Dear all
i have CRS328-24P-4S+RM and i also have 12 wireless AP and 12 IP Phone
i would like to assign IP and mac for each AP and IP Phone to ports that connect so NO one can disconnect one of the devices to connect pc to use internet so the port work only to the specific AP or IP Phone
I hope you get my points
Best Regards
Are you running the CRS with SwOS or RouterOS?
RouterOS
I am not aware of any built in feature in RouterOS to allow you to do this, although you could cobble something together using the Firewall Filter module.
On SwOS this functionality is available, as it is more of a switch feature than a router feature in any case. In SwOS this is known as Port Lock, and there is an option to Lock on First, meaning that the first device plugged in to a port will then have the port locked to that device’s MAC address. Not foolproof if a device can mimic another MAC address, but it does seem to be something like you are asking for.
Solution A: DOT1X
provide port-based network access control via a Radius-Server
(https://help.mikrotik.com/docs/display/ROS/Dot1X)
Solution B: DHCP
If you don’t want to border with complex Radius-Server and Co…
You could set the DHCP-Server to only give IP-Addresse to known devices (Static-Leases)
Solution C: Bridge Filter-Rules
Add MAC-Address of known devices in the Filter-Rules
Add Block/drop for everything else
Solution B & C are not fool Proof !
May have other Problems if AP’s or Phone “foward” L2 traffic
Would be surprised if RouterOS could not do that, as RouterOS handles also the Switch chip. (Switch menu, not Bridge menu)
https://wiki.mikrotik.com/wiki/Manual:CRS3xx_series_switches#Port_Security
Maybe ARP-reply-only can help as well: https://wiki.mikrotik.com/wiki/How_to_secure_a_network_using_ARP