Community discussions

MikroTik App
 
pclay
just joined
Topic Author
Posts: 10
Joined: Wed Mar 30, 2011 4:41 am

How to block MAC Addresses

Sun May 08, 2011 7:19 pm

Am running DHCP in a large Campground. Are not using Hotspot or Usermanager. Is there a way to block the MAC addresses or refuse a DHCP lease?
 
imrankosi
Member Candidate
Member Candidate
Posts: 153
Joined: Wed Oct 15, 2008 4:51 pm

Re: How to block MAC Addresses

Tue May 10, 2011 12:11 pm

you can use mac filltering option


d/t forgot to give karam
 
pclay
just joined
Topic Author
Posts: 10
Joined: Wed Mar 30, 2011 4:41 am

Re: How to block MAC Addresses

Sun May 15, 2011 4:41 am

I've been looking around in the manual and don't think I have found the correct area. Can you please point me to the proper area of the manual? Are there any examples?

Thanks
 
fewi
Forum Guru
Forum Guru
Posts: 7717
Joined: Tue Aug 11, 2009 3:19 am

Re: How to block MAC Addresses

Sun May 15, 2011 6:27 am

Are you looking to blacklist (default permit, deny a few specific addresses) or whitelist (default deny, permit a few specific addresses)?
 
pclay
just joined
Topic Author
Posts: 10
Joined: Wed Mar 30, 2011 4:41 am

Re: How to block MAC Addresses

Mon May 16, 2011 12:57 am

We need to deny a few stations when they abuse their bandwidth share. This will probably not happen more than once a week during the summer only.

Thanks
 
fewi
Forum Guru
Forum Guru
Posts: 7717
Joined: Tue Aug 11, 2009 3:19 am

Re: How to block MAC Addresses

Mon May 16, 2011 1:09 am

/ip firewall filter
add chain=forward src-mac-address=aa:bb:cc:dd:ee:ff action=drop
 
pclay
just joined
Topic Author
Posts: 10
Joined: Wed Mar 30, 2011 4:41 am

Re: How to block MAC Addresses

Fri May 20, 2011 5:33 pm

Thanks much, we will try this soon
 
Mashimoto
Frequent Visitor
Frequent Visitor
Posts: 51
Joined: Thu Feb 24, 2011 3:55 pm

Re: How to block MAC Addresses

Fri Jul 15, 2011 8:43 am

Is there a way to block MAC from getting dhcp lease?

I have this one MAC address that's filling up my log b/c it can't get the lease with success...

I tried the above, but dchp still trying to give out lease...
 
Mashimoto
Frequent Visitor
Frequent Visitor
Posts: 51
Joined: Thu Feb 24, 2011 3:55 pm

Re: How to block MAC Addresses

Mon Jul 18, 2011 11:05 pm

SOLVED. Tried the filter rules, but none worked for me.

Not sure how to do code so someone else can translate if they like but here's what worked for me:

IP --> DHCP Server --> Leases --> Add new --> General="Pool_Name", MAC Address="MAC address of desired blocked", Server="Name of DHCP Server failing", Block access = yes, Address List = Black-list

Hope that helps someone else
 
ElmerHomeroP
just joined
Posts: 1
Joined: Thu May 09, 2013 6:33 am

Re: How to block MAC Addresses

Thu May 09, 2013 7:10 am

SOLVED. Tried the filter rules, but none worked for me.

Not sure how to do code so someone else can translate if they like but here's what worked for me:

IP --> DHCP Server --> Leases --> Add new --> General="Pool_Name", MAC Address="MAC address of desired blocked", Server="Name of DHCP Server failing", Block access = yes, Address List = Black-list

Hope that helps someone else

I tried this and the offending MAC addresses still got their IP address perfectly OK. Not only that, but as can be seen on the attached file, one of the offending MAC addresses ALSO got a lease for 99 days instead of the 8 days programmed in DHCP server, like all other leases.

Note: I DO NOT have a list of addresses called "black-list". I did, however, try first with that box empty, with the same result.

I rebooted the whole system each time.

Please help.
You do not have the required permissions to view the files attached to this post.
 
airforce1
just joined
Posts: 20
Joined: Sun Dec 09, 2007 1:21 pm

Re: How to block MAC Addresses

Fri Apr 04, 2014 3:10 pm

make the mac have a static address (click make static) edt the static address to a diff subnet
 
alihamid435
just joined
Posts: 24
Joined: Mon Jun 20, 2016 9:42 pm
Location: UAE/Pakistan
Contact:

Re: How to block MAC Addresses

Wed Nov 02, 2016 8:54 am

Dear Users, I am new to use Mikrotik router, I want to ask that i have a user who make hotspot with the LAN, and use internet very much, and i want to block the MAC of this device A4:08:EA:06:13:BE

Can any one tell me how to block MAC address in Mikrotik Router.
 
alihamid435
just joined
Posts: 24
Joined: Mon Jun 20, 2016 9:42 pm
Location: UAE/Pakistan
Contact:

Re: How to block MAC Addresses

Wed Nov 02, 2016 4:21 pm

I have an issue ,i blocked one MAC of a user with this method but it is not working:

On the “Firewall” window, select the “+” sign (add).
On the “Firewall Rule” window, select the tab “General” and set the “chain” to “forward”.
IF you want to block MAC, go to “Advanced” tab and add the MAC to the “Scr. MAC Address” field.
Then, on the “Action” tab, set the “Action” to “drop”.
Finally, click “Apply” to save the new rule.

