Community discussions

 
fefo
just joined
Topic Author
Posts: 1
Joined: Thu Sep 21, 2006 11:48 pm

MAC ADDRESS FILTERING

Mon Sep 25, 2006 5:19 pm

Hi everybody

I have a microtik and I'd like to enable MAC address filtering, so only the entered MAC addresses in the list will be able to associate to the AP.

Can anyone tell me where and how can I do that? Any link or answer will be appreciated.

Thanks in advance.
 
User avatar
Eugene
Forum Veteran
Forum Veteran
Posts: 993
Joined: Mon May 31, 2004 5:06 pm
Location: Cranfield, UK

Mon Sep 25, 2006 5:28 pm

/interface wireless access-list

Search for the "access list" in the following manual:
http://www.mikrotik.com/docs/ros/2.9/interface/wireless
Tout individu a droit à la vie, à la liberté et à la sûreté de sa personne.
 
User avatar
samsoft08
Long time Member
Long time Member
Posts: 617
Joined: Sat Nov 26, 2005 10:52 pm

Mon Sep 25, 2006 7:25 pm

What about LAN users ? how can we filtering them by thier MAC's ?
 
DirectWireless
Member Candidate
Member Candidate
Posts: 143
Joined: Wed Oct 06, 2004 8:09 am

Mon Sep 25, 2006 11:37 pm

You could use mangle or hotspot. Mangle, you would just create a rule to mark packets "allowed" by MAC-Address. In the filtering, create a rule to block all forward packets, except those with the flow/connection mark.

Hotspot works like access-list but I am more familiar with the regular rules than hotspot.
 
User avatar
sergejs
MikroTik Support
MikroTik Support
Posts: 6615
Joined: Thu Mar 31, 2005 3:33 pm
Location: Riga, Latvia
Contact:

Tue Sep 26, 2006 11:28 am

Static ARP table can be used as well,
set to the interface arp=reply-only and add user's IP and MAC addresses to the ARP table, only users from ARP table will be able to access outer networks.
 
User avatar
samsoft08
Long time Member
Long time Member
Posts: 617
Joined: Sat Nov 26, 2005 10:52 pm

Tue Sep 26, 2006 9:27 pm

arp=reply only is a good solution , but i found that the client mac in the arp list isnt thier LAN cards mac , its thier AP-client mac , so if someone just use a hub and connect 2 or more PC's to his AP-client , how can i prevent him if his AP-client mac already allowed in the list ?
 
Dryanta
newbie
Posts: 46
Joined: Mon Jan 30, 2006 7:39 pm

Sun Oct 01, 2006 10:16 pm

arp=reply only is a good solution , but i found that the client mac in the arp list isnt thier LAN cards mac , its thier AP-client mac , so if someone just use a hub and connect 2 or more PC's to his AP-client , how can i prevent him if his AP-client mac already allowed in the list ?
You shouldn't want to. Why hobble his service? He's paying his bill right? What do you want another ~50/mo because he has one computer? Let me guess, you also nat the customers traffic instead of giving them a globally addressable ip.
 
User avatar
BrianHiggins
Long time Member
Long time Member
Posts: 598
Joined: Mon Jan 16, 2006 6:07 am
Location: Norwalk, CT
Contact:

Sun Oct 01, 2006 10:28 pm

You shouldn't want to. Why hobble his service? He's paying his bill right? What do you want another ~50/mo because he has one computer? Let me guess, you also nat the customers traffic instead of giving them a globally addressable ip.
well put... :D
 
User avatar
samsoft08
Long time Member
Long time Member
Posts: 617
Joined: Sat Nov 26, 2005 10:52 pm

