MikroTik

Hi, i have RouterOS 2.8.26, we are a small ISP, and have a problem with security, i have set up a DHCP server with static leases for the clients, but if someone put an IP from mi local net, he can connect with internet and.. without traffic shapping... i need a way to add some security that only permited IP and MAC address can connect with Internet...

Sorry my bad English...

THANKS!!

Use static ARP, bound IP address to mac-address for each user, than turn on ARP=reply-only on your ap-bridge interface.
This means that only users that have exact mac an ip address can use your network.

Cheers...

good idea, but doesn't work behind some Ethernet Converters... how about PPPOE?

Hi, any other way to do it? before nobody was allowed to pass through the router, but now... anyone can, i dont know what could it be..

Not really a security fix, but more of a way to hinder - How about set a catch-all bandwidth queue for any addresses not accounted for...and set it to 1Kb or something extremely slow. Idealy, maybe get radius going or use the hotspot feature if pppoe isn't an option.