Cisco 881 Wireless

Discussions about Internet service providers (ISPs), the Meetinghouse Firewall, wired and wireless networking, usage, management, and support of Meetinghouse Internet
User avatar
johnshaw
Senior Member
Posts: 1834
Joined: Fri Jan 19, 2007 1:55 pm
Location: Syracuse, UT

Cisco 881 Wireless

Postby johnshaw » Wed Mar 02, 2011 6:49 am

I have one of these on order now and was talking to the GSD last night. His indication was (and it was a bit fuzzy) that the idea with this new wireless will not come with a small license for WAP users, but intended for any and all to use the building. He indicated that we might be required to log in with an LDS Account - but members would have access. Has anyone installed this yet? How does it work, is LDSAccess SSID still available? Just curious about experiences if any out there?

User avatar
aebrown
Community Administrator
Posts: 14691
Joined: Tue Nov 27, 2007 8:48 pm
Location: Sandy, Utah

Postby aebrown » Wed Mar 02, 2011 9:36 am

JohnShaw wrote:I have one of these on order now and was talking to the GSD last night. His indication was (and it was a bit fuzzy) that the idea with this new wireless will not come with a small license for WAP users, but intended for any and all to use the building. He indicated that we might be required to log in with an LDS Account - but members would have access. Has anyone installed this yet? How does it work, is LDSAccess SSID still available? Just curious about experiences if any out there?


This was discussed in a recent February 2011 MHT Brown Bag Session. At this point, the standard LDSAccess SSID is still available and the rules have not changed. Even when LDS Account authentication is added, that will be an different method of authentication from the current WPA passphrase -- I'm pretty sure that the LDSAccess SSID will not change.

I have not heard any date for the availability of the LDS Account authentication, but when it happens, I believe that the LDSAccess wireless will be available to anyone with an LDS Account. There will be tools available for determining usage by each user (but I don't know if those reporting tools will be available on day one).
Questions that can benefit the larger community should be asked in a public forum, not a private message.

User avatar
johnshaw
Senior Member
Posts: 1834
Joined: Fri Jan 19, 2007 1:55 pm
Location: Syracuse, UT

Postby johnshaw » Wed Mar 02, 2011 12:52 pm

thanks a bunch, that answered my questions

harddrive
Member
Posts: 445
Joined: Thu Jan 03, 2008 7:52 pm

Postby harddrive » Thu Mar 03, 2011 8:03 am

aebrown wrote:This was discussed in a recent February 2011 MHT Brown Bag Session. At this point, the standard LDSAccess SSID is still available and the rules have not changed. Even when LDS Account authentication is added, that will be an different method of authentication from the current WPA passphrase -- I'm pretty sure that the LDSAccess SSID will not change.

I have not heard any date for the availability of the LDS Account authentication, but when it happens, I believe that the LDSAccess wireless will be available to anyone with an LDS Account. There will be tools available for determining usage by each user (but I don't know if those reporting tools will be available on day one).


Thanks for the information. My first reaction to this was that allowing people to log in using the LDS account could be a problem. The reason that I can see that is because if there are youth who have an LDS Account could log in. My stake presidency does not want the youth to have access to the wireless at church. We have one unit that it looks like youth may have it.

Now as I read the brown bag session, is the security connection going to be changing? So we currently use WPA/2 what will be used in the future? It will be interesting what I will need to do with the current wireless access points in the building. So is the church suggesting that when we put an 881W in that we get two or more per building so that we can cover the entire building? That would certain replace all the wireless access points currently in my buildings.

So it will be interesting to follow this. Is there a place that I can follow these details closely, beside WIKI. Is there a thread on this or something else?

Thanks for letting me know.

User avatar
aebrown
Community Administrator
Posts: 14691
Joined: Tue Nov 27, 2007 8:48 pm
Location: Sandy, Utah

Postby aebrown » Thu Mar 03, 2011 8:52 am

harddrive wrote:Thanks for the information. My first reaction to this was that allowing people to log in using the LDS account could be a problem. The reason that I can see that is because if there are youth who have an LDS Account could log in. My stake presidency does not want the youth to have access to the wireless at church. We have one unit that it looks like youth may have it.


I'm still not sure about the details. I don't know if you'll still need a passphrase to connect to the wireless and then you will get an additional prompt for the LDS Account, or if the LDS Account will be the only authentication. If it's the former, then you still could control access to the passphrase. Unless someone from the Meetinghouse Technology team knows and can chime in, I think we'll just have to wait for the details to come out.

harddrive wrote:Now as I read the brown bag session, is the security connection going to be changing? So we currently use WPA/2 what will be used in the future? It will be interesting what I will need to do with the current wireless access points in the building. So is the church suggesting that when we put an 881W in that we get two or more per building so that we can cover the entire building? That would certain replace all the wireless access points currently in my buildings.


