Question :

I’m trying to setup an AirPort Guest Network on my wireless network, so I need to set my AirPort Base Station (or Time Capsule) to “DHCP and NAT”-mode, but I have a TG712 router-modem that doesn’t have any option to turn DHCP off, so I get a “Double NAT”-error. Even my ISP’s helpdesk say they can’t help me on this one… What can I do ?

Answer :

If your router-modem can’t turn off it’s DHCP-server function, you should preferably set your AirPort Base Station (or Time Capsule) to “Bridged Mode”to get the easiest setup and the best performance. On the other hand : if your AirPort Base Station of the 3rd generation or newer (or it is a Time Capsule), then AirPort’s Guest Network mode is the easiest and safest way to give internet access to your visitors (temporary) internet-access, without giving them access to my private wireless/ethernet network. Even though your internet connection performance may slightly degrade, you can get both of these worlds combined. Here’s how :

– first, make sure that your router-modem is on, and that only one ethernet/UTP port is connected ; the ethernet/UTP-cable from that one port should go directly into your AirPort Base Station’s WAN-port and all your WiFi and Ethernet/UTP equipment should connect to the AirPort Base Station, not to the router-modem

– then open AirPort Utility (version 6 or newer – settings needed in previous versions of AirPort Utility are similar, but the user interface for setting it up is completely different) 

– click on the (large) AirPort Base Station icon

– in the popup window that opens, click on the EDIT-button

– now you’ll get the pulldown window where you can set your preferences

– select the “Internet”-tab

– set “Connect Using:” to “Static”

– if things were on “DHCP” before,  leave the rest as is… else go to “Router Address:” and type your modem-router’s IP-address (for the TG712 that would be 192.168.1.254), then at “IPv4 Address:” type an IP-address that only differs on the last digit (so 192.168.1.12 or something like it) and set “Subnet Mask:” to 255.255.255.0 ; at “DNS Servers:” type the IP-addresses of the Primary and Secondary DNS that your ISP has given you (if you can’t find those, you should be able to use Google’s Public DNSes : 8.8.8.8 and 8.8.4.4)

– select the “Network”-tab

– set “Router Mode:” to “DHCP and NAT”

– then select the “Wireless”-tab

– there, you should put a check mark at “Enable Guest Netwok:” and give your future Guest Network a distinguishable name

– set “Guest Network Security:” to “WPA/WPA2 Personal”

– then, at “Guest Network Password:” type a password that you can easily remember, but is not like any other password you’ve ever used before

– at “Verify Password:” retype that same password

– then select the “Network”-tab again

– there, you should click on the “Network Options…”-button

– in the pulldown panel, set “DHCP Lease:” to “1 day”

– set “IPv4 DHCP Range:” to something different than your router-modem’s DHCP range , so if your router-modem is at IP-address 192.168.1.254 (like the TG712), set it to something like “192.168.2.2 to 200”

– then set “Guest IPv4 DHCP Range:” to yet another range than the router-modem and the primary wireless network – in this example that would be something like “10.0.3.2 to 200”

– put a check mark at “Enable NAT Port Mapping Protocol”

– and do not put a check mark at “Enable default host at:”

– then click SAVE

– and click UPDATE

– in the “AirPort Base Station has closed down” warning window, click OK, and wait…

– you might get a question whether you approve that the “Double NAT” error should not be regarded as an error – if so, click OK

– after that, log into your modem-router and set it’s wireless to “Off” and make sure you set a non-standard password for accessing the router-modem !! (*) (else your visitors can still mess with your network pretty easily)

– Done ! enjoy !

Note : if you have an iPhone or iPad, you can use the free AirPort Utility app to switch your Guest Network quickly ON or OFF now… (for instructions look here)

——————————————————————————————————-

(*) if you have a Speedtouch / Thomson / Technicolor TG712 router-modem (e.g. the one that used to be provided by dutch ISP’s KPN and Wanadoo / Orange / Online / T-Mobile), you should do this as follows :

– in Safari (or any other internet browser) type 192.168.1.254 as the URL

– now your web based control panel for your TG712 router-modem will open

– go to “Home Network” (in the menu on the left) —> “Devices” (in the menu on the left) —> “Configure” (in the upper right corner) and delete the check mark at “Interface enabled:”

– then go to “Toolbox” (in the menu on the left) —> “User administration” (in the menu on the left) and write down the Login (= User name) that is listed there, you will need it later

– the click on “Change My Password” (the link in the middle at the bottom)

– in the page that opens, at “Old password” type nothing (leave blank – there is no preset password), and at “New password” type a password that you’ve never used before and that is hard to crack (if you can’t make up one yourself, you can use OSX’s internal password generator to suggest one to you – look here for instructions) and retype that password at “Confirm new password:”

– then click on the “Cange password”-button and wait for your router-modem to restart

– then login to your router-modem again – this time your will be asked for your login name and password, type both of them and put a check mark at “have OSX Keychain remember these”

– wait for the the web based control panel to open, and then exit by closing the page in your browser

– Done !

Note : don’t be afraid to use a password on your router-modem that you can’t easily remember… if you have it remembered by OSX Keychain you don’t have to… and even if you completely lose the password, you can still reset the modem-router to factory defaults by pressing the RESET button that is on the modem-router housing…