Page 1 of 2

Too Much WiFi - Not Enough Internet

Posted: Tue Jun 26, 2012 4:41 am
by rolandc
This seems a bit backwards.

We have a problem in a ward that only has DSL (no other options exist). Service is 3meg down and 256kbs up.

When the building was upgraded to 881w & 6 access points the bishop was given the green light to give out the password because the CHQ wishes for everybody to have access to " cleaner internet " However thier ISP was not changed. Their only ISP upgrade would be slightly faster DSL 7meg Down 75Kb up. Fm is currently paying for the DSL but the faster service is more than what is allocated by CHQ, Currently - Verizon DSL 63.00 month vs 99.00 a month for the upgrade. I guess when your the only game in town you can charge whatever you want.

Clerk computers are on the correct static range

Best I can tell I only have a couple options

1st Explain to the Bishop the ward can pay for the faster service

2nd Disconnect some of the access points to limit the usage, setup another AP near the Bishops office with a private password.

3rd just leave it alone and have the Bishop ask the members there to turn off all the auto logons and dont use their Ipods and such.


This ward overloads their ISP within minutes of getting there, even though the clerk PC's are on static there is just no internet left for them sometimes they have to wait for the system to time out and release some IP's before they can use the system after most leave.

This past Sunday I logged 42 Wireless clients.

CHQ has the router at the lowest setting for IP's

Posted: Tue Jun 26, 2012 5:52 am
by aebrown
There are two somewhat related, but distinct issues at play here:
  • How many IP addresses can be issued by the 881w firewall/router.
  • How much bandwidth your Internet connection can handle
It sounds like the real limitation you are running into is the first one. That is discussed in some detail in the thread Running out of IP addresses, and that limitation can be eased significantly (with stake president approval) by asking the Global Service Center to increase the number of available IP addresses.

Especially with more active IP addresses, you may well run into bandwidth limitations. The symptom of this will not be that devices will not be able to get an Internet connection at all, but that performance will then be slow for everyone who is connected. Although the bandwidth of your Internet connection is modest, it is nonetheless true that many of the devices that are consuming IP addresses will be using a tiny fraction of your bandwidth, so your bandwidth may be able to support many more IP addresses than you might guess. It's difficult to know if bandwidth is a significant limitation until you have more people connected. I couldn't tell from your post, but I didn't see any indication that you currently have bandwidth problems.

Posted: Tue Jun 26, 2012 6:30 am
by rolandc
They are not running out of IP address.

They are running out of bandwidth. GSC already has the router at minimum allotment of IP’s

Their internet is slow when I am theonly one there, it get slower to none when the kids show up.



I am looking for temporary solution till Bishop and Stake president figure out the long term answer.


Wifi authentication will fix this but still need a temp. solution

Posted: Tue Jun 26, 2012 8:43 am
by aebrown
rolandc wrote:They are not running out of IP address.

They are running out of bandwidth. GSC already has the router at minimum allotment of IP’s
Thanks for clarifying that. When you said "sometimes they have to wait for the system to time out and release some IP's before they can use the system" it sure sounded like you were simply running out of IP addresses. But I gather now that bandwidth is the real problem, and you have set the router to issue the minimum number of IP addresses in an attempt to limit the bandwidth usage.
rolandc wrote:Their internet is slow when I am theonly one there, it get slower to none when the kids show up.

I am looking for temporary solution till Bishop and Stake president figure out the long term answer.
Here are a couple of ideas:
  • It is possible to talk the GSC into changing the LDSAccess wireless password. They really don't want to do it, but if you have a strong mandate from your stake president to do so, you can get that done. Then carefully give the new password to only those who absolutely need it.
  • You said that the GSC had already set the dynamic IP range to the minimum, but that can't really be true. The 881w can be configured to as small a range as needed, so if you can pick a number small enough, you could issue static IP addresses to those who really need the access, and have very few dynamic addresses. Configuring all those devices with static IPs is a big hassle (and has to be done carefully, or you'll have all sorts of problems with IP conflicts), and will have to all be redone if (hopefully when) you get a better solution to your bandwidth problem, but you might consider it.
rolandc wrote:Wifi authentication will fix this but still need a temp. solution
Wifi authentication will help, particularly if the stake president chooses to authorize the "Leaders only" mode. And if the youth are the biggest consumers of bandwidth, you will also have an option for giving no Internet access to the youth.

