Closed

Block iphone / devices from getting IP add from DHCP

Hi guys, I've came across IP address that aren't enough for some users in the company. The IP addresses are more than enough to cater to the user's notebook or PC. However, some users does not know that there are actually limits to the IP we have, so quite a number of them actually uses their mobile / pads to tap the company's wireless.

I was wondering if i could restrict that particular user from tapping onto the network. I know it sounds a bit impossible because DHCP doesnt have that smart function to block whoever we sees deemed as a "nuisance". Ideas will be appreciated!
29 answers Last reply
More about block iphone devices dhcp
  1. You could always use Mac Address Filtering on Wireless network.
    Add all of the Macs for the machines allowed to connect via Wifi to the Mac filter list. Other machines that try to connect wont be able. They will have to come to you so you can add them.
  2. I've thought of it, and even thought of assigning static IP to every individual machines. The problem is, i dont think my manager would like this idea. =S It may seems like he's smiling all the time but you wont know what's going up in the cranky mind of his. There's actually quite a lot of machines in the company. More than 160 of them, not just normal office size.
  3. Other than using MAC filtering or assigning static IPs to your clients, ther'e not much else you can do. Your DHCP server has no way of knowing what kind of machines are connecting so it cand block phones or tablets.
    I think that the best way to handle this is to asign static IPs to all the machines in the office, then set your DHCP pool for a certain amount of machines. That way all the static machines will always get an address and you will know who is what. You will also allow for 10-20 DHCP asigned addresses for phones etc.
  4. Right, just the same idea as mine! I think i'll just have to wait till he can't take anymore of the IP nonsense and do the static assigning of ip =x.
  5. Limit the amount of available IP addresses in the dhcp pool, and then set up an internal web page where employees can request anditional IP (or multiple IPs) for their phone and/or tablet. Expand the dhcp pool as necessary when requests are received.
  6. Hmm, we dont allow the users to actually make use of the network for gadgets. Exceptions are made only for users who are of superior positions. We also reserved IP for them specifically. We dont want to waste our IPs though we have some extras, which actually cater to overseas guest that are here for meetings.
  7. Why can't you extend the private IP range available?
  8. We have quite a number of ip address already. It's just that we dont encourage people to tap into the network for unnecessary needs.
  9. In that case the number of IP addresses is not your limiting factor as indicated in the OP.
  10. Okay, i'll elaborate to let you have a clearer picture. There is enough IP add, but when it comes to users, and you should know given the current technology age, 60% of the users hold a smart phone. That is enough to fill up the rest of the IPs.....

    Because you asked me why dont i add more IPs, thats the reason im telling you that we have more than enough. Now you get the picture?
  11. I asked about the IP addresses you mentioned in the OP because private IP ranges, whether IPv4 or IPv6 are enormous. A private network using IPv4 addressing can have up to a total 16,777,216 Class A addresses or 65,536 Class C addresses. So can you please clear up for me why you can't add more IP addresses (other than because you don't want more devices to connect to the network)?
  12. Why are you sinking so deep into your own concept! omg! Let me do it lay man for you. PCs occupys approx 80% of the total IPS. the remaining 20% are the extras that we have. If those are filled, overseas guest wont be able to get into the network. Nothing to do with bandwidth or whatsoever things that are going through your mind right now.

    That's why i said we dont encourage people to tap into the network. Everyone elses gets it except you. Dont go so indepth please. Things arent as complicated as you deem it is.. You are only confusing yourself.
  13. So why can't you extend the private IP range available?
  14. Because there isnt any need to waste money in buying more IPs to cater for device users. That's why i will need ideas on how to block them. I can carry on going into DHCP to remove devices, but it just isnt feasible. What if one day im not here to manage the network, and users arent able to connect to the network because it's "full house".
  15. Why do you need to buy private IP addresses?
  16. Okay, now i know where your coming from. For my case, it is under a private address of 192.1.2.xxx. My gateway is at 192.1.2.10. Everything have to be under the same subnet for them to get the network. We reserved 192.1.2.11 - 90 for printers and for reservations. The rest are for PCs. Hope you have a clearer picture now. =)
  17. 192.1.2.xxx is not a private address.

    Why does everything need to be under the same subnet for them to "get the network"?

    Why can't the subnet be 255.255.0.0 and allow for private IP address range of 192.168.0.0 - 192.168.255.255? (There can be several genuine reasons).
  18. Because the company has only one subnet. Everything needs to communicate to each other through that subnet, then connect to the gateway. On the other side, the NAT is linking the 1 public IP address we has, from all the private IPs in the subnet.
  19. Why are you using a subnet of 255.255.255.0 instead of 255.255.0.0?

