+ Post New Thread
Page 1 of 2 12 LastLast
Results 1 to 15 of 23
Wireless Networks Thread, what comes first ip address or authentication in Technical; Hi all i am probably being really 'fick' here but can anyone tell me definitively what happens first when an ...
  1. #1

    Join Date
    Oct 2006
    Location
    uk
    Posts
    494
    Thank Post
    19
    Thanked 3 Times in 2 Posts
    Rep Power
    17

    what comes first ip address or authentication

    Hi all i am probably being really 'fick' here but can anyone tell me definitively what happens first when an ipod/iphone device connects to the network. Does it get issued an ip address from dhcp and then have to authenticate via any wireless security or is that it has to authenticate before it gets an ip.

    I ask because my dhcp server is filling up with iphone/ipods and i can't imagine them guessing ir being told the wpa keys.

    As always thanks in advance for any help.

    Uraken

  2. #2

    tmcd35's Avatar
    Join Date
    Jul 2005
    Location
    Norfolk
    Posts
    5,875
    Thank Post
    879
    Thanked 956 Times in 788 Posts
    Blog Entries
    9
    Rep Power
    338
    AFAIK any wireless device authenticates with the Access Point before the dhcp request is sent across the rest of the network.

  3. #3

    Join Date
    Oct 2006
    Location
    uk
    Posts
    494
    Thank Post
    19
    Thanked 3 Times in 2 Posts
    Rep Power
    17
    Thats how i would of thought it happened but this does not explain the dhcp leases also what protocol dooe sit use? if its tcp surely it must have an ip to do this?

  4. #4

    tmcd35's Avatar
    Join Date
    Jul 2005
    Location
    Norfolk
    Posts
    5,875
    Thank Post
    879
    Thanked 956 Times in 788 Posts
    Blog Entries
    9
    Rep Power
    338
    The protocal would be TCP and no it does not need an IP to do this. What happens is the device broadcasts a dhcp request packet across the network and awaits for a reply to be broadcast back. AFAIK, all machine on the network would receive both network packets as they are broadcast to the network as a whole and not directed to any one machine. Only the dhcp server will respond to the first packet, all other PC's will simply discard the packet. Simarly on the PC requesting an IP address, assuming it's marked with the PC's MAC address, would open and use the responding packet - again all other computers will receive and ignore that packet.

    You are right, it doesn't explain the leases.

    Are all the leases live at the same time? Is it one, or a handful of devices, that have been given the AP key requesting an address multiple times. Maybe days or hours apart?

  5. #5

    powdarrmonkey's Avatar
    Join Date
    Feb 2008
    Location
    Alcester, Warwickshire
    Posts
    4,866
    Thank Post
    412
    Thanked 777 Times in 650 Posts
    Rep Power
    182
    Quote Originally Posted by tmcd35 View Post
    The protocal would be TCP
    Wrong. http://www.faqs.org/rfcs/rfc2131.html

  6. Thanks to powdarrmonkey from:

    tmcd35 (8th November 2010)

  7. #6
    themightymrp's Avatar
    Join Date
    Dec 2009
    Location
    Leeds, West Yorkshire
    Posts
    1,258
    Thank Post
    218
    Thanked 232 Times in 200 Posts
    Rep Power
    74
    We are having a similar problem with ipods filling up our IP addresses. However we know that some silly bugger has leaked our WEP key to the Sixth Form so am having to think about changing the SSID throughout the school.

    I don't suppose anyone knows a way, using built in Windows features, that I can block these ipods receiving an IP once I have a list of their MAC addresses??

  8. #7

    powdarrmonkey's Avatar
    Join Date
    Feb 2008
    Location
    Alcester, Warwickshire
    Posts
    4,866
    Thank Post
    412
    Thanked 777 Times in 650 Posts
    Rep Power
    182
    Quote Originally Posted by themightymrp View Post
    I don't suppose anyone knows a way, using built in Windows features, that I can block these ipods receiving an IP once I have a list of their MAC addresses??
    Give them a reservation with a stupid IP.

