Hi Everyone,

very much a noob here - I have a an internet cafe with a Mikrotik Router RB750GL.

I have a LAN with 50 machines connected and would like to allow (lan/internet) access only by MAC addresses.

I have read through the forum and would like to ask if this is the solution for it

from -> http://forum.mikrotik.com/viewtopic.php?f=2&t=36298

ip firewall filter add chain=input src-mac-address=00:0C:29:32:E6:92 action=accept (Allow User )
ip firewall filter add chain=input src-mac-address=00:0C:29:32:E6:93 action=accept (Allow User )
ip firewall filter add chain=input src-mac-address=00:0C:29:32:E6:94 action=accept (Allow User )
ip firewall filter add chain=input src-address=192.168.139.0/24 action=drop (all users deny)

Would this ensure that any other customer who plugs into my LAN will not get an IP address as their mac address is not whitelisted?

Also if this were to work - how does it affect the DHCP server role? would i still need to have a pool setup?

I apologize if this has been asked/addressed in a previous post

Thanks
ManoR

You need a dhcp-pool
I have try out the firewall configuration and this don't work i have still a connection with the network

You can use arp list of each mac-address of your network and then use reply-only in the lan inyerface. So routerOS reply for all arp static list and deny other.

sent from my mobile phone using tapatalk

Thanks for this post, setting arp to reply-only and making static arp entries for allowed computers works perfectly but with 1 flaw - disallowed computers (without arp static entry) can't reach gateway. Is there a way for this computers that are cut of the internet still ping gateway (mikrotik router)?