WI-FI Passwords

[KeithWilson]

We have the older equipment, (older than the Cisco 881W). With all buildings setup soon with the updated Firewall and WAP, should I change the password to the new standard, LDSAccess? (With the standard issued password issued from the GSD) ? Or do I have to wait for my buildings to get all upgraded with the Cisco 881W?

[aebrown]

We have the older equipment, (older than the Cisco 881W). With all buildings setup soon with the updated Firewall and WAP, should I change the password to the new standard, LDSAccess? (With the standard issued password issued from the GSD) ? Or do I have to wait for my buildings to get all upgraded with the Cisco 881W?

Older equipment (typically a Cisco 501 Pix firewall and Cisco Aironet 1200 series WAPs) does support LDSAccess. If you're not already on LDSAccess, and you have that hardware, then you are probably using the Odyssey client for wireless connections. If so, I'd recommend that you change to LDSAccess. It's a lot more flexible and easier to connect to -- you don't have the hassle of installing the client and calling the GSC to activate it. And then when you do upgrade to the Cisco 881W, you will have done most of the work of connecting already. You would just need to call the GSC and ask them to remove the Moroni profile from the WAPs and configure the LDSAccess profile.

[russellhltn]

If by chance you're not running Cisco WAPs, then I think it depends on what you want to accomplish.

[KeithWilson]

We change the passwords periodically, and have by the direction of the stake president, we have the bishops provide it to those that need it. We change it periodically, simply to keep those from using it who have been released from callings where they needed it, but no longer need it. That's it. We change it every 6 months, at General Conference weekend. And no, we don't have the Cisco WAPs, it's all older equipment.

[rbeede]

Buildings with existing firewalls and wireless are not required to update to new hardware. If the existing hardware is working there is no need to change it or spend the money. I wouldn't bother with changing the wireless setup you have now especially if the stake president wants to limit individuals who know the wireless password. With the current Cisco setup and LDSAccess it can be more difficult to get the password changed.

[KeithWilson]

Sorry, I didn't explain it very well. Is there a policy problem if I change our WAP to the standard, then when we get the new firewall and WAPs everyones devices will connect, and so, it would be the last time I would need to change it. So, if someone's iPad had the Network ID and Password entered for the old WAPs, then the stake moves to the newer models, it should still connect with no problem, right?

[Mikerowaved]

Sorry, I didn't explain it very well. Is there a policy problem if I change our WAP to the standard, then when we get the new firewall and WAPs everyones devices will connect, and so, it would be the last time I would need to change it. So, if someone's iPad had the Network ID and Password entered for the old WAPs, then the stake moves to the newer models, it should still connect with no problem, right?

That would work fine, as long as you're confident the stake president doesn't desire the wireless key to be changed in 6 months.

Eventually, users will need both the WPA2 key and their LDSAccount credentials to access the WiFi, but currently only the key is needed. Not sure on the timing of rolling out the LDSAccount part of it, but hopefully sometime this year.

[KeithWilson]

Thanks for the feedback, I am going to recommend the move, then it will be much easier when the new hardware arrives.

[rbeede]

That can work, but you have to get the following exactly right:

SSID: LDSAccess (case sensitive)

Encryption: WPA2-PSK

Cipher: Don't remember if it is AES only or TKIP+AES. This is important otherwise when changed all wireless clients will fail to connect if this doesn't match their saved profile.

[MerrillDL]

We have the older equipment, (older than the Cisco 881W). With all buildings setup soon with the updated Firewall and WAP, should I change the password to the new standard, LDSAccess? (With the standard issued password issued from the GSD) ? Or do I have to wait for my buildings to get all upgraded with the Cisco 881W?

If you have a Cisco PIX 501 or Cisco ASA 5505 and are using either the Aironet 1200 or the newer 1041 Access Points, you can call the GSC to change the LDS Access password for that location.

If you have the 881w firewall, you are restricted to the default LDSAccess password. The password policy is set globally for the 881's.

You can install 3rd party (D-Link, Belkin, Linksys, etc...) router/access points and assign the SSID as LDSAccess, with the default LDSAccess password. In fact it is recommended that you do it this way because if you have visiting authorities from Salt Lake and they bring their computer, they will automatically connect to the meetinghouse Internet.

If a different SSID is used, then the authentication information should be managed by the ward/person who setup the device. However, the password/encryption information should be given to the STS because he is the steward for MHI.