Well, ahem, it turns out I *was* missing something obvious in my configuration. I failed to fully describe how the G3100 and E3200 were connected. When the E3200 extender arrived, some time after the G3100, I simply replaced an old AP on the far side of house... Since that AP had been connected to the G3100 through a Netgear smart switch (GS716T), it meant my "backhaul" between the G3100 and E3200 was subject to whatever VLAN policies I previously had in place for those ports on the switch.
I bypassed the switch (home run ethernet cable between G3100 and E3200) and... viola! Devices associating with the Guest SSID on the E3200 were now able to receive their IP config info and access the internet. Perhaps others who reported trouble with their E3200s should first make sure the backhaul (if ethernet) has no intermediate switches.
The observed behavior suggests the Verizon router and extender are using a VLAN to isolate the Guest traffic, in addition to using a subnet with xxx.xxx.200.x addresses.
Can anyone confirm the guest VLAN, and if so, identify the guest VLAN ID?
Knowing the guest VLAN ID would presumably allow:
- restoring my original cabling (after configuring the guest VLAN in my switch)
- using the guest VLAN for ethernet-connected devices (IoTs/game consoles, in particular)
- working around any guest device count limitation by running second DHCP server to hand out IP addresses on the subnet above xxx.xxx.200.11 (I read some postings suggesting that the G3100 was only handing out 10 guest subnet addresses - I have not reached that limit)