Community discussions

MikroTik App
 
User avatar
qatar2022
Member Candidate
Member Candidate
Topic Author
Posts: 141
Joined: Mon Aug 24, 2020 11:12 am

assign ip and mac for each port

Mon Nov 29, 2021 6:06 am

Dear all
i have CRS328-24P-4S+RM and i also have 12 wireless AP and 12 IP Phone
i would like to assign IP and mac for each AP and IP Phone to ports that connect so NO one can disconnect one of the devices to connect pc to use internet so the port work only to the specific AP or IP Phone
I hope you get my points
Best Regards
 
spynappels
Member Candidate
Member Candidate
Posts: 106
Joined: Mon Oct 25, 2021 12:32 pm
Location: Northern Ireland
Contact:

Re: assign ip and mac for each port

Mon Nov 29, 2021 9:36 am

Are you running the CRS with SwOS or RouterOS?
 
User avatar
qatar2022
Member Candidate
Member Candidate
Topic Author
Posts: 141
Joined: Mon Aug 24, 2020 11:12 am

Re: assign ip and mac for each port

Mon Nov 29, 2021 4:14 pm

Are you running the CRS with SwOS or RouterOS?
RouterOS
 
spynappels
Member Candidate
Member Candidate
Posts: 106
Joined: Mon Oct 25, 2021 12:32 pm
Location: Northern Ireland
Contact:

Re: assign ip and mac for each port

Mon Nov 29, 2021 4:28 pm

I am not aware of any built in feature in RouterOS to allow you to do this, although you could cobble something together using the Firewall Filter module.

On SwOS this functionality is available, as it is more of a switch feature than a router feature in any case. In SwOS this is known as Port Lock, and there is an option to Lock on First, meaning that the first device plugged in to a port will then have the port locked to that device's MAC address. Not foolproof if a device can mimic another MAC address, but it does seem to be something like you are asking for.
 
ConnyMercier
Forum Veteran
Forum Veteran
Posts: 724
Joined: Tue Dec 17, 2019 1:08 pm

Re: assign ip and mac for each port

Mon Nov 29, 2021 4:34 pm

Solution A: DOT1X
provide port-based network access control via a Radius-Server
(https://help.mikrotik.com/docs/display/ROS/Dot1X)

Solution B: DHCP
If you don't want to border with complex Radius-Server and Co....
You could set the DHCP-Server to only give IP-Addresse to known devices (Static-Leases)


Solution C: Bridge Filter-Rules
Add MAC-Address of known devices in the Filter-Rules
Add Block/drop for everything else


Solution B & C are not fool Proof !
May have other Problems if AP's or Phone "foward" L2 traffic
 
User avatar
bpwl
Forum Guru
Forum Guru
Posts: 2984
Joined: Mon Apr 08, 2019 1:16 am

Re: assign ip and mac for each port

Mon Nov 29, 2021 4:54 pm

I am not aware of any built in feature in RouterOS to allow you to do this, although you could cobble something together using the Firewall Filter module.

On SwOS this functionality is available, as it is more of a switch feature than a router feature in any case. In SwOS this is known as Port Lock, and there is an option to Lock on First, meaning that the first device plugged in to a port will then have the port locked to that device's MAC address. Not foolproof if a device can mimic another MAC address, but it does seem to be something like you are asking for.
Would be surprised if RouterOS could not do that, as RouterOS handles also the Switch chip. (Switch menu, not Bridge menu)
https://wiki.mikrotik.com/wiki/Manual:C ... t_Security

Maybe ARP-reply-only can help as well: https://wiki.mikrotik.com/wiki/How_to_s ... _using_ARP

Who is online

Users browsing this forum: AtomikRoach and 28 guests