Solved

Block iPhone, iPad from domain

Posted on 2011-03-01
4
1,400 Views
Last Modified: 2012-05-11
Hello,
is there a way to block iPhones from accessing domain? some users do have the WPA key to our wireless network. I want to keep this pwd.
is there a way to block it on DHCP?
Something like, if its iPhone then DENY access?

thanks
0
Comment
Question by:Palmer_Admin
  • 2
4 Comments
 
LVL 6

Accepted Solution

by:
MISOperations earned 500 total points
Comment Utility
You could lock down connectivity to the wireless network by adding the MAC address of known machines to the APs in question. If the wireless isn't managed its going to take a while to do considering you have 50 APs.

An alternative solution and one we have depolyed here is to use the MacFilterCallOut DLL on your DHCP server.

Its a DLL released by the Microsoft DHCP Team that will allow you to either allow or deny a specific set of MAC addresss to obtain an IP address from DHCP.

Easier to manage in theory as its only implemented on one device on your network, the allow or deny list of MAC addresses is a basic text file of MAC addresses which you can create by exporting the leases from you DHCP server.

Details can be found here:
http://www.petri.co.il/filter-mac-address-windows-server-2008-dhcp-server-callout-dll.htm

Rather than having an allowed list you could deny the problematic Apple products on your network assuming you know the MAC addresses for them if you want to put something in place quickly on your network.

Hope this helps.
0
 

Author Comment

by:Palmer_Admin
Comment Utility
Hi, you mean login to Linksys and block (type in the MAC) of this iPhone, correct?
0
 
LVL 6

Expert Comment

by:MISOperations
Comment Utility
Yes
0
 
LVL 14

Expert Comment

by:BigBadWolf_000
Comment Utility
In theory its possible. a mac code is made up of 24 bits unique followed by 24 bit vendor number
But you need a business grade wireless router/accesspoint say from Cisco

You would have get into the command line and make an access control list(packet filter) for the interface based on mac address and you would also probably have to find out an iphone mac address or whatever the product you want stopped is

Here is a doc explaining acls http://www.cisco.com/en/US/tech/tk7...

The access list that you would make would be attached to the wireless interface going in and it would look something like(change 0040.96a5.b5d4 with a mac from the specific device)

access-list 700 deny 0040.96a5.b5d4 FFFF.FF00.0000
access-list 700 permit any

that will stop all devices from that one vendor. if you need another add it before the permit all. but this may cause problems as apple might get there nics from intel or someone and you inadvertantly block all other intel devices.

0

Featured Post

How to run any project with ease

Manage projects of all sizes how you want. Great for personal to-do lists, project milestones, team priorities and launch plans.
- Combine task lists, docs, spreadsheets, and chat in one
- View and edit from mobile/offline
- Cut down on emails

Join & Write a Comment

iPad in the Business – Quick Start Part 1 Getting Started with Active Sync Mail Many people seem to have issues connecting their iOS device to their company Exchange Server and this article covers the steps for Active Sync configuration as wel…
Disabling the Directory Sync Service Account in Office 365 will stop directory synchronization from working.
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles from a Windows Server 2008 domain controller to a Windows Server 2012 domain controlle…
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles to another domain controller. Log onto the new domain controller with a user account t…

762 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

9 Experts available now in Live!

Get 1:1 Help Now