Member access to WIFI in church building

Discussions about Internet service providers (ISPs), the Meetinghouse Firewall, wired and wireless networking, usage, management, and support of Meetinghouse Internet
User avatar
wrigjef
Member
Posts: 396
Joined: Sun Mar 01, 2009 8:38 am
Location: Chesapeake, Virginia
Contact:

Member access to WIFI in church building

Postby wrigjef » Wed Jan 18, 2012 2:15 pm

Let me preface this comment by stating that I am not the technology specialist and do not understand the restrictions that any existing firewall may have. Our building does have wireless. Currently leadership actively uses it and the FHC and clerks offices all use a wireless adaptor rather than a hard line. The internet connection was originally put in place for CES because our building houses Area CES offices. Leadership is very particular about who has the password, with only bishoprics and a handful of others have it. As a clerk, I never got the password but never really needed it because the connection in in the clerk’s office is always on. It took several weeks of going back and forth between stake technology people, CES, Bishops and finally the stake President, but as a building librarian I finally got the password so I could bring my personal laptop from home, connect it to the copier/printer and print stuff off lds.org.

My question is, is it local or church policy to be so tight with the password? I understand we don't want members doing non-church related things on the net while in the building but at the same time we have teachers that would like to be able to connect and stream video content for lessons. Isn't there a firewall setting that can make only selected domains (like lds.org, mormon.org, new.familysearch.org) accessible?

russellhltn
Community Administrator
Posts: 20767
Joined: Sat Jan 20, 2007 2:53 pm
Location: U.S.

Postby russellhltn » Wed Jan 18, 2012 2:51 pm

The church policy is that it's the Stake President's discretion as to who is allowed the password.

Depending on the firewall in place, the Stake President has little to no say in the filtering.

Filtering is set at CHQ, so it's not practical to use the firewall to enforce local policy.
Have you searched the Wiki?
Try using a Google search by adding "site:tech.lds.org/wiki" to the search criteria.

jdlessley
Community Moderators
Posts: 6526
Joined: Sun Mar 16, 2008 11:30 pm
Location: USA, TX

Postby jdlessley » Wed Jan 18, 2012 4:31 pm

RussellHltn wrote:The church policy is that it's the Stake President's discretion as to who is allowed the password.
I would add to this to say it is Church policy that the stake president determines local policy for network access or Internet access. Controlling the wireless password is a method to control who has wireless access.
JD Lessley
Have you tried finding your answer on the LDS.org Help Center page or the LDSTech wiki?

User avatar
JeffTurgeon
Member
Posts: 52
Joined: Fri Feb 18, 2011 9:04 pm
Location: Dearborn, MI

Postby JeffTurgeon » Sat Jan 21, 2012 1:19 pm

Our Stake has decided to give the WIFI password to any member that requests it. The thought was that members should be able to download scriptures, manuals and other church apps. We've found that most access seems to be on Sunday during class for lesson material. Occasionally someone checks their e-mail but that is not a concern. The 881's restrictions that were set us by church policy are the only limiters. We have not had any problems with our bandwidth or connections.

Most people's phones today are smartphones and already have a carrier required data plan which enables the user to have Internet access.

User avatar
Mikerowaved
Community Moderators
Posts: 3132
Joined: Sun Dec 23, 2007 12:56 am
Location: Layton, UT

Postby Mikerowaved » Sat Jan 21, 2012 2:37 pm

JeffTurgeon wrote:Most people's phones today are smartphones and already have a carrier required data plan which enables the user to have Internet access.

True, but most smart phones ALSO have WiFi capability and ones like mine are set to always seek out and use a WiFi connection when available, saving the precious 3G/4G data usage for when I really need it. As mentioned in other threads, this type of behavior can quickly eat up available IP addresses, if not somehow dealt with.
So we can better help you, please edit your Profile to include your general location.

User avatar
aebrown
Community Administrator
Posts: 14693
Joined: Tue Nov 27, 2007 8:48 pm
Location: Sandy, Utah

Postby aebrown » Sat Jan 21, 2012 4:15 pm

JeffTurgeon wrote:Most people's phones today are smartphones and already have a carrier required data plan which enables the user to have Internet access.


And there are also plenty of WiFi devices that don't have any 3G/4G capability: iPod Touch, iPad (wireless version), various Android and other tablets, laptops, etc.

We are having plenty of issues with the limited number of connections; even without the WiFi password being freely distributed, it has become known to enough people that three wards in a building use up all the IP addresses, and then higher-priority usages can't get an IP address. So I wish we our stake were tighter with this information, not looser.
Questions that can benefit the larger community should be asked in a public forum, not a private message.

michaelfish
Member
Posts: 414
Joined: Sun May 10, 2009 3:44 pm
Location: Gilbert, AZ USA

Postby michaelfish » Sun Jan 22, 2012 5:48 pm

How many are allowed to concurrently connect to the 881 firewall?

