Tech Forum

johnshaw wrote:This is quite frustrating ...

The Cisco 881W firewalls need to be replaced; but since the 881W hosts a wireless AP a replacement WAP is need in many locations. CHQ could have opted to ship a 701i AP instead. But with the decision to replace Cisco with Meraki firewalls, it made sense to implement Meraki APs instead. Granted the mixed AP environment is challenging, but the new hardware will provide additional (future) network capabilities. Eventually the Cisco APs will need to be replaced; when that time comes, the device will likely be a Meraki AP model. If a building were outfitted with the same type hardware (Cisco or Meraki) then activities like roaming might be better. But as my previously reply mentioned, if a Meraki AP is moved to a different building--then that AP must be "Removed" from the old network and "Added" to the new network through Technology Manager.

I reported this issue a couple months ago when we first set it up and my HQ contact didn't seem aware of it. So I used an extra 1041 we had from another building instead of the MR33 that came with the new firewall. But this week my FM said I absolutely had to install the Meraki. So I talked to another person at HQ on Friday and their answer was that roaming wasn't in the requirements they had to meet. But that the Meraki is better and that we had to use it because they already paid for it. They still don't seem to understand the issue.

Well it does confirm that the requirements for replacing the 881's in the meetinghouse networks didn't include a smooth or pleasant end user experience only the anticipated 'better' network stuff with the Meraki Cloud implementation. I imagine the benefits are great in this area, particularly as it relates to the International Church, however, I can't imagine a service out there that wouldn't include end user usage as an important aspect.

Just another reminder that we, as members of the church, are not the 'clients' of these teams at the Central Office.

As a former CHQ employee I can say that in general the meetinghouse technology group recommends the right solution but the facilities budget doesn't allow it.

Craig, while I understand the sentiment, I'm not confident that those things should be mutually exclusive. How can a solution be 'right' if it isn't within the budget? And is it OK to move forward with the solution the network team thinks is 'right' even though they know it will be substantially intrusive to members over the years until FM is able to pay to make it 'right'. Those Cisco AP's aren't going anywhere anytime soon, they'll last years and years.

Based on both items, the 'right' solution and the FM Budget, it seems that the solution should've been to replace the firewall with Meraki and the Wireless with a Cisco AP. Or at least instructed that a meetinghouse, as much as possible, be either all Cisco AP's or All Meraki AP's. It wouldn't be that hard in most Stakes... Stake Center with 2 or 3 other buildings - But regardless FM's can figure out that every third one put all the Meraki in and move the Cisco's to the other buildings to cover the new router w/o an AP built in.

An STS who cares will get this going easily, while FM's contract work out to get things done, they'll not worry about it because they don't have to support the local end users, that's the STS.

This is the Meetinghouse Internet Project all-over-again, the Come Follow Me project roll out, where teams all make decisions, roll them out and FM can't actually support them. When are we going to learn?

johnshaw wrote:Those Cisco AP's aren't going anywhere anytime soon, they'll last years and years.

I think the real question is when does support end? I think on the computer/network side of things, the church tends to get rid of things when the support lapses, not when it quits working.

Ya, those 881's just weren't all that popular as I understand it, my company ordered a few pallets of them and never actually used them because by the time we started to deploy them for what they were going to be used for a RaspberryPI device could do the same thing.... I don't think that's the same for the AP's I think those AP's are really sticking around.

But I just looked it up... Looks like end of Life is September 2018 for the 1040 Series..

http://www.cisco.com/c/en/us/products/c ... 27650.html

End of Life for the 881 W seems to be July 2019... a year or so later than the 1041 AP's

http://www.cisco.com/c/en/us/products/c ... 30681.html

I think more troubling is the end of software updates for the 881: July 3, 2015. If there's another date for security patches, I'm not seeing it.

That's not good for something that connects to the "wild" side of the Internet.

The APs seem to have the same date, but they're far more protected.

We are not able to disable wireless on the Cisco APs now that the Meraki firewall was installed. During stake conference that was really nice to use TM to disable wireless to conserve bandwidth. Does anyone else have the same issues that they can no longer disable the Cisco APs?

jkentner wrote:We are not able to disable wireless on the Cisco APs now that the Meraki firewall was installed. During stake conference that was really nice to use TM to disable wireless to conserve bandwidth. Does anyone else have the same issues that they can no longer disable the Cisco APs?

It must have been a timing issue. Our Cisco APs now show up in TM and they can be disabled!