See the docs at http://www.mikrotik.com/docs/ros/2.9/ip/filter and look for src-mac-address
–Tom
To elaberate on Tom’s reply, you need to mangle the src-mac-address of your “allowed” clients and then mark everything that is not mangled as unauthorized, and either drop it, or dst-nat to your sign up page. Or use the bang (!) function in RouterOS.
Using the hotspot package is a good way of doing just that, and it also allows you to do bandwidth shaping and setup different service levels via profiles. It’s easy to use and simple to setup, an easy solution to your problem.
-Bill
The great thing about Mikrotik is the manual is quite complete, more than 500 printed pages.
The bad thing about Mikrotik is the manual is complete, makes many people too lazy to read it.