Use Timed Access to Lock out IDevices From Wi-Fi

Worried that your teen or tween is spending all night wired to his or her iPod touch or iPad? While Mac OS X has timed access controls that let you specify during which hours a computer account may be used as well as a cumulative daily limit, the iPad, iPhone, and iPod touch lack such options.

But there's a way to set timed access in a manner that sticks if you're using Apple Wi-Fi base stations on your network. The Timed Access option for access only lets you choose days of the week and times of the day to block usage, but it's effective.

(This option doesn't work for 3G iPhones or 3G iPads with a data plan enabled when the devices are using the cellular network.)

Timed Access relies on the unique network adapter identifier that's assigned to every Ethernet and Wi-Fi adapter. On the iPad, you find this identifier in the Settings app. Tap General -> About. The value next to the Wi-Fi Address (something like D8:30:62:55:DE:B9) is the MAC or Media Access Control address for that device.

Write down the addresses for all devices for which you want to restrict access by day of the week and time of day.

While MAC addresses can be modified on computers through the use of command-line or other software--often to let one computer spoof the identify of another to access a network the user has no access to--the MAC address on an iDevice can't be changed. (Jailbroken devices might have an option.)

This lets you use the MAC address on an iPad, iPod touch, or iPhone as a reliable ID.

To set up timed access, follow these steps:

1. Launch AirPort Utility (which you'll find in /Applications/Utilities/).

2. Select your base station from the list at left. Enter a password if it's not stored.

3. Click Manual Setup in the lower middle of the utility.

4. Click the AirPort icon at top if not already selected, then click the Access Control tab.

5. Select Timed Access from the MAC Address Access Control pop-up menu.

Now you're ready to configure restrictions. Figure out what restrictions you'll want to have ahead of time. For instance, you might choose to disable access between 9 p.m. and 7 a.m. on weekdays and 10 p.m. and 6 a.m. on weekends.

(Note: You will have to restart the base station after configuring, so be sure that you're ready to do so without damaging other operations in progress.)

When you first view the Access Control tab after changing the setting to Timed Access, you see a prefilled entry placed there by AirPort Utility that reads--parentheses and all--(default). This entry is set to Unlimited. In other contexts, you might call this default "allow everybody at all times." This sets a policy for Timed Access for any machine for which a specific limit has not been set. The (default) entry can be used to ban or limit all access for MAC addresses that haven't been entered into this list. You can modify the (default) entry by selecting and clicking Edit with the same options for a new entry described below.

To create a new restriction, follow these steps in AirPort Utility:

1. Click the plus sign (+) to start.

2. Type in the MAC Address. Add a description for later reference ("Sally's iPod touch," as seen in the screenshot to the right).

3. Set up date and time restrictions. Each entry starts with a prefilled Everyday set to All Day which can be modified but not deleted. Add additional parameters by clicking the + (plus) button. For instance, to set up the example earlier:

• Select Everyday and set to Weekdays.

• Select All Day and set to between 7:00 p.m. and 9:00 p.m..

• Click plus (+).

• The new entry, by default, says Weekdays between 9:00 p.m. and 5:00 p.m..

• Select Weekdays and set to Weekends.

• Change the time range to 6:00 a.m. and 10:00 p.m.

• Click Done.

Now repeat for all the devices you want to limit by time.

4. Click Update, and this restarts the base station with the new settings.

Unfortunately, there's no temporary override if you need to make an exception. You have to change the settings for the device in AirPort Utility and restart the base station again. That's not that onerous, but you may want to set more broad parameters to begin with so you're not rebooting nightly.

If you have more than one base station, you can avoid entering this data over and over again in this way:

1. In AirPort Utility with the Timed Access configured base station selected, choose File -> Export Configuration File.

2. Select another base station in AirPort Utility, and choose File -> Import Configuration File.

3. In the import dialog box, uncheck everything but Timed Access Control (as shown in the screenshot).

4. Click OK.

5. The import happens silently. Click Update to restart the router with the new settings.

You can't ensure that your kids get a good night's sleep. But you can make sure the glow of an iDevice isn't what's keeping them up late.

[Glenn Fleishman is a regular Macworld contributor, and the father of two young fellows, neither of whom yet has an iWhatever. Glenn's latest book is the upcoming Take Control of iPad Networking and Security.]

For comprehensive coverage of the Android ecosystem, visit Greenbot.com.

Subscribe to the Security Watch Newsletter

Comments