deny ipods dhcp
Hi, I want to deny ipod users DHCP. W2K3 Domain with AD. Any ideas how to stop them? thanks guys.
Software/Hardware used:
Software/Hardware used:
ASKED:
March 17, 2009 2:29 PM
UPDATED:
April 23, 2009 4:05 PM
Answer Wiki:
In DHCP, you could search for MAC of apple devices. Check <a href="http://standards.ieee.org/regauth/oui/index.shtml">here</a> for Apple OUI. Ping -a will resolve machine names. Your wireless is wide open? Do you do anything as far as isolation on wireless or have a separate DHCP pool? This could help identify devices. If there are a lot it could get labor intensive, otherwise MAC filtering could be applied on case by case. Also, consider firewall/proxy to block streaming data from known sites
___________________________________________________________________________
You could always dia-allow 'itunes.exe' from running on your devices as well, or being installed. Having an I-pod to listen to music at work is one thing. Installing ITunes on a workstation is another.
To see all answers submitted to the Answer Wiki: View Answer History.
I’ve found that an IPOD is just like another wireless client. You need to block them individually by mac address.
Thanks for the idea Mshen but, the ipods in question are in a high school setting. It would be extremely difficult to get the mac from these people. Is there a way to collect the mac from the Server?
Thanks Spadasoe, My APs are locked down but someone leaked the passwords. I will check out the MAC filtering & also will change passwords. thanks for your help.
You can use MAC blocking in reverse. Allow only the specified MAC addresses to access the network. It’s not an easy task getting all of the MAC addresses you need, but it will fix your problem.
Thanks Mshen, I will try that
Thanks for this information, guys — Graham00, did these suggestions help solve your problem?
I’m curious about this reverse MAC address blocking concept. It does seem labor-intensive. Are there any specific indicators in the MAC address of an iPod as opposed to other devices? Also, what implication would this reverse MAC blocking have on the use of removable media like USB flash drives?
Thanks,
Jenny
Community Manager
Hello Jenny,
There are no real identifiers that you can use to identify an IPOD. Here’s why:
The first 24-bits of a MAC address are purchased from the IEEE, so you can use this link to see the public records for MAC addresses assigned to Apple; there are several of them. Similar to being assigned an IPv4 class B address range, Apple can use use these MAC addresses as they please, so unless Apple provides us with a list of MAC ranges that they use just for IPODs, it will be hard to identify if the MAC address is an IPOD or an Apple manufactured NIC card.
If Graham uses MAC blocking, he would have to keep track of USB NICs as well. Maintaining the MAC list is a simple but manual task, so there may be scripts available that can help him.
Hi Jenny,
Sorry I just returned from vacation
Due to the fact that my Access Points were comprised, I chose to re secure them. That stopped the IPods. Many thanks to everyone for their help.