Banning certain MAC addresses

Similar Messages

• ISE 1.2 disable endpoints with certain mac address

  Hi All,
  We have an AD to authenticate for wireless users. In AD, we have specified to block the user if the password is entered wrongly for more than 3 times. The problem is some of them are using other user ID and locking the accounts. I have gotten the MAC address of the user. Can anyone please advise how to block the request from this MAC from even reaching the AD.
  Thanks

  You have two options from ISE and one option from the WLC:
  The first option which is not very scalable is to modify your authentication policy to deny access to an specific MAC address(Radius:Calling station ID). But this is not very scalable as you can only specify one MAC address.
  Your second option is to enable the anomalous client suppression(under systems->settings->protocols->RADIUS). This will be your best option but it would require a bit of testing to identify what are the best values for your environment.
  From the controller you can enable the excessive 802.1x authentication failures. By default it won't even send the fourth authentication to ISE for a failing endpoint:

• Is there a way to flat out ban certain web addresses??

  I would like to flat out ban some web sites from loading in Safari. Is that possable with out useing "Net Nannie" or something like that? Mostly I would like to ban a lot of add sites!!!
  Thanks!!

  You're welcome. Glad I could help. Would be nice to see Apple incorporate this type of site blocking feature in the next version of Safari.
  Thanks for the and Aloha from Big Island.

• WRT54GS: without Windows, force a given MAC address to always get the same IP address via DHCP?

  I have just now set up my WRT54GS to manage my home wireless network, and it works great. I just have one question that I haven't been able to find an answer for (forgive me if I have overlooked an obvious source of information).
  I have set up the WRT54GS to be a DHCP server, and it assigns addresses in an ad hoc manner to all the devices that connect to it. In general, this is what I want, but in one case, I want a certain host to always get the same IP address, for example, 192.168.1.10.
  You should know that I have no Windows machines on my network. Everything is either running Linux, MacOSX, or Symbian (on a Nokia N95 handheld). Therefore, I can't set up a static IP for my device using the software supplied on the CD that comes with my router, as that software only runs under Windows.
  Using a different manufacturer's router, I am able to accomplish this by telling the DHCP software on that router to always assign 192.168.1.10 to the host who connects with a certain MAC address. I can then use this mechanism to force my specific host to always get this desired IP address. However, I haven't been able to find any way to do that with the WRT54GS without the software on the Windows-based CD. Is it possible at all? If I can indeed do this without that Windows software, could someone point me to some docs which explain how to accomplish this?
  ... or is there perhaps a different way to cause this to happen, perhaps by means of some sort of DHCP client ID?
  Thank you very much in advance for any pointers you can give me.
  Message Edited by HippoMan on 10-16-2007 05:27 PM
  Take a hippopotamus to lunch today.

