Does anyone know if it's possible to allow just the first 3 octets of the MAC address for example... mac-address=00:0C:42:xx:xx:xx just like a wildcard so anyone that tries to register with my AP which begin with that OUI will be able to connect?

i don't think that it's possible, you must specify exactley the MAC adress in the Access list.
moreover, it's not a good strategy to do that, coz avery one have your three first bytes will be able to access the Network.

Well I don't think it's such a bad idea because we have RouterBoard R52 cards and the people around here hardly know anything about computers as it is, plus we use WPA2, I'd just like to use WPA2 and MAC filtering both but I would like to do wildcards to make it easier on myself not having to login to a router each time someone does an installation. Just a pipe dream I guess.

I see, but i don't think that it's possible to make acces lists with wildcard (to my knowledge).

But that 3 first values are talking about a vendor, why did u wanted to block or permit a vendor?.

Regards.

So that basically we can just authenticate an entire vendor so when we have installations we don't have to go in and authenticate them since we are not using radius yet and we have towers with all Mikrotik CPE's which we use R52 cards in and the vendor starts with 00:0C:42:xx:xx:xx it would just make it easier, I guess now would be the time to put in the radius server though.

Still anything?

_________________
Trying to route the world... Hehe

Hi mate! I think you can use "/interface bridge filter".
There you have a src-mac-address and a mask to specify.
Regards

Why bother with MAC if your network is not vulnerable? To be honest MAC filtering is not at all secure. If someone has the ability to crack you wpa then they will certainly bypass your MAC filter in no time

routing just a little bit of the world

In fact if it were possible to wilrcard MAC address access list it would make it pretty pointless anyway.


routing just a little bit of the world