Still celebrating National IT Professionals Day with 3 months of free Premium Membership. Use Code ITDAY17

x
?
Solved

Restricting PC WiFi to only one access point

Posted on 2010-11-23
9
Medium Priority
?
1,062 Views
Last Modified: 2013-12-27
I need to know how to set up some laptops that can only connect to the interent via one access point and not be able to connect using other ones. I was wondering if there was a way to do that using a MAC address.
0
Comment
Question by:CatholicTV
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
  • 2
  • 2
  • +1
9 Comments
 
LVL 26

Assisted Solution

by:Fred Marshall
Fred Marshall earned 1500 total points
ID: 34206850
I'm not aware of a setting like that - doesn't mean it doesn't exist but I've not noticed it after having done a lot of configurations.  I presume you mean to demand the access point MAC address at the laptop as part of its profile?

The simple approach, although perhaps not as robust as you'd like, is to set up the profile for the SSID that you want and delete all other profiles.  Set the primary profile to connect automatically.
Then at least, the computer should not connect automatically to any other access point.

[This does not prevent the humans from making other connections happen though....  That would be another "requirement" to ponder.]

This won't work if there are access points with the same SSID I believe.  Some computers will recognize that they are "different" but that's about it.  I have one situation where we are using the same SSID at 3 sites - so the computers can move from site to site and connect automatically when they arrive.  This works very well and I've not had to do any hand-holding to make it work at the "next site" with a number of laptops.

Of course, the opposite is very typical.  You can filter the computers that connect to the Access Point according to *the computer interface* MAC addresses.  But you didn't say you wanted to prevent other computers from connecting and I presume you would use good security for that purpose.  MAC address filtering in this way isn't very robust - can be cracked.
0
 
LVL 37

Expert Comment

by:bbao
ID: 34207228
what's the model of your AP?

a lot of APs may provide ISOLATED communication for each wireless client, as the result, the clients may access the internet but can't talk to each other. please see below an example screen captured from my AP running DD-WRT.

FYI

AP Isolation - The default value is Off. This setting isolates wireless clients so access to and from other wireless clients are stopped.
bac2b84d53d44257ab56cb3.png
0
 
LVL 44

Assisted Solution

by:Darr247
Darr247 earned 500 total points
ID: 34207365
I believe that when using 3rd party connection managers, such as Atheros', Broadcom's or Intel's, you can restrict a connection profile to one particular AP (by MAC), and then you could lock it down using Group Policy so the user could not create new or change the existing connection profile. I don't know of any way to do it using the Wireless Zero Configuration service, though.  All of that is assuming Windows machines, since you did not state what OS they're using.

Do all of the laptops have the same WiFi adapters?
What adapters do they have?
0
Looking for a new Web Host?

Lunarpages' assortment of hosting products and solutions ensure a perfect fit for anyone looking to get their vision or products to market. Our award winning customer support and 30-day money back guarantee show the pride we take in being the industry's premier MSP.

 
LVL 26

Assisted Solution

by:Fred Marshall
Fred Marshall earned 1500 total points
ID: 34207460
Depending on the software firewall on the computers you might be able to set the MAC address of the default gateway on each computer.  Depending on how you handle things like gateway assignment, it might do what you want.
0
 

Author Comment

by:CatholicTV
ID: 34208550
The laptops in question are Lenovo G560's. They will be deployed to schools and we want to be able to resrict them to only be able to access the procided AP which is from ClearWire:

http://www.clear.com/devices/details/id/63

The above link is to the acutal AP that will be used.

These laptops and AP's will be checked out from school libraries.

All of the laptops will be using the same WiFI adaptors:

Atheros AR9285
0
 
LVL 37

Expert Comment

by:bbao
ID: 34210343
just checked the following User Guide (if it is the right one), and didn't see such an AP Isolation option available. :(

http://support.sprint.com/global/pdf/user_guides/sierra_wireless/overdrive_3g4g/overdrive_3g4g_sierra_wireless_ug.pdf
0
 
LVL 44

Expert Comment

by:Darr247
ID: 34212630
Are you running your own domain there?

Is this the driver package you have installed?
http://consumerdl.lenovo.com.cn/UserFiles/Driver/en/Downloads%20and%20Drivers/Z460Z560/Win7/IN2WLN48WW5.exe
According to its download page it has version 8.0.0.258 Atheros and 5.60.48.35 Broadcom drivers combined into 1 package. At nearly 28MB, it's large enough to contain a connection manager, too, but I'm not sure about that.

Do you find a wireless connection manager installed besides the Wireless Zero Configuration service?

You shouldn't have to worry about 'AP Isolation' unless sharing is enabled. I would think in that scenario you would want them locked down as much as possible with Group Policy so nothing could be changed, and of course have images ready to reinstall when the more-curious find ways around that anyway.
0
 
LVL 26

Accepted Solution

by:
Fred Marshall earned 1500 total points
ID: 34213292
Well, Trend Micro Internet Security has Parental Controls which are password protected *and* you can set the MAC address of the gateway.  Using both features you could require the PC to connect only via the ClearWire device.  I think that's exactly what you want.

Your requirement seems to not have anything to do with isolation...... just restricting the connection to a particular Access Point.
0
 

Author Closing Comment

by:CatholicTV
ID: 34624033
Thank you for all the great tips!
0

Featured Post

Supports up to 4K resolution!

The VS192 2-Port 4K DisplayPort Splitter is perfect for anyone who needs to send one source of DisplayPort high definition video to two or four DisplayPort displays. The VS192 can split and also expand DisplayPort audio/video signal on two or four DisplayPort monitors.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

In this article, I am going to show you how to simulate a multi-site Lab environment on a single Hyper-V host. I use this method successfully in my own lab to simulate three fully routed global AD Sites on a Windows 10 Hyper-V host.
Make the most of your online learning experience.
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
In this brief tutorial Pawel from AdRem Software explains how you can quickly find out which services are running on your network, or what are the IP addresses of servers responsible for each service. Software used is freeware NetCrunch Tools (https…

704 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question