• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 1455
  • Last Modified:

Block iPhone, iPad from domain

Hello,
is there a way to block iPhones from accessing domain? some users do have the WPA key to our wireless network. I want to keep this pwd.
is there a way to block it on DHCP?
Something like, if its iPhone then DENY access?

thanks
0
Palmer_Admin
Asked:
Palmer_Admin
  • 2
1 Solution
 
MISOperationsCommented:
You could lock down connectivity to the wireless network by adding the MAC address of known machines to the APs in question. If the wireless isn't managed its going to take a while to do considering you have 50 APs.

An alternative solution and one we have depolyed here is to use the MacFilterCallOut DLL on your DHCP server.

Its a DLL released by the Microsoft DHCP Team that will allow you to either allow or deny a specific set of MAC addresss to obtain an IP address from DHCP.

Easier to manage in theory as its only implemented on one device on your network, the allow or deny list of MAC addresses is a basic text file of MAC addresses which you can create by exporting the leases from you DHCP server.

Details can be found here:
http://www.petri.co.il/filter-mac-address-windows-server-2008-dhcp-server-callout-dll.htm

Rather than having an allowed list you could deny the problematic Apple products on your network assuming you know the MAC addresses for them if you want to put something in place quickly on your network.

Hope this helps.
0
 
Palmer_AdminAuthor Commented:
Hi, you mean login to Linksys and block (type in the MAC) of this iPhone, correct?
0
 
MISOperationsCommented:
Yes
0
 
BigBadWolf_000Commented:
In theory its possible. a mac code is made up of 24 bits unique followed by 24 bit vendor number
But you need a business grade wireless router/accesspoint say from Cisco

You would have get into the command line and make an access control list(packet filter) for the interface based on mac address and you would also probably have to find out an iphone mac address or whatever the product you want stopped is

Here is a doc explaining acls http://www.cisco.com/en/US/tech/tk7...

The access list that you would make would be attached to the wireless interface going in and it would look something like(change 0040.96a5.b5d4 with a mac from the specific device)

access-list 700 deny 0040.96a5.b5d4 FFFF.FF00.0000
access-list 700 permit any

that will stop all devices from that one vendor. if you need another add it before the permit all. but this may cause problems as apple might get there nics from intel or someone and you inadvertantly block all other intel devices.

0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Featured Post

Has Powershell sent you back into the Stone Age?

If managing Active Directory using Windows Powershell┬« is making you feel like you stepped back in time, you are not alone.  For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why.

  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now