• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 1438
  • Last Modified:

Block iPhone, iPad from domain

Hello,
is there a way to block iPhones from accessing domain? some users do have the WPA key to our wireless network. I want to keep this pwd.
is there a way to block it on DHCP?
Something like, if its iPhone then DENY access?

thanks
0
Palmer_Admin
Asked:
Palmer_Admin
  • 2
1 Solution
 
MISOperationsCommented:
You could lock down connectivity to the wireless network by adding the MAC address of known machines to the APs in question. If the wireless isn't managed its going to take a while to do considering you have 50 APs.

An alternative solution and one we have depolyed here is to use the MacFilterCallOut DLL on your DHCP server.

Its a DLL released by the Microsoft DHCP Team that will allow you to either allow or deny a specific set of MAC addresss to obtain an IP address from DHCP.

Easier to manage in theory as its only implemented on one device on your network, the allow or deny list of MAC addresses is a basic text file of MAC addresses which you can create by exporting the leases from you DHCP server.

Details can be found here:
http://www.petri.co.il/filter-mac-address-windows-server-2008-dhcp-server-callout-dll.htm

Rather than having an allowed list you could deny the problematic Apple products on your network assuming you know the MAC addresses for them if you want to put something in place quickly on your network.

Hope this helps.
0
 
Palmer_AdminAuthor Commented:
Hi, you mean login to Linksys and block (type in the MAC) of this iPhone, correct?
0
 
MISOperationsCommented:
Yes
0
 
BigBadWolf_000Commented:
In theory its possible. a mac code is made up of 24 bits unique followed by 24 bit vendor number
But you need a business grade wireless router/accesspoint say from Cisco

You would have get into the command line and make an access control list(packet filter) for the interface based on mac address and you would also probably have to find out an iphone mac address or whatever the product you want stopped is

Here is a doc explaining acls http://www.cisco.com/en/US/tech/tk7...

The access list that you would make would be attached to the wireless interface going in and it would look something like(change 0040.96a5.b5d4 with a mac from the specific device)

access-list 700 deny 0040.96a5.b5d4 FFFF.FF00.0000
access-list 700 permit any

that will stop all devices from that one vendor. if you need another add it before the permit all. but this may cause problems as apple might get there nics from intel or someone and you inadvertantly block all other intel devices.

0

Featured Post

Hire Technology Freelancers with Gigs

Work with freelancers specializing in everything from database administration to programming, who have proven themselves as experts in their field. Hire the best, collaborate easily, pay securely, and get projects done right.

  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now