I may be ignorant here. Please educate me. I have an older Extreme, which allows guest access, and I sometimes allow guests to do that by giving them the guest password. That means, I think, that the guest can go to the Internet but that my network is protected from bad things. I have my wife’s computer set up to get only guest access so if she makes a mistake (goes to an evil site) my other computers are protected.
Am I right? Are there non-Apple WiFi routers that allow guest access?
Yes, you are right about guest access. Yes, most contemporary routers that I know of include a segregated guest network. I know that Eero does. As with the Airport app, the Eero app makes that dead simple to set up. Well, simpler, really.
Guest network is also useful for IOT devices that you may not trust to be on your primary LAN as well.
That’s certainly the way they are being marketed, but as I said in my previous reply, users are finding that a single mesh unit gives them better performance in an average size house than previous Apple products. Also, if your situation was to change (moving to a multi-story townhouse, for instance) then you can easily add one or more satellite units, in the same way some of us have used Airport Expresses in the past.
The other “problem” that I see with the mesh router is they are basically an AirPort Express type with only 1 WAN and 1 LAN Ethernet ports unlike the AirPort Extreme Base Station with its 1 WAN & 3 LAN ports. However, I suppose you could stack a couple on top of the first unit to gain more ports. Are there base mesh units with several ports?
According to The Wirecutter, the Netgear Orbi RBK50 system (their recommended system) has 4 Ethernet ports on both the base station and satellites). I didn’t check the specs on other variations.
Tim Cook is an operations and did not come up via the hardware route. The last 7 years have been the most profitable Apple has ever had. Stock prices have been at an all time high, and it’s running neck and neck with Amazon to be the world’s first trillion dollar company. Steve Jobs started the company, saved it from the brink of bankruptcy and almost certain death, and nurtured it back to stability, profitability and set it on the path to greatness. Tim Cook took this legacy and turned Apple into the world’s most valuable company and has kept it #1, when nobody ever imagined this would happen before. Even if Amazon beats Apple to the trillion dollar mark, it’s barely profitable while Apple continues to accumulate billions and billions in cash.
I don’t agree that Apple has been depreciating Macs or ignoring them. Desktop computers aren’t selling as well as they used to and are not likely to become the powerhouse sellers they were. Apple is going after growth markets.
So seven years into the game and worst so far is maybe the business press is will be right with their predictions that Apple’s sales will be down a little this quarter.
I don’t know how things are in the US, but here in the UK people don’t tend to buy WiFi routers, so I can’t see that AirPort is really a mass market product anymore. Internet providers supply decent (not always great, but good enough) routers, so why would someone spend money buying another one? (The ISPs charge at most £6 shipping and then you own it.) Most people don’t even do any configuration, they just plug it in and it works, using the device’s unique passwords that were set by the manufacturer. So there’s no way to sell them on a better user experience. If anything, a third-party router is a worse experience as it will require some amount of configuration, even if it’s user-friendly.
The big gap now, as others have mentioned, is the AirPort express which is a fantastic way to cheaply add wireless audio to an existing hifi setup. I just hope mine continues to work until there are other options.
In my home network, with two Airport devices configured as wifi access points behind a pfSense firewall-router distributing a guest network via a virtual LAN with VLAN tags 1005 on the guest network packets, I use the guest network ability of the Airport devices. Now, I use it for guests since I have no IoT devices at home. In the future, I will use it primarily for preventing IoT devices to do mischief in my private network and macs.
I want to keep my guest network.
If any of my Airport devices which is guest network compatible dies (an Airport Extreme and a recent Airport Express), what could I replace it with. The replacement devices should be capable of recognising packets VLAN-tagged 1005 and restricting them to the guest network.
The cube shaped Ubiquiti AmpliFi has four ethernet ports. And, you can buy just one router, no need to buy the whole set which incudles stick shaped mesh points. Most people don’t know that they also support a mesh network made up of just their routers, no mesh points at all. The circular display on the routers comes in very handy for assorted things.
Some of the mesh router systems let you start with a single device. If it turns out that’s all you need, fine. But, if you need wider coverage, then you can add another device or two to create a mesh network. I am sure that Google Wifi, AmpliFi and Linksys let you buy just one router. I think Eero does too, but I’m not sure.
Thanks Marc, this router is quite impressive. But I may have been unclear in my question. The VLANS I mentioned are created by the pfSense firewall router, configured to tag packets belonging to the guest network with VLAN ID 1003. I am wondering about finding replacement for the Airport WIFI access points, which are VLAN-aware. The Airport devices are configured as bridge and do not do router work. they simply recognize the tagged VLAN packets that belong to the guest network (and are tagged VLAN ID 1003, exclusively) and distribute these packets over the Guest network SSID. So my worry was: Should one of my Airport devices die, where could I find a replacement wifi access point able to detect VLAN ID 1003 packets and route them to the Guest VLAN (Guest SSID).
Sorry, but this is getting a bit beyond me. However, I think its a bit beyond you too. You say the VLANs are created by your pfSense firewall router but it seems to me that the VLANs are created by the apple access points. pfSense may honor them, but its not creating them. If it was creating them, it would be you setting the VLAN id by configuring pfSense. Its not even clear to me if your pfSense box is doing Wifi at all.
Perhaps these articles will help.
The big picture, of course, is that Apple has no interest in having their hardware play nice with anyone else.
Thanks marc. I do apologise for creating this mess. Your second example “Use Airport Extreme guest network in bridge mode” describes exactly my own settings, which result from my reading of, and implementing at home, a Darko Krizic blog on the same issue “http://tech.krizic.net/2013/09/apple-airport-extreme-guest-mode-with.html”.
So,
Yes the VLAN is created by the pfsense router, which tags the packets 1003 and sends them (though a second router within the pfsense box) to my 192.168.2.XXX network (while my main network is 192.168.1.XXX).
My pfsense box is not doing wifi (and is not capable of doing wifi), it is in the basement, where I do not need wifi, so I have used for a short time an Aiport Extreme there to do the double routing creating the guest VLAN and thereafter purchased a pfsense firewall-router instead and found a better use for my Airport Extreme in the attic where my computers live. The Aiport Express is in the living room.
I am setting the VLAN by configuring pfSense (which creates the 192.168.2.xxx guest network), but I only use these VLANS (so far) wirelessly, through a guest SSID, which is created, in a roaming fashion, by each one of my two Airport wifi access points.
And,
I wonder what wifi access points could actually replace a dying airport device (the Airport Extreme of the attic or the airport Express of the living room) in this function.
Okay, so in the UK the cost of a router with WiFi is built into the ISP’s service charge. In the US, it’s common for rental of the cable modem to be a separate line item you can avoid by buying your own and returning the rental. I finally bought one when the monthly fee was going up to $8; my non-WiFi cable modem paid for itself in less than a year.
Another difference is, on average, US homes are bigger so it’s less likely that a single access point will cover all areas well. And while the process of Americanization continues around the world, we still stand out as consumers of “stuff.”
And small businesses too. I suspect it helped keep Apple’s foot in the door with there.
And don’t forget the original Time Capsule. If I remember correctly, it was the first router/ hard drive backup combo, and it was networked too. Whatever size the memory was, it was a lot at the time, and having networked wifi and storage at a reasonable price that was practically a no brainer to set up was a great competitive advantage.
BTW, we’ve wished for years to be able to buy our own TV cable modem and not have to pay the cable company to rent it.