How can the STS guarantee clerk's PCs will still be able to log on?

Can restrictions be placed on the number of Wifi users (access)?

Can priorities be granted to hard wired computers? (for instance - assigning a Static IP to clerk's computers and printers)

jdlessley
Community Moderators
Posts: 6526
Joined: Sun Mar 16, 2008 11:30 pm
Location: USA, TX

Postby jdlessley » Sun Jan 22, 2012 8:52 pm

My responses below assume that the administrative computers are all connected to the Cisco 881W by hard wire.

michaelfish wrote:How many are allowed to concurrently connect to the 881 firewall?
The default setup of the 881W includes 9 static addresses and 52 dynamic addresses. But that is for all connections on the same network as the Cisco 881W. By adding subnets and additional WAPs on a subnet the limit would really be the available bandwidth.

michaelfish wrote:How can the STS guarantee clerk's PCs will still be able to log on?
Use the static IP addresses. If there are not enough static IP addresses, one option is to create a subnet just for the administrative computers. This will use just one port of the Cisco 881W and one IP address. The added benefit is the separation of the administrative computers from the wireless network, increasing security for the administrative computers.

michaelfish wrote:Can restrictions be placed on the number of Wifi users (access)?
This capability is in the configuration management options available for the Cisco 881W. However, the configuration for the 881W has been established by CHQ. Any adjustments would have to be requested through the connectivity team at the GSC.

michaelfish wrote:Can priorities be granted to hard wired computers? (for instance - assigning a Static IP to clerk's computers and printers)
There are 9 static IP addresses available for this. Any additional static IP addresses must be configured by the connectivity team at the GSC. Increasing the number of static IP addresses will most likely result in a lower number of available DHCP IP addresses.
JD Lessley
Have you tried finding your answer on the LDS.org Help Center page or the LDSTech wiki?

harddrive
Member
Posts: 445
Joined: Thu Jan 03, 2008 7:52 pm

Postby harddrive » Mon Jan 23, 2012 6:33 am

michaelfish wrote:How many are allowed to concurrently connect to the 881 firewall?


Like jd said, it is a limitation of how many IP addresses are available for lease. You, theoretically could have thousand of connection on the 881, but you will only have as many IP address that are available.

michaelfish wrote:How can the STS guarantee clerk's PCs will still be able to log on?


You would do this by putting the clerk's PCs on with a static IP address. The issue become the potential management of it, because to change the IP address or any settings on the network controller, you would have to go to each computer and do it manually.

michaelfish wrote:Can priorities be granted to hard wired computers? (for instance - assigning a Static IP to clerk's computers and printers)


The only way to priorities the hard wired computer is to create queues on the router. Basically you are creating in quality of server or QOS. Now QOS is only going to come into play if the circuit you have going into the building is saturated. Then it gives certain IP address priority over other traffic. If the link isn't saturated, then it really buys you nothing.

User avatar
JeffTurgeon
Member
Posts: 52
Joined: Fri Feb 18, 2011 9:04 pm
Location: Dearborn, MI

Postby JeffTurgeon » Mon Jan 30, 2012 6:54 pm

harddrive wrote:You would do this by putting the clerk's PCs on with a static IP address. The issue become the potential management of it, because to change the IP address or any settings on the network controller, you would have to go to each computer and do it manually.

The only way to priorities the hard wired computer is to create queues on the router. Basically you are creating in quality of server or QOS. Now QOS is only going to come into play if the circuit you have going into the building is saturated. Then it gives certain IP address priority over other traffic. If the link isn't saturated, then it really buys you nothing.


Is there a way to make 1 or maybe 2 ports on the 881w take priority over any other connected device? This way I could put a switch on say port 1 of the 881w and put key items on this switch for conference transmissions or clerk computers without worry of member device interference.

I don't think we can get into the router to do anything though, I've had to have someone from GSC make set-up changes (IE: put each AP on a different channel).

I also like the idea of static IPs by mac (if other method doesn't work). How would this be implemented so say 4 hardwired computers are registered with static IPs setup by their mac ids in the router to be prioritized over all other connections? [color=black]Sounds like a long night on the phone.

[/color]
So far we haven't had any issues of running out of IPs or bandwidth, but if other building are having this problem I'd like to find a viable means that we can resolve this issue through network setups and configurations before a problem surfaces.

This Thursday I'll be starting another network installation setup at a Stake Center. Tons of hardwired drops planned and we will be designing complete building WIFI coverage. If there is a wiring/networking plan that I can implement in the initial design, to allow priority of usage, I'd really appreciate the advice before we start pulling lines. If there is no way to prioritize ports on the 881w then maybe a manual switch could be used to shut-down my WIFI APs circuits(sounds like a crude way to do this though).


Return to “Meetinghouse Internet”

Who is online

Users browsing this forum: No registered users and 1 guest