?
Solved

Block iPhone, iPad from domain

Posted on 2011-03-01
4
Medium Priority
?
1,429 Views
Last Modified: 2012-05-11
Hello,
is there a way to block iPhones from accessing domain? some users do have the WPA key to our wireless network. I want to keep this pwd.
is there a way to block it on DHCP?
Something like, if its iPhone then DENY access?

thanks
0
Comment
Question by:Palmer_Admin
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
4 Comments
 
LVL 6

Accepted Solution

by:
MISOperations earned 2000 total points
ID: 35011487
You could lock down connectivity to the wireless network by adding the MAC address of known machines to the APs in question. If the wireless isn't managed its going to take a while to do considering you have 50 APs.

An alternative solution and one we have depolyed here is to use the MacFilterCallOut DLL on your DHCP server.

Its a DLL released by the Microsoft DHCP Team that will allow you to either allow or deny a specific set of MAC addresss to obtain an IP address from DHCP.

Easier to manage in theory as its only implemented on one device on your network, the allow or deny list of MAC addresses is a basic text file of MAC addresses which you can create by exporting the leases from you DHCP server.

Details can be found here:
http://www.petri.co.il/filter-mac-address-windows-server-2008-dhcp-server-callout-dll.htm

Rather than having an allowed list you could deny the problematic Apple products on your network assuming you know the MAC addresses for them if you want to put something in place quickly on your network.

Hope this helps.
0
 

Author Comment

by:Palmer_Admin
ID: 35011510
Hi, you mean login to Linksys and block (type in the MAC) of this iPhone, correct?
0
 
LVL 6

Expert Comment

by:MISOperations
ID: 35011538
Yes
0
 
LVL 14

Expert Comment

by:BigBadWolf_000
ID: 35011558
In theory its possible. a mac code is made up of 24 bits unique followed by 24 bit vendor number
But you need a business grade wireless router/accesspoint say from Cisco

You would have get into the command line and make an access control list(packet filter) for the interface based on mac address and you would also probably have to find out an iphone mac address or whatever the product you want stopped is

Here is a doc explaining acls http://www.cisco.com/en/US/tech/tk7...

The access list that you would make would be attached to the wireless interface going in and it would look something like(change 0040.96a5.b5d4 with a mac from the specific device)

access-list 700 deny 0040.96a5.b5d4 FFFF.FF00.0000
access-list 700 permit any

that will stop all devices from that one vendor. if you need another add it before the permit all. but this may cause problems as apple might get there nics from intel or someone and you inadvertantly block all other intel devices.

0

Featured Post

Are your AD admin tools letting you down?

Managing Active Directory can get complicated.  Often, the native tools for managing AD are just not up to the task.  The largest Active Directory installations in the world have relied on one tool to manage their day-to-day administration tasks: Hyena. Start your trial today.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Auditing domain password hashes is a commonly overlooked but critical requirement to ensuring secure passwords practices are followed. Methods exist to extract hashes directly for a live domain however this article describes a process to extract u…
Active Directory can easily get cluttered with unused service, user and computer accounts. In this article, I will show you the way I like to implement ADCleanup..
This Micro Tutorial hows how you can integrate  Mac OSX to a Windows Active Directory Domain. Apple has made it easy to allow users to bind their macs to a windows domain with relative ease. The following video show how to bind OSX Mavericks to …
Are you ready to implement Active Directory best practices without reading 300+ pages? You're in luck. In this webinar hosted by Skyport Systems, you gain insight into Microsoft's latest comprehensive guide, with tips on the best and easiest way…
Suggested Courses
Course of the Month11 days, 23 hours left to enroll

752 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question