Access Points, Access Point Security

Discussions about Internet service providers (ISPs), the Meetinghouse Firewall, wired and wireless networking, usage, management, and support of Meetinghouse Internet
MattChan
New Member
Posts: 4
Joined: Tue Jan 21, 2014 3:59 pm
Location: England

Access Points, Access Point Security

Postby MattChan » Tue Jan 21, 2014 4:06 pm

Hi there

Two issues raised by a Ward Clerk in our Stake:

1. Lack of WiFI coverage in all areas of the chapel. Who should we speak to, to resolve this? If they want an additional access point in the chapel, who is responsible for determining needs, and supplying / fitting?

2. It just so happens the Ward Clerk is also a CCNA, and he is 'concerned' about security of TKIP on the network. I have read, this is in place for backward compatibility. What is the plan (or perhaps there is not one at the moment) to change the security on the network?

Many thanks.

User avatar
aebrown
Community Administrator
Posts: 14693
Joined: Tue Nov 27, 2007 8:48 pm
Location: Sandy, Utah

Re: Access Points, Access Point Security

Postby aebrown » Tue Jan 21, 2014 4:29 pm

MattChan wrote:1. Lack of WiFI coverage in all areas of the chapel. Who should we speak to, to resolve this? If they want an additional access point in the chapel, who is responsible for determining needs, and supplying / fitting?

See Meetinghouse Technology Roles and Responsiblities. The FM group is responsible for procuring and installing networking hardware. The stake technology specialist (STS) works with the Physical Facilities Representative (PFR) to make a request to the Facilities Manager. Some FM groups will take care of it entirely on their own; others may appreciate input from the STS.

MattChan wrote:2. It just so happens the Ward Clerk is also a CCNA, and he is 'concerned' about security of TKIP on the network. I have read, this is in place for backward compatibility. What is the plan (or perhaps there is not one at the moment) to change the security on the network?

What hardware are you using? The 881W firewall and 1041N WAPs support WPA2, so I wouldn't think that TKIP would be an issue. But I haven't reviewed that in detail.

The STS can send an email to mht@ldschurch.org with these kinds of detailed questions.

russellhltn
Community Administrator
Posts: 20762
Joined: Sat Jan 20, 2007 2:53 pm
Location: U.S.

Re: Access Points, Access Point Security

Postby russellhltn » Tue Jan 21, 2014 5:13 pm

MattChan wrote:It just so happens the Ward Clerk is also a CCNA, and he is 'concerned' about security of TKIP on the network. I have read, this is in place for backward compatibility. What is the plan (or perhaps there is not one at the moment) to change the security on the network?


There are three eras of wireless in the chapel: 1) Not allowed, 2) it can be done on the unit's dime, 3) FM will do it.

If this was equipment that was installed during the second era, then it could be almost anything. And it's would be up to the local STS to take care of it. If true, then the STS might want to see what it would take for FM to replace it with church-standard equipment. (But much control will be lost.)
Have you searched the Wiki?
Try using a Google search by adding "site:tech.lds.org/wiki" to the search criteria.

User avatar
Mikerowaved
Community Moderators
Posts: 3132
Joined: Sun Dec 23, 2007 12:56 am
Location: Layton, UT

Re: Access Points, Access Point Security

Postby Mikerowaved » Tue Jan 21, 2014 11:00 pm

MattChan wrote:2. It just so happens the Ward Clerk is also a CCNA, and he is 'concerned' about security of TKIP on the network. I have read, this is in place for backward compatibility. What is the plan (or perhaps there is not one at the moment) to change the security on the network?

[For the benefit of those reading along, WPA2 uses AES encryption, which is stronger than TKIP used by the original WPA protocol. To help with the transition from WPA to WPA2, WPA2 can be setup with AES/TKIP, which means it will connect with WPA2, but fall back on WPA if that's all the client can do.]

