I try to restrict mac-winbox/mac-telnet with the following setup:
/interface list add name=MACServer
/interface list member add list=MACServer interface=ether1
/tool mac-server mac-winbox set allowed-interface-list=MACServer
/tool mac-server set allowed-interface-list=MACServer
From the interface list, I have the option to add vlan or bridge, so I thought with the above setup it can only be accessible from ether1.
However if I have a vlan assign on ether1, or ether1 are under bridge, I still can mac-winbox/mac-telnet from the vlan/bridge.
For the case like using RB411AH (only one ethernet port), how can I do this?
- allow onsite technician do mac-winbox-winbox/mac-telnet from vlan 10 or connect ether1 directly
- prevent the public user do mac-winbox/mac-telnet from vlan 20