Likewise, you have an access list where you add who should be accepted and finally reject all!Good day! Tell me how to create a white list now and most importantly how to prohibit access to the network via WI-FI to those who are prohibited from doing so.? It was logically and understandably organized in the old CAPsMAN...
Just add last rule with only reject action - this is enough !It is clear that you need to add all the necessary ones to the Access list, but in the end you need a forbidding entry that says enables blocking by mac address?
It works for me. Try to choose the interface?If you add this rule, then everything is blocked.
It works for me, but not with capsman, only in the wifi access list in the router itself.I disable the rule, connect the phone, add it via "add to Access List".Everything works. If you enable the rule, the router does not allow the phone to connect to the network, despite the fact that the mac address is in the allowed list.
Part of the export of settings related to WIFI accessadd bridge=bridge1 interface=ether1 internal-path-cost=10 path-cost=10
add bridge=bridge1 interface=ether3 internal-path-cost=10 path-cost=10
add bridge=bridge1 interface=ether4 internal-path-cost=10 path-cost=10
add bridge=bridge1 interface=ether5 internal-path-cost=10 path-cost=10
add bridge=bridge1 interface=wifi1 internal-path-cost=10 path-cost=10
add bridge=bridge1 interface=wifi2 internal-path-cost=10 path-cost=10
/ip neighbor discovery-settings
set discover-interface-list=LAN
/interface detect-internet
set detect-interface-list=WAN
/interface list member
add interface=bridge1 list=LAN
add interface=ether2 list=WAN
/interface wifi access-list
add action=reject comment=" Blocking WIFI 5Ghz" disabled=no interface=any
add action=reject comment="Blocking WIFI 2Ghz" disabled=no interface=any
add action=accept comment="Honor Magic 4Pro" disabled=no interface=any mac-address=D2:E0:35:42:5C:31
/interface wifi cap
set discovery-interfaces=bridge1 enabled=yes
/interface wifi capsman
set ca-certificate=auto certificate=auto enabled=yes interfaces=bridge1 package-path="" require-peer-certificate=no upgrade-policy=\
suggest-same-version
/interface wifi provisioning
add action=create-enabled disabled=no master-configuration=cfg1 name-format=cap supported-bands=5ghz-ax
add action=create-enabled disabled=no master-configuration=cfg2 name-format=cap supported-bands=2ghz-ax
As with firewall rules, ACL rules are also evaluated from top to bottom. So move your accept rules above all reject rules and you'll be golden./interface wifi access-list
add action=reject comment=" Blocking WIFI 5Ghz" disabled=no interface=any
add action=reject comment="Blocking WIFI 2Ghz" disabled=no interface=any
add action=accept comment="Honor Magic 4Pro" disabled=no interface=any mac-address=D2:E0:35:42:5C:31