Yes, it is possible to filter by MAC address devices trying to connect to a wireless access point (AP) in MikroTik. This functionality is useful for increasing the security of a wireless network, allowing only specific devices to access the AP.
We explain how to configure MAC address filtering on a MikroTik device using both the graphical user interface (WinBox) and the command line:
Using WinBox (Graphical User Interface)
- Connect to your MikroTik device:
- Open WinBox and connect to your MikroTik router.
- Navigate to Wireless Settings:
- Go to section "Wireless" and select the tab “Interfaces”. Double-click the wireless interface you want to configure.
- Configure MAC Filtering:
- In the interface settings window, go to the tab “Access List”.
- Click on the "+" to add a new entry.
- In the new entry window, type the MAC address you want to allow or deny in the field “MAC Address”.
- Choose "Accept" o “Reject” depending on whether you want to allow or block the specified MAC address.
- Click on "OK" To save the settings.
Using the Terminal (Command Line)
- Access the Terminal:
- You can use the terminal directly in WinBox or connect via SSH.
- Configure MAC Filtering:
- You can add an entry to the access list with the following commands:
/interface wireless access-list add mac-address=XX:XX:XX:XX:XX:XX interface=nombre_de_tu_interface wireless-protocol=802.11 authentication=yes forwarding=yes
- Change
XX:XX:XX:XX:XX:XX
with the MAC address you want to filter. - setup
authentication
yforwarding
ayes
to allow orno
to deny access.
- You can add an entry to the access list with the following commands:
Additional considerations
- Filtering Policy: Make sure the filtering policy is consistent with your security needs. Filtering by MAC can be useful, but it is not foolproof, as MAC addresses can be spoofed.
- Maintenance: The list of allowed or blocked MAC addresses may require regular maintenance to add or remove devices as your needs change.
MAC address filtering in MikroTik is a useful tool for controlling access to your wireless network, but it must be used as part of a broader security strategy to be effective.
There are no tags for this post.