MAC Server Access

EWSLIM · April 9, 2019, 3:14am

Hi all,

I try to restrict mac-winbox/mac-telnet with the following setup:
/interface list add name=MACServer
/interface list member add list=MACServer interface=ether1
/tool mac-server mac-winbox set allowed-interface-list=MACServer
/tool mac-server set allowed-interface-list=MACServer

From the interface list, I have the option to add vlan or bridge, so I thought with the above setup it can only be accessible from ether1.

However if I have a vlan assign on ether1, or ether1 are under bridge, I still can mac-winbox/mac-telnet from the vlan/bridge.

For the case like using RB411AH (only one ethernet port), how can I do this?

allow onsite technician do mac-winbox-winbox/mac-telnet from vlan 10 or connect ether1 directly
prevent the public user do mac-winbox/mac-telnet from vlan 20

Thanks.

tbravo · November 6, 2019, 2:23pm

You must set /ip neighbor discovery-settings set discover-interface-list=MACServer too.

WeWiNet · November 6, 2019, 11:42pm

If ETH1 is a dedicated management port I would not allow the management port be part of a bridge with non management ports.
Its only to connect to the router, right?
So make it really for that purpose.