives me access to my LAN which I can secure using WPA2 Enterprise and another that can only reach the Internet which can be unrestricted or more likely secured with WPA2 Personal.

Finally Upgraded

Thursday, July 15th, 2010

When did Snow Leopard come out? No, I can’t remember either, but despite upgrading my other lesser-used Intel Mac, I had completely forgotten to do my MacBook Pro which is my main machine these days, I guess I just didn’t have a need to do it, until now.

I’ve had a MobileMe account for a while now which is great for keeping contacts and whatnot synchronised, and I’ve started to dabble with the Back to My Mac feature and I read that Snow Leopard added support for Wake on Demand, including being able to wake supported machines up over the wireless AirPort network in addition to the wired Ethernet. A bit of a google gave mixed results for my model which System Profiler reports as a MacBookPro3,1 (one of the last models before the unibody MacBook Pros) which suggested it was down to the particular make and model of AirPort Extreme card inside, so there was nothing left but to take that final backup and go for it.

Even though I back up to a Time Capsule and Mac OS X in-situ upgrades seem to generally work, I usually prefer to go for a full wipe and reinstall to prevent the build up of any excess cruft over time and then selectively restore anything from the backups by hand.

Once Snow Leopard was installed and updated, I had to reinstall some of my favourite applications, including but not limited to:

  • Shimo – I need to connect to a Cisco VPN for work and this has a far more OS X-y GUI than the standard Cisco horror
  • Growl – amazing just how many OS X apps have support for this notification system
  • RipIt – exactly how DVD ripping should work under OS X
  • Audio Hijack Pro & Fission – using these two I can transfer and encode my vinyl collection to MP3, although I suspect I’m under-utilising Audio Hijack Pro
  • Arduino IDE – for blog cred
  • Scrobbler – to update my profile
  • Quicksilver – I probably under-utilise this application launcher with bells on
  • ClickToFlash – stop Flash eating my CPU cycles
  • EyeTV – excellent software to record the odd bit of TV worth watching and convert it to play on my iPod

And after all of that, do I have an AirPort Extreme card that supports Wake on Demand? According to this screenshot, it appears not.

System Profiler Screenshot

If I’m really bothered, I could maybe trawl eBay for a newer AirPort Extreme card, although it appears non-trivial to replace so I think I’ll leave it and revisit if/when I get a new Mac. Bugger.