Page 1 of 1

MAC ADDRESS FILTERING

Posted: Mon Sep 25, 2006 5:19 pm
by fefo
Hi everybody

I have a microtik and I'd like to enable MAC address filtering, so only the entered MAC addresses in the list will be able to associate to the AP.

Can anyone tell me where and how can I do that? Any link or answer will be appreciated.

Thanks in advance.

Posted: Mon Sep 25, 2006 5:28 pm
by Eugene
/interface wireless access-list

Search for the "access list" in the following manual:
http://www.mikrotik.com/docs/ros/2.9/interface/wireless

Posted: Mon Sep 25, 2006 7:25 pm
by samsoft08
What about LAN users ? how can we filtering them by thier MAC's ?

Posted: Mon Sep 25, 2006 11:37 pm
by DirectWireless
You could use mangle or hotspot. Mangle, you would just create a rule to mark packets "allowed" by MAC-Address. In the filtering, create a rule to block all forward packets, except those with the flow/connection mark.

Hotspot works like access-list but I am more familiar with the regular rules than hotspot.

Posted: Tue Sep 26, 2006 11:28 am
by sergejs
Static ARP table can be used as well,
set to the interface arp=reply-only and add user's IP and MAC addresses to the ARP table, only users from ARP table will be able to access outer networks.

Posted: Tue Sep 26, 2006 9:27 pm
by samsoft08
arp=reply only is a good solution , but i found that the client mac in the arp list isnt thier LAN cards mac , its thier AP-client mac , so if someone just use a hub and connect 2 or more PC's to his AP-client , how can i prevent him if his AP-client mac already allowed in the list ?

Posted: Sun Oct 01, 2006 10:16 pm
by Dryanta
arp=reply only is a good solution , but i found that the client mac in the arp list isnt thier LAN cards mac , its thier AP-client mac , so if someone just use a hub and connect 2 or more PC's to his AP-client , how can i prevent him if his AP-client mac already allowed in the list ?
You shouldn't want to. Why hobble his service? He's paying his bill right? What do you want another ~50/mo because he has one computer? Let me guess, you also nat the customers traffic instead of giving them a globally addressable ip.

Posted: Sun Oct 01, 2006 10:28 pm
by BrianHiggins
You shouldn't want to. Why hobble his service? He's paying his bill right? What do you want another ~50/mo because he has one computer? Let me guess, you also nat the customers traffic instead of giving them a globally addressable ip.
well put... :D

Posted: Sun Oct 01, 2006 11:33 pm
by samsoft08
arp=reply only is a good solution , but i found that the client mac in the arp list isnt thier LAN cards mac , its thier AP-client mac , so if someone just use a hub and connect 2 or more PC's to his AP-client , how can i prevent him if his AP-client mac already allowed in the list ?
You shouldn't want to. Why hobble his service? He's paying his bill right? What do you want another ~50/mo because he has one computer? Let me guess, you also nat the customers traffic instead of giving them a globally addressable ip.
Well , Well , Well , we are now according to your valuable reply making a new policy in our network , we'll sell a client line by 50/mo ( i dont know whts the 50 ??? ) and we will let him connect as much PC's as he want in our network of dreams !!!!! let me see if i have 20 customer and each one connect 20 PC's so the total PC's will be 400 PC !!!!!!!! is that what you want me to do ? or i missunderstand your point ? and wht about the global address ? i have to give then 400 public IP !!! soooo great , what a netwrok !!!!!!!! is there any MT user have a setup like that ? please tell me if there is any........dont forget all of that with 50/mo loooooooooooool by the way we are using a sattelite internet service do you know what does that mean ? it means 3000$ / 1024kb/s this is the cost only !!!!!

Posted: Mon Oct 02, 2006 1:09 am
by sten
For $3000 / mbit and you still have the courage to let your users share the same L2 broadcast domain? You know what's going to sting worse? When you got to pay those $50 back to the user because you didn't know how to keep that network running. Perhaps you might want to consider charging for use measured at the customers equipment? That way you would implicitly be compensated for each computer added to your network.
If you get personal with *how* people can use your service then you open the door for those people to get personal about *how much* they value your service.
If you didn't think it through when you planned your network for your customers then your customers will feel they didnt think it through when they chose you. If you depend on your customers judgement to use your service correctly you also implicitly pay for the mistakes you left them room to do.
One last note, when it comes to investing in the tools you use to offer your service, it's like buying on credit, you will pay more tomorrow than what you save today.

Posted: Mon Oct 02, 2006 3:59 am
by samsoft08
I dont know how to reply couse i didnt found any suggestions in your post sten , anyway , all the WISP in my country use the same policy , 50$/mo for each PC , not 50$ for each client .. we dont sell bandwidth couse as you see it will be expensive ( 3$/kbit ) and we left the speed shared among the users who are online at the same time , this is our facts which i cant change it , it's not hard to control such a setup and prevent the client from using more than 1 PC , there's many ways to do so , i just wanted a new way using the arp which as i mentioned before , i found the client AP mac in the arp list which can let him connect more than 1 PC , by the way i cant get it , do you see the 3000$/kbit a high price or a fair one ?

Posted: Mon Oct 02, 2006 6:44 am
by Znuff
I'm paying $200 for 10Mbit, fiber... your price is unbelievable!

Posted: Mon Oct 02, 2006 9:26 am
by Dryanta
The going market rate in the US per mbit is anywhere between $30 and $80 depending on the peer, the pipe, and your sla. MUCH less than $3/k. Ouch.

Posted: Mon Oct 02, 2006 6:52 pm
by samsoft08
HEEEEEEEEEY !!!!!! 200$ / 10Mbit !!!!!!!!! if i have this price here surely i 'll be the richest man in my country .... my friends this price is for internet by satellite ... too expensive comparing the fiber but this is the only way we can get internet here in IRAQ .. you won't believe if i told you most of the WISP have 256k or 512k and they connect 30 - 40 user !!!!!!! 30 - 40 user sharing 256k !!!!! just imagine .. by the way .. the WISP or most of them have shared systems !!!!! i.e. if the WISP got a service of 256kbit/sec 10:1 this means he himself already shared with 9 other systems like his !!!!!!! i dont know should i cry or laugh here :(