Package to turn off WiFi when Ethernet is present.

echilders
New Contributor II

During the JAMF Nation User Conference, it was asked in one of the sessions if any one had a process or program to help prevent bridging networks. I have a package that will do just that. It was created to turn off the WiFi connection when an active ethernet cable is present in the machine. I am posting this here to share with the community. http://db.tt/TMZC4uSP/

Enjoy.

21 REPLIES 21

tkimpton
Valued Contributor II

technicholas
Contributor

Thank you for posting this!

I was looking for something like this, when I have students laptops come in and I plug it into the Ethernet it does not fully move to Ethernet for example file transfers go over the wireless this will help me a bunch thanks!

jserapio
New Contributor

+1 Thanks as well. Works great on 10.8.2!

tkimpton
Valued Contributor II

There has been a wireless bug for years and still exists in 10.8.2 where on wireless it will cache the last dns server. this means when people go to different networks they keep getting APIPA and thats why you have to turn the wirless off and on again. I have covered that problem in my script. if Apple ever fix this in 10.8.3 i may have a look at your script again.

jserapio
New Contributor

I havent tested it too much, but I believe the package will need to be updated for 10.8.3. I updated one of my test machines from 10.8.2 to .3. Instead of Wi-Fi saying off, it now says inactive. Not sure if this is an air defense issue or something else, but I thought I would post this here as a heads up.

tkimpton
Valued Contributor II

Thats why you should use mine.

jserapio
New Contributor

I re-tested and validated that it IS working on 10.8.3. Other settings were conflicting and causing the package not to work.

@ tkimpton I tried your script and it works. But the user is still able to enable Wi-Fi after it has been disabled. With the Air Defense package, it is a constant check to disable the Wi-Fi interface is what we needed.

Thanks to all!

tkimpton
Valued Contributor II

Wheres the Andrex?

The reason why is because the Air Defense also installs a launch daemon with watchpaths to run the script!

My post is about the script!

Grab Lingon and create a launch daemon to run the script with watchpaths to /Library/Preferences/SytemConfiguration/

*Please Goolge search Launch Daemons

*Please Google search How to run a script with Launch Daemons

*Please Google search Launch Daemon watch paths

*Please Google search Lingon

*Please open Lingon and read the Help packes within the application.

tkimpton
Valued Contributor II

No offense to echilders. What you have done is great. This is just a helpful warning...

Dont install pkgs blindly. If you do not know what you are installing then get Pacifist and drag the pkg into it and see what it installs and test on dev box if happy.

This is the reason we dont give admin rights to end users right ;)

ronb
New Contributor II

We have been using Air Defense and it has been a great solution for our IP bogarting laptops with Ethernet and wifi on.

However, we are wondering if there is a way to modify this so that it does not turn off wifi, just stops it from auto joining any network. This would let the laptops utilize GPS, which does not require "Joining" a wifi network.

Of course this would mean manually selecting a network, but we're ok with that.

ToriAnneke
Contributor II

Hey all,

I've been using the Air Defense.pkg that OP posted but have noticed in Console numerous log entries as follows:

com.apple.launchd: (airport) Throttling respawn: Will start in 10 seconds airportd: _doAutoJoin: Already associated to "My SSID". Bailing on auto-join. kernel: en1: BSSID changed to 00:0c:e6:00:15:45

And this fills up my system.log all day.
Also noticed the last line is a MAC address that doesn't associate to en0 nor en1 on my laptop.

Is this something to address?
Anyone else using Air Defense.pkg see this in their system.log
I noticed this in 10.8.5 and 10.9.1
On a 10.7.5 laptop I do not see this behaviour.

Thanks in advance,

-pat

shynds
New Contributor

This is the script I used to turn off the wireless.

!/bin/sh

########################################################################################

# More information: https://macmule.com/2011/09/09/how-to-turn-off-wireless-card/

GitRepo: https://github.com/macmule/turnOffWireless/

License: https://macmule.com/license/

########################################################################################

###################################################################################################

# DEFINE VARIABLES

########################################################################################

HARDCODED VALUES SET HERE

Set to y to clear DNS for macs running Tiger

clearTiger="n"

CHECK TO SEE IF A VALUE WAS PASSED IN PARAMETER 4 AND, IF SO, ASSIGN

if [ "$4" != "" ] && [ "$clearTiger" == "" ];then
clearTiger=$4
fi

########################################################################################