Posted: Tue Jun 26, 2012 11:44 am
by russellhltn
rolandc wrote:Service is 3meg down and 256kbs up. [...]

Clerk computers are on the correct static range
[...]
This ward overloads their ISP within minutes of getting there, even though the clerk PC's are on static there is just no internet left for them sometimes they have to wait for the system to time out and release some IP's before they can use the system after most leave.
rolandc wrote:Their internet is slow when I am theonly one there, it get slower to none when the kids show up.

It sounds to me that either the ISP bandwidth is less then rated, or something is sapping the bandwidth. 3Mbit should be adequate when you're the only one there.

Posted: Tue Jun 26, 2012 11:57 am
by rolandc
Slow is a relitive term. My ward is usually at 12 to 14Mbit so 2.68 - 3.12Mbit is slow. I should have said that during a light load in runs at rated speed.

Posted: Tue Jun 26, 2012 1:03 pm
by Jonahhex
aebrown wrote:It is possible to talk the GSC into changing the LDSAccess wireless password. They really don't want to do it, but if you have a strong mandate from your stake president to do so, you can get that done. Then carefully give the new password to only those who absolutely need it.
The new 1041n wireless access point passwords can not be changed until the new authentication and login system is in use. The 1100 and 1200 WAP are able to be modified only by STS calling into the GSC to modify the WAP configuration w/permission from the Stake President.
aebrown wrote:You said that the GSC had already set the dynamic IP range to the minimum, but that can't really be true. The 881w can be configured to as small a range as needed, so if you can pick a number small enough, you could issue static IP addresses to those who really need the access, and have very few dynamic addresses. Configuring all those devices with static IPs is a big hassle (and has to be done carefully, or you'll have all sorts of problems with IP conflicts), and will have to all be redone if (hopefully when) you get a better solution to your bandwidth problem, but you might consider it.
The GSC at this time does not edit the running configuration of 881-W such as reducing the DHCP address pool. We are able to add more addresses to a firewall and provide a Facility zone for add on appliances such as webstat.
aebrown wrote:Wifi authentication will help, particularly if the stake president chooses to authorize the "Leaders only" mode. And if the youth are the biggest consumers of bandwidth, you will also have an option for giving no Internet access to the youth.
I think you are talking about the system that is in testing at this time and not available in all meetinghouses as of yet. The authentication system in development and now full testing will include a per user login system that has controlled access to services as per your Stake Presidents and Bishoprics guidelines. We hope that this system will be in full use very soon.

Posted: Tue Jun 26, 2012 1:10 pm
by Biggles
Purely out of interest, will the authentication system work with the 1100 series WAP's and Pix 501, when it goes live?

Posted: Tue Jun 26, 2012 1:21 pm
by aebrown
jonahhex wrote:The new 1041n wireless access point passwords can not be changed until the new authentication and login system is in use. The 1100 and 1200 WAP are able to be modified only by STS w/permission from the Stake President.
Thanks for clarifying that. I assumed incorrectly that the 1041n WAPs would work like the 1200s. But just to be clear, as far as I know the STS can't modify the passwords on the 1200 himself; with the stake president's authorization, he can ask the GSC to make the change. But the GSC has always managed the 1200s in the buildings I've been involved with.
jonahhex wrote:The GSC at this time does not edit the running configuration of 881-W such as reducing the DHCP address pool. We are able to add more addresses to a firewall and provide a Facility zone for add on appliances such as webstat.
Reducing the DHCP address pool was possible with the PIX, and so I assumed it was possible with the newer firewall. My apologies for making a bad assumption.
jonahhex wrote:I think you are talking about the system that is in testing at this time and not available in all meetinghouses as of yet. The authentication system in development and now full testing will include a per user login system that has controlled access to services as per your Stake Presidents and Bishoprics guidelines. We hope that this system will be in full use very soon.

Yes, that's what I was talking about. It will be very beneficial for controlling access to meetinghouse networks. I'm looking forward to the full rollout.

Posted: Tue Jun 26, 2012 2:13 pm
by Jonahhex
I made a correction to the above note about WiFi Password... To clarify the request should come from the STS and the work for the change will be made by the GSC - Connectivity after approval from the Stake President.