One Meetinghouse Internet Implementation

hkk2 · #11

The Earl wrote:You might be able to use VLANs to make that work. I run my public wireless off VLAN-2, and I told the router not to move traffic between VLAN-1 and VLAN-2. The boxes all end up with the same IP subnet and everything, but you can't get from the wireless to the wired network w/o going through the firewall.

I am doing this with a hacked WRT54G, I am not sure how you would do that with the Cisco router.

Usually done with a Cisco Router and Cisco Switch. The switch handling the VLANs and the router handling IP traffic. I've been told there are several methods in configuring the Cisco IOS to do this, and not only by separating it out in VLANS either.

russellhltn · #12

cybr wrote:Usually done with a Cisco Router and Cisco Switch.

Depends on the geek crowd you hang out with. Pros will probably lean to Cisco, but some home users will take a Linksys and install Open Source firmware. Check the Wikipedia page for an intro to the subject.

(Standard disclaimer - this is not a church endorsement of equipment or manufacturers, but simply examples given for discussion.)

It would be nice to come up with a good list of models that provide good price/performance for various needs.

The_Earl · #13

RussellHltn wrote:Depends on the geek crowd you hang out with. Pros will probably lean to Cisco, but some home users will take a Linksys and install Open Source firmware. Check the Wikipedia page for an intro to the subject.

(Standard disclaimer - this is not a church endorsement of equipment or manufacturers, but simply examples given for discussion.)

It would be nice to come up with a good list of models that provide good price/performance for various needs.

I will personally endorse the hacked Linksys method, as that is what I am using at home.

List of models?

The older the better. Do not buy a V 7.0 WRT54G.
http://wiki.openwrt.org/OpenWrtDocs/Hardware/Linksys/WRT54G?highlight=%28CategoryModel%29
http://www.dd-wrt.com/wiki/index.php/Su ... l_today.29

I like dd-wrt for non-techies, OpenWRT for the true geek. If you don't like command line / package management, go for dd-wrt.

Buzz on the street says the Linksys are not the way to go anymore, Buffalo and Asus giving better performance for the price. I don't know for sure, as I have to many of the Linksys boxes to branch out

Again, not an endorsement by the church.

The Earl

russellhltn · #14

The Earl wrote:The older the better. Do not buy a V 7.0 WRT54G.

I thought that's why Linksys came out with the WRT54GL - to allow open source.

However, one question that should be asked is how hard would it be for the next STS to support a Open Source router as opposed to a "normal" one?

The_Earl · #15

RussellHltn wrote:I thought that's why Linksys came out with the WRT54GL - to allow open source.

However, one question that should be asked is how hard would it be for the next STS to support a Open Source router as opposed to a "normal" one?

All of the older Linksys routers (pre 5.0) run Linux, with a Linksys UI.

dd-wrt is a drop-in replacement that, after the initial load, is more stable, more user friendly, and more functional than the original firmwares. For older routers, loading dd-wrt is the same process as updating the stock firmware. Newer routers require a two-step process that is well documented.

An STS should have no more trouble supporting a router running dd-wrt than running the stock Linksys firmware. I have convinced many of my non-technical friends to load dd-wrt to simplify and solidify their routers. All of them have been happy with the results.

The WRT54GL is a beefier router, but costs a bit more. For this purpose, the additional hardware is not needed, so the cost / benefit is not as clear.

What I am not sure of is how to configure the PIX firewall to see the VLANs from the Linksys. Ideally, you would use the Linksys box as the WAP, and the PIX for the router / gateway. I know how to get that working on the Linksys side, but not the PIX.

The Earl

russellhltn · #16

The Earl wrote:An STS should have no more trouble supporting a router running dd-wrt than running the stock Linksys firmware.

As long as they know where to go for updates. That comes down to documentation and making sure it gets into the next STS's hands (and the one after them). Probably a good move would be to put that information on a sticker and put it on the unit itself. Or maybe the web screens (if it's not there already).

I don't know as I'd rely on a 3 ring binder to find it's way to the next guy.

aebrown · #17

The Earl wrote:What I am not sure of is how to configure the PIX firewall to see the VLANs from the Linksys. Ideally, you would use the Linksys box as the WAP, and the PIX for the router / gateway. I know how to get that working on the Linksys side, but not the PIX.

The simple answer is, you don't. The PIX (in the case of CCN connections) or the ASA Firewall (in the case of new Meetinghouse Internet connections) is completely managed by the Church (via the GSD). They don't share the login/password with you. So as far as you can tell, it's a black box.

It will function as a gateway and router for you, but only in the subnet it is configured for. I suppose you could beg for an exception to be made in your case so that you can reprogram the Church-managed firewall, but I wouldn't hold my breath.

But why would you need to reprogram the Church-managed firewall, anyway? You can simply put your own router inside the firewall, connect one cable from your router to the firewall, and then configure your router and every other aspect of the internal network however you like.

russellhltn · #18

I think if there's a specific need, you can call GSD and talk to them to get it set up for you. No guarantees they'll do it, but you can call.

russellja-p40 · #19

In your installation you used "Two Linksys Ultra RangePlus Wireless-N Broadband Routers (WRT160N)".

How have those been working for you? Do they see heavy use? I have seen mixed reviews on newegg. Do you need to powercycle them at all?

Thanks

aebrown · #20

russellja wrote:In your installation you used "Two Linksys Ultra RangePlus Wireless-N Broadband Routers (WRT160N)".

How have those been working for you? Do they see heavy use? I have seen mixed reviews on newegg. Do you need to powercycle them at all?

Thanks

So far they are working fine. I can't be sure that no one else has cycled the power on them, but I have not been called to do so in the two months they have been installed. I get calls all the time on our flaky Internet connection in another building, so I imagine I would hear if there were problems, especially since the router and firewall are in one clerk's office, and the other two wards would not have access if a reset were necessary if the office were not open. I personally have gone to that building 3 or 4 times in this period to do computer maintenance or clerk support, and the connection has been up each time.

The use would be relatively light -- heaviest on Sunday, but even then it would be just the three wards doing MLS transmissions, and a few other odds and ends (updating web sites, missionary applications, etc.). There must be some use during the week by bishoprics, but all in all, I would think it is not heavily used at all.

I'm helping our stake Indexing coordinator this Sunday with a presentation, and in my preparation for it I had a nice strong signal in the multi-purpose room, where the signal would have to go through 4 cinder-block walls, and it was 4 out of 5 bars of signal strength.