Community discussions

MikroTik App
 
wifiryan
just joined
Topic Author
Posts: 24
Joined: Sat Sep 17, 2011 7:31 pm

SWoS issue - ACL, how to block all BUT specified destination

Sat Feb 23, 2013 1:56 am

I want cc:ef:48:87:05:cb to ONLY be able to connect to 00:22:4d:4b:49:6f, and drop any other MAC destination.

How do I do this? There is no "!" or "NOT" option in Swos 1.6. See attachment... Thanks
You do not have the required permissions to view the files attached to this post.
 
rcmcronny
Frequent Visitor
Frequent Visitor
Posts: 58
Joined: Wed Mar 02, 2011 3:41 pm

Re: SWoS issue - ACL, how to block all BUT specified destina

Tue Feb 26, 2013 2:18 pm

Hello,

the Docu is here for this:
http://wiki.mikrotik.com/wiki/SwOS#ACL_Tab

But its really short, perhaps, you should write an email to the mikrotik support guys for this and if you get a working set back, please post it here for all other users ?

Ronny
 
RcRaCk2k
Member Candidate
Member Candidate
Posts: 131
Joined: Mon May 07, 2012 10:40 pm

Re: SWoS issue - ACL, how to block all BUT specified destina

Tue Aug 12, 2014 12:00 am

Hell yeah! What is this for a creepy issue?
Why is there no ! / NOT implemented? I also need this Feature.

Also there is no ability to select a Out-Interface.

I like to limit the bandwith for some destinations.

I sell 20/2 MBit to a customer which is connected to a 1 GbE via SFP. But within my Network we will provide full Gigabit.

So i need to limit the bandwith to 20 MBit in Egress and 2 MBit in Ingress for Port 1 for all IPv4 packets not in the subnet 192.168.0.0/24.

That is currently not possible with SwOS firmware v1.12.
 
User avatar
docmarius
Forum Guru
Forum Guru
Posts: 1224
Joined: Sat Nov 06, 2010 12:04 pm
Location: Timisoara, Romania
Contact:

Re: SWoS issue - ACL, how to block all BUT specified destina

Tue Aug 12, 2014 9:52 am

As per documentation, if you do not specify any "redirect to" ports, the packet will be dropped.
In your example, the rules will drop those packages.

You need 2 ACL rules in the following order:
1. cc:ef:48:87:05:cb to 00:22:4d:4b:49:6f redirect to the output port you need (or even to all ports, in your case 1,2,4,5, repeat for every destination MAC)
2. cc:ef:48:87:05:cb to any (leave MAC dest. field blank) redirect to none (check redirect, but don't specify any redirect port, meaning drop)

IMHO bandwith limitations needs some bitbucket queue, which is not available on plain switch chips alone, so it will never be available on this class of devices.

Who is online

Users browsing this forum: No registered users and 6 guests