Tech Forum

I know its not the standard setup, and it's more of a "I am just curious" question.

We have a complete hardwired setup in our stake center using the ASA5505 and a software modified consumer grade routers to handle just the the WIFI. The wifi router is plugged into the ASA and hands out its own IP's with zero issues, we have all the PC's & printers in the building with dedicated IP's Including the FHC. Deepfreeze is used on the 7 PC's in the FHC too, (works great BTW.) Speedtest.net shows everything is running at 10 - 12 mbits I have POE going out to all 7 of the other consumer grade routers that have been reconfigured (firmware) to be higher power AP's building is fully covered and them some. The ASA handles everything wired. The Modified WRT54GL handles everything wireless.

Our Stake president is computer savvy as is our 1st counselor to the Stake president. It is their direction to me the STS to keep the networks separate.


Our FM group is offering to bring in the 881w and the 1041n's to "upgrade" the Stake center, but everything will be on one network.

Will the 881 work if it were plugged into the ASA5505 and just run the Wifi? Would CHQ be able to control the 881 if it were plugged into the 5505, if not. Could it be plugged into the cable modem, configure it let the 1041's configure then just move its WAN port cable to the 5505?

I have zero experience with the 881 but it seems to me once it see's the internet it configures its on VPN port.



Roland

rolandc wrote:Will the 881 work if it were plugged into the ASA5505 and just run the Wifi? Would CHQ be able to control the 881 if it were plugged into the 5505, if not. Could it be plugged into the cable modem, configure it let the 1041's configure then just move its WAN port cable to the 5505?

If you really want to keep your current WiFi network, it seems like a simpler approach would be to replace the ASA with the 881w. I don't think the Church wants to continue to maintain ASAs in perpetuity. You can then use the 881w for everything wired, just like you do now for the 881w. The one challenge would be that the 881w does have a built-in LDSAccess wireless network. You can minimize that by not connecting the antennas, but it will still provide a wireless signal in its proximity. But other than that, you could stick with your current configuration.

I would strongly urge you to accept the kind offering from your FM group (speaking from one in a VERY different circumstance). The 1041 is 'N' and might provide better performance down the road, and you get the benefit of the LDS Access SSID. I didn't understand what you meant by 'keep the networks separate' unless you were referring to the wired and wireless, but if it was a result of the limited IP Addresses with the ASA, the 881w also provides a better range of dynamic addresses with the ability to expand the scope for greater usage if that is a concern. I typically keep a couple consumer WAP's as well for special classes or circumstances if the need arises. Finally, it will provide value down the road to use the LDS Access SSID as we implement the LDS Account sign-on to the network with the abiltity to allow 'roles' access to the network.

rolandc wrote:Our FM group is offering to bring in the 881w and the 1041n's to "upgrade" the Stake center, but everything will be on one network.

While that may be a step backwards in security in having everything on one network, it's moving you to the church standard - something that will greatly help your successor.

The ASA 5505's are basically old technology, those replaced the PIX 501's in the late 2000's and were definitely better, as it was, the PIX firewalls were end-of-life at that point.

I've not seen how long a 5505 will be supported by Cisco, but the 881W is definitely a better solution than the 5505s, much in the way that the 5505s were better tech than the PIXs.

Also, being an 802.11n router, the 881W will allow video resources to play much better, as 802.11g was considered good for voice and audio, and since more resources are being made available online in video format, being on a good 'N' router is going to be much to your advantage as well, especially as the LDS Account is integrated into the system.

In fact, I'm also thinking, but not sure, that the 5505s may not support the LDS Account protocols envisioned for member access.

But can you run "n" if there is any "g" only on the channel?

I've heard you can run G on an N netowrk, you just don't get the torughput benefits on your own machine that you may be running on the network if its wireless card is a G.

Had a machine with a G card that would give me 54MB throughput, while an N card would have given me double that.

The question is what happens to all the "N" cards on the network. I know the old g systems would drop back to "b" if only one device couldn't do "g". In other words, it became a "g" network only when no "b" devices were present. I'm wondering of n is the same way.

RussellHltn wrote:The question is what happens to all the "N" cards on the network. I know the old g systems would drop back to "b" if only one device couldn't do "g". In other words, it became a "g" network only when no "b" devices were present. I'm wondering of n is the same way.

A quick Google is your friend search says that the G cards do not slow down the N network like the B cards did. The G cards work at G speed, but the rest of the network stays at N speed.

I have no idea if this page is accurate or not, but it sounds impressive and matches what I also read elsewhere. Still the disclaimer, read at your own risk.

You aren't going to want to have a firewall plugged into a firewall, nor would you be able to program the ASA5505 to be nothing more than a passthrough - 100% of the programming of those devices is handled by CHQ and they aren't rushing to provide custom solutions. There are ways you could isolate the networks but those would probably break the remote inventory and desktop control functions.