+ Post New Thread
Page 1 of 2 12 LastLast
Results 1 to 15 of 23
Windows Thread, block Apple products (ipods and iphones ) on wireless in Technical; hi is there any way of denying apple products as listed above on to the wireless network. the kids keep ...
  1. #1
    bart21's Avatar
    Join Date
    Aug 2009
    Location
    peterborough
    Posts
    405
    Thank Post
    79
    Thanked 54 Times in 52 Posts
    Rep Power
    20

    block Apple products (ipods and iphones ) on wireless

    hi

    is there any way of denying apple products as listed above on to the wireless network.

    the kids keep connecting with them and it then disconnects the teacher laptops in that area.

    the network is secured with peap authenticated on a radius server, but they just use their domain login name to get on.

    i haad thought of certificate security but know little about this.

    is there any easy way to ban the mac address?

    i dont really want to have to type it into every ap as we have nearly 50

    Does anyone else have this problem?

    thanks

    nick

  2. #2

    FN-GM's Avatar
    Join Date
    Jun 2007
    Location
    UK
    Posts
    16,058
    Thank Post
    888
    Thanked 1,731 Times in 1,494 Posts
    Blog Entries
    12
    Rep Power
    454
    Can you give a little background on your Wireless system?
    Is it managed? What make?

  3. #3


    Join Date
    Mar 2009
    Location
    Leeds
    Posts
    6,647
    Thank Post
    229
    Thanked 865 Times in 743 Posts
    Rep Power
    297
    simplest way (sort of) would be to only allow computers with known mac ids connect to the wireless but it would mean tracking down the mac address of every authorised pc/laptop etc and adding it to shitelist and if its not a managed wireless system adding a potentially large list of stations to a large list of aps

  4. Thanks to sted from:

    bart21 (23rd March 2010)

  5. #4

    FN-GM's Avatar
    Join Date
    Jun 2007
    Location
    UK
    Posts
    16,058
    Thank Post
    888
    Thanked 1,731 Times in 1,494 Posts
    Blog Entries
    12
    Rep Power
    454
    Quote Originally Posted by sted View Post
    simplest way (sort of) would be to only allow computers with known mac ids connect to the wireless but it would mean tracking down the mac address of every authorised pc/laptop etc and adding it to shitelist and if its not a managed wireless system adding a potentially large list of stations to a large list of aps
    I would do this as well as your Encryption not instead of.

    Z

  6. Thanks to FN-GM from:

    bart21 (23rd March 2010)

  7. #5

    Dos_Box's Avatar
    Join Date
    Jun 2005
    Location
    Preston, Lancashire
    Posts
    9,014
    Thank Post
    614
    Thanked 2,194 Times in 1,006 Posts
    Blog Entries
    23
    Rep Power
    632
    Quote Originally Posted by sted View Post
    simplest way (sort of) would be to only allow computers with known mac ids connect to the wireless but it would mean tracking down the mac address of every authorised pc/laptop etc and adding it to shitelist and if its not a managed wireless system adding a potentially large list of stations to a large list of aps
    The easiest way of doing this is to download either use Spiceworks or downlaod the free 30 day trial of NetSupport Manager DNA. This will list all Mac adresses of clients and NetSupport DNA will allow you export this list to CSV etc.

  8. Thanks to Dos_Box from:

    bart21 (23rd March 2010)

  9. #6

    FN-GM's Avatar
    Join Date
    Jun 2007
    Location
    UK
    Posts
    16,058
    Thank Post
    888
    Thanked 1,731 Times in 1,494 Posts
    Blog Entries
    12
    Rep Power
    454
    Quote Originally Posted by Dos_Box View Post
    The easiest way of doing this is to download either use Spiceworks or downlaod the free 30 day trial of NetSupport Manager DNA. This will list all Mac adresses of clients and NetSupport DNA will allow you export this list to CSV etc.
    Thanks for the tip. I always thought you had to install a client for NetSupport DNA

  10. Thanks to FN-GM from:

    bart21 (23rd March 2010)

  11. #7


    Join Date
    Mar 2009
    Location
    Leeds
    Posts
    6,647
    Thank Post
    229
    Thanked 865 Times in 743 Posts
    Rep Power
    297
    Quote Originally Posted by FN-GM View Post
    I would do this as well as your Encryption not instead of.

    Z
    well yes if for no other reason than it saves going round changing wireless settings on computers

  12. Thanks to sted from:

    bart21 (23rd March 2010)

  13. #8
    AngryITGuy's Avatar
    Join Date
    Oct 2007
    Location
    County Durham
    Posts
    312
    Thank Post
    54
    Thanked 73 Times in 44 Posts
    Rep Power
    31
    Quote Originally Posted by sted View Post
    simplest way (sort of) would be to only allow computers with known mac ids connect to the wireless but it would mean tracking down the mac address of every authorised pc/laptop etc and adding it to shitelist and if its not a managed wireless system adding a potentially large list of stations to a large list of aps
    Agreed you could lock down connectivity to the wireless network by adding the MAC address of known machines to the APs in question. If the wireless isn't managed its going to take a while to do considering you have 50 APs.

    An alternative solution and one we have depolyed here is to use the MacFilterCallOut DLL on your DHCP server.

    Its a DLL released by the Microsoft DHCP Team that will allow you to either allow or deny a specific set of MAC addresss to obtain an IP address from DHCP.

    Easier to manage in theory as its only implemented on one device on your network, the allow or deny list of MAC addresses is a basic text file of MAC addresses which you can create by exporting the leases from you DHCP server.

