Palmer_Admin
asked on
Block iPhone, iPad from domain
Hello,
is there a way to block iPhones from accessing domain? some users do have the WPA key to our wireless network. I want to keep this pwd.
is there a way to block it on DHCP?
Something like, if its iPhone then DENY access?
thanks
is there a way to block iPhones from accessing domain? some users do have the WPA key to our wireless network. I want to keep this pwd.
is there a way to block it on DHCP?
Something like, if its iPhone then DENY access?
thanks
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Yes
In theory its possible. a mac code is made up of 24 bits unique followed by 24 bit vendor number
But you need a business grade wireless router/accesspoint say from Cisco
You would have get into the command line and make an access control list(packet filter) for the interface based on mac address and you would also probably have to find out an iphone mac address or whatever the product you want stopped is
Here is a doc explaining acls http://www.cisco.com/en/US/tech/tk7...
The access list that you would make would be attached to the wireless interface going in and it would look something like(change 0040.96a5.b5d4 with a mac from the specific device)
access-list 700 deny 0040.96a5.b5d4 FFFF.FF00.0000
access-list 700 permit any
that will stop all devices from that one vendor. if you need another add it before the permit all. but this may cause problems as apple might get there nics from intel or someone and you inadvertantly block all other intel devices.
But you need a business grade wireless router/accesspoint say from Cisco
You would have get into the command line and make an access control list(packet filter) for the interface based on mac address and you would also probably have to find out an iphone mac address or whatever the product you want stopped is
Here is a doc explaining acls http://www.cisco.com/en/US/tech/tk7...
The access list that you would make would be attached to the wireless interface going in and it would look something like(change 0040.96a5.b5d4 with a mac from the specific device)
access-list 700 deny 0040.96a5.b5d4 FFFF.FF00.0000
access-list 700 permit any
that will stop all devices from that one vendor. if you need another add it before the permit all. but this may cause problems as apple might get there nics from intel or someone and you inadvertantly block all other intel devices.
ASKER