Since WPA2/AES has been mandatory for new Wi-Fi certified devices for the past 8 years, and many WiFi devices older than that have been upgraded to WPA2/AES through newer drivers, I agree with your ward clerk that TKIP is probably not needed or wanted. Unfortunately, if your AP's are church managed, then there's not much you can do about it, except maybe email them at mht@ldschurch.org and suggest they drop support for TKIP.
So we can better help you, please edit your Profile to include your general location.

MattChan
New Member
Posts: 4
Joined: Tue Jan 21, 2014 3:59 pm
Location: England

Re: Access Points, Access Point Security

Postby MattChan » Sat Jan 25, 2014 4:16 am

Thank you for your feedback all.

I have emailed as advised, and await their response. I will speak with Stake PFR to arrange for additional coverage.

Many thanks.

MattChan
New Member
Posts: 4
Joined: Tue Jan 21, 2014 3:59 pm
Location: England

Re: Access Points, Access Point Security

Postby MattChan » Sat Jan 25, 2014 4:26 am

UPDATE:

The firewall in place is the 881W, and 1041N, so is capable of offering WPA2.

Ward Clerk has had a look, it appears that the firewall (which I believe is capable), is not 'serving' any WiFi access to the building. All coverage is being given via the one AP.

Is the above standard set up, or should both the Firewall and the AP be offering WiFi across the building?

Thank you!

User avatar
Biggles
Senior Member
Posts: 922
Joined: Tue May 27, 2008 4:14 am
Location: Watford, England

Re: Access Points, Access Point Security

Postby Biggles » Sat Jan 25, 2014 5:19 am

The 881W should be offering WiFi. Are you the STS? How long has the installation been in place? Later versions apparently might not have aerials, or be switched on.

Having said that, if you are certain that no WiFi is available from the 881W, the first thing I would try is a reboot. Allow at least 30 seconds before reconnecting the power. If that doesn't fix it, I would then contact the FM Group, through your Stake PFR!

User avatar
aebrown
Community Administrator
Posts: 14693
Joined: Tue Nov 27, 2007 8:48 pm
Location: Sandy, Utah

Re: Access Points, Access Point Security

Postby aebrown » Sat Jan 25, 2014 6:46 am

Biggles wrote: If that doesn't fix it, I would then contact the FM Group, through your Stake PFR!

Personally, I'd work with the Global Service Center before I contacted the FM Group. The GSC can determine if there's a configuration problem with the 881W and probably correct it remotely. They can also determine if there's a hardware problem; if so, they would probably direct you then to the FM group to obtain warranty service or a replacement.

User avatar
Biggles
Senior Member
Posts: 922
Joined: Tue May 27, 2008 4:14 am
Location: Watford, England

Re: Access Points, Access Point Security

Postby Biggles » Sat Jan 25, 2014 7:04 am

aebrown wrote:
Biggles wrote: If that doesn't fix it, I would then contact the FM Group, through your Stake PFR!

Personally, I'd work with the Global Service Center before I contacted the FM Group. The GSC can determine if there's a configuration problem with the 881W and probably correct it remotely. They can also determine if there's a hardware problem; if so, they would probably direct you then to the FM group to obtain warranty service or a replacement.

You're so right! Totally forgot about contacting the GSC, if problem still there after a reboot.

User avatar
Mikerowaved
Community Moderators
Posts: 3132
Joined: Sun Dec 23, 2007 12:56 am
Location: Layton, UT

Re: Access Points, Access Point Security

Postby Mikerowaved » Sat Jan 25, 2014 10:32 am

MattChan wrote:Ward Clerk has had a look, it appears that the firewall (which I believe is capable), is not 'serving' any WiFi access to the building. All coverage is being given via the one AP.

I had this same problem about a month ago and the GSC folks were very helpful in fixing it. They told me they occasionally push configuration updates out to the 881W's and sometimes the cleanup script they use fails to end gracefully, leaving the 881W in a state where the WiFi is left disabled. Don't know if this is what happened with yours, but I agree with Bro. Brown that a call to the GSC should be your first course of action.
So we can better help you, please edit your Profile to include your general location.


Return to “Meetinghouse Internet”

Who is online

Users browsing this forum: No registered users and 1 guest