Hey,

is there a way to block a network component with a certain mac address from communicating with a mikrotik router on a LAN interface?

something like "drop all pakets from 001B11BFBE03"


Regards,

Kai

You are going to want to read up on Firewall rules. Here is a link for the manual.
http://www.mikrotik.com/testdocs/ros/2.9/ip/filter.php

Here is an example of specifically what you are looking for.

Drops packets with that source mac address destined for somewhere else.
/ip firewall filter add chain=forward src-mac-address=001B11BFBE03 action=drop

Drops packets with that source mac address destined for the router itself.
/ip firewall filter add chain=input src-mac-address=001B11BFBE03 action=drop

-Louis

that sound like what I was searching for, but it does not work the way I wanted to.

Is that possible?:

I have 2 ADSL Modems on a distant place, they are connected by a switch.
Then there is one (!) line from that place A to B. On side B, I want to have 2 Mikrotik Routers. Each one connecting with a seperate modem on the other side.


Place A Place B

Modem X --, ,---Mikrotik X
Switch---------Switch
Modem Y --' '---Mikrotik Y


Since I can build multiple PPPoE connections one DSL Line, with the construction above I can not be sure what Mikrotik used which Modem/DSL Line. Or maybe they both use the same.

I used the LAN-Mac filterrule to e.g. prevent Mikrotik X from using Modem Y. But this does not work. Mikrotik X can still connect using Modem Y.

I know, this construction is a litte unusual, but for some reasons, I would like to use tis construction. Maybe someone knows howto...

Your picture did not come out so well.

Are you trying to achieve bonding or redundancy?

If redundancy then only have one mikrotik connected to one modem and on your lan side use VRRP.
-Louis

Drops packets with that source mac address destined for the router itself.
/ip firewall filter add chain=input src-mac-address=001B11BFBE03 action=drop

-Louis

Is it possible to block all MAC's exept ones i would list manually ? - can it be done with 1 rule and some kind of list ?

After putting some more thought into it, I am thinking what you want is _not_ doable because PPPoE does a broadcast that gets sent out on the interface. Since you have your dsl-modems on the same switch, the broadcast goes to both of them. No way to filter that.
I recommend you restate what your true ultimate goal is, to find the best solution.

-Louis

Is it possible to block all MAC's exept ones i would list manually ? - can it be done with 1 rule and some kind of list ?

Sure you can. Create bridge interface, add physical interface to bridge and use bridge filters.

ok, my graphic somehow changed after I posted the message.

What I am trying to do:

we have a remote location (B) where broadband internet is not available. so we connected it via wlan (5 km away) with location (A), where ADSL ia available. That works all well, but now we want a second ADSL Connection.

I would prefere a solution with 2 dsl modems on location A,
and 2 mikrotik routers on location B dailing up with pppoe.

The problem is: you cannot control which mikrotik connects with which modem. It might also be possible that both mikrotik routers dail up using one modem and one adsl line.

I thought, that I could control it with a LAN Mac Filter rule, but this does not work.