# SCRIPT CONTENTS - DO NOT MODIFY BELOW THIS LINE

########################################################################################

Gets OS Version

OS=/usr/bin/defaults read /System/Library/CoreServices/SystemVersion ProductVersion | awk '{print substr($1,1,4)}'

Checks networksetup to see if an Airport Card is installed

checkHasAnAirportCard=networksetup -listallhardwareports | grep -i "Hardware Port: Air" | cut -c 16-

Checks to see if their is a service created for Airport, & if so gets the name

checkWireless=$(networksetup -listallhardwareports | egrep "Hardware Port: (Air|Wi-)" | cut -c 16-)

Checks to see if Airport is installed

if [ -z "$checkWireless" ]; then # If no Wireless is installed echo "No Wireless Card exiting..." exit 0

else

# Checks to see if Wireless has a service created for it. if [ -z "$checkWireless" ]; then

# If Aiport is installed, but does not have a service create a service & enable echo "Wireless installed, but not configured as a service..."

# Creates Aiport service networksetup -createnetworkservice "$checkWireless" "$checkWireless" echo "Wireless service created..."

#Enable Wireless networksetup -setnetworkserviceenabled "$checkWireless" on echo "Enabled Wireless service..."

fi

Loops through the list of network services

for i in $(networksetup -listallnetworkservices | tail +2 );
do #Checks to see if there is a service called Airport or Wireless if so enables it. if [[ "$i" =~ 'A' || "$i" =~ '*W' ]]; then

#Removes the * prefix disabledServices=( echo $i | cut -c 2- )

#Enables the disabled netwoprk services /usr/sbin/networksetup -setnetworkserviceenabled "$disabledServices" on

#Echo's the name of any services enabled echo "Wireless now enabled..."

fi

done

Re-checks the service name for Wireless as it should now be enabled

checkWirelessIsAService=$(networksetup -listallnetworkservices | egrep -i "(Air|Wi-)")

Checks power state of Wireless

if [[ "$OS" "10.5" ]]; then

# If OS is 10.6.x run the following to check Wireless power... airportPower=/usr/sbin/networksetup -getairportpower "$checkWireless" | cut -c 26-
else

# If OS is 10.5.x run the following to check Wireless power... airportPower=/usr/sbin/networksetup -getairportpower | cut -c 16-

fi

if [[ "$airportPower" == "Off" ]]; then

#Checks to see if Wireless is off & if so.. exits. echo "Wireless already powered off.. exiting..." exit 0

else #Checks to see if Wireless is on echo "Wireless is powered on..."

# If machine is running Tiger, clear search domains if specified for $clearTiger variable if [[ "$OS" < "10.5" ]]; then if [[ "$clearTiger" == "y" ]]; then

echo "Clearing DNS Servers for OS $OS..." /System/Library/CoreServices/RemoteManagement/ARDAgent.app/Contents/Support/networksetup -setdnsservers "$checkWireless" "empty"

echo "Clearing search domains for OS $OS..." /System/Library/CoreServices/RemoteManagement/ARDAgent.app/Contents/Support/networksetup -setsearchdomains "$checkWireless" "empty"

else

echo "Not Clearing DNS as OS is $OS..."

fi

else

# If machine is not running 10.5 or higher clear dns & search domains as these will be picked up by DHCP echo "Clearing DNS Servers for OS $OS..." /usr/sbin/networksetup -setdnsservers "$checkWireless" "empty" echo "Clearing search domains for OS $OS..." /usr/sbin/networksetup -setsearchdomains "$checkWireless" "empty"

fi

if [[ "$OS" == "10.4" ]]; then

# If OS is 10.4.x run the following to turn off Wireless... echo "Turning off the Wireless for OS $OS..." /System/Library/CoreServices/RemoteManagement/ARDAgent.app/Contents/Support/networksetup -setairportpower off exit 0

elif [[ "$OS" == "10.5" ]]; then

# If OS is 10.5.x run the following to turn off Wireless... echo "Turning off the Wireless for OS $OS..." /usr/sbin/networksetup -setairportpower off exit 0

elif [[ "$OS" == "10.6" ]]; then

# If OS is 10.6.x run the following to turn off Wireless... echo "Turning off the Wireless for OS $OS..." /usr/sbin/networksetup -setairportpower "$checkWireless" off exit 0

else

# If OS is 10.7.x or greater then run the following to turn off Wireless... checkWireless=$(networksetup -listallhardwareports | egrep "Hardware Port: (Air|Wi-)" | cut -c 16-) # First we need to get the Wi-Fi device's name wifiDevice=/usr/sbin/networksetup -listallhardwareports | awk '/^Hardware Port: Wi-Fi/,/^Ethernet Address/' | head -2 | tail -1 | cut -c 9- echo "Turning off the Wireless for OS $OS..." /usr/sbin/networksetup -setairportpower "$wifiDevice" off exit 0 fi fi
fi

bentoms
Esteemed Contributor
Esteemed Contributor

@shynds whoa! That's an oldie, glad it's still working.

