MAC filtering

Anahaym · February 10, 2017, 5:13pm

Hello,
MikroTik RouterOS 6.29.1
i’m blocking the traffic between a network and some hosts:

1 chain=input action=drop mac-protocol=ip src-address=192.168.0.16/28 dst-address=172.16.0.0/24 log=no log-prefix=“”
2 chain=input action=drop mac-protocol=ip src-address=192.168.0.32/27 dst-address=172.16.0.0/24 log=no log-prefix=“”
3 chain=input action=drop mac-protocol=ip src-address=192.168.0.64/26 dst-address=172.16.0.0/24 log=no log-prefix=“”
4 chain=input action=drop mac-protocol=ip src-address=192.168.0.128/25 dst-address=172.16.0.0/24 log=no log-prefix="

But, if somebody can manually assign an IP address from the IP range 192.168.0.1-14 then he can avoid these rules.
Is it possible to allow traffic of 192.168.0.1-14 IP range only with particular MAC addresses? This range is used by production servers.

Sob · February 10, 2017, 6:33pm

You can match MAC address with src-mac-address=xx:xx:xx:xx:xx:xx.

Jotne · February 10, 2017, 10:20pm

Filter on mac may block some, but not all. You can change you mac if you like:
http://www.thewindowsclub.com/change-mac-address-in-windows

I do this when I am at an airport and get only 30 min free Internett.
Change mac and viola, more free internet.
There are even programs that do this for you quick and easy.