If a client was blocked on a MikroTik router and this client receives a new IP address via DHCP, the client's access to HTTP/S (or any other service) after receiving a new IP address will depend on how the blocking was initially implemented.
There are several ways to block access to a client on a MikroTik router, and the effect of changing the client's IP address varies depending on the blocking method used:
Blocking by IP Address
If the block was made specifically against the client's IP address, changing the client's IP address would effectively allow you to bypass the block, since the block is associated with the old IP address. Once the client obtains a new IP address through DHCP, the blocking rules applied to the previous IP address no longer apply to this new address.
MAC Address Lock
If blocking was done based on the device's MAC address, changing the IP address via DHCP will not allow the client to bypass the blocking. The device's MAC address is unique and does not change when receiving a new IP address, so blocking rules will remain effective regardless of the IP address assigned to the device.
User Block
In configurations where access is controlled through user authentication (for example, using PPPoE or a similar configuration), changing the IP address will also not allow the user to bypass the block. Access in this case is tied to the user's authentication credentials, not the IP address.
To ensure effective blocking that cannot be bypassed by simply renewing the IP address, it is recommended to use methods based on MAC addresses or user authentication.
Additionally, it is important to regularly review and adjust security policies to ensure that they are effective and up-to-date with current network needs.
There are no tags for this post.
2 comments on “If a client was blocked on a mikrotik router but this client receives a new IP via dhcp, would the client already have access to http/s?”
Greetings.. how to block users who connect via dhcp that are not on the list of already registered IPs. such as when the onus are put into britge mode and allow the IP assigned to a new one to pass and allow them to navigate freely until they are manually blocked
Regards,
The best practice for this is not to manage DHCP for the assignment of IPs to the ONUs, but rather to manage everything by static IP, but if you need to maintain DHCP then the ideal would be to use the “static-pool” option in the configuration option. pool in the DHCP server created, and in the lease tab, which is where all the assignments appear, convert all current clients to static ones with the “make-static” option and for future ONUs you will have to add them to the lease one by one , declaring yourself the IP and MAC of the device to be added, and thus no device will connect anymore because they would only connect as long as they are added in the lease option.