I recently had to replace my Linksys WRT-1900-AC router after less than a year due to a failure in the 2.4GHz radio. I opted to try the Apple Airport Extreme again, expanding my two Apple Airport Express network. Since I am running a Ubiquiti Edge Max router, I run everything in bridge mode. I wanted a guest network, but when I turned it on, I could connect but DHCP wouldn’t work. A little digging revealed that Apple uses VLAN 1003 for their guest network.
I am running TP-Link managed switches which support VLAN tagging, so I tagged the ports to VLAN 1003 and configured the VLAN on the Router as a child of my primary internal interface.
After Assigning DHCP, I tested, and while I got an IP and could ping by address, I was still having DNS issues. Since I could ping google’s DNS, I assumed it was not appropriately forwarding DNS. I looked in the router configuration and under DNS I added the new VLAN interface as a listening interface. Problem solved.
A few final thoughts, I put in firewall rules to block traffic to and from the guest and management VLANs I run. I am going to test out the Circle with Disney, http://www.disneystore.com/circle-with-disney/mn/1026902/, as a network monitor, so I am using the guest plan for my children, and guests, so it was important to ensure the VLAN was isolated. The only major downside is I have to leave VLAN 1 untagged for my standard VLAN, and there are some limitations around AirPlay, AirPrint, and anything using mDNS, but all in all not bad, a good temporary solution until I can find my Ubiquiti UAP-AC-PRO-US Access Points.