Set static IP to MAC and drop another request

DOT · May 11, 2011, 3:28am

Hello
I want Set IP and MAC with together
if user change MAC address or change IP addres traffic droped
and new user [new mac-address could not connect to my network]

my solution :

/ip firewall filter
     add chain=forward src-address=!192.168.10.2 src-mac-address=001122aaf21f action=drop
     add chain=forward src-address=!192.168.10.3 src-mac-address=001122bbf21f action=drop
     add chain=forward src-address=!192.168.10.4 src-mac-address=001122fcc21f action=drop

but new MAC address device could connect to network and using internet…

fewi · May 11, 2011, 3:51am

Your best option is to assign static DHCP leases, and set the DHCP server to add an ARP entry, and then set the interface ARP mode to reply only. If you don’t use DHCP skip that part and add static ARP entries and set the interface ARP mode to reply only.

That way there’s no need to filter - users that weren’t mapped manually or by a static DHCP lease can’t get into the router’s ARP table, so the router can’t send any traffic to them.

DOT · May 12, 2011, 6:38pm

tanX fewi