Mon Jul 10, 2017 9:50 pm
As BartosZ said there's no such feature built-in in to ROS. You need to resort to radius for that.
Setting restrictions based on macs however are easily spoofeable, and usually a waste of time.
Not sure what are you trying to achieve, if this is for a SMB or home network, a hotspot or a ISP of some kind.
That being said, you could achieve a "Poor man's" setup achieving what I understood you want without deploying radius by
- Setup DHCP, let's say pool is 192.168.88.2-192.168.88-254
- Create static entries for each allowed mac-address, using IPs within a given range, say, the lower /25 (192.168.88.2-192.168.88.126).
To do this the quickest way is setting it up, let the allowed devices to connect, then right click on the lease and "Make static", editing it afterwards.
Once you have this in place, any device whose mac isn't on a static DHCP lease should get an IP from the pool which is not already statically assigned, i.e., from the upper range, 192.168.88.129-254.
As restricted users will have addresses from the 192.168.88.128/25 range, you will be able to set firewall rules to restrict them.
However... users can set up addresses on their own, overcoming the DHCP. They can forge MAC addresses too. So unless this is for kids (and even so) I wouldn't rely on it to protect anything valuable.