  Forget about the CD. There is nothing on the CD which you don't configure better through the router web interface at http://192.168.1.1/ You don't need the CD. Never. I have never used the CD to configure any of my routers. The program on the CD is just a software which helps you with the initial configuration of the router. It is just a software which pretty much contacts the web interface in the background and sends some settings changes there. You can do everything yourself directly. Then you know what you change.
  You have to configure the static IP address on the computer and on the computer only, e.g. on your Mac use Static IP instead of DHCP in the network preferences. Enter the IP address you want to use for the computer, the subnet mask, gateway address and DNS server(s). That's it. The router is not involved in any of this.
  You just have to make sure that you use an IP address inside the LAN of the router. By default, Linksys routers use the IP address 192.168.1.1 on the LAN side for the the router. The subnet mask is 255.255.255.0. The IP address together with the subnet mask says that all IP addresses 192.168.1.0-255 are considered part of the LAN. Everything else is outside and needs to be routed to the router and from there into the internet. (If you want to know how the subnet mask works exactly read the wikipedia article on it or search for "subnet calculator" or similar in the internet)
  Thus, if you connect a computer to your LAN and set a static IP address on the computer it should be inside this IP address subnet/range in order to have internet and LAN access on the computer. It does not matter which address you use as long as it is inside the IP subnet. The DHCP server on the router automatically assign a correct IP address inside the IP subnet and also automatically assigns the correct gateway address (its own address = the address to which everything should be sent which does not belong into the LAN, i.e. the internet traffic) and the DNS server. With static IP you have to assign those values yourself.
  But again, there is no Windows computer or CD involved to do that nor is there any configuration on the router required to set the static IP address on the Mac. The IP address you set must simply match your LAN IP which is basically defined through the settings on the router as you want to have internet and thus need access to the router and its address 192.168.1.1.
  Some routers allow you define fixed IP addresses for specific devices in the DHCP server of the router. With that function you can set a fixed IP address on the router. The computer can remain on DHCP. It will always get the IP address you have configured in the list on the router through the DHCP server. However, your Linksys router does not have this option. If any device inside your LAN is supposed to receive the same IP address at any time you have to configure that on the device only.
  If you have not changed the default LAN IP address, subnet mask and DHCP server settings on the router, the router has 192.168.1.1, subnet mask 255.255.255.0 and the DHCP server uses 192.168.1.100-149 for dynamic assignments. To avoid potential address conflicts you should not use any static IP addresses inside the DHCP server address pool. This leaves you with IP addresses 192.168.1.2-99 and 150-254 as static IP addresses inside your LAN. You can pick any address you like as long as any device with a static IP address has a unique IP address inside your LAN.
  Assign the subnet mask 255.255.255.0 on the computer and set the default gateway to 192.168.1.1. The DNS servers are a little bit more complicated. Generally it is better and faster if you use the DNS servers of your ISP. You can, however, also use the IP address of the router 192.168.1.1 as DNS server. The router will then operate as DNS proxy, i.e. it contacts the DNS servers of your ISP for any request from your computer.
  If you want to use the DNS servers of your ISP, click on the Status tab in the router web interface. It shows you the current settings of the router on the internet port. It should show you multiple entries for DNS servers. Choose those DNS server IP addresses in the computer.
  If you don't want to go through the hassle with the direct access to the DNS servers of your ISP, simple use 192.168.1.1 as only DNS server on the computer.
  There are all settings you have to make on your Mac or other computers to assign a static IP address. As long as the IP address is inside 192.168.1.* it belongs to the LAN and has internet access through the router (as long as the default gateway address is 192.168.1.1 of course).
  Firmware is loaded either through the web interface of the router, usually somewhere on the Administration tab or with tftp. Both ways work fine on any Mac or Linux box.

• MAC address change under MacBook Pro MB133PL/A (Penryn) with Mac OSX 10.5.2

  Hi,
  Do you know how to change MAC address of ethernet LAN card (not Wi-Fi) under MacBook Pro MB133PL/A (Penryn) with Mac OSX 10.5.2 (Leopard) ?
  Thanks,

  I use the terminal.
  sudo ifconfig en0 lladdr /enter valid mac address here without the slashes/
  press return
  enter superuser password
  press return
  This will change the regular wired ethernet port on you MBP. To change the wireless MAC you should replace the en0 with an en1 but if you have a Airport v1.0 card then it will not work. It might work if you have a v2.0 but people seem to have off an on success with that. Also you can attempt putting ether in place of lladdr if you still have issues that need troubleshooting.
  I know there are some legit reasons to change the MAC address and many non-legit ones but lets just say for instance a friend of yours has a network or wireless and they forgot their password to control the settings on that network. Long ago when they made the network they limited access to it by binding it to certain MAC addresses namely theirs. Now they have given you permission to use the network but you can't because your computer does not have their mac address. They cannot make the network give you permission because they forgot their password so they give you thier MAC address and let you trick their network into thinking your computer is actually your friend's and then you are able to surf the internet. They won't just let you use their computer cause they need to write an essay offline for a few hours. This does not violate any terms of service, you got permission and unless there are some other extenuating circumstances this is a legit move. I assume this is the exact reason you want this information.

• Restricting access via MAC address?

