Good day! Tell me how to create a white list now and most importantly how to prohibit access to the network via WI-FI to those who are prohibited from doing so.? It was logically and understandably organized in the old CAPsMAN…
Likewise, you have an access list where you add who should be accepted and finally reject all!
It is clear that you need to add all the necessary ones to the Access list, but in the end you need a forbidding entry that says enables blocking by mac address?
Just add last rule with only reject action - this is enough !
If you add this rule, then everything is blocked.
It works for me. Try to choose the interface?
I disable the rule, connect the phone, add it via “add to Access List”.Everything works. If you enable the rule, the router does not allow the phone to connect to the network, despite the fact that the mac address is in the allowed list.
It works for me, but not with capsman, only in the wifi access list in the router itself.
add bridge=bridge1 interface=ether1 internal-path-cost=10 path-cost=10
add bridge=bridge1 interface=ether3 internal-path-cost=10 path-cost=10
add bridge=bridge1 interface=ether4 internal-path-cost=10 path-cost=10
add bridge=bridge1 interface=ether5 internal-path-cost=10 path-cost=10
add bridge=bridge1 interface=wifi1 internal-path-cost=10 path-cost=10
add bridge=bridge1 interface=wifi2 internal-path-cost=10 path-cost=10
/ip neighbor discovery-settings
set discover-interface-list=LAN
/interface detect-internet
set detect-interface-list=WAN
/interface list member
add interface=bridge1 list=LAN
add interface=ether2 list=WAN
/interface wifi access-list
add action=reject comment=" Blocking WIFI 5Ghz" disabled=no interface=any
add action=reject comment=“Blocking WIFI 2Ghz” disabled=no interface=any
add action=accept comment=“Honor Magic 4Pro” disabled=no interface=any mac-address=D2:E0:35:42:5C:31
/interface wifi cap
set discovery-interfaces=bridge1 enabled=yes
/interface wifi capsman
set ca-certificate=auto certificate=auto enabled=yes interfaces=bridge1 package-path=“” require-peer-certificate=no upgrade-policy=
suggest-same-version
/interface wifi provisioning
add action=create-enabled disabled=no master-configuration=cfg1 name-format=cap supported-bands=5ghz-ax
add action=create-enabled disabled=no master-configuration=cfg2 name-format=cap supported-bands=2ghz-ax
Part of the export of settings related to WIFI access
Based on how wifiwave2 is written, so the capsman is also stripped down, which can only connect the controller to the access point and transfer settings to it.
As with firewall rules, ACL rules are also evaluated from top to bottom. So move your accept rules above all reject rules and you’ll be golden.
I checked it out. It makes no difference where the forbidding rule is…
After you change ACL rule order, it may be necessary to restart the router (to flush any cached client status). And force wireless station to try to re-connect … wireless devices tend to remember if they were kicked off some AP not to bother AP again. Only forcing them to re-try will clear the cached information.
But anyway, order of ACL rules definitely matters.
I checked it out..nothing has changed. If it doesn’t bother you, take off a screenshot of your settings. The feeling that something is missing somewhere…
I currently don’t have ACLs targeting particular station MAC addresses, so no screenshot from me.
I see. It seems that all this will work after a certain number of updates…Thanks anyway.
The problem was solved by updating the firmware to version 7.14 beta 3. Access control works more or less well. Thank you all