Usually done with a Cisco Router and Cisco Switch. The switch handling the VLANs and the router handling IP traffic. I've been told there are several methods in configuring the Cisco IOS to do this, and not only by separating it out in VLANS either.The Earl wrote:You might be able to use VLANs to make that work. I run my public wireless off VLAN-2, and I told the router not to move traffic between VLAN-1 and VLAN-2. The boxes all end up with the same IP subnet and everything, but you can't get from the wireless to the wired network w/o going through the firewall.
I am doing this with a hacked WRT54G, I am not sure how you would do that with the Cisco router.
One Meetinghouse Internet Implementation
- hkk2
- New Member
- Posts: 16
- Joined: Thu Mar 13, 2008 1:25 pm
- Location: Anthem Stake (Henderson, NV)
- Contact:
I'm alone in my own little world.
-
- Community Administrator
- Posts: 34499
- Joined: Sat Jan 20, 2007 2:53 pm
- Location: U.S.
Depends on the geek crowd you hang out with. Pros will probably lean to Cisco, but some home users will take a Linksys and install Open Source firmware. Check the Wikipedia page for an intro to the subject.cybr wrote:Usually done with a Cisco Router and Cisco Switch.
(Standard disclaimer - this is not a church endorsement of equipment or manufacturers, but simply examples given for discussion.)
It would be nice to come up with a good list of models that provide good price/performance for various needs.
-
- Member
- Posts: 278
- Joined: Wed Mar 21, 2007 9:12 am
I will personally endorse the hacked Linksys method, as that is what I am using at home.RussellHltn wrote:Depends on the geek crowd you hang out with. Pros will probably lean to Cisco, but some home users will take a Linksys and install Open Source firmware. Check the Wikipedia page for an intro to the subject.
(Standard disclaimer - this is not a church endorsement of equipment or manufacturers, but simply examples given for discussion.)
It would be nice to come up with a good list of models that provide good price/performance for various needs.
List of models?
The older the better. Do not buy a V 7.0 WRT54G.
http://wiki.openwrt.org/OpenWrtDocs/Hardware/Linksys/WRT54G?highlight=%28CategoryModel%29
http://www.dd-wrt.com/wiki/index.php/Su ... l_today.29
I like dd-wrt for non-techies, OpenWRT for the true geek. If you don't like command line / package management, go for dd-wrt.
Buzz on the street says the Linksys are not the way to go anymore, Buffalo and Asus giving better performance for the price. I don't know for sure, as I have to many of the Linksys boxes to branch out
Again, not an endorsement by the church.
The Earl
-
- Community Administrator
- Posts: 34499
- Joined: Sat Jan 20, 2007 2:53 pm
- Location: U.S.
-
- Member
- Posts: 278
- Joined: Wed Mar 21, 2007 9:12 am
All of the older Linksys routers (pre 5.0) run Linux, with a Linksys UI.RussellHltn wrote:I thought that's why Linksys came out with the WRT54GL - to allow open source.
However, one question that should be asked is how hard would it be for the next STS to support a Open Source router as opposed to a "normal" one?
dd-wrt is a drop-in replacement that, after the initial load, is more stable, more user friendly, and more functional than the original firmwares. For older routers, loading dd-wrt is the same process as updating the stock firmware. Newer routers require a two-step process that is well documented.
An STS should have no more trouble supporting a router running dd-wrt than running the stock Linksys firmware. I have convinced many of my non-technical friends to load dd-wrt to simplify and solidify their routers. All of them have been happy with the results.
The WRT54GL is a beefier router, but costs a bit more. For this purpose, the additional hardware is not needed, so the cost / benefit is not as clear.
What I am not sure of is how to configure the PIX firewall to see the VLANs from the Linksys. Ideally, you would use the Linksys box as the WAP, and the PIX for the router / gateway. I know how to get that working on the Linksys side, but not the PIX.
The Earl
-
- Community Administrator
- Posts: 34499
- Joined: Sat Jan 20, 2007 2:53 pm
- Location: U.S.
As long as they know where to go for updates. That comes down to documentation and making sure it gets into the next STS's hands (and the one after them). Probably a good move would be to put that information on a sticker and put it on the unit itself. Or maybe the web screens (if it's not there already).The Earl wrote:An STS should have no more trouble supporting a router running dd-wrt than running the stock Linksys firmware.
I don't know as I'd rely on a 3 ring binder to find it's way to the next guy.
- aebrown
- Community Administrator
- Posts: 15153
- Joined: Tue Nov 27, 2007 8:48 pm
- Location: Draper, Utah
The simple answer is, you don't. The PIX (in the case of CCN connections) or the ASA Firewall (in the case of new Meetinghouse Internet connections) is completely managed by the Church (via the GSD). They don't share the login/password with you. So as far as you can tell, it's a black box.The Earl wrote:What I am not sure of is how to configure the PIX firewall to see the VLANs from the Linksys. Ideally, you would use the Linksys box as the WAP, and the PIX for the router / gateway. I know how to get that working on the Linksys side, but not the PIX.
It will function as a gateway and router for you, but only in the subnet it is configured for. I suppose you could beg for an exception to be made in your case so that you can reprogram the Church-managed firewall, but I wouldn't hold my breath.
But why would you need to reprogram the Church-managed firewall, anyway? You can simply put your own router inside the firewall, connect one cable from your router to the firewall, and then configure your router and every other aspect of the internal network however you like.
-
- Community Administrator
- Posts: 34499
- Joined: Sat Jan 20, 2007 2:53 pm
- Location: U.S.
-
- New Member
- Posts: 4
- Joined: Mon Apr 21, 2008 8:03 am
- aebrown
- Community Administrator
- Posts: 15153
- Joined: Tue Nov 27, 2007 8:48 pm
- Location: Draper, Utah
So far they are working fine. I can't be sure that no one else has cycled the power on them, but I have not been called to do so in the two months they have been installed. I get calls all the time on our flaky Internet connection in another building, so I imagine I would hear if there were problems, especially since the router and firewall are in one clerk's office, and the other two wards would not have access if a reset were necessary if the office were not open. I personally have gone to that building 3 or 4 times in this period to do computer maintenance or clerk support, and the connection has been up each time.russellja wrote:In your installation you used "Two Linksys Ultra RangePlus Wireless-N Broadband Routers (WRT160N)".
How have those been working for you? Do they see heavy use? I have seen mixed reviews on newegg. Do you need to powercycle them at all?
Thanks
The use would be relatively light -- heaviest on Sunday, but even then it would be just the three wards doing MLS transmissions, and a few other odds and ends (updating web sites, missionary applications, etc.). There must be some use during the week by bishoprics, but all in all, I would think it is not heavily used at all.
I'm helping our stake Indexing coordinator this Sunday with a presentation, and in my preparation for it I had a nice strong signal in the multi-purpose room, where the signal would have to go through 4 cinder-block walls, and it was 4 out of 5 bars of signal strength.