  Hello,
  Could someone please tell me how to restrict access to my wireless network (and internet sharing) by only allowing computers with a certain MAC address to join?
  I'm kinda stumbling around here
  Thanks,
  Jonny

  Sorry if I wasn't being specific enough...
  I have my eMac set up as a Software Base Station, which streams internet & Airtunes to an Airport Express. I have it set up this way, because my ADSL modem is connected via USB (so it's a bit of a workaround). As a result, I have Internet Sharing switched on, so I can access it from all my other macs.
  What I want to do is to stop other people from accessing my eMac's internet connection. If I set up a WEP password for Internet Sharing, I lose my Airtunes facility... so I was thinking another way might be to restrict access to the connection via MAC address. I only want my other airport card-equipped macs to access the internet connection and network generally.
  Surely it's possible?

• Stopping MAC addresses on 3560 switch interfaces

  Hi,
  I would like to stop certain MAC addresses connecting to the network via a 3560 switch and have configured the config below for VLAN 1. All interfaces belong to VLAN 1. Can anyone tell me if this is the correct config or have I missed something?
  mac access-list extended Bad_Hosts
  permit host 0011.434c.d9bf any 0x806 0x0
  permit host 0011.434a.8026 any 0x806 0x0
  permit host 000b.5d2a.23e3 any 0x806 0x0
  permit host 000b.5d0e.4019 any 0x806 0x0
  vlan access-map MAC 10
  action drop
  match mac address Bad_Hosts
  vlan access-map MAC 20
  action forward
  vlan filter MAC vlan-list 1
  Regards
  Mark
  Network Specialist

  It look like, all the host 'll be reject.
  Try:
  mac access-list extended Bad_Hosts
  deny host 0011.434c.d9bf any 0x806 0x0
  deny host 0011.434a.8026 any 0x806 0x0
  deny host 000b.5d2a.23e3 any 0x806 0x0
  deny host 000b.5d0e.4019 any 0x806 0x0
  permit any any
  vlan access-map MAC 10
  match mac address Bad_Hosts
  action forward
  vlan access-map MAC 20
  action drop
  vlan filter MAC vlan-list 1
  Please, hope this help and rate this post.

• How can i find out my ipod touch MAC address

  usually i set me router to only accept certain MAC addresses.
  so far i could not find my ipod touch MAC address and therefore had to disable the MAC filtering in my router which i dont want to do permanently.
  can someone please tell me how to find out the MAC address?
  thanks

  Simply goto Setting -> General -> About -> scorll down to bottom, it's the address next to 'Wifi Address.

• Blocking MAC addresses

  I have my airport set to only allow certain MAC addresses to have access to my network. However, the person I am trying to restrict access to has figured out how to reset the settings using the reset hole and gain access to the network. Is there any other way that I have to block access to the network if the airport is reset?

  The only way to prevent this is to prevent physical access to the base station.
  Nothing you configure will work, if the person can physically reset the base station to its default settings.
  iFelix

• How do I delete stored email addresses in my iphone? When sending photos, I don't want to have certain email addresses  "popping up" from the internal memory, I've deleted my entire "Contact" list but they still appear.  Help please!

  How do I delete stored email addresses in my iphone? When sending photos, I don't want to have certain email addresses  "popping up" from the internal memory, I've deleted my entire "Contact" list but they still appear.  Help please!

  As with the Mail app on a Mac, the iPhone's Mail app stores all email recipients in a list of previous recipients which is separate from the address book or contacts. The email address autofill feature when addressing an message pulls from Contacts and from the list of previous recipients.
  Different from the Mail app on a Mac, there is no access to the list of previous recipients with iOS on an iPhone, iPod Touch, or iPad to remove a previous recipient from the list, or to add a previous recipient to the address book or contacts that is not already entered - not at the present time anyway.
  The only way to purge the list of previous recipients at the present time is by restoring your iPhone with iTunes as a new iPhone or not from your iPhone's backup, which will start being re-populated again with every sent message.

