Am running DHCP in a large Campground. Are not using Hotspot or Usermanager. Is there a way to block the MAC addresses or refuse a DHCP lease?

you can use mac filltering option


d/t forgot to give karam

I've been looking around in the manual and don't think I have found the correct area. Can you please point me to the proper area of the manual? Are there any examples?

Thanks

Are you looking to blacklist (default permit, deny a few specific addresses) or whitelist (default deny, permit a few specific addresses)?

We need to deny a few stations when they abuse their bandwidth share. This will probably not happen more than once a week during the summer only.

Thanks

Thanks much, we will try this soon

Is there a way to block MAC from getting dhcp lease?

I have this one MAC address that's filling up my log b/c it can't get the lease with success...

I tried the above, but dchp still trying to give out lease...

SOLVED. Tried the filter rules, but none worked for me.

Not sure how to do code so someone else can translate if they like but here's what worked for me:

IP --> DHCP Server --> Leases --> Add new --> General="Pool_Name", MAC Address="MAC address of desired blocked", Server="Name of DHCP Server failing", Block access = yes, Address List = Black-list

Hope that helps someone else

SOLVED. Tried the filter rules, but none worked for me.

Not sure how to do code so someone else can translate if they like but here's what worked for me:

IP --> DHCP Server --> Leases --> Add new --> General="Pool_Name", MAC Address="MAC address of desired blocked", Server="Name of DHCP Server failing", Block access = yes, Address List = Black-list

Hope that helps someone else

I tried this and the offending MAC addresses still got their IP address perfectly OK. Not only that, but as can be seen on the attached file, one of the offending MAC addresses ALSO got a lease for 99 days instead of the 8 days programmed in DHCP server, like all other leases.

Note: I DO NOT have a list of addresses called "black-list". I did, however, try first with that box empty, with the same result.

I rebooted the whole system each time.

Please help.

make the mac have a static address (click make static) edt the static address to a diff subnet

Dear Users, I am new to use Mikrotik router, I want to ask that i have a user who make hotspot with the LAN, and use internet very much, and i want to block the MAC of this device A4:08:EA:06:13:BE

Can any one tell me how to block MAC address in Mikrotik Router.

I have an issue ,i blocked one MAC of a user with this method but it is not working:

On the “Firewall” window, select the “+” sign (add).
On the “Firewall Rule” window, select the tab “General” and set the “chain” to “forward”.
IF you want to block MAC, go to “Advanced” tab and add the MAC to the “Scr. MAC Address” field.
Then, on the “Action” tab, set the “Action” to “drop”.
Finally, click “Apply” to save the new rule.

But when i check again , this person is again connected with the same MAC Address . Why

Dear Users, I am new to use Mikrotik router, I want to ask that i have a user who make hotspot with the LAN, and use internet very much, and i want to block the MAC of this device A4:08:EA:06:13:BE

Can any one tell me how to block MAC address in Mikrotik Router.

Dear Sir, did u get solve your problem?

when you block a mac address in firewall filter (forward and input chain) you block internet access and not dhcp lease.

/ip firewall filter
add chain=input src-mac-address=aa:bb:cc:dd:ee:ff action=drop
add chain=forward src-mac-address=aa:bb:cc:dd:ee:ff action=drop

if you want to block dhcp lease....

1. set a dynamic lease to static lease "make static".
2. tick "block access" to static lease. restart the router (or wait that static lease to expire) and the specific mac address will not get address from dhcp.

both are working for me in my vmware test machine. i just test them.
i have done this many times to my customers.

when you block a mac address in firewall filter (forward and input chain) you block internet access and not dhcp lease.

/ip firewall filter
add chain=input src-mac-address=aa:bb:cc:dd:ee:ff action=drop
add chain=forward src-mac-address=aa:bb:cc:dd:ee:ff action=drop

if you want to block dhcp lease....

1. set a dynamic lease to static lease "make static".
2. tick "block access" to static lease. restart the router and the specific mac address will not get address from dhcp.

both are working for me in my vmware test machine. i just test them.
i have done this many times to my customers.

Dear Sir,
I want to chat with you PM? how to contact you

you didnt succeed? sent me your skype or viber or facebook or email with pm

when you block a mac address in firewall filter (forward and input chain) you block internet access and not dhcp lease.

/ip firewall filter
add chain=input src-mac-address=aa:bb:cc:dd:ee:ff action=drop
add chain=forward src-mac-address=aa:bb:cc:dd:ee:ff action=drop

both are working for me in my vmware test machine. i just test them.
i have done this many times to my customers.

Works so good thanks for this

Can you do this for a MAC OUI, instead of a full MAC address?

Added rules:

1) chain = forward
2) chain = input
src IP = IP of my phone
action = drop

ip firewall filter print shows:
...
7 chain=input action=drop src-address=192.168.0.138 log=no log-prefix=""
8 chain=forward action=drop src-address=192.168.0.138 log=no log-prefix=""
.

Any ideas?

Given how brief you post is and what is missing in it, I dare to suggest a supercharged introduction into how the firewall works.

saludo mr freemannn!

when you block a mac address in firewall filter (forward and input chain) you block internet access and not dhcp lease.

/ip firewall filter
add chain=input src-mac-address=aa:bb:cc:dd:ee:ff action=drop
add chain=forward src-mac-address=aa:bb:cc:dd:ee:ff action=drop

if you want to block dhcp lease....

1. set a dynamic lease to static lease "make static".
2. tick "block access" to static lease. restart the router (or wait that static lease to expire) and the specific mac address will not get address from dhcp.

both are working for me in my vmware test machine. i just test them.
i have done this many times to my customers.

tested this with mac address then ticked block address, works pretty good. the firewall immediately catched the user!

making the user ip static, tick block access, add to blacklist, quickly catches the user ea time user starts to come back in, or by deleting user lease, it will catch the user. but to make it quick, restart the router which i dont recommend.

ticking block access will also deny its wifi access within the same LAN/Network
i was testing with my iphone, so how do i make it dynamic again? the menu says nothing to return to dynamic.
found out - deleted from the lease, went back to D

Now, is there also a way to create a whitelist for say for all admin devices such as; pc, tablet, smartphone, etc etc.
I can probly just change the code to create a "WhiteList" address list and apply above rules to accept. it should work but let me try!
thanks,