But when i check again , this person is again connected with the same MAC Address . Why
 
chinbaa
just joined
Posts: 3
Joined: Mon Dec 12, 2016 1:15 pm

Re: How to block MAC Addresses

Tue Jan 17, 2017 2:25 pm

Dear Users, I am new to use Mikrotik router, I want to ask that i have a user who make hotspot with the LAN, and use internet very much, and i want to block the MAC of this device A4:08:EA:06:13:BE

Can any one tell me how to block MAC address in Mikrotik Router.
Dear Sir, did u get solve your problem?
 
freemannnn
Forum Veteran
Forum Veteran
Posts: 700
Joined: Sun Oct 13, 2013 7:29 pm

Re: How to block MAC Addresses

Tue Jan 17, 2017 2:57 pm

when you block a mac address in firewall filter (forward and input chain) you block internet access and not dhcp lease.

/ip firewall filter
add chain=input src-mac-address=aa:bb:cc:dd:ee:ff action=drop
add chain=forward src-mac-address=aa:bb:cc:dd:ee:ff action=drop

if you want to block dhcp lease....

1. set a dynamic lease to static lease "make static".
2. tick "block access" to static lease. restart the router (or wait that static lease to expire) and the specific mac address will not get address from dhcp.

both are working for me in my vmware test machine. i just test them.
i have done this many times to my customers.
Last edited by freemannnn on Tue Jan 17, 2017 11:43 pm, edited 2 times in total.
 
chinbaa
just joined
Posts: 3
Joined: Mon Dec 12, 2016 1:15 pm

Re: How to block MAC Addresses

Tue Jan 17, 2017 3:33 pm

when you block a mac address in firewall filter (forward and input chain) you block internet access and not dhcp lease.

/ip firewall filter
add chain=input src-mac-address=aa:bb:cc:dd:ee:ff action=drop
add chain=forward src-mac-address=aa:bb:cc:dd:ee:ff action=drop

if you want to block dhcp lease....

1. set a dynamic lease to static lease "make static".
2. tick "block access" to static lease. restart the router and the specific mac address will not get address from dhcp.

both are working for me in my vmware test machine. i just test them.
i have done this many times to my customers.
Dear Sir,
I want to chat with you PM? how to contact you
 
freemannnn
Forum Veteran
Forum Veteran
Posts: 700
Joined: Sun Oct 13, 2013 7:29 pm

Re: How to block MAC Addresses

Tue Jan 17, 2017 10:44 pm

you didnt succeed? sent me your skype or viber or facebook or email with pm
Last edited by freemannnn on Mon Jul 09, 2018 5:50 pm, edited 1 time in total.
 
sonnyboy
newbie
Posts: 30
Joined: Fri May 03, 2013 7:45 am

Re: How to block MAC Addresses

Sat Apr 01, 2017 4:27 pm

when you block a mac address in firewall filter (forward and input chain) you block internet access and not dhcp lease.

/ip firewall filter
add chain=input src-mac-address=aa:bb:cc:dd:ee:ff action=drop
add chain=forward src-mac-address=aa:bb:cc:dd:ee:ff action=drop

both are working for me in my vmware test machine. i just test them.
i have done this many times to my customers.
Works so good thanks for this :)
 
DaveBrowning
just joined
Posts: 11
Joined: Tue May 05, 2015 12:33 pm

Re: How to block MAC Addresses

Fri Aug 18, 2017 6:52 am

Can you do this for a MAC OUI, instead of a full MAC address?
 
medi01
just joined
Posts: 23
Joined: Wed Jun 20, 2018 9:49 am

Re: How to block MAC Addresses

Sat Oct 13, 2018 1:12 pm

Added rules:

1) chain = forward
2) chain = input
src IP = IP of my phone
action = drop

ip firewall filter print shows:
...
7 chain=input action=drop src-address=192.168.0.138 log=no log-prefix=""
8 chain=forward action=drop src-address=192.168.0.138 log=no log-prefix=""
.

Any ideas? :(
 
sindy
Forum Guru
Forum Guru
Posts: 10205
Joined: Mon Dec 04, 2017 9:19 pm

Re: How to block MAC Addresses

Sat Oct 13, 2018 3:07 pm

Given how brief you post is and what is missing in it, I dare to suggest a supercharged introduction into how the firewall works.
 
microtikgroup
newbie
Posts: 36
Joined: Mon Aug 23, 2021 11:03 am
Location: SF CA or BGC PH
Contact:

Re: How to block MAC Addresses

Tue Sep 14, 2021 1:52 pm

saludo mr freemannn!
when you block a mac address in firewall filter (forward and input chain) you block internet access and not dhcp lease.

/ip firewall filter
add chain=input src-mac-address=aa:bb:cc:dd:ee:ff action=drop
add chain=forward src-mac-address=aa:bb:cc:dd:ee:ff action=drop

if you want to block dhcp lease....

1. set a dynamic lease to static lease "make static".
2. tick "block access" to static lease. restart the router (or wait that static lease to expire) and the specific mac address will not get address from dhcp.

both are working for me in my vmware test machine. i just test them.
i have done this many times to my customers.
tested this with mac address then ticked block address, works pretty good. the firewall immediately catched the user!

making the user ip static, tick block access, add to blacklist, quickly catches the user ea time user starts to come back in, or by deleting user lease, it will catch the user. but to make it quick, restart the router which i dont recommend.

ticking block access will also deny its wifi access within the same LAN/Network
i was testing with my iphone, so how do i make it dynamic again? the menu says nothing to return to dynamic.
found out - deleted from the lease, went back to D

Now, is there also a way to create a whitelist for say for all admin devices such as; pc, tablet, smartphone, etc etc.
I can probly just change the code to create a "WhiteList" address list and apply above rules to accept. it should work but let me try!
thanks,

Who is online

Users browsing this forum: Bing [Bot], coffee1978, DanMos79, EsaqzpHot, icemending and 92 guests