Page 1 of 1
How to limit mac addresses to connect to Mikrotik 7.8
Posted: Fri May 03, 2024 4:25 pm
by inna
Hello,
I previously had another Mikrotik version 6 that I asked in another
viewtopic.php?t=205954 and it worked for my other Mikrotik device.
Recently I have purchase another MT device which version is
7.8 (stable).
I use this like this:
My ADSL modem --> a LAN cable from modem goes into MT device --> The MT device creates a wireless AP.
All of devices in the house connect to MT.
I'm going to restrict some specific mac addresses to connect to this MT AP.
I tried to do like MT 6 but it doesn't have any
authenticate or such things to enable.
I also tried to do
Wireless --> Access List, like MT6, but it doesn't work and still all devices are able to connect (to test this, I only add my laptop's mac address).
Do you please help me how can I limit and restrict some mac addresses as a white list to allow to connect?
Re: How to limit mac addresses to connect to Mikrotik 7.8
Posted: Fri May 03, 2024 4:27 pm
by anav
Only give the SSID password to those that need it for any particular Subnet WLAN
Re: How to limit mac addresses to connect to Mikrotik 7.8
Posted: Fri May 03, 2024 4:32 pm
by inna
Only give the SSID password to those that need it for any particular Subnet WLAN
Thanks, that was done before. But I'm curious if I can restrict and whitelist.
Suppose both my phone and laptop are connected and both have the password. Now I want to whitelist my laptop's mac address and block all others.
Is that possible? In MT6 it was possible, but I couldn't find any way for it in MT7.
Re: How to limit mac addresses to connect to Mikrotik 7.8
Posted: Fri May 03, 2024 11:43 pm
by anav
You can do that by only manually assigning DHCP leases I thought. Make use of ARP list etc.
Re: How to limit mac addresses to connect to Mikrotik 7.8
Posted: Sat May 04, 2024 4:33 am
by inna
You can do that by only manually assigning DHCP leases I thought. Make use of ARP list etc.
Thanks, but then I think I should go to networks settings of each connected device and assign a manual IP. Am I right?
If yes, then I think it won't work for me because I'm not always home, and I connect to my office WiFi too.
Re: How to limit mac addresses to connect to Mikrotik 7.8
Posted: Thu May 16, 2024 5:40 pm
by inna
I still have not find a way to do this.
Any updates for this thread?
Re: How to limit mac addresses to connect to Mikrotik 7.8
Posted: Thu May 16, 2024 5:50 pm
by spippan
if you want to let only "known devices" connect (via known MAC) and that MAC is in your access list you might have to disable "default authenticate" for your wifi interface.
Re: How to limit mac addresses to connect to Mikrotik 7.8
Posted: Thu May 16, 2024 5:57 pm
by inna
if you want to let only "known devices" connect (via known MAC) and that MAC is in your access list you might have to disable "default authenticate" for your wifi interface.
I do not have such option in Wi-Fi interface.
I had this option in MT version 6, but I cannot find it in MT version 7.
Re: How to limit mac addresses to connect to Mikrotik 7.8
Posted: Thu May 16, 2024 6:14 pm
by inna
I also do not have this command:
[admin@MikroTik] > /interface wireless
bad command name wireless (line 1 column 12)
I read this
https://wiki.mikrotik.com/wiki/Manual:I ... ccess_List.
Re: How to limit mac addresses to connect to Mikrotik 7.8
Posted: Thu May 16, 2024 6:19 pm
by WeWiNet
First , Upgrade the device to 7.12 and then to 7.15. works much better than 7.8
To solve your problem
1.) Create in Wifi Access list entries for each and every devices you want allow access (you can use also interface lists)
2.) at the end of the Access List, create one entry that rejects access to all Mac adresses
The Access list is parsed from top to bottom, so devices found get access, devices not found will get bumped off by the last rule.
It is same principle as Mikrotik firewall...
