881w WIFI only

Discussions about Internet service providers (ISPs), the Meetinghouse Firewall, wired and wireless networking, usage, management, and support of Meetinghouse Internet
Post Reply
rolandc
Member
Posts: 257
Joined: Tue May 15, 2012 8:20 pm

881w WIFI only

#1

Post by rolandc »

I know its not the standard setup, and it's more of a "I am just curious" question.

We have a complete hardwired setup in our stake center using the ASA5505 and a software modified consumer grade routers to handle just the the WIFI. The wifi router is plugged into the ASA and hands out its own IP's with zero issues, we have all the PC's & printers in the building with dedicated IP's Including the FHC. Deepfreeze is used on the 7 PC's in the FHC too, (works great BTW.) Speedtest.net shows everything is running at 10 - 12 mbits I have POE going out to all 7 of the other consumer grade routers that have been reconfigured (firmware) to be higher power AP's building is fully covered and them some. The ASA handles everything wired. The Modified WRT54GL handles everything wireless.

Our Stake president is computer savvy as is our 1st counselor to the Stake president. It is their direction to me the STS to keep the networks separate.


Our FM group is offering to bring in the 881w and the 1041n's to "upgrade" the Stake center, but everything will be on one network.

Will the 881 work if it were plugged into the ASA5505 and just run the Wifi? Would CHQ be able to control the 881 if it were plugged into the 5505, if not. Could it be plugged into the cable modem, configure it let the 1041's configure then just move its WAN port cable to the 5505?

I have zero experience with the 881 but it seems to me once it see's the internet it configures its on VPN port.



Roland
User avatar
aebrown
Community Administrator
Posts: 15153
Joined: Tue Nov 27, 2007 8:48 pm
Location: Draper, Utah

#2

Post by aebrown »

rolandc wrote:Will the 881 work if it were plugged into the ASA5505 and just run the Wifi? Would CHQ be able to control the 881 if it were plugged into the 5505, if not. Could it be plugged into the cable modem, configure it let the 1041's configure then just move its WAN port cable to the 5505?

If you really want to keep your current WiFi network, it seems like a simpler approach would be to replace the ASA with the 881w. I don't think the Church wants to continue to maintain ASAs in perpetuity. You can then use the 881w for everything wired, just like you do now for the 881w. The one challenge would be that the 881w does have a built-in LDSAccess wireless network. You can minimize that by not connecting the antennas, but it will still provide a wireless signal in its proximity. But other than that, you could stick with your current configuration.
Questions that can benefit the larger community should be asked in a public forum, not a private message.
User avatar
johnshaw
Senior Member
Posts: 2273
Joined: Fri Jan 19, 2007 1:55 pm
Location: Syracuse, UT

#3

Post by johnshaw »

I would strongly urge you to accept the kind offering from your FM group (speaking from one in a VERY different circumstance). The 1041 is 'N' and might provide better performance down the road, and you get the benefit of the LDS Access SSID. I didn't understand what you meant by 'keep the networks separate' unless you were referring to the wired and wireless, but if it was a result of the limited IP Addresses with the ASA, the 881w also provides a better range of dynamic addresses with the ability to expand the scope for greater usage if that is a concern. I typically keep a couple consumer WAP's as well for special classes or circumstances if the need arises. Finally, it will provide value down the road to use the LDS Access SSID as we implement the LDS Account sign-on to the network with the abiltity to allow 'roles' access to the network.
russellhltn
Community Administrator
Posts: 34418
Joined: Sat Jan 20, 2007 2:53 pm
Location: U.S.

#4

Post by russellhltn »

rolandc wrote:Our FM group is offering to bring in the 881w and the 1041n's to "upgrade" the Stake center, but everything will be on one network.

While that may be a step backwards in security in having everything on one network, it's moving you to the church standard - something that will greatly help your successor.
Have you searched the Help Center? Try doing a Google search and adding "site:churchofjesuschrist.org/help" to the search criteria.

So we can better help you, please edit your Profile to include your general location.
JamesAnderson
Senior Member
Posts: 773
Joined: Tue Jan 23, 2007 2:03 pm

#5

Post by JamesAnderson »

The ASA 5505's are basically old technology, those replaced the PIX 501's in the late 2000's and were definitely better, as it was, the PIX firewalls were end-of-life at that point.

I've not seen how long a 5505 will be supported by Cisco, but the 881W is definitely a better solution than the 5505s, much in the way that the 5505s were better tech than the PIXs.

Also, being an 802.11n router, the 881W will allow video resources to play much better, as 802.11g was considered good for voice and audio, and since more resources are being made available online in video format, being on a good 'N' router is going to be much to your advantage as well, especially as the LDS Account is integrated into the system.

In fact, I'm also thinking, but not sure, that the 5505s may not support the LDS Account protocols envisioned for member access.
russellhltn
Community Administrator
Posts: 34418
Joined: Sat Jan 20, 2007 2:53 pm
Location: U.S.

#6

Post by russellhltn »

But can you run "n" if there is any "g" only on the channel?
Have you searched the Help Center? Try doing a Google search and adding "site:churchofjesuschrist.org/help" to the search criteria.

So we can better help you, please edit your Profile to include your general location.
JamesAnderson
Senior Member
Posts: 773
Joined: Tue Jan 23, 2007 2:03 pm

#7

Post by JamesAnderson »

I've heard you can run G on an N netowrk, you just don't get the torughput benefits on your own machine that you may be running on the network if its wireless card is a G.

Had a machine with a G card that would give me 54MB throughput, while an N card would have given me double that.
russellhltn
Community Administrator
Posts: 34418
Joined: Sat Jan 20, 2007 2:53 pm
Location: U.S.

#8

Post by russellhltn »

The question is what happens to all the "N" cards on the network. I know the old g systems would drop back to "b" if only one device couldn't do "g". In other words, it became a "g" network only when no "b" devices were present. I'm wondering of n is the same way.
Have you searched the Help Center? Try doing a Google search and adding "site:churchofjesuschrist.org/help" to the search criteria.

So we can better help you, please edit your Profile to include your general location.
lajackson
Community Moderators
Posts: 11460
Joined: Mon Mar 17, 2008 10:27 pm
Location: US

#9

Post by lajackson »

RussellHltn wrote:The question is what happens to all the "N" cards on the network. I know the old g systems would drop back to "b" if only one device couldn't do "g". In other words, it became a "g" network only when no "b" devices were present. I'm wondering of n is the same way.

A quick Google is your friend search says that the G cards do not slow down the N network like the B cards did. The G cards work at G speed, but the rest of the network stays at N speed.

I have no idea if this page is accurate or not, but it sounds impressive and matches what I also read elsewhere. Still the disclaimer, read at your own risk.
aclawson
Senior Member
Posts: 760
Joined: Fri Jan 19, 2007 6:28 pm

#10

Post by aclawson »

You aren't going to want to have a firewall plugged into a firewall, nor would you be able to program the ASA5505 to be nothing more than a passthrough - 100% of the programming of those devices is handled by CHQ and they aren't rushing to provide custom solutions. There are ways you could isolate the networks but those would probably break the remote inventory and desktop control functions.
Post Reply

Return to “Meetinghouse Internet”