How to Lock MAC to IP Address in Mikrotik

Think you have a policy for your office local area network (LAN) which is based on IP address of the hosts or workstations inside the LAN. To make sure your policy working smoothly, one thing you have to do is to prevent users from changing their workstations IP address. So you have to lock their IP address to match with the hardware MAC address. If they change the IP address then it will not match with the MAC address set up in the Mikrotik router so they will be blocked. Before applying the below illustration we understand that you are the admin of your LAN. This tutorial shows you how to lock MAC to IP Address in Mikrotik router. Here is what you have to do.

  1. Login to the Mikrotik router via Winbox or Telnet/SSH.
  2. Run the below commands in the Terminal

/ip firewall filter add chain=input src-address=192.168.0.25 \ src-mac-address=!1A:2B:3C:4D:5E:6F action=drop disabled=no /ip firewall filter add chain=input src-address=!192.168.0.25 \ src-mac-address=1A:2B:3C:4D:5E:6F action=drop disabled=no The commands above mean that if the source IP address is 192.168.0.25 but the MAC address is not 1A:2B:3C:4D:5E:6F or the source MAC address is 1A:2B:3C:4D:5E:6F but the IP address is not 192.168.0.25 then drop the packet. Now you can test using your laptop / computer. Make sure to change the IP and MAC address to meet your device configurations.   Post a Question

Leave a Reply

Please log in using one of these methods to post your comment:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

w

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.