  9. Thanks to powdarrmonkey from:

    themightymrp (8th November 2010)

  10. #8
    themightymrp's Avatar
    Join Date
    Dec 2009
    Location
    Leeds, West Yorkshire
    Posts
    1,258
    Thank Post
    218
    Thanked 232 Times in 200 Posts
    Rep Power
    74
    DOH! Why didn't I think of that before??!! Cheers

  11. #9
    oxide54's Avatar
    Join Date
    Mar 2009
    Posts
    798
    Thank Post
    51
    Thanked 55 Times in 54 Posts
    Rep Power
    23
    there is also block/allow built into the newer versions of DHCP server. 2008 R2 yes. 2008 maybe. 2003 downloadable add-in.

    but yes reservation with stupid ip would be preferable

  12. #10
    bio
    bio is offline
    bio's Avatar
    Join Date
    Apr 2008
    Location
    netherlands
    Posts
    520
    Thank Post
    16
    Thanked 130 Times in 102 Posts
    Rep Power
    38
    Quote Originally Posted by themightymrp View Post
    I don't suppose anyone knows a way, using built in Windows features, that I can block these ipods receiving an IP once I have a list of their MAC addresses??
    If you have an Windows 2008 R2 DHCP server you can create a mac-address block list

    bio..

  13. #11

    mac_shinobi's Avatar
    Join Date
    Aug 2005
    Posts
    9,906
    Thank Post
    3,433
    Thanked 1,084 Times in 1,000 Posts
    Rep Power
    370
    Quote Originally Posted by powdarrmonkey View Post
    Give them a reservation with a stupid IP.
    Because they are all apple devices - just a thought here, am guessing they all use the same make of network card so the first part of the mac address should be the same, is there anyway to use a wild card or the likes when you use a dhcp reservation to dish out daft network details ??

  14. #12

    SYNACK's Avatar
    Join Date
    Oct 2007
    Posts
    11,241
    Thank Post
    882
    Thanked 2,743 Times in 2,317 Posts
    Blog Entries
    11
    Rep Power
    784
    Quote Originally Posted by mac_shinobi View Post
    Because they are all apple devices - just a thought here, am guessing they all use the same make of network card so the first part of the mac address should be the same, is there anyway to use a wild card or the likes when you use a dhcp reservation to dish out daft network details ??
    Ban all Apple devices from the network, I like the way you think

  15. Thanks to SYNACK from:

    mac_shinobi (9th November 2010)

  16. #13

    powdarrmonkey's Avatar
    Join Date
    Feb 2008
    Location
    Alcester, Warwickshire
    Posts
    4,866
    Thank Post
    412
    Thanked 777 Times in 650 Posts
    Rep Power
    182
    Quote Originally Posted by mac_shinobi View Post
    Because they are all apple devices - just a thought here, am guessing they all use the same make of network card so the first part of the mac address should be the same, is there anyway to use a wild card or the likes when you use a dhcp reservation to dish out daft network details ??
    Nope, and it would be short-sighted to do so anyway.

  17. #14


    Join Date
    Mar 2009
    Location
    Leeds
    Posts
    6,815
    Thank Post
    231
    Thanked 888 Times in 763 Posts
    Rep Power
    301
    Quote Originally Posted by powdarrmonkey View Post
    Nope, and it would be short-sighted to do so anyway.
    and odds on they are say broadcom/realtek wifi cards anyway rather than really apple so you would probably wnd up blocking legit laptops etc

    as mentioned simplest way is just to give them a stupid ip reservation

  18. Thanks to sted from:

    mac_shinobi (9th November 2010)

  19. #15
    themightymrp's Avatar
    Join Date
    Dec 2009
    Location
    Leeds, West Yorkshire
    Posts
    1,258
    Thank Post
    218
    Thanked 232 Times in 200 Posts
    Rep Power
    74
    OK, the block feature of DHCP is built in to 2008 R2 only. However with this free add-in you can add the feature to 2003 or 2008 R1 server

    DHCP Server Callout DLL for MAC Address based filtering - Microsoft Windows DHCP Team Blog - Site Home - TechNet Blogs

    All you need to do is modify a TXT file to tell it to deny the following MAC addresses and then populate as many MAC's as you can find! Personally I just went down the list of DHCP leases and looked for obvious ones such as 'Dannys-ipod'. The MAC's are right there in the console. Working a treat so far Have managed to block 43 devices this morning!

  20. Thanks to themightymrp from:

    Uraken (9th November 2010)

SHARE:
+ Post New Thread
Page 1 of 2 12 LastLast

Similar Threads

  1. Talk to a 192.168 address from a 10.0 address
    By mattx in forum Wireless Networks
    Replies: 10
    Last Post: 17th August 2010, 12:12 PM
  2. Openfiler AD authentication
    By GoldenWonder in forum *nix
    Replies: 16
    Last Post: 3rd June 2010, 08:40 AM
  3. IE Authentication...
    By Dom_ in forum Internet Related/Filtering/Firewall
    Replies: 6
    Last Post: 8th January 2010, 04:16 PM
  4. OS X AD Authentication
    By Ric_ in forum Mac
    Replies: 8
    Last Post: 29th August 2006, 02:13 PM

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •