Solved

Block iPhone, iPad from domain

Posted on 2011-03-01
4
1,422 Views
Last Modified: 2012-05-11
Hello,
is there a way to block iPhones from accessing domain? some users do have the WPA key to our wireless network. I want to keep this pwd.
is there a way to block it on DHCP?
Something like, if its iPhone then DENY access?

thanks
0
Comment
Question by:Palmer_Admin
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
4 Comments
 
LVL 6

Accepted Solution

by:
MISOperations earned 500 total points
ID: 35011487
You could lock down connectivity to the wireless network by adding the MAC address of known machines to the APs in question. If the wireless isn't managed its going to take a while to do considering you have 50 APs.

An alternative solution and one we have depolyed here is to use the MacFilterCallOut DLL on your DHCP server.

Its a DLL released by the Microsoft DHCP Team that will allow you to either allow or deny a specific set of MAC addresss to obtain an IP address from DHCP.

Easier to manage in theory as its only implemented on one device on your network, the allow or deny list of MAC addresses is a basic text file of MAC addresses which you can create by exporting the leases from you DHCP server.

Details can be found here:
http://www.petri.co.il/filter-mac-address-windows-server-2008-dhcp-server-callout-dll.htm

Rather than having an allowed list you could deny the problematic Apple products on your network assuming you know the MAC addresses for them if you want to put something in place quickly on your network.

Hope this helps.
0
 

Author Comment

by:Palmer_Admin
ID: 35011510
Hi, you mean login to Linksys and block (type in the MAC) of this iPhone, correct?
0
 
LVL 6

Expert Comment

by:MISOperations
ID: 35011538
Yes
0
 
LVL 14

Expert Comment

by:BigBadWolf_000
ID: 35011558
In theory its possible. a mac code is made up of 24 bits unique followed by 24 bit vendor number
But you need a business grade wireless router/accesspoint say from Cisco

You would have get into the command line and make an access control list(packet filter) for the interface based on mac address and you would also probably have to find out an iphone mac address or whatever the product you want stopped is

Here is a doc explaining acls http://www.cisco.com/en/US/tech/tk7...

The access list that you would make would be attached to the wireless interface going in and it would look something like(change 0040.96a5.b5d4 with a mac from the specific device)

access-list 700 deny 0040.96a5.b5d4 FFFF.FF00.0000
access-list 700 permit any

that will stop all devices from that one vendor. if you need another add it before the permit all. but this may cause problems as apple might get there nics from intel or someone and you inadvertantly block all other intel devices.

0

Featured Post

Office 365 Training for IT Pros

Learn how to provision tenants, synchronize on-premise Active Directory, implement Single Sign-On, customize Office deployment, and protect your organization with eDiscovery and DLP policies.  Only from Platform Scholar.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Active Directory security has been a hot topic of late, and for good reason. With 90% of the world’s organization using this system to manage access to all parts of their IT infrastructure, knowing how to protect against threats and keep vulnerabil…
After seeing many questions for JRNL_WRAP_ERROR for replication failure, I thought it would be useful to write this article.
This Micro Tutorial hows how you can integrate  Mac OSX to a Windows Active Directory Domain. Apple has made it easy to allow users to bind their macs to a windows domain with relative ease. The following video show how to bind OSX Mavericks to …
Are you ready to implement Active Directory best practices without reading 300+ pages? You're in luck. In this webinar hosted by Skyport Systems, you gain insight into Microsoft's latest comprehensive guide, with tips on the best and easiest way…

724 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question