If you have already a good router, then I suggest you leave the AP dumb on both internal and guest. Separate them in 2 different vlans and let the Alix do the DHCP/Routing.
These are for accessing the web interface and ssh of the router. Usually guests don't need such access.