In this tutorial, we will learn how to block a MAC address to connect to our network or to connect to the internet.
Applying security with a MAC address block system is better than an IP address block system. Because users sometimes may change their IP address to bypass the firewall restriction.
In this scenario, we will assume that our LAN network is 192.168.1.0/24. The Mikrotik Ether1 port is connected to our local network and the Ether2 port is connected to our Internet Service Provider.
Now we want to block access to the Ether2 port or the internet for a MAC address such as 48:FC:B6:43:B5:65 which resides in our 192.168.1.0/24 network.
We will go through these settings using the "Winbox" tool.
Login to your Mikrotik router and go to the "Firewall" section.
Now navigate to the "Filter Rules" tab and click on the (+) sign to add a new rule.
Now navigate to the "General" tab and click on the "Chain" parameter option and select "forward" as the parameter value.
Now click on the "Out Interface" parameter option and select the "Ether2" as the parameter value. As we are applying restrictions to access to this interface or the internet connection.
Now navigate to the "Advanced" tab and click on the "Src. MAC Address" parameter option. Write that MAC address which we want to restrict. As our example, that address will be 48:FC:B6:43:B5:65.
Now navigate to the "Action" tab and select "drop" as the "Action" value.
That's it. Now click on "Apply" and then "OK". From now on if the router receives a packet with a source MAC address which is 48:FC:B6:43:B5:65 and that packet is requesting access to the internet or the Ether2 interface, then this packet will be dropped. Because we have selected the "Action" value as "drop".
Whenever this rule starts working or that MAC address is trying to access the internet, the "Byte" and "Packet" values will be increased.
No comments:
Post a Comment