Community discussions

just joined
Topic Author
Posts: 1
Joined: Fri Mar 29, 2019 4:36 am

MAC Server Access

Tue Apr 09, 2019 6:14 am

Hi all,

I try to restrict mac-winbox/mac-telnet with the following setup:
/interface list add name=MACServer
/interface list member add list=MACServer interface=ether1
/tool mac-server mac-winbox set allowed-interface-list=MACServer
/tool mac-server set allowed-interface-list=MACServer

From the interface list, I have the option to add vlan or bridge, so I thought with the above setup it can only be accessible from ether1.

However if I have a vlan assign on ether1, or ether1 are under bridge, I still can mac-winbox/mac-telnet from the vlan/bridge.

For the case like using RB411AH (only one ethernet port), how can I do this?
- allow onsite technician do mac-winbox-winbox/mac-telnet from vlan 10 or connect ether1 directly
- prevent the public user do mac-winbox/mac-telnet from vlan 20

just joined
Posts: 4
Joined: Thu Jan 13, 2011 8:20 am

Re: MAC Server Access

Wed Nov 06, 2019 4:23 pm

You must set /ip neighbor discovery-settings set discover-interface-list=MACServer too.
Member Candidate
Member Candidate
Posts: 168
Joined: Thu Sep 27, 2018 4:11 pm

Re: MAC Server Access

Thu Nov 07, 2019 1:42 am

If ETH1 is a dedicated management port I would not allow the management port be part of a bridge with non management ports.
Its only to connect to the router, right?
So make it really for that purpose.

hapac2, map, hap-lite, ltap-mini, RB4011 :-) !!!

Who is online

Users browsing this forum: No registered users and 124 guests