Will the Pix 501 and 1100 series WAP's Work with the new authentication system?

Discussions about Internet service providers (ISPs), the Meetinghouse Firewall, wired and wireless networking, usage, management, and support of Meetinghouse Internet
User avatar
Biggles
Senior Member
Posts: 1608
Joined: Tue May 27, 2008 5:14 am
Location: Watford, England

Will the Pix 501 and 1100 series WAP's Work with the new authentication system?

#1

Post by Biggles »

Purely out of interest, will the authentication system work with the 1100 series WAP's and Pix 501, when it goes live?

This is a repeat of my post in another thread, which may be I should have done originally, but was hoping for clarification in that thread.
bradhokanson
Church Employee
Church Employee
Posts: 48
Joined: Sun Mar 06, 2011 12:31 pm
Location: Utah, USA

#2

Post by bradhokanson »

No they wont.
Biggles wrote:Purely out of interest, will the authentication system work with the 1100 series WAP's and Pix 501, when it goes live?

This is a repeat of my post in another thread, which may be I should have done originally, but was hoping for clarification in that thread.
User avatar
aebrown
Community Administrator
Posts: 15153
Joined: Tue Nov 27, 2007 8:48 pm
Location: Draper, Utah

#3

Post by aebrown »

Biggles wrote:Purely out of interest, will the authentication system work with the 1100 series WAP's and Pix 501, when it goes live?

This is a repeat of my post in another thread, which may be I should have done originally, but was hoping for clarification in that thread.

It's my understanding that the new authentication system based on LDS Account will not work with the older hardware -- it will require the 881w firewall. I did a quick look, and the only online documentation I could find to back that up is in the January 2011 Brown Bag Session, where you see this:
What are the password requirements on the wireless access points? In the past, wireless access points have been left up to local STS to determine what to use. Going forward, there is a wireless access point available through the eStore. For now, access will be controlled by a global pre-shared key. In the near future (i.e., later this year), this will change to LDS account authentication, and the pre-shared key will no longer be required. NOTE: This will only be available with the new firewall and access points.
Questions that can benefit the larger community should be asked in a public forum, not a private message.
User avatar
Biggles
Senior Member
Posts: 1608
Joined: Tue May 27, 2008 5:14 am
Location: Watford, England

#4

Post by Biggles »

aebrown wrote:It's my understanding that the new authentication system based on LDS Account will not work with the older hardware -- it will require the 881w firewall. I did a quick look, and the only online documentation I could find to back that up is in the January 2011 Brown Bag Session, where you see this:
Many thanks for the reference. With this information and working through the Stake PFR, we will try and persuade our FM Group manager to update our system, in time for the rollout of the authentification system!
russellhltn
Community Administrator
Posts: 34417
Joined: Sat Jan 20, 2007 2:53 pm
Location: U.S.

#5

Post by russellhltn »

Do the WAPs have to be updated as well? I was under the impression that the authentication was all in the firewall.
Have you searched the Help Center? Try doing a Google search and adding "site:churchofjesuschrist.org/help" to the search criteria.

So we can better help you, please edit your Profile to include your general location.
harddrive
Senior Member
Posts: 501
Joined: Thu Jan 03, 2008 7:52 pm

#6

Post by harddrive »

RussellHltn wrote:Do the WAPs have to be updated as well? I was under the impression that the authentication was all in the firewall.

My question is when will this authentication change take place? I have two units that are using ASA 5505's.

I got changes that will need to be done at some of my buildings for this authentication to happen. I would like to get them fixed before this happens.

Thanks for letting me know.
russellhltn
Community Administrator
Posts: 34417
Joined: Sat Jan 20, 2007 2:53 pm
Location: U.S.

#7

Post by russellhltn »

I haven't seen any timetine for LDS Authentication. But the Wiki on Legacy meetinghouse firewalls says
If you have an older meetinghouse firewall, you should contact your FM group to budget for and schedule their replacement with the current meetinghouse firewall offering during the latter half of 2012 or early 2013. Upgraded firewalls will support new local administration capabilities being deployed near the end of 2012.
Note that timelines frequently slip, but that's the most specific information I've seen.
Have you searched the Help Center? Try doing a Google search and adding "site:churchofjesuschrist.org/help" to the search criteria.

So we can better help you, please edit your Profile to include your general location.
User avatar
Jonahhex
New Member
Posts: 17
Joined: Fri Jun 08, 2012 1:33 pm
Location: Salt Lake City

#8

Post by Jonahhex »

This is one point that is not that clear from our engineers yet. The ASA and PIX firewalls do not have password or authentication for WiFi when you connect a 1041n besides a configuration line that lets it talk to a controller. We think all authentication would be handled by the controller and should be able to use ASAs and PIX firewalls... but they are saying no... so far. This is not a finalized system and there can still be changes to come in the near future.
Keeping the Church Communication Network working
Tim Johnson - GSC - Connectivity
User avatar
aebrown
Community Administrator
Posts: 15153
Joined: Tue Nov 27, 2007 8:48 pm
Location: Draper, Utah

#9

Post by aebrown »

jonahhex wrote:This is one point that is not that clear from our engineers yet. The ASA and PIX firewalls do not have password or authentication for WiFi when you connect a 1041n besides a configuration line that lets it talk to a controller. We think all authentication would be handled by the controller and should be able to use ASAs and PIX firewalls... but they are saying no... so far. This is not a finalized system and there can still be changes to come in the near future.
What about the other kind of mixed combination -- an 881w with 1100 or 1200 WAPs? Would that combination support the new authentication? RussellHltn asked that question earlier, and your answer still leaves me wondering about that situation (which applies to two buildings in our stake).
Questions that can benefit the larger community should be asked in a public forum, not a private message.
russellhltn
Community Administrator
Posts: 34417
Joined: Sat Jan 20, 2007 2:53 pm
Location: U.S.

#10

Post by russellhltn »

Prior information suggested that Authentication would also be effective on wired connections. (In general, I support that, except for FHCs). Perhaps the challenge with WAPs is to make sure the firewall sees each connection as a new "user" since it's all coming from the same device.

One of my concerns about this is that someone will stick a rouge home router/WAP in the clerks office. As long as everyone using it has to authenticate, I'm not concerned. But if it allows everyone to use one person's login, then I have a concern.

(We're full of questions, aren't we? )
Have you searched the Help Center? Try doing a Google search and adding "site:churchofjesuschrist.org/help" to the search criteria.

So we can better help you, please edit your Profile to include your general location.
Post Reply

Return to “Meetinghouse Internet”