unless the mac address it is registered in the Access List.
In that case (mac registered in AL), you'll need to set the same rule in the register of the mac itself.
"you'll need to set the same rule in the register of the mac itself" What do you mean ???
The exemple is correct, it is also in the WIKI.
https://wiki.mikrotik.com/wiki/Manual:I ... ccess_List
If you don't fill in a MAC address in an 'Access List' rule, then that rule is used for ALL MAC addresses.
If you fill in the "any" interface , then it is used for all WLAN interfaces.
/interface wireless access-list
add allow-signal-out-of-range=30s interface=wlan1 signal-range= -86..120
add allow-signal-out-of-range=1s authentication=no forwarding=no interface=wlan1 signal-range=-120..-87
The first rule is there to allow a certain grace period if connected, the "Allow signal out of range" seconds, to avoid disconnects just because of a short signal dip. (here set to 30 sec)
The second rule does not allow authentication with a low signal. (No new connections and no existing connections after the above grace period)
This 2 rules apply for WLAN1.
But I just keep repeating myself here.
If you just want to lock out a MAC address , just set "authentication=no" fill in the MAC address , and leave signal on "-120..120", so the rule is applied for all possible strengths.
The by default "authenticate" rule is in the wireless tab of each WLAN interface. There you define what to do if no 'Access List' rule matches. (for Authorize and Forward, VLAN Mode and VLAN ID)
Use "/system logging topics=wireless" to see connection attempts, accepts, and rejects in the log.