• ICloud to Mac Address Book - Two Questions

  Okay, I have learned/accepted that iCloud is not the sync'ing deal that MobileMe was (missed that in the fine print as I have been a loyal .mac user from its inception and like the MM syncing). I understand that everything is updated in the cloud and pushed to various devices (for me, iPhone 4S, new iPad and 2009 MBP).  So, how is it possible for my iCloud address book to have more contacts than my MBP address book?  Wouldn't all of the ones in iCloud be pushed to the MBP?  The only thing I can think is that before I understood the concept that there are two address books resident on the MBP, I starting deleting what I thought were duplicates since I wasn't able to merge them due to two different sources.  I could not find a way at that time to tell me which line was from what source.  Then, once I get the two address books matching - mostly to ensure that I am not missing anything in the iCloud one - what purpose does the Mac based address book serve?  I just had a nightmare of dragging various cards from my iCloud address page on the right into the iCloud group on the left and only to realize after doing at least 20 cards that after the first one, the left page registers back up putting the Mac based group across from the iCloud contact list so I dropped many of them into the Mac group instead of the iCloud group. The iCal doesn't maintain a Mac version and an iCloud version, why does the address book?  BTW, all software on all devices is up to date as of this posting.

  Please pardon what may be a silly question.  This is my first ever post...
  I was thinking about deleting "On My Mac" address book per your above instructions, and sticking with the one iCloud contacts.  The problem I am afraid of running into is this:  In iTunes, when I sync contacts, the groups that show available for syncing all come from "On My Mac".  If I delete from the Mac, will that make my "Contacts" icon on my iPad 'dead'?  Thereby, forcing me to log onto iCloud to view my Contacts, instead of a handy shortcut??? 
  Or will I simply get to forgo the iTunes syncing... and the "contacts" icon on my iPad will reflect what was synced thru iCloud?
  If the latter is true, does that simply mean I will need to recreate my "groups" in iCloud?
  Thanks in advance, I certainly need some guidance.

• Multiple IP adress on one mac address?

  Hi!!
  I have a WLC 2504 and AP 1602. Is it possible to give the client multiple ip addresses with one mac address. If yes, how it's made on WLC or AP?

  In certain cases there is a need to have multiple IP addresses responding beyond a single client wireless association. For example, some video cameras will have an internal communication module that tied to wireless interface via ethernet. Some PoS devices may have similar requirement.
  In WLC there is an option WLAN->WirelessID->Advanced->Passive Client.
  Now I am not sure if this will work with multiple IP addresses tied to the same MAC or not.

• Ethernet MAC address has changed and I can no longer connect to the network

  I have a new iMac, 21.5" running 10.6.4. It was purchased in the past month.
  I am using it on an ethernet network and using DHCP to obtain the address. It has been working for the past few weeks. I turned it on today and it is failing to connect. After some digging around, it seems that the MAC address (Ethernet ID) has been reset to 00:10:18:00:00:00. This is different to the one it has been using last week.
  I have not changed any network settings. Airport is working fine.
  If I pull out the ethernet cable and reinsert, the machine tries to obtain an IP address. After a while, it returns with a self-assigned IP Address.
  Last week, I did notice that it was taking a relatively long time (a minute or so) to obtain the IP address over ethernet. Plugging the same ethernet cable in a macbook, I am able to obtain the IP address for the macbook much more quickly.
  I see that I could use ipconfig to change the interface address to what I believe is the correct address. Would this be sensible?
  Why would the machine have reset the MAC address anyway?
  Regards,
  Neil

  Dear all,
  I am having the same problem with a new MacBook Pro, bought end of October - for me it became apparent for software (Matlab, Comsol) that are registered with a licence file which was created based on the MAC address, and also when trying to register the computer to the company network. That software will only work those times that the computer "knows" its real MAC. Also, I found that audible audio books, managed through itunes, will not synchronize with the ipod at those times when the MAC address is at the producer's default (00:10:15:00:00). I never had network issues other than this computer registration, - no probs at home or elsewhere - , so it will depend on the individual setup which issue users observe.
  I have had long phone discussions with different Apple support people, they have done checks based on Capture Data that I sent to them via email, etc.. They can't find the problem in the software/setup and they advised me to go the Genius Bar and have those guys look at the computer's guts.
  Restarting sometimes did set the MAC to the real one, also running the code that someone suggested in Terminal sometimes helped.
  Other than that, looking through the web, it does not seem to be an Apple-unique problem, but certainly one would like to see support to take care of that issue for Macs soon.
  Also, thanks a lot for this thread! Otherwise the support guys on the phone would not have believed my : "the Mac address changes on a daily basis" and would just have brushed me off.
  All the best,
  Susanne
  Message was edited by: semperula

• Can i capture wireless mac addresses?

