Exclude local IP addresses with AEBS?

Discussion in 'Mac Accessories' started by rotarypower101, Sep 10, 2011.

  1. rotarypower101 macrumors regular

    rotarypower101

    Joined:
    Sep 28, 2007
    Location:
    Portland Oregon
    #1
    Is there a way to exclude single local IP addresses through the airport utility?

    Is this possible or is there a way to do this with by any other means?

    TIA
     
  2. miles01110 macrumors Core

    miles01110

    Joined:
    Jul 24, 2006
    Location:
    The Ivory Tower (I'm not coming down)
  3. Brian33 macrumors 6502a

    Joined:
    Apr 30, 2008
    Location:
    USA (Virginia)
    #3
    Perhaps you mean "exclude single local IP addresses from the set of ones given out by the AEBS DHCP server?"

    If so, I believe the answer is yes.

    Airport Utility->Internet->Internet Connection, set Connection Sharing to "Distribute a range of IP addresses". Then, click DHCP->"+" button to add "DHCP Reservations".

    My understanding is that those IP addresses added there will not be given out to any device unless the device's MAC address or DHCP Client ID match.

    Will this do what you want?

    Regards,
    Brian33
     
  4. rotarypower101 thread starter macrumors regular

    rotarypower101

    Joined:
    Sep 28, 2007
    Location:
    Portland Oregon
    #4
    What I would like to do is leave my “open” network open for certain computers as well as guests, but exclude discrete units from the mix that are not following the agreed upon rules nor contributing to the continuation of the service.

    I have access to the mac address as well as the local IP address I would like to exclude.
    (does the local IP change, or will excluding the mac address be permenent)

    May I exclude a particular machine both through WIFI as well as ethernet?


    Also is there a way to protect the settings on the AEBS from being tampered with?


    I found the "DHCP Reservations" method.

    (BTW thank you for the help Brian33)

    But as far as I can tell this has not stopped the ethernet from working.

    Should the "DHCP Reservations" stop the ethernet?
    Or is there something else that must be changed or set to stop the flow of bits and bytes?



    Thank you very much for your help ladies and gentleman :)

    It may sound very passive aggressive, but I assure you this will be a very good solution for this particular character.
     
  5. blevins321 macrumors 68030

    Joined:
    Dec 24, 2010
    Location:
    Winnipeg, MB
    #5
    If the computer has both wireless and ethernet, you'd need to do both MAC addresses; it's different for each connection type.
     
  6. rotarypower101 thread starter macrumors regular

    rotarypower101

    Joined:
    Sep 28, 2007
    Location:
    Portland Oregon
    #6
    Well this has not seemed to work AFAICT, so I will try and explain what I have done and some of the external conditions if it is helpful.

    This is to prohibit a macpro e2008 / Lion from the internet as well as joining the local network.

    To find the mac address >about this mac>more info>system report>Network>Locations

    This allows me to see both ethernet1,as well as ethernet2

    In Airport Utility I have made the following changes:

    Airport Utility>Manual setup>Access control>click +

    Then I individually added both the appropriate mac addresses for the MPe2008 and set the “click add to set this clients network time limit” to “no access”

    The only other external factor I can think of is there is a 8 port ethernet switch/hub in line of the MPe2008

    As far as I can tell there is no airport card in the MPe2008, but where would one find the airport ID at? Assuming this is the wireless mac address as I have read?

    Thanks again for the help
     
  7. alFR macrumors 68020

    Joined:
    Aug 10, 2006
  8. Brian33 macrumors 6502a

    Joined:
    Apr 30, 2008
    Location:
    USA (Virginia)
    #8
    On my iMac, looking in the System Profiler as you describe above shows both my Ethernet MAC address and my Airport card MAC address. In order, it shows Bluetooth, Ethernet, FireWire, AirPort. So, if there is no "Airport" category under Network->Locations I guess that means there's no Airport card installed.

    ----------

    I think you had a good idea trying to use the MAC Address Access Control feature, but it looks like it only works for wireless clients. Here's from the Airport help window (emphasis mine):

    Therefore, it appears that it won't help you prevent the wired Ethernet connection from working.

    Regards,
    Brian33
     
  9. Brian33 macrumors 6502a

    Joined:
    Apr 30, 2008
    Location:
    USA (Virginia)
    #9
    This might be a crazy idea, and I haven't tried it, but do you have access to the Mac Pro? Maybe you could use a Terminal command to disable the wired Ethernet interfaces. Then you could put a script running that command into the Login items for all users on the Mac Pro, so whenever they logged in the command would run.

    Again, you have to research this, because my understanding of the ifconfig command is minimal and I haven't tried it, but looking at its (huge) man page it looks like the commands:
    Code:
    ifconfig en0 down
    ifconfig en1 down
    should set the specified Ethernet interface so that "the system will not attempt to transmit messages through that interface". Sounds like what you want! I say put it in a login item script because I expect that re-booting will reset the interface.

    You probably need Administrator access to run the commands.
     
  10. rotarypower101, Sep 13, 2011
    Last edited: Sep 13, 2011

    rotarypower101 thread starter macrumors regular

    rotarypower101

    Joined:
    Sep 28, 2007
    Location:
    Portland Oregon
    #10
    Absolutely I can, but this task was also a exercise in understanding my network better.

    I would also like to reword ignorance with confusion in this particular case, as the culprit is well smart enough to see the obvious ethernet cord unplugged, and has access to it.

    Where as if I can do the requested task via software, I don't believe the intended person will have the ability nor the wherewithal to repair the issue.

    ----------


    Thanks you for taking the time to detail the location of the wireless mac address.
    That is very helpful to understand where it should be and that I am not missing anything.

    FYI I am on a 2008 MP w/no airport card under Network>locations my headings read Bluetooth DUN,Ethernet1, Ethernet2,Firewire,Bluetooth PAN.
     
  11. rotarypower101 thread starter macrumors regular

    rotarypower101

    Joined:
    Sep 28, 2007
    Location:
    Portland Oregon
    #11

    In this particular case I dont feel that is the right approach, as it is not my machine and it would feel a little underhanded.

    However, the AEBS and internet are mine to command, so I would feel no remorse if this single user where to be cut off until they shape up and fly right as they say....

    To me it would really drive the point home that everyone has access to the network, even first time guests,without having to change any of the wiring or any “new” special rules/password changes to single out this person, but this particular machine was left off the network in exile.

    And again I would really like to understand my network settings better, as this is one area I think a lot of people neglect to understand the features and abilities it possesses.


    Again thank you everyone for any help in the matter.

    I really have searched google fairly extensively, but I have not found any explicit ways of doing what I would like or at least understand what it is they are trying to explain translates into what I am doing.
     

Share This Page