Cisco 1041 WiFi

Discussions about Internet service providers (ISPs), the Meetinghouse Firewall, wired and wireless networking, usage, management, and support of Meetinghouse Internet
techgy
Community Moderators
Posts: 3183
Joined: Sun Jan 13, 2008 6:48 pm
Location: California

Cisco 1041 WiFi

#1

Post by techgy »

A couple of years ago we set up Internet service in the four buildings in our stake. For the most part that effort is still working well. However, we have had problems with the wireless bridges that we've been using and we have been considering moving to the new Cisco 1041 Wireless Access Point.

On a side note the MH Internet Wiki mentions the web site of: http://firewall.lds.org - this site is no longer operational - at least it wasn't this morning when I attempted to go there for additional help.

Questions:

1) What's it's typical range? (I realize that this will depend greatly upon the type of structure that it's used in). Our stake center is cinder block and a couple of older buildings are wood frame and stucco.

2) What, if any, specific problems were encountered?

Thanks
Have you read the Code of Conduct?
User avatar
aebrown
Community Administrator
Posts: 15153
Joined: Tue Nov 27, 2007 8:48 pm
Location: Draper, Utah

#2

Post by aebrown »

techgy wrote:On a side note the MH Internet Wiki mentions the web site of: http://firewall.lds.org - this site is no longer operational - at least it wasn't this morning when I attempted to go there for additional help.

If you read the instructions on the wiki at Installing and activating the Cisco 881W meetinghouse firewall carefully, you'll see that firewall.lds.org is a special site that is available only for purposes of activating the Cisco 881W firewall. It is not generally available, and does not contain help -- it is part of the automated setup process that is unique to the 881W, and thus can be seen only when accessed via the 881W.
Questions that can benefit the larger community should be asked in a public forum, not a private message.
techgy
Community Moderators
Posts: 3183
Joined: Sun Jan 13, 2008 6:48 pm
Location: California

#3

Post by techgy »

aebrown wrote:If you read the instructions on the wiki at Installing and activating the Cisco 881W meetinghouse firewall carefully, you'll see that firewall.lds.org is a special site that is available only for purposes of activating the Cisco 881W firewall. It is not generally available, and does not contain help -- it is part of the automated setup process that is unique to the 881W, and thus can be seen only when accessed via the 881W.

Yes, I did notice that comment, but it wasn't made clear. Thanks. At this point I'm not too sure exactly what products we're looking for. We currently use the ASA 5505 firewalls and they're working fine, so I'm thinking that just the 1041 WiFi access points would probably do the job with our current firewalls. I'd really like to get some feedback from someone who's actually put these products into use.

I went to the Cisco web site to get a feel for the 1041 Access point, but it's not listed, so that further compounded my confusion. Perhaps the Church has a special arrangement with Cisco for a product that's not publically available?
Have you read the Code of Conduct?
User avatar
aebrown
Community Administrator
Posts: 15153
Joined: Tue Nov 27, 2007 8:48 pm
Location: Draper, Utah

#4

Post by aebrown »

techgy wrote:I went to the Cisco web site to get a feel for the 1041 Access point, but it's not listed, so that further compounded my confusion. Perhaps the Church has a special arrangement with Cisco for a product that's not publically available?

Much of Cisco's documentation refers to the 1040 series, which the 1041 is part of. See Cisco Aironet 1040 Series Access Points for specs. It is indeed a publicly available Cisco product.
Questions that can benefit the larger community should be asked in a public forum, not a private message.
techgy
Community Moderators
Posts: 3183
Joined: Sun Jan 13, 2008 6:48 pm
Location: California

#5

Post by techgy »

aebrown wrote:Much of Cisco's documentation refers to the 1040 series, which the 1041 is part of. See Cisco Aironet 1040 Series Access Points for specs. It is indeed a publicly available Cisco product.

I DID notice the 1040 series and as you said, the 1041's part of that group. I'm still hoping to get some feedback from someone who's actually use a few of these access point devices.

FWIW, I called the GSD this morning and got some additional information on the 881 Firewall, which is also listed in the Meetinghouse Wiki. The wiki states that there's only one filtering level available for the 881. The person at the Global Service Desk told me that the filtering level of the 881 is the same as the "General Access" level on the ASA5505's. It would probably be a good idea to update the wiki with this information. .
Have you read the Code of Conduct?
techgy
Community Moderators
Posts: 3183
Joined: Sun Jan 13, 2008 6:48 pm
Location: California

#6

Post by techgy »

I think I may have answered my own questions regarding the 1041's.
Further research has revealed that these devices must be connected via cable back to the firewall/switch/modem, etc. They do not function as an Internet bridge.