    Details can be found here

    Rather than having an allowed list you could deny the problematic Apple products on your network assuming you know the MAC addresses for them if you want to put something in place quickly on your network.

    Hope this helps.

  14. Thanks to AngryITGuy from:

    bart21 (23rd March 2010)

  15. #9
    AngryITGuy's Avatar
    Join Date
    Oct 2007
    Location
    County Durham
    Posts
    312
    Thank Post
    54
    Thanked 73 Times in 44 Posts
    Rep Power
    31
    Quote Originally Posted by Dos_Box View Post
    The easiest way of doing this is to download either use Spiceworks or downlaod the free 30 day trial of NetSupport Manager DNA. This will list all Mac adresses of clients and NetSupport DNA will allow you export this list to CSV etc.
    Unless I am missing something here I am sure it would be easier to just export the list of DHCP leases from the DHCP server assuming one exists on the school network?

    This gives you an output containing client name, IP and MAC address. Assuming bart21 has the names of all authorised devices on the network he should be able to filter out the rogue devices.

  16. Thanks to AngryITGuy from:

    bart21 (23rd March 2010)

  17. #10


    Join Date
    Mar 2009
    Location
    Leeds
    Posts
    6,647
    Thank Post
    229
    Thanked 865 Times in 743 Posts
    Rep Power
    297
    Quote Originally Posted by AngryITGuy View Post
    Unless I am missing something here I am sure it would be easier to just export the list of DHCP leases from the DHCP server assuming one exists on the school network?

    This gives you an output containing client name, IP and MAC address. Assuming bart21 has the names of all authorised devices on the network he should be able to filter out the rogue devices.
    only slight issue with that is you may end up adding a pc twice once its wired connection and once its wireless

  18. 2 Thanks to sted:

    AngryITGuy (23rd March 2010), bart21 (23rd March 2010)

  19. #11
    AngryITGuy's Avatar
    Join Date
    Oct 2007
    Location
    County Durham
    Posts
    312
    Thank Post
    54
    Thanked 73 Times in 44 Posts
    Rep Power
    31
    Quote Originally Posted by sted View Post
    only slight issue with that is you may end up adding a pc twice once its wired connection and once its wireless
    Good point, I thought there was something I was missing.

  20. Thanks to AngryITGuy from:

    bart21 (23rd March 2010)

  21. #12
    DMcCoy's Avatar
    Join Date
    Oct 2005
    Location
    Isle of Wight
    Posts
    3,468
    Thank Post
    10
    Thanked 496 Times in 436 Posts
    Rep Power
    113
    I've not tried, but it could be worth looking at creating a deny rule in radius that matches the client vendor.

  22. Thanks to DMcCoy from:

    bart21 (23rd March 2010)

  23. #13


    Join Date
    Mar 2009
    Location
    Leeds
    Posts
    6,647
    Thank Post
    229
    Thanked 865 Times in 743 Posts
    Rep Power
    297
    Quote Originally Posted by AngryITGuy View Post
    Good point, I thought there was something I was missing.
    i dont see it as a major problem though really just means a list thats longer than needs be and could be paired down if you know all your wireless cards are intel say than if the first 4 digits say broadcom it should be a wired card

  24. Thanks to sted from:

    bart21 (23rd March 2010)

  25. #14
    Oops_my_bad's Avatar
    Join Date
    Jan 2007
    Location
    Man chest hair
    Posts
    1,738
    Thank Post
    438
    Thanked 53 Times in 50 Posts
    Rep Power
    30
    Unfortunately using whitelists/radius etc will not work.

    There is something very wrong with Apple's implementation of wireless which (not intentionally?) causes a denial of service to certain vendors access points when they try to connect, which also explains why your teacher laptops are being disconnected when these ipods/phones connect. Your access point is spazzing out.

  26. #15

    Join Date
    Jul 2009
    Posts
    567
    Thank Post
    46
    Thanked 106 Times in 91 Posts
    Rep Power
    68
    is there a wildcard function that will allow you to block the Apple [ame="http://en.wikipedia.org/wiki/Organizationally_Unique_Identifier"]OUI[/ame]?

    ie. block 00:25:4B:**:**:** and it should block all Apple devices connecting just like blocking *.bbc.co.uk in a url filter would block the entire BBC range of subdomains?

    edit: i'm talking about MAC addresses here just incase anyone wonders
    Last edited by computer_expert; 23rd March 2010 at 10:28 PM.

SHARE:
+ Post New Thread
Page 1 of 2 12 LastLast

Similar Threads

  1. [Pics] Evolution Of The Apple Range Of Products
    By DaveP in forum Jokes/Interweb Things
    Replies: 14
    Last Post: 11th March 2010, 11:12 AM
  2. Eugh.. iPhones causing wireless DoS
    By Oops_my_bad in forum Wireless Networks
    Replies: 3
    Last Post: 31st January 2010, 11:20 PM
  3. Apple iPhones
    By Danielle in forum Other Stuff
    Replies: 23
    Last Post: 28th January 2010, 09:57 AM
  4. Computer Products ltd "Upsetting The APPLE Cart"
    By CPLTD in forum Our Advertisers
    Replies: 5
    Last Post: 23rd October 2009, 01:20 PM
  5. Wireless Guest Access for PDA's,Laptops,IPhones using VLAN
    By steveo2000 in forum Wireless Networks
    Replies: 15
    Last Post: 28th July 2009, 11:07 AM

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •