I just took over the IT Department here and things were quite the mess I'm still sorting it out.
Background: Several users were apparently taking up bandwidth on certain devices by streaming movies etc.. Previous Network Admin went in and blocked those devices from accessing the internet. These devices are not blocked on the firewall. Somehow what was done was done through the AP's. These APs each have internal ip addresses I am unable to telnet or ssh into any of them. I doubt that the previous network admin consoled into an AP to block these devices its specifically an Iphone and an IPad. The Network Admin is no longer with the company nor is the person who previously used the device yet they are still blocked.
Current : I have already checked the firewall and there is no rule denying internet access to these devices which in my mind tells me it must be configured somewhere in the AP's.