Unfortunately you can't use your Macbook to extend your wireless network in this way. It seems to only be able to connect to an existing Wi-Fi network or create its own. It can't extend an existing Wi-Fi.
Three options are:
1) Purchase a Thunderbird to Ethernet adapter so you can connect the Macbook to the network over ethernet and then share the ethernet connection over wireless.
2) Connect your iPad to your Macbook by USB cable and then share the Wi-Fi connection over "iPhone USB".
3) Share the Wi-Fi connection on your Macbook over "Bluetooth PAN". This last one is probably the most attractive as it doesn't involve using a cable of some sort.
You mentioned that the Airport Extreme is just within range. It could be that as the Airport Extreme is not able to put through as high a throughput (weak signal) it leaves more internet bandwidth available.
An alternative diagnosis is that since you are using a full range of encryption and filtering on the Archer D7 you are maxing out the processor. The TP Link specs suggest the processor is single core (usually manufacturers tout dual or quad core when available).
The easiest way to deal with the Apple TV would be to hardwire it using TP Link's own powerline adapters (only about $30/pair for 500 Mbps version, other brands are available but TP Link are the least expensive first rate powerline adapters and the one's I'm using at both home and work) which would allow you to use the Airport Extreme for your wireless knowing that your Apple TV is sipping directly on a reliable wired connection.
You could equally move the Airport Extreme to a better position in your home using the TP Link powerline adapters. I've lived with separate wired ethernet routers and wifi access points for years at a time (principally with Airport Express routers which burned out regularly alas but worked great while they worked).
I've been building networks at work and at home for fifteen years with up to forty live users at a time. Out of the hundreds of hours spent troubleshooting these various networks, about ninety per cent of the time has been spent troubleshooting wifi. Apple in particular has not always been compatible with the standards to which Airport promises compatibility. The less wifi you can build into your networks, the less time they will take to maintain.
Incremental Testing to Troubleshoot Archer D7 wifi
If you do want to keep trying with the wifi on the Archer D7, I'd recommend:
- resetting the router
- doing a firmware upgrade to the latest reliable firmware
- testing the wifi without encryption
If the wifi passes the tests without encryption, then you can gradually turn on encryption first and then filters, step by step, ready to undo whatever settings cripple performance.
As you are concerned about piggybacking, you should be able to monitor in the Archer D7 interface what devices are connected via the DHCP server menu item.
Just make sure to go and check when you find your network has slowed down. You can also monitor what connections are active. Unlike Tomato firmware, I don't think you can monitor bandwidth per connection via TP Link firmware.
Long Term Home Network Maintenance
Something else to keep in mind is that routers go bad all the time. They small closed plastic boxes which run hot. Make sure to give a router the best ventilation you can. Even then you should expect two years of 24/7 use to cook the circuit boards. As you've learned, even the slightest router flakiness turns a household or a business upside down. Always keep a working backup on site (can be older generation 100 BaseT for emergency service). The only routers I've had which have stood the test of time are industrial strength routers in much larger cases (also TP Link btw) which are generally two to five times the price of the consumer routers.
Buying middle of the road and upgrading every couple of years is the most economical way of keeping close to state of the art performance, while maintaining working backups on hand. If you just leave the old router configured exactly as it was when you remove it from the network and you don't not remove the wifi credentials from your computers you can just drop the old router in any time you like with zero downtime.
Best Answer
Apple networks do this well with the guest network. All the "suspect" devices only get to go to the internet and not infect / snoop / attack the trusted machines on the proper network. Many other network vendors have the same idea - either by making separate VLAN for the sequestered / DMZ devices as needed.
It doesn't make sense to address each of the separate questions since each would be a long several paragraphs. Perhaps narrow down on one item once you've chosen to set up your network and can document it and ask the subquestion with details needed for a more narrow answer.