Additional Access Point

Discussions about Internet service providers (ISPs), the Meetinghouse Firewall, wired and wireless networking, usage, management, and support of Meetinghouse Internet
russellhltn
Community Administrator
Posts: 34421
Joined: Sat Jan 20, 2007 2:53 pm
Location: U.S.

Re: Additional Access Point

#11

Post by russellhltn »

odwill wrote:Now we have heard that the Church plans to extend its VPN capabilities so that they can wake up our ward and stake clerk computers, update software, and then remotely turn off the computers.
News to me. There's already software on the computer that allows it to be remotely managed when it is on. (More of a "pull" management then a "push".) So for them to change to this new process would be quite a shift. There would also have to be a directive to keep power applied to the computers so they can be woken up.
Have you searched the Help Center? Try doing a Google search and adding "site:churchofjesuschrist.org/help" to the search criteria.

So we can better help you, please edit your Profile to include your general location.
odwill
New Member
Posts: 5
Joined: Sun Feb 26, 2012 8:28 pm

Re: Additional Access Point

#12

Post by odwill »

russellhltn wrote:News to me. There's already software on the computer that allows it to be remotely managed when it is on. (More of a "pull" management then a "push".) So for them to change to this new process would be quite a shift. There would also have to be a directive to keep power applied to the computers so they can be woken up.
So if the currently installed remote management software is "pull" oriented, the fact that three of our computers get the internet through WAPs that do Network Address Translation and place the computers in the 192.168 rather than the 10.1 IP range is no problem, right?

-O. D.-
russellhltn
Community Administrator
Posts: 34421
Joined: Sat Jan 20, 2007 2:53 pm
Location: U.S.

Re: Additional Access Point

#13

Post by russellhltn »

odwill wrote:So if the currently installed remote management software is "pull" oriented, the fact that three of our computers get the internet through WAPs that do Network Address Translation and place the computers in the 192.168 rather than the 10.1 IP range is no problem, right?
Not currently. But there may be an issue if you are in need of support and support wants to remote into your computer. I'm not sure which direction that connection goes. We'll have to see what the future holds.

Personally, I'd be happier with the clerk machines on a different subnet then the wireless users.
Have you searched the Help Center? Try doing a Google search and adding "site:churchofjesuschrist.org/help" to the search criteria.

So we can better help you, please edit your Profile to include your general location.
lajackson
Community Moderators
Posts: 11460
Joined: Mon Mar 17, 2008 10:27 pm
Location: US

Re: Additional Access Point

#14

Post by lajackson »

odwill wrote:Before our FM Group got involved in installing Cisco WAPs in our Stake building and ward buildings, we installed our own WAPs. . . .

Can anyone here verify that the Church plans to use the VPN to access the Ward and Stake clerk's computers for updates at some future point?
I have heard this but not from an official source, so I cannot answer the specific question. I do know that the Global Service Center logs into our administrative computers to help us with problems. I do not believe that requires a 10.1 address. I think it just requires Internet access and someone present at the box to allow the remote connection.

However, I like your simple solution of sending the admin computers directly from the firewall and then letting the WAPs do their thing. That would certainly alleviate any problem in the future.
User avatar
Mikerowaved
Community Moderators
Posts: 4734
Joined: Sun Dec 23, 2007 12:56 am
Location: Layton, UT

Re: Additional Access Point

#15

Post by Mikerowaved »

I can confirm they want as many devices appearing on the 10.x.x.x address space as possible. It's not only for admin computer updating, but they can also better keep tabs on local IP Addressing trends and bandwidth usage.

The simplest way to "flatten" your subnets is to turn your local routers into dumb WAP's. You can do this by turning off the DHCP and NOT using the WAN port on the routers. Just connect both the church firewall and the clerk PC to an available LAN port and you're done. You might want to fix the IP address of the router to one that's outside the DHCP range of the church's firewall, but that's up to you.
So we can better help you, please edit your Profile to include your general location.
odwill
New Member
Posts: 5
Joined: Sun Feb 26, 2012 8:28 pm

Re: Additional Access Point

#16

Post by odwill »

Thanks to all for your input. I agree with Mikerowaved that the best approach is to connect the WAP and the computer to a LAN port that is on the 10.x.x.x address space. The clerk's offices have only one LAN port so I installed Linksys 8 port switches so that the WAP and the computer could both be on the 10.x.x.x space. The head of the FM group wants the switches removed because they are not "Church approved" devices and he is afraid that they will "mess up" the system. There seems to be some confusion about what a switch is and what it does. Putting in the switches gave us the "flat" 10.x.x.x address space that everyone recommended. We obtained brand new Linksys 8 port switches for $20 each. If I remove the switches, the ONLY way to have wireless and the clerk computers on the internet is to use the output ports on the WAN which will place the computers back in the 192.168.x.x address space. Any suggestions?

-O. D. Williams-
User avatar
aebrown
Community Administrator
Posts: 15153
Joined: Tue Nov 27, 2007 8:48 pm
Location: Draper, Utah

Re: Additional Access Point

#17

Post by aebrown »

odwill wrote:The head of the FM group wants the switches removed because they are not "Church approved" devices and he is afraid that they will "mess up" the system.
I certainly agree that using switches and keeping everything in the 10.x.x.x space is a better choice.

So I'd gently put the decision back on the FM group. They have the ability to purchase Church-approved switches. If that's important to your FM group director, he can use some of his budget to purchase switches through eMarket and then everyone will be happy. But it sounds like you have multiple switches, and those Cisco switches aren't cheap, so he might balk at the cost.

Another option might be to run a cable from the firewall to a place where each WAP can be placed (which might be better in the attic or a ceiling anyway). If the FM group wants to do that, it could also solve the problem (depending on whether the firewall has enough ports for that approach).
russellhltn
Community Administrator
Posts: 34421
Joined: Sat Jan 20, 2007 2:53 pm
Location: U.S.

Re: Additional Access Point

#18

Post by russellhltn »

odwill wrote:The head of the FM group wants the switches removed because they are not "Church approved" devices and he is afraid that they will "mess up" the system.
Having a router that hands out another subnet (that is, your existing WAPS) is a bigger risk.

If he wants church approved switches, he can order some or run more lines to eliminate the need for a switch.
Have you searched the Help Center? Try doing a Google search and adding "site:churchofjesuschrist.org/help" to the search criteria.

So we can better help you, please edit your Profile to include your general location.
User avatar
Mikerowaved
Community Moderators
Posts: 4734
Joined: Sun Dec 23, 2007 12:56 am
Location: Layton, UT

Re: Additional Access Point

#19

Post by Mikerowaved »

Just a reminder that all your converted home routers serving as WAP's usually have a 4-port switch built in. You might consider using these instead of the "offending" 8-port switch and keep everyone happy.
So we can better help you, please edit your Profile to include your general location.
odwill
New Member
Posts: 5
Joined: Sun Feb 26, 2012 8:28 pm

Re: Additional Access Point

#20

Post by odwill »

Mikerowaved - I'll explore that possibility. One of the WAPs was donated by a member and is older technology and may not have the ability to move over to the 10.x.x.x space. I'll check it out. Your suggestion might work although it would become a problem if the Church ever adds any "common" device such as a server or NAS in the building since you cannot route/connect "back" through a router to devices behind the router.

-O. D.-
Post Reply

Return to “Meetinghouse Internet”