Limiting Routerboard Access

urbanmiles · December 8, 2016, 7:30am

Hi Everyone!
I’m totally new to mikrotik and I had just setup mo first simple network using RB750r2

I have an internet cable connected to eth1, the other end of this internet cable is connected to a port of our Main Asus Router, and gives the following information to the eth1:
WAN IP 192.168.0.40/24
Gateway 192.168.0.1
DNS. 192.168.0.1

DHCP Server running in eth3 (192.168.3.1/24) and another DHCP Server running in eth4 (192.168.4.1/24)
The DNS of both DHCP Networks is also 192.168.0.1 so that they will also have internet access..
… HOwever…

I am having difficulty setting up some access rules in the rb750r2…

These are the 2 things I want to accomplish .

There must only be (1) dedicated PC (MAC Address) that will be able to access the router, via Winbox, Webfig, etc. Other access attempts from different PCs shall be rejected.
Only the PC MAC Addresses that I will enroll to my networks shall be granted network access, other unknown MAC Addresses shall be rejected .

urbanmiles · December 8, 2016, 10:00am

UPDATE!

I already accomplished item 1 via firewall filter!

Though I still got trouble in #2

Sob · December 8, 2016, 12:52pm

You can set arp=reply-only for your interface and then router won’t send ARP requests. It will only use known MAC addresses that you either add manually under /ip arp, or you can make your DHCP server do it by setting add-arp=yes option. If you also set address-pool=static-only, then you can manage all your per-MAC IP address assignments in DHCP server as static leases.