how do you block iphone IPs with Router?

February 19, 2011 at 22:58:40
Specs: N/A
Our school has a router that can only assign 150 IPs, but those 150 are always filled up with iTouch and iPhones constantly trying to get an IP... this causes IP conflicts with ANY laptop or desktop trying to connect to the router wirelessly... is there anyway to block iPhones and iTouches from accessing this router?

See More: how do you block iphone IPs with Router?

Report •

#1
February 20, 2011 at 02:28:58
Most routers have some kind of security encryption as well as filtering options including mac filters. Enable the filters and then require any new device to be registered before access can be allowed. This will obviously require an IT administrator to record the new device mac address and add it to the allowed connections in the router filter.

Goin' Fishin' (Some day)


Report •

#2
February 20, 2011 at 14:07:49
ahh, ok, ill just ask my teacher to do that (he's the IT admin). The problem with this though... is that EVERY legit laptop/desktop that needs to connect with the router would need to be registered...

so is there a better way than just plain changing the password for the router and not telling students?


Report •

#3
February 20, 2011 at 15:52:12
Sounds like you have an unsecured hotspot there allowing all into the network. Unfortunately this is a cat out the bag situation. Easy to set up, but time consuming to rectify. This will take effort to address.

What you should do is set up wep or wpa. weps not massively secure from a hackers point of view but your just setting it up to give yourself breathing space and break the cycle as you will see later. This will force all devices for a password before they can get an ip address. Then at a later date start gathering a list of the mac addresses for the pc's. Then say a month down the line set the router to mac filter or mac security and add the acquired addresses. Usually there is a list of mac addresses attached and you just hit allow to add them.

So the wep or wpa stops the kids getting in day 1. Then later down the line when they get hold of the password, which they will, they won’t be able to do anything and thus won’t tell anyone else the password and give up the pursuit. Belts and braces is the only way to go

all text needs typos. There there for the reader to find,to distract them from the total lack of content.
google it! wasnt the answer to the question i asked so dont be dense and give me that repl


Report •

Related Solutions

#4
February 20, 2011 at 16:37:45
well, the router is technically "secured" but EVERYONE knows the password. but is there a way to block ONLY iPhones or iTouch, without blocking every other device trying to access the router. the "allow handful of mac addresses" is our last option (we know of this already). The goal is to block the hundreds of iTouches and iPhones but still allow any Laptops into the network without having constant IP conflicts

Report •

#5
February 21, 2011 at 10:07:57
not really no.

in theory its possible. a mac code is made up of 24 bits unique followed by 24 bit vendor number.
so in theory if you could set up a rule that said if the mac adress has this last half ingnore it.
but i have not seen any product that can set up a rule base on wild cards like that
and it could cause more problems like no apple product can connect.

its a interesting problem though. is the wireless router handing out the ip's or is there a dhcp server some where doing it. i wounder if you could set that up on a stand alone dhcp server. hmm

all text needs typos. There there for the reader to find,to distract them from the total lack of content.
google it! wasnt the answer to the question i asked so dont be dense and give me that repl


Report •

#6
February 21, 2011 at 11:18:12
Actually there is a way. I feel a bit of a plum for forgetting how to do it. problem is you need a business grade router and I am only Cisco trained and I never looked into the setting up a wireless business grade network so here is a sort of approximation of what to do on a cisco device.

You would have get into the command line and make an access control list(packet filter) for the interface based on mac address and you would also probably have to find out an iphone mac address or whatever the product you want stopped is

Here is a doc explaining acls http://www.cisco.com/en/US/tech/tk7...

The access list that you would make would be attached to the wireless interface going in and it would look something like(change 0040.96a5.b5d4 with a mac from the specific device)

access-list 700 deny 0040.96a5.b5d4 FFFF.FF00.0000
access-list 700 permit any

that will stop all devices from that one vendor. if you need another add it before the permit all. but this may cause problems as apple might get there nics from intel or someone and you inadvertantly block all other intel devices.

If you do have another brand of router that is business grade or it is indeed cisco, best make a new post asking for exact instructions on how to set up an acl for mac addresses on the device stating what the device is. Hopefully you will get someone more clued up in that area that can give you step by step but listed above is the approximation of what to do

all text needs typos. There there for the reader to find,to distract them from the total lack of content.
google it! wasnt the answer to the question i asked so dont be dense and give me that repl


Report •

#7
February 21, 2011 at 16:26:43
ah tyvm, ill look into it

Report •

Ask Question