You would only have one 881W firewall in a building. If you need more wireless coverage, you would add Cisco 1041 WAPs as needed.

harddrive wrote:So it will be interesting to follow this. Is there a place that I can follow these details closely, beside WIKI. Is there a thread on this or something else?


There are a couple of threads on this topic, but there's no guarantee that new information will be posted to them. You could watch the wiki article on the Meetinghouse firewall or Brown bag sessions (meetinghouse); I'm pretty sure both of those would change when the LDS Account authentication is released.
Questions that can benefit the larger community should be asked in a public forum, not a private message.

RossEvans
Senior Member
Posts: 1346
Joined: Wed Jun 11, 2008 8:52 pm
Location: Austin TX
Contact:

Postby RossEvans » Thu Mar 03, 2011 9:40 am

The prospect of general access to WiFi at the meetinghouse is appealling. But with all the concern about inappropriate use, I worry that general access would motivate stakes to filter sites available. I know from reading these forums that filtering can sometimes hamper access to legitimate Internet tools because filtering is imperfect and subjective.

So far in our building, only selected leaders get WiFi access, and only stake and ward offices get wired access. We comfortably run with general unfiltered access.

User avatar
aebrown
Community Administrator
Posts: 14691
Joined: Tue Nov 27, 2007 8:48 pm
Location: Sandy, Utah

Postby aebrown » Thu Mar 03, 2011 9:49 am

RossEvans wrote:We comfortably run with general unfiltered access.


I hope you mean "general filtered access." The "General Access" filtering option is less restrictive than the other two options, but it does filter out bad sites, as long as access goes through the Church-supplied firewall (which is an absolute requirement).

The new Cisco 881W only has one filtering level, and it is similar to (perhaps exactly the same as?) the General Access level on the legacy firewalls.
Questions that can benefit the larger community should be asked in a public forum, not a private message.

RossEvans
Senior Member
Posts: 1346
Joined: Wed Jun 11, 2008 8:52 pm
Location: Austin TX
Contact:

Postby RossEvans » Thu Mar 03, 2011 10:08 am

aebrown wrote:I hope you mean "general filtered access." The "General Access" filtering option is less restrictive than the other two options, but it does filter out bad sites, as long as access goes through the Church-supplied firewall (which is an absolute requirement).

The new Cisco 881W only has one filtering level, and it is similar to (perhaps exactly the same as?) the General Access level on the legacy firewalls.


That's good to know. From the perspective of a humble user in the clerk's office, I would be happy with that status quo.

However, having just one level of filtering might aggravate stake presidents who, for whatever reason, have opted for tighter levels of filtering before. Granting WiFi access to rank-and-file members will probably magnifiy any dissonance on their part. But if Salt Lake makes the decision on what is appropriate, I guess that should satisfy most concerns.

jdlessley
Community Moderators
Posts: 6526
Joined: Sun Mar 16, 2008 11:30 pm
Location: USA, TX

Postby jdlessley » Thu Mar 03, 2011 2:00 pm

RossEvans wrote:However, having just one level of filtering might aggravate stake presidents who, for whatever reason, have opted for tighter levels of filtering before. Granting WiFi access to rank-and-file members will probably magnifiy any dissonance on their part. But if Salt Lake makes the decision on what is appropriate, I guess that should satisfy most concerns.

What I get from reading the notes at the brownbag session is that the Church is providing once again some standardization to the equipment. I don't see any restriction on whether a stake can implement further filtering on a local network. Granted this would require some additional hardware or possibly software at the stake's expense to accomplish. But it can be done.
JD Lessley
Have you tried finding your answer on the LDS.org Help Center page or the LDSTech wiki?

User avatar
johnshaw
Senior Member
Posts: 1834
Joined: Fri Jan 19, 2007 1:55 pm
Location: Syracuse, UT

Postby johnshaw » Thu Mar 03, 2011 6:53 pm

My advice to Stake Presidents would be to let CHQ handle the filtering, I can't see reasons to put more effort into it (I'm busy enough just keeping the equipment operating in our stake) to worry about filtering beyond what the church is already providing. The church has taken on the responsibility and accountability for it. As long as we're not providing access that bypasses the firewall.


Return to “Meetinghouse Internet”

Who is online

Users browsing this forum: No registered users and 1 guest