Sidebar Sidebar
Become a MacRumors Supporter for $50/year with no ads, ability to filter front page stories, and private forums.

Exclude local IP addresses with AEBS?

rotarypower101

rotarypower101

macrumors 6502
Original poster
Sep 28, 2007
264
4
Portland Oregon
Is there a way to exclude single local IP addresses through the airport utility?

Is this possible or is there a way to do this with by any other means?

TIA
 
Perhaps you mean "exclude single local IP addresses from the set of ones given out by the AEBS DHCP server?"

If so, I believe the answer is yes.

Airport Utility->Internet->Internet Connection, set Connection Sharing to "Distribute a range of IP addresses". Then, click DHCP->"+" button to add "DHCP Reservations".

My understanding is that those IP addresses added there will not be given out to any device unless the device's MAC address or DHCP Client ID match.

Will this do what you want?

Regards,
Brian33
 
What I would like to do is leave my “open” network open for certain computers as well as guests, but exclude discrete units from the mix that are not following the agreed upon rules nor contributing to the continuation of the service.

I have access to the mac address as well as the local IP address I would like to exclude.
(does the local IP change, or will excluding the mac address be permenent)

May I exclude a particular machine both through WIFI as well as ethernet?


Also is there a way to protect the settings on the AEBS from being tampered with?


I found the "DHCP Reservations" method.

(BTW thank you for the help Brian33)

But as far as I can tell this has not stopped the ethernet from working.

Should the "DHCP Reservations" stop the ethernet?
Or is there something else that must be changed or set to stop the flow of bits and bytes?



Thank you very much for your help ladies and gentleman :)

It may sound very passive aggressive, but I assure you this will be a very good solution for this particular character.
 
Well this has not seemed to work AFAICT, so I will try and explain what I have done and some of the external conditions if it is helpful.

This is to prohibit a macpro e2008 / Lion from the internet as well as joining the local network.

To find the mac address >about this mac>more info>system report>Network>Locations

This allows me to see both ethernet1,as well as ethernet2

In Airport Utility I have made the following changes:

Airport Utility>Manual setup>Access control>click +

Then I individually added both the appropriate mac addresses for the MPe2008 and set the “click add to set this clients network time limit” to “no access”

The only other external factor I can think of is there is a 8 port ethernet switch/hub in line of the MPe2008

As far as I can tell there is no airport card in the MPe2008, but where would one find the airport ID at? Assuming this is the wireless mac address as I have read?

Thanks again for the help
 
rotarypower101 said:
...

To find the mac address >about this mac>more info>system report>Network>Locations

This allows me to see both ethernet1,as well as ethernet2
...

As far as I can tell there is no airport card in the MPe2008, but where would one find the airport ID at? Assuming this is the wireless mac address as I have read?
Click to expand...

On my iMac, looking in the System Profiler as you describe above shows both my Ethernet MAC address and my Airport card MAC address. In order, it shows Bluetooth, Ethernet, FireWire, AirPort. So, if there is no "Airport" category under Network->Locations I guess that means there's no Airport card installed.

----------
rotarypower101 said:
Well this has not seemed to work...

In Airport Utility I have made the following changes:

Airport Utility>Manual setup>Access control>click +

Then I individually added both the appropriate mac addresses for the MPe2008 and set the “click add to set this clients network time limit” to “no access”

The only other external factor I can think of is there is a 8 port ethernet switch/hub in line of the MPe2008
Click to expand...
I think you had a good idea trying to use the MAC Address Access Control feature, but it looks like it only works for wireless clients. Here's from the Airport help window (emphasis mine):

With access control you can specify which computers can send or receive information through the wireless network. [snip] Access control prevents computers that aren’t on the access control list from accessing the AirPort network.
Click to expand...

Therefore, it appears that it won't help you prevent the wired Ethernet connection from working.

Regards,
Brian33
 
This might be a crazy idea, and I haven't tried it, but do you have access to the Mac Pro? Maybe you could use a Terminal command to disable the wired Ethernet interfaces. Then you could put a script running that command into the Login items for all users on the Mac Pro, so whenever they logged in the command would run.

Again, you have to research this, because my understanding of the ifconfig command is minimal and I haven't tried it, but looking at its (huge) man page it looks like the commands:
Code: 
ifconfig en0 down
ifconfig en1 down
should set the specified Ethernet interface so that "the system will not attempt to transmit messages through that interface". Sounds like what you want! I say put it in a login item script because I expect that re-booting will reset the interface.

You probably need Administrator access to run the commands.
 
alFR said:
Can't you just unplug the ethernet cable? :confused:
Click to expand...

Absolutely I can, but this task was also a exercise in understanding my network better.

I would also like to reword ignorance with confusion in this particular case, as the culprit is well smart enough to see the obvious ethernet cord unplugged, and has access to it.

Where as if I can do the requested task via software, I don't believe the intended person will have the ability nor the wherewithal to repair the issue.

----------

Brian33 said:
On my iMac, looking in the System Profiler as you describe above shows both my Ethernet MAC address and my Airport card MAC address. In order, it shows Bluetooth, Ethernet, FireWire, AirPort. So, if there is no "Airport" category under Network->Locations I guess that means there's no Airport card installed.
Click to expand...


Thanks you for taking the time to detail the location of the wireless mac address.
That is very helpful to understand where it should be and that I am not missing anything.

FYI I am on a 2008 MP w/no airport card under Network>locations my headings read Bluetooth DUN,Ethernet1, Ethernet2,Firewire,Bluetooth PAN.
 
Last edited:
Brian33 said:
This might be a crazy idea, and I haven't tried it, but do you have access to the Mac Pro? Maybe you could use a Terminal command to disable the wired Ethernet interfaces. Then you could put a script running that command into the Login items for all users on the Mac Pro, so whenever they logged in the command would run.
Click to expand...


In this particular case I dont feel that is the right approach, as it is not my machine and it would feel a little underhanded.

However, the AEBS and internet are mine to command, so I would feel no remorse if this single user where to be cut off until they shape up and fly right as they say....

To me it would really drive the point home that everyone has access to the network, even first time guests,without having to change any of the wiring or any “new” special rules/password changes to single out this person, but this particular machine was left off the network in exile.

And again I would really like to understand my network settings better, as this is one area I think a lot of people neglect to understand the features and abilities it possesses.


Again thank you everyone for any help in the matter.

I really have searched google fairly extensively, but I have not found any explicit ways of doing what I would like or at least understand what it is they are trying to explain translates into what I am doing.
 
You must log in or register to reply here.
Register on MacRumors! This sidebar will go away, and you'll see fewer ads.
Top Bottom
Back