stuart_harrop
New Contributor II

This script works well for 10.10 and higher to disable multihoming. We have it scoped only to MacBooks.

#!/bin/bash

# Set toggle for found IP on an interface to FALSE to start
IPFOUND=
# Get list of possible wired ethernet interfaces
INTERFACES=`networksetup -listnetworkserviceorder | grep "Hardware Port" | grep "Ethernet" | awk -F ": " '{print $3}'  | sed 's/)//g'`
INTERFACES=("${INTERFACES[@]}" `networksetup -listnetworkserviceorder | grep "Hardware Port" | grep "Thunderbolt Bridge" | awk -F ": " '{print $3}'  | sed 's/)//g'`)

# Get list of Wireless Interfaces
WIFIINTERFACES=`networksetup -listallhardwareports | tr '
' ' ' | sed -e 's/Hardware Port:/'$'
/g' | grep Wi-Fi | awk '{print $3}'`

# Look for an IP on all Ethernet interfaces.  If found set variable IPFOUND to true.
for INTERFACE in $INTERFACES
do
  # Get Wired LAN IP (If there is one other then the loopback and the self assigned.)
  IPCHECK=`ifconfig $INTERFACE | egrep 'inet [0-9]{1,3}.[0-9]{1,3}.[0-9]{1,3}.[0-9]{1,3}' | egrep -v '127.0.0.1|169.254.' | awk '{print $2}'`
  if [ $IPCHECK ]; then
    IPFOUND=true
  fi
done

  if [ $IPFOUND ]; then
    /usr/sbin/networksetup -setairportpower $WIFIINTERFACES off || exit 1
    echo "Turning OFF wireless on card $WIFIINTERFACES."
    logger "wireless.sh: turning off wireless card ($WIFIINTERFACES) because an IP was found on a wired card."
  else
    /usr/sbin/networksetup -setairportpower $WIFIINTERFACES on || exit 1
    echo "Turning ON wireless on card $WIFIINTERFACES."
   logger "wireless.sh: turning on wireless card ($WIFIINTERFACES) because NO IP was found on a wired card."
  fi

aroberg
New Contributor

Stuart.harrop,
Is there a way to make your script be persistent? The script works properly only once, but unplugging the ethernet cord does not re-enable the WiFi. Manually enabling WiFi means I have to run the script again to have it turned off. By the way, all the MBP's are running High Sierra.

rqomsiya
Contributor III

@aroberg You'll have to create a LaunchDaemon with a watchpath to get it to be persistent.

Question: Are you users local admins? If not then you can just disable "Network Sharing" to prevent bridging...

TreviñoL
Contributor

Just a reminder that if anyone has an Apple Watch linked to their Mac it will require Wi-Fi to be turned on while connected to the Ethernet port.

stuart_harrop
New Contributor II

@aroberg We have ours running as an offline policy, with a trigger of network change state so it monitors the Ethernet/wifi state.

dereadi
New Contributor

I revised the Air Defense script to exclude the touchbar when checking for ethernet connections. I also loop through everything in ifconfig after letting the old script identify Wifi, and exclude the Bridge and Bluetooth. Hope you guys enjoy. The pkg is there, as well as the shell script and plist file. If you have any questions or ideas for revisions, let me know.

https://github.com/bugwelps/Air-Defense-Revised

tgary
New Contributor II

Newbie here - I ran this script on a USB C test machine and determined that the script isn't exactly suitable for our environment after all. How can I remove it?

dereadi
New Contributor

The script resides in /Library/Scripts and remove airport2.5.sh, and go into /Library/AutoDaemon and remove com.tsys.airport2.5.plist. You'll have to do a sudo on your rm command to get rid of the files. You can also rename airport2.5.sh to something else and it will stop as well. Feel free to look at the script and make suggestions.

Removing the plist alone will stop the daemon from running, FYI.