Running out of IP addresses

Discussions about Internet service providers (ISPs), the Meetinghouse Firewall, wired and wireless networking, usage, management, and support of Meetinghouse Internet
scotthamilton57
Church Employee
Church Employee
Posts: 12
Joined: Tue Jan 31, 2012 3:39 pm
Location: UT, USA

Call the Global Service Center

#11

Post by scotthamilton57 »

The Global Service Center can open up more IP addresses for you IF the necessity is there.
michaelfish
Member
Posts: 421
Joined: Sun May 10, 2009 4:44 pm
Location: Gilbert, AZ USA

#12

Post by michaelfish »

Resolved.

The GSC added IP addresses (zones) and I set staic addresses's on the clerk's PC's. I'm hoping our bandwidth will still be sufficient when everyone is connected.

Thank you
User avatar
johnshaw
Senior Member
Posts: 2273
Joined: Fri Jan 19, 2007 1:55 pm
Location: Syracuse, UT

#13

Post by johnshaw »

you might look into some wireless or microwave technologies, they are starting to pop up everywhere. I had a building where the only thing that worked was a PC Card using Verizon, but in the 2 years since then I've had 2 High-Bandwidth companies move in, we're starting to research our switch at this point.
User avatar
jkentner
Member
Posts: 115
Joined: Sun Dec 26, 2010 9:49 am
Location: Olathe, Kansas

#14

Post by jkentner »

michaelfish wrote:I'm sure this question has been addressed elsewhere in the forum, so you can direct me for more information or quickly answer some questions.

What are other wards doing when they run out of IP addresses on Sunday?

By the time our second and third wards show up for sacrament meeting, devices have already automatically logged on and used up all the available IP addresses. As a result, the family history teachers cannot connect to the Internet (connected to Wifi but not the Internet). For the past couple of weeks, I've needed to reboot the church's new Cisco firewall/router (after making sure no clerks are doing a send/receive) to reset IP address leases.








Does anyone have suggestions on what could be done for the family history teacher's wireless laptops? I have come up with some possible solutions but really would prefer not doing the following:
  • Increasing the number of IP addresses in the Cisco firewall/router (increasing will the number of IP addresses will decrease our already very limited bandwidth, which cannot be increased due to DLS limitations in our area)
  • Change the password (would work for a very short time as the password gets spread to too many devices)
  • Assign Static IPs for the Family History instructor's laptops (this would prevent their Internet access once they leave the building).
  • Invest in a building laptop (or have one donated) and assign a static IP to it and allow it to be checked out from the materials center (issues of not being returned, mishandled, maintenance issues, etc.)
  • Put request to turn off your Internet devices during meetings in the Sunday program (I don't think anyone would really honor the request)
I've been wondering if putting a time restriction to the lease (say 2 or 3 hours) would work and if it could be implemented? That way the first block of devices entering the building in the morning would have their leases released automatically just about the time the other wards come in).

Also, how soon is the logging on via captive portal system going to be available?

Do you have other suggestions of what I could try?


We had the same problem with our Pix 501. The Pix was only licensed for 50 outbound licenses, but our DHCP scope was only set for 20 addresses. We constantly had to unplug/plug back in the device to get people on. Especially when the SSID password is the same regardless of where you go inthe world (visitors phones would auto connect). We finally got approved for an 881 device. By default the DHCP scope is 52 addresses. I called the GSC and had got an additional subnet for 52 additional addresses. We still do not have our new WAPs installed yet, but we possibly could have the same issue again. Bandwidth is another thing. Especially when FM indicates that the tech.lds.org site says that you can't have an ISP that costs more than $50/mo. and only needs to meet the minimum webcast bandwidth needs. In my own humble opinion, a 5Mbps/768kbps connection is horrible for a building with multiple wards and a FHC (we have to power off WAPs during stake conference when we are webcasting to be safe). Hopefully the LDS Account authentication for Wi-Fi gets here soon, and the STS have the ability to restrict user access. BTW, if you have an 881, the first 8 addresses after your gateway is your static range in case you want to hardcode some workstations.
bull3000
New Member
Posts: 2
Joined: Mon Jun 11, 2012 1:25 pm
Location: Utah, USA

#15

Post by bull3000 »

I'm somewhat curious as to why an artificially low limit (32-52) clients is the size of the initial pool. I manage multiple buildings that each have 3-4 wards in them. Every 2 hours, an entire new population of users show up in the building, some, packing multiple devices (a tablet and a smart phone). Each one of these devices connects to the building network. With intelligent front end devices (Cisco Pix, ASA and now the 881), why does the base configuration maintain these small numbers when it is known to fail? It's been noted here and in other forums that negotiating with GSC may or may not work, which leaves us to circumvent the policy by putting a $50 box to achieve a larger DHCP pool?

The adoption rate amongst the members is rapidly changing and it would seem that some accommodation by GSC would be helpful here.
User avatar
johnshaw
Senior Member
Posts: 2273
Joined: Fri Jan 19, 2007 1:55 pm
Location: Syracuse, UT

#16

Post by johnshaw »

bull3000, it is not an artifically low limit, but a limit in licensing. The pix and ASA's are both capable of multiple networking technologies that typically are licensed per connection or per user, and these are enterprise-class networking devices. Basic routing operations might be licensed, or vpn services, or even the firewall services. Contracts, I'm sure were in place with the 'legacy' style of meetinghouse connectivity, which was limited use and scope for FHC, MLS, and Bishopric access. The new 881W is not an enterprise-class device from Cisco, and as mid-tier device, probably has different licensing, or as the church approached Cisco about licensing, their contracts were written differently. I think we chalk it up scope changes and usage scenario changes over time. It is true that in early 2011 FM was 'encourage' to start replacing all firewalls with the 881W, and that project is supposed to move from the 'encourage' phase to the 'mandate' to be completed by 2013, or so the word on the street says.
aclawson
Senior Member
Posts: 760
Joined: Fri Jan 19, 2007 6:28 pm

#17

Post by aclawson »

You can check your IP lease within Windows - drop into the command line and use ipconfig/all - you will see lines that look similar to this:

Lease Obtained. . . . . . . . . . : Wednesday, June 13, 2012 11:09:01 AM
Lease Expires . . . . . . . . . . : Sunday, June 17, 2012 2:09:21 PM
Post Reply

Return to “Meetinghouse Internet”