Sun Oct 01, 2006 11:33 pm

arp=reply only is a good solution , but i found that the client mac in the arp list isnt thier LAN cards mac , its thier AP-client mac , so if someone just use a hub and connect 2 or more PC's to his AP-client , how can i prevent him if his AP-client mac already allowed in the list ?
You shouldn't want to. Why hobble his service? He's paying his bill right? What do you want another ~50/mo because he has one computer? Let me guess, you also nat the customers traffic instead of giving them a globally addressable ip.
Well , Well , Well , we are now according to your valuable reply making a new policy in our network , we'll sell a client line by 50/mo ( i dont know whts the 50 ??? ) and we will let him connect as much PC's as he want in our network of dreams !!!!! let me see if i have 20 customer and each one connect 20 PC's so the total PC's will be 400 PC !!!!!!!! is that what you want me to do ? or i missunderstand your point ? and wht about the global address ? i have to give then 400 public IP !!! soooo great , what a netwrok !!!!!!!! is there any MT user have a setup like that ? please tell me if there is any........dont forget all of that with 50/mo loooooooooooool by the way we are using a sattelite internet service do you know what does that mean ? it means 3000$ / 1024kb/s this is the cost only !!!!!
 
User avatar
sten
Forum Veteran
Forum Veteran
Posts: 920
Joined: Tue Jun 01, 2004 12:10 pm

Mon Oct 02, 2006 1:09 am

For $3000 / mbit and you still have the courage to let your users share the same L2 broadcast domain? You know what's going to sting worse? When you got to pay those $50 back to the user because you didn't know how to keep that network running. Perhaps you might want to consider charging for use measured at the customers equipment? That way you would implicitly be compensated for each computer added to your network.
If you get personal with *how* people can use your service then you open the door for those people to get personal about *how much* they value your service.
If you didn't think it through when you planned your network for your customers then your customers will feel they didnt think it through when they chose you. If you depend on your customers judgement to use your service correctly you also implicitly pay for the mistakes you left them room to do.
One last note, when it comes to investing in the tools you use to offer your service, it's like buying on credit, you will pay more tomorrow than what you save today.
Move along. Nothing to see here.
 
User avatar
samsoft08
Long time Member
Long time Member
Posts: 617
Joined: Sat Nov 26, 2005 10:52 pm

Mon Oct 02, 2006 3:59 am

I dont know how to reply couse i didnt found any suggestions in your post sten , anyway , all the WISP in my country use the same policy , 50$/mo for each PC , not 50$ for each client .. we dont sell bandwidth couse as you see it will be expensive ( 3$/kbit ) and we left the speed shared among the users who are online at the same time , this is our facts which i cant change it , it's not hard to control such a setup and prevent the client from using more than 1 PC , there's many ways to do so , i just wanted a new way using the arp which as i mentioned before , i found the client AP mac in the arp list which can let him connect more than 1 PC , by the way i cant get it , do you see the 3000$/kbit a high price or a fair one ?
 
Znuff
Member Candidate
Member Candidate
Posts: 139
Joined: Tue Sep 26, 2006 2:42 am
Contact:

Mon Oct 02, 2006 6:44 am

I'm paying $200 for 10Mbit, fiber... your price is unbelievable!
 
Dryanta
newbie
Posts: 46
Joined: Mon Jan 30, 2006 7:39 pm

Mon Oct 02, 2006 9:26 am

The going market rate in the US per mbit is anywhere between $30 and $80 depending on the peer, the pipe, and your sla. MUCH less than $3/k. Ouch.
 
User avatar
samsoft08
Long time Member
Long time Member
Posts: 617
Joined: Sat Nov 26, 2005 10:52 pm

Mon Oct 02, 2006 6:52 pm

HEEEEEEEEEY !!!!!! 200$ / 10Mbit !!!!!!!!! if i have this price here surely i 'll be the richest man in my country .... my friends this price is for internet by satellite ... too expensive comparing the fiber but this is the only way we can get internet here in IRAQ .. you won't believe if i told you most of the WISP have 256k or 512k and they connect 30 - 40 user !!!!!!! 30 - 40 user sharing 256k !!!!! just imagine .. by the way .. the WISP or most of them have shared systems !!!!! i.e. if the WISP got a service of 256kbit/sec 10:1 this means he himself already shared with 9 other systems like his !!!!!!! i dont know should i cry or laugh here :(

Who is online

Users browsing this forum: No registered users and 25 guests