Don't know if this is the correct forum but I will start here. I have a single forest single domain Windows Server 2003 AD environment. I have a seperate subnet for wireless traffic on one of my network segments. We are using Proxim AP-4000 access points. Is there a way (either through DHCP or Group Policy) to block unauthorized devices (IPods, IPhones, etc) from obtaining an IP address? Or should I think about setting up a RADIUS server? Any ideas?

Hi, Thanks for the post. From your description, I understand that you would like to know if there is a way to block unauthorized devices from obtaining a Wireless IP address. Yes, we could use Wireless Group Policy to define 802.1X authentication for wireless networks For detailed steps, you could refer to the following article: http://technet.microsoft.com/en-us/library/cc778073(WS.10).aspx You could select Smart Card or other certificate in EAP type and select Computer only in the Computer authentication box. In this way, we could block unauthorized devices from obtaining a Wireless IP address Hope this helps.

For security purposes the combination of RADIUS and IAS is recommended. I'm sure a browser carries some information specific to devices if you intent to lock out certain categories. Part of the MAC adress is reserved to reflect the manufacturer and probably type of nic for example.Creativity cannot be taught, but it can be learned.

Hi, I just want to check if the information provided was helpful. If there is any update on this issue, please feel free to let me know. We are looking forward to your reply.

I am having a similar issue. I am looking for a way to stop unauthorized devices ( mainly iphones and ipod touch devices) from connecting to our wireless network. We are currently using 802.1x authentication using PEAP and IAS along with MS-CHAPv2. We also have a selfsigned certificate that is pushed out to our domain laptops using group policy.We have remote access policies setup to to 1)check that a machine is part of our wireless security group and 2) that the user is part of our wireless user group. This has been working great until Apple update 2.0 came out for their iphone and ipods. Now all a user has to do is enter the ssid into their device, put in their domain credentials and then accept the unvalidated certificate and voila they are connected to the wireless network. Any help in this matter would be greatly appreciated.