Re: How to limit mac addresses to connect to Mikrotik 7.8
Posted: Thu May 16, 2024 6:37 pm
by inna
First , Upgrade the device to 7.12 and then to 7.15. works much better than 7.8
To solve your problem
1.) Create in Wifi Access list entries for each and every devices you want allow access (you can use also interface lists)
2.) at the end of the Access List, create one entry that rejects access to all Mac adresses
The Access list is parsed from top to bottom, so devices found get access, devices not found will get bumped off by the last rule.
It is same principle as Mikrotik firewall...
I did the 1 and 2 before, but I'm not sure why it didn't work.
Re: How to limit mac addresses to connect to Mikrotik 7.8 [SOLVED]
Posted: Fri May 24, 2024 1:31 pm
by spippan
if you want to let only "known devices" connect (via known MAC) and that MAC is in your access list you might have to disable "default authenticate" for your wifi interface.
I do not have such option in Wi-Fi interface.
I had this option in MT version 6, but I cannot find it in MT version 7.
sorry, this is available on the "older" wireless settings. you may have the newer "Wifi" interface.
maybe this might help:
/interface wifi access-list
add action=accept disabled=no mac-address=aa:aa:bb:bb:cc:cc
add action=accept disabled=no mac-address=dd:dd:ee:ee:ff:ff
add action=accept disabled=no mac-address=11:11:22:22:33:33
add action=reject disabled=no
MACs obviously generic/fake (apply your MAC addresses which you'd like to be allowed to connect and the last rule is a "reject" rule to deny any unknown clients
you also got a lot more options to fine-tune stuff but in general the above should suffice
for the detailed options 2 might come in handy
1. a mask where you could allow/deny a certain vendor (
OUI database lookup for details)
2. more detailed interface information (if you have multiple SSIDs specify desired SSID interface here)
24-05-2024.png
Re: How to limit mac addresses to connect to Mikrotik 7.8
Posted: Fri May 24, 2024 1:44 pm
by inna
I do not have such option in Wi-Fi interface.
I had this option in MT version 6, but I cannot find it in MT version 7.
sorry, this is available on the "older" wireless settings. you may have the newer "Wifi" interface.
maybe this might help:
/interface wifi access-list
add action=accept disabled=no mac-address=aa:aa:bb:bb:cc:cc
add action=accept disabled=no mac-address=dd:dd:ee:ee:ff:ff
add action=accept disabled=no mac-address=11:11:22:22:33:33
add action=reject disabled=no
MACs obviously generic/fake (apply your MAC addresses which you'd like to be allowed to connect and the last rule is a "reject" rule to deny any unknown clients
you also got a lot more options to fine-tune stuff but in general the above should suffice
for the detailed options 2 might come in handy
1. a mask where you could allow/deny a certain vendor (
OUI database lookup for details)
2. more detailed interface information (if you have multiple SSIDs specify desired SSID interface here)
24-05-2024.png
Thanks a lot, it worked and now my laptop is only connected, and my mobile phone is being rejected.
Regarding fake mac address, I'm aware of that. I have some devices that have two options: private mac address and public mac address.
For the private mac address, they generate a new mac address when connecting to a new unknown Wi-Fi.
I think I did it before, but probably I didn't do it correct, or even I didn't do it at all.
Anyways, thanks a lot my friend, it helped me.
Re: How to limit mac addresses to connect to Mikrotik 7.8
Posted: Fri May 24, 2024 2:45 pm
by spippan
Thanks a lot, it worked and now my laptop is only connected, and my mobile phone is being rejected.
Regarding fake mac address, I'm aware of that. I have some devices that have two options: private mac address and public mac address.
For the private mac address, they generate a new mac address when connecting to a new unknown Wi-Fi.
I think I did it before, but probably I didn't do it correct, or even I didn't do it at all.
Anyways, thanks a lot my friend, it helped me.
yep, i know of the private-mac funcions on new mobile OS versions.
glad it helped.
mark it as [SOLVED] then