    Can you also please clarify what private IP address range you are using?
  20. Because my private ip address range is only 192.1.2.10 - 254.
  21. 192.1.2.10 is not a private IP address. That is a public IP address. All addresses in 192.1/16 are public.

    You can have the gateway set to 192.1.2.10, have a private IP address range of 192.168.0.1-192.168.255.255 and a subnet of 255.255.0.0 allowing a possible 65,536 hosts on that network.

    see http://tools.ietf.org/html/rfc1918
  22. Meaning to say that i have to re-set the entire network! Also, i have another subnet at 192.168.xxx.xxx for other guest that needs only the internet and not our LAN.
  23. I'm not actually sure how you managed to set up your internal network with public IP addresses without more issues.

    Yes it would mean setting up the correct subnet mask on the network devices and correcting the private IP addresses so they comply, but you could leave IP address assigning to DHCP across the board. It would solve your IP address problems and be much more scalable. You could either merge both subnets into the one or route between the two. However if you route between the two and both fall under the range of 192.168/16 then you would need to set up the two subnets differently to what I have described. I imagine there are two subnets from what you have described for security purposes?

    I think what I proposed is the simplest solution that is somewhat future-proofed until your organisation grows considerably. At some point, I believe what I proposed will be inevitable, if your organisation grows even a small amount.
  24. Any IP addresses you are assigning your network machines through DHCP are private. They are only used on your private network and not outside it. The address your ISP provides for internet is your public address. You can use any address pool you like for your private network, but you shouldn't get too technical about it that will just mix you up. The more simple the better!
    Another thing is that if you don't want guests accessing your office network you should be using a Domain! That way anyone who wants to access your network will need a password to enter and all activity can be tracked!
    You are right about not adding any more addresses to your DHCP pool though. Unless you have an super fast connection!
  25. Bandwidth can be affected by extending the range of private IP addresses, and to differing degrees depending on the rest of the network configuration.

    DHCP can be set to provide illegal public addresses. It shouldn't.

    "Private intranets that have no intent on connecting to the Internet can choose any addresses they want, even public addresses that have been assigned by the InterNIC. If an organization later decides to connect to the Internet, its current address scheme might include addresses already assigned by the InterNIC to other organizations. These addresses would be duplicate or conflicting addresses and are known as illegal addresses . Connectivity from illegal addresses to Internet locations is not possible."

    "For the hosts within the organization that do not require direct access to the Internet, IP addresses that do not duplicate already-assigned public addresses are required."

    http://technet.microsoft.com/en-us/library/cc958825.aspx
  26. Hmm, i am already under a domain, users under the domain is with the ip of 192.1.2.xx and guests that have direct internet conenction will be 192.168.xx.xx. The thing is even if they are not in the domain, but they were to connect to our ethernet cables, it will still relay them to our network, and security can be compromise. Therefore we only allow them to connect through wifi to 192.168 private address. Yeap, there are roughly 140 operating PCs in the company.

    The bandwidth shouldnt be a concern right now as it's quite stable so far. The only thing that im concern is the changing of the private add, and to set up the subnet and mask and everything. Files are shared everywhere through the server, everything pertaining to the current private add will need to be changed also.. This is really going to be tough.. Real tough.. =(
  27. I agree that it is highly unlikely bandwidth will be an issue. Even though the IP address pool becomes bigger doesn't mean that all the available addresses will get used. Something still doesn't sound right about the IP addresses and the way your network is set up, so please don't rely on anything I said. I feel I am not qualified enough to give advice for you to rely on and this is a quest for knowledge on my part too. I would appreciate it if you post whatever solution you use to your problem.

    I would also look at this as both a knowledge building exercise and the reason you are getting paid. Without these challenges, there would be no need for your job, so be thankful for them. :)
  28. Well, i think this has been an issue for quite awhile, even before i entered the company @.@ I will figure out the solutions soon. On the other hand, no one of superior positions than me want to take up this s**t, and im paid nuts, so, i will decide whether to carry on with it even if i found solutions pertaining to this. In the future if i'd set it up, i will post an update on this issue! =D
  29. I came up with a simple solution at my company for this same issue. I attached my 5 wireless routers WAN ports to my internal LAN and gave each of them different private LAN subnets and each provide their own DHCP, therefore Ll wireless clients communicate directly with Internet and not on my LAN.

    Example:
    My LAN: 10.1.10.1
    Wifi 1: 192.168.2.0 DHCP 192.168.2.100-250
    Wifi 2: 192.168.3.0 DHCP 192.168.3.100-250
    Both Wifi 1&2 have DHCP WAN addresses from my LAN
    (10.1.10.100 & 10.1.10.101)
    No traffic passes between any of these routes.
    Hope this helps!
Ask a new question

Read More

IP Devices Networking