Before the Mikrotik 750G I used Linksys WRT54GL with Tomato and it was easier to set up, but I needed gigabit ports, so I replaced it. The tomato fw was easy to be set up, I limited users on my network using their MAC addresses, only specified MACs were allowed to use the internet connection and the IPs were attached to MAC addresses too.
I have ROS v5 on the 750G and my hw config looks something like this:
on ether1 there is the cable modem,
on ether2: my computer wired, dhcp from pool 192.168.88.x,
on ether3: neighbor1 wired, getting ip from pool 192.168.1.x,
on ether4: neighbor2 wired, getting ip from pool 192.168.100.x,
on ether5: WRT54GL as switch/AP, this is a slave port to ether2, getting ip from pool 192.168.88.x, this is used because I need wifi and there is another computer wired to the Linksys.
I use simple queues to limit speeds (most important on ether3 and ether4, which are used by the neighbors) and I limit them by IP, which are given to them with dhcp.
1.) Is there any chance to limit the whole ether3 port to 512k/12M ?
Change the target IP on your simple queue to the network address with the appropriate subnet mask.
2.) Or is there a way to set the limit on MAC address instead of IP ?
You can mark based on MAC address and use a packet mark on the simple queue, with a default target address so that all packets regardless of IP match the queue as long as they have that mark.
4.) How could I set up my 750G to not allow any traffic for specified MAC, if the neighbor changes the IP on that machine?
5.) I would like to set up a list with MAC addresses which are allowed to use the internet connection and every other MACs are denied, possible ?
The easiest way to do that is to use DHCP for everything, to set an empty IP pool and make static DHCP bindings for all MAC addresses, to set “add-arp” to yes for DHCP, and to set ARP on the interface to “reply-only”. That way only clients with a configured static lease can get DHCP, and they always get the same lease. The only way to get into the router’s ARP table then is by getting a DHCP lease, and the router won’t be able to talk to any client that didn’t get an IP address from it. This is on a per interface basis, so it wouldn’t affect other interfaces.
Remove the address pool from the DHCP server, and add leases directly mapping IPs to MACs in the Leases tab. You’ll have to add a lease for all the clients you want to be able to connect.
I removed the address pools from the dhcp-server tab (stopped the dhcp servers, but didn’t delete anything from ip menu: pools), all the mac addresses of the clients are added to the leases tab with the specific ips, but in this case the clients don’t get ip and they can not use the internet connection.
Huh. Not sure. Maybe you need an empty pool (no range defined) that you assign to the DHCP server?
Can you post the output of “/ip dhcp-server export” as well as "/ip address print detai
", “/ip route print detail”, and “/interface ethernet print detail”? Please wrap output in
I can not create a pool without range.
But here’s what I changed:
in the dhcp server tab: in each dhcp server I changed the ip pool to static-only and add arp for leases is still checked.
on each interface: arp is set to reply-only,
In the leases there are the mac addresses with the ips.
In the simple queues I set up the target address to 192.168.xx.0/24 so the whole range/port is limited.
Now as I tested in my home network everything works fine:
I tried to manually set up the ip (different from the one set in the leases tab), the dns etc, and there was no internet connection till I used dhcp and get the proper ip which is set in the leases tab.
I think it is working fine now!
Tell me if you have any better ideas or something to change!
how is add mac addresses to dhcp on same ip?I mean automatic add mac address to arp table.
when the customer get ip from dhcp /22 subnet it should be working on mac address based.I saw this feature at cyberoam.And it’s limit the bandwidth per mac address based with this way.
