Tech Forum

Just finished upgrading the firewall at one of the meetinghouses that contains an FHC.

Fast forward through the adventures of toning out and re-labeling all of the ports and cables, this particular FHC has most of the computers (the big ThinkCentre [sic] All In Ones) connecting to the network wirelessly via our friend the cisco AIR-AP1231G-A-K9.

To isolate the FHC from the rest of the building I asked the GSC to change the wireless network name and assign a new password. It took them a couple of minutes but now we have the FHC completely isolated from the rest of the building network-wise, wireless and all.

aclawson wrote:... now we have the FHC completely isolated from the rest of the building network-wise, wireless and all.

Could you explain a bit more about how you did that? I assume that the rest of the building still has wireless, which means that most of the WAPs must be connected via ports 0 and 1 on the firewall, and still has the LDSAccess SSID.

So did you connect a switch into port 2, which the FHC computers are wired to, and you also have one WAP connected into that switch, so that the FHC wireless is on the same subnet as the wired FHC computers?

Is the wireless capability of the firewall itself still on the main 192.168.x.x subnet?

Port 2 goes into a netgear 8 port switch (GS108) a few inches away from the firewall.

From the GS108 the lines to the four drops in the FHC vanish into the wall and reappear like magic in the FHC.

One of those wires ends up in the FHC wireless access point, the others are connected to a combination of PCs and printers.

The access points page on tm.lds.org shows a total of four WAPs, the firewall itself and two 1041s on 192.168.x.x and the AIR-AP1231G on 10.x.x.x

I now have four zones, USER, FAC, VPN and MNG in this building.

Also, it turns out that I had to register BOTH printers, not just the main Lexmark one with FHC support.

We did something similar but did not use any verity of Cisco like the one you used (AIR-AP1231G on 10.x.x.x )

Good job, there are still a lot of those older APs floating around.

This does not work with modern church network equipment only the old Cisco 1200 series access points have the capability of having the password and SSID changed. These APs are no longer sold and cannot be obtained through the church. Once they die or stop working, you are out of luck.

Modern access points connect to a central server which tells it which SSID and which password to use. The settings to change these would affect everyone globally. This is why it cannot be done with modern equipment.

These modern equipment are easier to troubleshoot and maintain and keeps costs down by not having custom configurations out there.