Hi,
I’m a newbie with mikrotik and I’m trying to config our 4 APs to restrict the access to only the known mac addresses in two interfaces and to allow all but some known macs on another.
I’ve read about access list and done what is told (add acls for the known clients and then disable default authentication in the interface) but if I do that, no one is able to authenticate to the AP, even the ones in the ACLs. An example of the acls is:
/interface wireless access-list add forwarding=yes authentication=yes interface=Wlan1_Canal mac-address=00:26:C7:64:26:E1
The other thing is that I don’t know how to create a “catch all” acl for the interface that I need to disallow only a few known macs.
Can anyone help me?
Regards,
If you use winbox you can do the following
- enable default auth
- connect the client
- see the client connection in the Registration tab
- copy the client to the access list
- disable default auth
hi nick,
thanks for the reply, I’ll try that. Just curious, is any difference in doing the rule by console? because I have 4 APs and I have to copy the same config to all of them and that way is quite heavy for every new client I get in the networks.
Regards,
once you have put one in you can then use the console to export the rule:
/interface wireless access-list export
Then you can see the correct way to add them from the command line
Nick.
Nick,
Thanks again, I’ve compared the rule created by adding the acl from registered clients to the ones created by me from console and are exactly the same.
I think that because of the lack of a good documentation maybe the best way is just try to do this at firewall level. Is not the best way because I’m allowing users to “log” into the ap and then stoping all their traffic, but maybe it’s faster.
Anyway, if you have any other advice, it’s wellcome.
Regards