  I need to provide our security group the mac address of all devices with wireless capabilities. can this be done? the mac addresses I am able to easily report on is the ethernet nic rather than the wireless nic.

  mrhic wrote:
  > I need to provide our security group the mac address of all devices with
  > wireless capabilities. can this be done? the mac addresses I am able
  > to easily report on is the ethernet nic rather than the wireless nic.
  >
  >
  BTW, they ask for the impossible, as anyone can plug in a USB FiFi
  adapter - or tether their Blackberry - or ... so hopefflly they will not
  be overly picky.
  Sort of... there isn't a hardware category for wireless NICs. However
  most of the descriptions include the word "wireless" so you can create a
  custom report as follows:
  Reports-->Inventory Custom Reports-->Hardware Components-->New
  Then enter a Name for the report, select Type = Hardware Components,
  selecy Focus = LAN Adapter. Hit Continue.
  In the Criteria section [+] add a criteria
  [Product Name] [contains] wireless
  To be more specific, take a look at the descriptions returned without
  any critera, and add any oddballs using OR grouping, so if a specific
  model or the word "WiFi" appears - whatwever - you can catch it.
  Finally select the report columns as needed.
  Run.
  We notice that on machines where the WLAN can be disabled, the MAC
  address is absent ( because at the time of the inventory, there is no
  wireless NIC active, but the enumeration of HW show one. ) However, you
  will still "know" there is a wireless NIC.
  Report looks like:
  Atheros Communications Wireless LAN Adapter AR5212 802.11abg FOOUSER
  F00F00F00482 127.0.0.1 255.0.0.0 1
  Intel Corporation PRO/Wireless LAN 3945ABG FOO2USER F00F00F00D6C
  192.168.1.41 255.255.255.0 1
  Intel Corporation PRO/Wireless LAN 3945ABG ANOTHERFOO ( no MAC )
  ( Works, but I would certainly vote for a more easily to get at
  category, same for broadband interfaces. )
  -- Bob
  Bob Mahar | Work in education?
  Novell Knowledge Partner | http://novell.com/ttp
  - - - - - - - - - - | - - - - - - - -
  Programming is like teaching | http://twitter.com/BobMahar
  a jellyfish to build a house | http://vimeo.com/boborama

• Changing MAC address on wrt300n

  So what did I learn today ... never let your little brother on your PC when logged in at a forum ! Result = kicked out, profile deleted, IP banned !
  So I gather that my ISP has only static IP's and they suggest to change my MAC address to get a new IP so I can return to the forum and sign up again with a new profile. So the question is ... how the heck do I change the MAC address on the router ? Anyone have a source that I can read up on this ? This is all very new to me.
  Thanks in advance.

  MAC addresses are like DNA. There are no two matching ANYWHERE in the world (each device in the world has a unique hexidecimal MAC address and no two are alike). Therefore you cannot change your MAC address.
  What I can tell you is what your ISP really means. When you connect your router (which has a MAC address) to their modem, their modem memorizes your devices MAC address and assigns it an IP address. You need to make the modem forget this MAC to get a new IP. 
  To do this, turn off your modem and old router and leave it off for a bit (10 min). Borrow someone elses router (or if you have an old router, use it). Connect it. Turn on modem and new router. Leave on for about 15 min so that your ISP forgets the old MAC address of your original router and creates a new IP address under the new MAC address of the newly connected router.
  After 15 min, power them both down again, disconnect the temp router and connect your original router. Power them back up and wait 15 min again. You *should* get a new static IP from your ISP as it thinks it's a new MAC again. The ISP doesn't remember MAC addresses, only their modem does and once it forgets, it should give you a new IP when you connect the router again.
  Hope this helps!!