Hi Gents,
Sorry for this maybe stupid question but while i was dealing with request to set something I could not find something as a port security and limitation of MAC addresses per interface.
Can you guide me if I am missing something?
Port (ie. interface) security via MAC address (or IP address) is not that secure as these identities can easily be changed,
but it is available in RouterOS, just search in the documentation → https://wiki.mikrotik.com/wiki/How_to_secure_a_network_using_ARP, https://wiki.mikrotik.com/wiki/User_Manager/MAC_binding, or via firewall http://forum.mikrotik.com/t/switchport-port-security-maximum-1-for-mikrotik/112862/1 .
A better solution for this problem seems to be “Dot1x” → https://wiki.mikrotik.com/wiki/Manual:Interface/Dot1x
Hi MutluIT (hope I recognise proper spelling),
I know what is the backside of the port security by MAC and that this identity can be easily changed.
However is basic security future in the enterprise networking - mostly because there other measures preventing changing the MAC and monitoring connections of newly registered MAC’s.
Well seems we both know the implementation of 802.1X and PNAC but honestly sucha basic function is a must from long a go.
Excuse my French, but I think MT have to put some work on this…
The approach you present is good but includes not automated actions or we require RADIUS & EAP.
Also stands the point, how this will be messaged to SNMP for further management and monitoring?
That you better should ask MikroTik Support via https://help.mikrotik.com/servicedesk, as it’s Enterprise type question.
I’m doing basic SOHO stuff only, not even SMB/SME 