hello rulers of Mikrotik planet
just wondering here if there is a method or script to block any range of mac addresses by vendors
let say i want to block all tp-link or all d-link or all belkin mac addresses to lower the risk of anyone connecting with these devices to my network,is it possible ?
can it be possible to let mikrotik server block any mac that starts with number 64 and allow all the rest ?
help please !
What real mass usage it could have? Especially when almost all operating systems allow to change the mac address freely…
Also t-plink, d-link,belkin mac addresses can be changed, there is clone mac option.
I don’t think you need to write elaborate scripts to achieve that. The menu
/interface bridge filter
has the option to configure filter based on source and destination MAC address and you also have a mask option, so you should be able to filter specific OUIs, and hence filter the source Ethernet frames from a specific vendor.
I personally haven’t used so far any filtering on L2 on the RouterOS platform though.
Regards,
Boyan
Yes it’s possible but no point of that
Yes Lakis,
I agree. That’s the reason why basing your security policies only on MAC address information is not a good idea, as it could be overcame easily 
But if the author of this thread would like to apply that for a network with a bulk of clients, most of them non-managed, this is a way of doing it. It’s not scalable, but who knows, in some situations it might just save the day
That’s what I like about RouterOS, it’s so diverse, there are so many things you could do, sometimes in few different ways that it’s amazing…