Wireless access setup for chapel

Discussions about Internet service providers (ISPs), the Meetinghouse Firewall, wired and wireless networking, usage, management, and support of Meetinghouse Internet
User avatar
hkk2
New Member
Posts: 16
Joined: Thu Mar 13, 2008 1:25 pm
Location: Anthem Stake (Henderson, NV)
Contact:

Wireless access setup for chapel

#1

Post by hkk2 »

I'm looking into setting up wireless access with the chapel to go behind the PIX firewall. I'm just curious as to what others have done so far in this instance or if there is a Church specified setup for this that I have not yet found information on?

And on a side note, how much routing is this firewall set up to do and how much access to we have to it to make adjustments to create subnets and such?
russellhltn
Community Administrator
Posts: 34422
Joined: Sat Jan 20, 2007 2:53 pm
Location: U.S.

#2

Post by russellhltn »

Are you in the North America Southwest, Utah North, Utah Salt Lake City, or Utah South area? Those are the areas that are on "Meetinghouse Internet" rollout. I don't know as adding your own wireless for general use is allowed if your area isn't yet on the Meetinghouse Internet program.
User avatar
aebrown
Community Administrator
Posts: 15153
Joined: Tue Nov 27, 2007 8:48 pm
Location: Draper, Utah

#3

Post by aebrown »

cybr wrote:I'm looking into setting up wireless access with the chapel to go behind the PIX firewall. I'm just curious as to what others have done so far in this instance or if there is a Church specified setup for this that I have not yet found information on?

And on a side note, how much routing is this firewall set up to do and how much access to we have to it to make adjustments to create subnets and such?

Your building could be in any of three situations:

1. It houses an existing CCN (an authorized Internet connection installed and paid for by the Church, generally part of a Family History Center). These CCNs have a Church-managed Cisco PIX. For some such buildings, the Church installed wireless access points; others have no wireless at this point. The Church manages the PIX and the WAPs (if present). The stake may provide additional routers, wireless, etc.

2. It is in one of the approved areas for the new Meetinghouse Internet program. If the stake president decides to put a broadband connection in the building, the Church provides a Cisco ASA 5505 Firewall; the stake provides the Internet connection, and any additional routers, wireless, etc. The Church manages the firewall (which also functions as a router for up to 7 additional wired connections).

3. It is has no CCN and is not in an area approved for Meetinghouse Internet at this time. In this case, no Internet connection may be installed in the building until specific authorization is given.

If you will tell us which situation you are in, we can give more specific help. In any of these situations, the Stake Technology Specialist should be directing the local efforts.
User avatar
hkk2
New Member
Posts: 16
Joined: Thu Mar 13, 2008 1:25 pm
Location: Anthem Stake (Henderson, NV)
Contact:

#4

Post by hkk2 »

Situation 2 is for me. And, I am the new Stake Technology Specialist. I've been told that there are high hopes now that I am it. I'm not sure what they are talking about. However, I'm A+ and Net+ certified and have completed the CCNA v3 classes. Wireless is not going to be my strong point as far as a large scale implementation. I've also taken a BICSI course offered under the Cisco academy.

Anyways, as I was stating I fall under situation #2 here. I still have 8 ward clerk computers that I need to do the 5.5 image as my predecessors did not finished this process yet. I've got the stake presidency and regional building coordinator's go to implement it into a specified chapel (that still needs the new image on all 3 computers). I'm still trying to figure out a broadband provider which lead me to trying to find out if a static IP is needed. I've got a lot of work ahead of me.
russellhltn
Community Administrator
Posts: 34422
Joined: Sat Jan 20, 2007 2:53 pm
Location: U.S.

#5

Post by russellhltn »

You'll need to install Desktop 5.5 before those admin computers can be placed on the Internet. Static IP from the ISP is not required.

You also should check out this thread on using Xilec to assess your ISP options.
User avatar
hkk2
New Member
Posts: 16
Joined: Thu Mar 13, 2008 1:25 pm
Location: Anthem Stake (Henderson, NV)
Contact:

#6

Post by hkk2 »

I'm already in the works on scheduling time with the ward clerks for me to go in and install Desktop 5.5 (as well as memory upgrades). And I might end up going with Cox cable as I have someone in my ward who is an advertiser for them, but I'm not leaving Embarq out of the picture until I've seen all my options. Thanks for the Xilec thread, I'm going to use that as a tool for my decision making.

