What do I need to provide a wired guest isolated access to my home network?

I have an AirPort Extreme (APE) with the Wi-Fi setup for guest account and this works just fine.

I was wondering if I could also provide a wired ethernet guest access without letting this user see my computers AND without me having access to his computer while plugged into this network as well.

I do have a "switch". Could I plug this into my broadband modem (first) then the APE? Would a switch give the isolation I need?

Solution 1:

No - you need a specific switch that would create a wired VLAN (virtual LAN) to segment the guest network from the rest of the house's network. VLAN are how the wireless system works as well but the software doesn't have a way to identify or switch one or more than one of the wired ethernet ports to anything but the main VLAN.

If you add a switch (or router) to handle the VLAN - it will need to either have physical ports to differ from the AirPort so you might be better just letting it run your entire network. Cisco makes many of these - mostly for the enterprise / medium business - but there are other options if you don't like the Cisco brand.

Heading onto 2020 there are lots of options and for someone that likes Apple ecosystem and somewhat wants privacy controls, start with Plume and check out other packaged router / management / isolation tools.

• https://www.plume.com/

If you want to be a network engineer, The ubiquity line is amazing and their new DreamMachine is the gateway drug of choice for prosumer networks.

• https://www.ui.com/