Apple’s AirPort and Time Capsule base stations have always been easy to use and offer fantastic reliability. Even though they may not necessarily include some more advanced features, they have an impressive feature set that is pretty well hidden. Two such options that I’ll demonstrate in this tutorial are Guest Networks, for keeping your personal network private, and Timed Access Control to manage when your wireless networks are accessible.
More and more businesses and offices are providing free wireless internet access for visitors and clients, offering a great feature at almost no cost. If your office has a secure wireless network and a few Macs and printers attached, you don’t want to simply let anyone connect. Additionally, it isn’t simply the case that you can buy another wireless access point with a different wireless network set up as it will still be providing access to your entire network, allowing visitors to see all the printers, computers and servers that share it.
Guest Networks are a feature of Apple’s AirPort base stations that creates a completely separate wireless network for the sole purpose of internet connectivity, keeping unknown users off your more private, and personal, local network.
Uses for this include offering free Wi-Fi to guests and visitors, as well as for any friends or family that may stay over. Rather than worry about complicated passwords and network names to provide to your guests, businesses can create an open network that requires no password.
To create a guest network, you will need to open AirPort Utility, located in the /Applications/Utilitiesdirectory.
Once launched, select your primary AirPort base station so that the info pane appears, then click Edit.
With the AirPort Utility settings open, select the Wireless tab, which will then show an option to Enable Guest Network.
Check the box and you will then be able to configure the name and security settings of the guest network.
Depending on your requirements for the guest network, you have the option to select whether or not to set a password to access it. If you’re planning to use a guest network in an office or as a free Wi-FI hotspot, this might not be needed. It’s better to set a password than not, though if the goal is to provide free Wi-Fi to guests on a regular basis then it might be cumbersome to have to continually provide the password to anyone needing it. You could even have the password on display in a lobby or waiting room so that only visitors will be able to access it, it really depends on your requirements.
Remember, the guest network is completely isolated from everything else.
Once you’re happy with the changes you’ve made, go ahead and click Update to update the settings. This will restart the AirPort base station, so be sure that no-one else is in the middle of a file transfer or is going to need internet access.
After the base station has restarted, your new guest network will be up and running, ready for guests to connect to.
Timed Access Control
An interesting, and often overlooked, feature of AirPort base stations is the ability to set a time restriction on when wireless networks can be accessed. This can be used within an office environment where you want to keep it as secure as possible, preventing anyone from attempting to access the network out of regular hours. It doesn’t disable the wireless network or shut any network traffic down, instead simply not allowing any devices to connect.
But for those that need access outside of those hours, exceptions can be created that will still allow their devices to connect. Let’s set up a restriction now, keeping your Mac as a device that can connect at all times.
Tip: I’d recommend that you make a backup of your AirPort base station’s configuration so you can easily restore it if you accidentally lock yourself out. Simply reset the AirPort base station using the reset button on the back and then import the configuration to restore it back to normal.
Enter AirPort Utility again and select the Network tab.
Enable the option Access Control and then select Timed Access Control…
From here, we can set a schedule of when the AirPort base station’s wireless networks are available. Adefault option will always be present to dictate the standard access times for any device connecting that is not exempt. Change the name of the default option to “Office Hours” and then set up the schedule so that every day devices can connect between the hours of 9am and 5pm.
So that the AirPort base station knows what your device is, we need to provide the MAC address, the unique identifier that all network interfaces use. In this instance, we need to provide the MAC address of your Mac’s wireless network interface.
Launch System Information, from the Applications/Utilities directory, and look for the section entitled Network. Once found, select the option for Wi-Fi and then look for the term “MAC Address” in the right-side pane. It’s a long number in the format 00:00:00:00:00:00 and will likely contain a mixture of letters and numbers.
Once you’ve found it, copy it to the clipboard and switch back to AirPort Utility.
Now, to ensure that your Mac is able to connect regardless of the schedule that has just been set, we can create an exception. Add a new rule and name it after your Mac. In the MAC Address field, paste in the number you just copied and ensure the schedule is set for “Every Day, All Day”.
Save the changes and wait for the AirPort base station to restart.
You’ve now been able to set up both a guest network and timed access control on an AirPort base station. As you’ve seen, it’s very straightforward and just requires using AirPort Utility more than you may have done previously.
Both of these options will assist in keeping your personal network as secure as possible, reducing the possibility of someone maliciously accessing other computers or causing other issues on your network. These aren’t to be used as security precautions on their own, rather they are there to provide an additional level of security. Think of them as a chain on your door, a great addition but you wouldn’t leave your door unlocked.