Back to the matter at which I started this post, I'm setting up in a seminary chapel as our first run (per the stake president) before doing the stake center where the FHC is (and only has one of the computers set up with POTS internet). For the seminary chapel they want wireless service set up so that members will quit "piggybacking" off the neighboring homes. I was thinking of setting up 3 wireless routers; 1 on each side of the front in the clerks offices and 1 in the back by the RS/Primary rooms. And I was going to subnet them so there would only be 26 hosts each, and all 3 cat6ed back to the PIX. This layout may change as I am doing much of this work after 1am when I get out of work and I don't have a full layout for the seminary chapel as it's the last of the chapels I have visited (and farthest from my home). Belkin has a couple of wifi models that have 2 keys available so that one key is internet only, no network access (I'm thinking of internal security as the PIX offers external). Not to say this isn't hackable, but it's a preventative measure. I've never run one of these home routers in access point mode so I'm not sure how to go about managing it without buying the equipment and experimenting with it. And, I don't have my own funds for such an endeavor yet.

I'm in the research phase right now, hence why I've submitted to this forum to find out what others have done and to get some suggestions. Once I've made my decisions I should easily have the backing of the stake president and FM, who are looking to me for complete input.
russellhltn
Community Administrator
Posts: 34422
Joined: Sat Jan 20, 2007 2:53 pm
Location: U.S.

#7

Post by russellhltn »

cybr wrote:Belkin has a couple of wifi models that have 2 keys available so that one key is internet only, no network access (I'm thinking of internal security as the PIX offers external).
I don't see the advantage.

Why wouldn't you use a home type router/AP? My biggest concern would be over the wireless performance. After that, I don't really see an advantage unless I'm trying to get computer to talk to each other instead of just the Internet.
User avatar
aebrown
Community Administrator
Posts: 15153
Joined: Tue Nov 27, 2007 8:48 pm
Location: Draper, Utah

#8

Post by aebrown »

cybr wrote:I was going to subnet them so there would only be 26 hosts each, and all 3 cat6ed back to the PIX.
You are welcome to configure the network downstream from the firewall as you deem most prudent, within the official guidelines and the direction of your stake president. I would note a few things:
  • It is helpful to review the Meetinghouse Internet documents on clerk.lds.org. In particular, I would read the Installation Guide for the firewall. It helps you know what is expected on the ISP side, and how you can connect to the firewall. Don't put off reading it until you have the firewall device and are ready to install it.
  • There are also several threads on this forum you could profitably review -- search for Meetinghouse Internet (not all the threads are in the Meetinghouse Internet forum).
  • You referred to a PIX. Perhaps this is picky, but I would note that the firewall device for the Meetinghouse Internet program is a Cisco ASA 5505 Firewall. It has 7 ports (the PIX 501 used in Family History Centers has 4 ports).
  • There is a requirement for wireless security to be WPA or WPA2, as specified in this post by a Church employee.
  • The stake president is responsible for setting local security policy (of course you as STS will make recommendations in this area), such as who may know the WPA key and how it is shared.
russellhltn
Community Administrator
Posts: 34422
Joined: Sat Jan 20, 2007 2:53 pm
Location: U.S.

#9

Post by russellhltn »

Alan_Brown wrote:You referred to a PIX. Perhaps this is picky, but I would note that the firewall device for the Meetinghouse Internet program is a Cisco ASA 5505 Firewall. It has 7 ports (the PIX 501 used in Family History Centers has 4 ports).
I think which unit you have depends on when it was installed. From other posts, the PIX 501 has been discontinued. Since most FHC should have already gotten broadband, then they'll be the PIX (or if they're really behind, maybe a SonicWall - which should have been replaced by the PIX) Newer installs will have a different model. Maybe the ASA 5505 mentioned.
User avatar
aebrown
Community Administrator
Posts: 15153
Joined: Tue Nov 27, 2007 8:48 pm
Location: Draper, Utah

#10

Post by aebrown »

RussellHltn wrote:I think which unit you have depends on when it was installed. From other posts, the PIX 501 has been discontinued. Since most FHC should have already gotten broadband, then they'll be the PIX (or if they're really behind, maybe a SonicWall - which should have been replaced by the PIX) Newer installs will have a different model. Maybe the ASA 5505 mentioned.
I was not making a general statement for all possible Internet connections, but rather was responding to the question posed on this thread. cybr clearly said in this post that he is talking about the new Meetinghouse Internet program, providing broadband to a building which did not previously have it.

So it will be a Cisco ASA 5505 Firewall. That is the only Firewall device that has been used for this particular program. I was trying to avoid any confusion on what is really a simple one-option issue. And then you had to go and mention even more irrelevant hardware :p.
Post Reply

Return to “Meetinghouse Internet”