I am a newbie. I have a office with 500 pc connected on the internet. the internet comes to the firewall and then goes to the switches and then users. the pcs have different OS some genuine some non licenced. i want to control the internet provided to users by assigning user id and password and maintain logs of each. The requirement is as projected by the cyber audit team. i have a mikrotik devices for wifi access through which i can assign user id and pwd for accessing internet. i want similar thing for the wired internet also. please guide. thankyou
Instead of a username/password approach, why not use MAC-based access? This method will allow you to both control who is connected and monitor bandwidth utilization based on the physical address of the network interface card.
Take a look at Sob’s last post in this thread:
http://forum.mikrotik.com/t/no-out-lan-if-not-on-allowed-mac-acl/105981/2
His firewall entries will essentially will block any MAC address that is not listed above the final “add action=reject chain=outgoing reject-with=icmp-admin-prohibited” rule.
While I admit doing this for 500 MAC addresses could be time consuming, it also guarantees only those MACs are allowed on your network. Plus, you should be able to get he vast majority of the MACs via your DHCP leases now.
Just a thought.