Community discussions

MUM Europe 2020
 
wildbill442
Forum Guru
Forum Guru
Topic Author
Posts: 1050
Joined: Wed Dec 08, 2004 7:29 am
Location: Sacramento, CA

MAC Filtering - ethernet network

Wed Dec 08, 2004 7:55 am

I'd like to setup MAC address filtering on my Microtik router. I didn't see an "easy" way of doing this from any of the documentation provided by microtik, unless I overlooked something.

What I was planning on doing was to create a new chain called MAC_Filter and have all traffic leaving the router (output chain) jump to the MAC_Filter chain and create individual rules for each client's MAC and have that traffic "passthrough" and then returned to the original chain for further filtering. Is that how MAC Authentication is done ? or is there a more simple way of doing it similar to the wireless MAC tables within the interface submenu?
 
wildbill442
Forum Guru
Forum Guru
Topic Author
Posts: 1050
Joined: Wed Dec 08, 2004 7:29 am
Location: Sacramento, CA

Wed Dec 08, 2004 7:59 am

or would it be better to mangle and mark the traffic and create a rule to accept the marked traffic? I think that might be a little less rule intensive...
 
User avatar
mag
Member
Member
Posts: 378
Joined: Thu Jul 01, 2004 12:32 pm
Location: Cologne, NRW, Germany
Contact:

Re: MAC Filtering - ethernet network

Wed Dec 08, 2004 8:18 am

perhaps the bridge firewall could help:
http://www.mikrotik.com/docs/ros/2.8/in ... ge.content

"/interface bridge firewall" section.

regards.
   matthias
 
wildbill442
Forum Guru
Forum Guru
Topic Author
Posts: 1050
Joined: Wed Dec 08, 2004 7:29 am
Location: Sacramento, CA

Wed Dec 08, 2004 10:09 pm

but I have no bridged interfaces..
 
wildbill442
Forum Guru
Forum Guru
Topic Author
Posts: 1050
Joined: Wed Dec 08, 2004 7:29 am
Location: Sacramento, CA

Thu Dec 09, 2004 12:21 am

are you saying create a bridge and only bind the LAN interface to it then modify the bridge firewall rules to allow the MAC's I want?
 
User avatar
mag
Member
Member
Posts: 378
Joined: Thu Jul 01, 2004 12:32 pm
Location: Cologne, NRW, Germany
Contact:

Thu Dec 09, 2004 9:56 am

are you saying create a bridge and only bind the LAN interface to it then modify the bridge firewall rules to allow the MAC's I want?
yes.

btw, is it possible to use MAC-address wildcards in the rules? i tried "*" but these are not accepted. or does it use some boolean test e.g. 0 matching all?

regards.
matthias
 
wildbill442
Forum Guru
Forum Guru
Topic Author
Posts: 1050
Joined: Wed Dec 08, 2004 7:29 am
Location: Sacramento, CA

Thu Dec 16, 2004 4:28 pm

btw, is it possible to use MAC-address wildcards in the rules? i tried "*" but these are not accepted. or does it use some boolean test e.g. 0 matching all?

regards.
matthias
Not sure? I just created a mangle rule and added the source-mac for each indvidual user and marked the connection as auth-mac, and all other connections are marked no-auth. That's how I got around it. no-auth is dst-nat'd to a remote page for login/purchase of service. :)

Damn I love this software, if I were to do it this using other products I'd have about 4 different devices in the demarc.

Who is online

Users browsing this forum: alibloke, dioeyandika, eworm, OlofL, petrcz, rioven, sid5632 and 119 guests