Placing them around the building to provide a wireless Internet signal through the facility would require the installation of a cable to each of them to provide the Internet signal.
Have you read the Code of Conduct?
tdjones2000
New Member
Posts: 3
Joined: Mon Sep 26, 2011 1:14 pm

#7

Post by tdjones2000 »

We are looking at adding wireless to our Stake Center and considering the 881/1041 combination. Does anyone know if we can setup multiple SSIDs on the 1041? Will the 881 keep the different SSIDs/VLANs separate so that we can have wireless users be able to connect to the Internet (like to work on Family History or Missionary training to access church web sites from their own laptops) and still keep those users from being able to access another VLAN that would support the wired connections to the Stake and Ward Clerk offices?
russellhltn
Community Administrator
Posts: 34422
Joined: Sat Jan 20, 2007 2:53 pm
Location: U.S.

#8

Post by russellhltn »

tdjones2000 wrote:Does anyone know if we can setup multiple SSIDs on the 1041?

Last I heard you'll have no configuration powers over the equipment. You must work though GSD.
tdjones2000 wrote:We are looking at adding wireless to our Stake Center and considering the 881/1041 combination.
I'm not sure why you say you're "considering". That's the only authorized configuration for new installs.
tdjones2000 wrote:and still keep those users from being able to access another VLAN that would support the wired connections to the Stake and Ward Clerk offices
Frankly, my plan is to disable all sharing on the admin computers. Then there's no concern about the wireless users getting into machines they shouldn't get into.
Have you searched the Help Center? Try doing a Google search and adding "site:churchofjesuschrist.org/help" to the search criteria.

So we can better help you, please edit your Profile to include your general location.
jdlessley
Community Moderators
Posts: 9861
Joined: Mon Mar 17, 2008 12:30 am
Location: USA, TX

#9

Post by jdlessley »

tdjones2000 wrote:We are looking at adding wireless to our Stake Center and considering the 881/1041 combination. Does anyone know if we can setup multiple SSIDs on the 1041? Will the 881 keep the different SSIDs/VLANs separate so that we can have wireless users be able to connect to the Internet (like to work on Family History or Missionary training to access church web sites from their own laptops) and still keep those users from being able to access another VLAN that would support the wired connections to the Stake and Ward Clerk offices?
What problem are you really trying to solve? It sounds like you really want two separate networks, one for the wireless and one for the administrative computers. If that is the case then there are at least three solutions.

The simplest solution is as RussellHltn describes. If there is no need to network the administrative computers then do not. For this situation the WLAN clients and the administrative computers only use the 881W as an internet gateway. If networking is necessary to access shared resources such as printers then disable all sharing on the administrative computers.

A solution for multiple networks that requires no additional hardware is to have two VLANs setup in the 881, one for the wired administrative computers and one for the WLAN. The 881W can be configured for multiple VLANs but that is not a Church standard configuration. By definition VLANs will be separate and if set up properly can prevent clients on one virtual network from communicating with clients on the other virtual network. Since the 881W and 1041N WAPs are remotely managed, any configuration changes to set up VLANs would have to be done by the GSC.

A third solution is to create a separate network for the administrative computers behind the Cisco 881W using another router. This solution does not require the GSC to setup the VLANs. There are discussions about this on other threads and I do not want to go into the details or the pros or cons of this setup in this post.
JD Lessley
Have you tried finding your answer on the ChurchofJesusChrist.org Help Center or Tech Wiki?
tdjones2000
New Member
Posts: 3
Joined: Mon Sep 26, 2011 1:14 pm

#10

Post by tdjones2000 »

I was not expecting that we would be able to configure the 881 or 1041. We do have available PoE switches that will support multiple VLANs, so I wanted to know if the 881 and 1041 would support that as well. We want to place at least 5 APs around the building to provide coverage. If not already done, we will disable sharing on the admin computers. However, I know that does not make them invulnerable to attacks from another computer on the same subnet. Can GSD configure multiple VLANs/subnets on the 881 and 1041?
Post Reply

Return to “Meetinghouse Internet”