Route traffic from AP to the RB2011 and monitor connected devices via mac-address

zoldrakza · March 11, 2019, 7:19am

Hi Everyone,

I’m totally new to MikroTik, but eager to learn. Let me explain what I have and what I would like to achieve.

Hardware - Cisco x3500, RB2011UiAS-RM and Huawei B315
Setup - Cisco(ADSL) connected to RB2011 and Huawei is connected to the RB2011

Plan - Route all traffic from the wifi (Huawei B315) to the RB2011
Reason - I want to experiment with Kid-control on the rb.

Currently I can connect to the AP and browse the net.

2011 is running on stock settings.

I tried IRC for some help, but no life over the whole weekend in the general chat area.

Thank you in advance.

Stiaanm · March 11, 2019, 7:36am

So the 2011 becomes a perimeter device on your network?

If so, plug B315 in on a port, set that port as a DHCP client. Add a route for 0.0.0.0/0 via that IP of the B315, and Bob’s your uncle…

Summising form the title you want MAC filtering (only allow listed devices)?

For each device that would be allowed access:
;;; Allow TA
chain=MAC-filter action=accept in-interface=bridge1 src-mac-address=F4:B5:49:F1:7D:25 log=no log-prefix=""

Use Comments, will save lots of time when troubleshooting, set in-interface to desired port, change mac-address to that of the desired device(s)

End off with this one to drop everything else (DO NOT ENABLE UNTIL YOUR DEVICE IS ADDED!!!):
;;; Deny all other MAC’s
chain=MAC-filter action=drop in-interface=bridge1 log=yes log-prefix=""

zoldrakza · March 11, 2019, 7:43am

Thank you for the quick reply.

The AP is an old LTE router that I’m using as an AP now. I will probably have to get all the mac-address from the AP and list them in the RB. I take it the rb will not know what devices is connected to the AP?

Thanks again for the reply.

Kind Regards

Stiaanm · March 11, 2019, 8:02am

If it is in routing mode and a different subnet, no the RB will not know. Using this as an AP may give you some glitches, you would have to set it in the same subnet as your network, disable DHCP, etc…

zoldrakza · March 11, 2019, 9:08am

Currently the AP is set to “Dynamic IP” connection mode.
ADSL modem has DHCP enable
RB2011 is stock settings

I know this all sounds too basic for you guys, but I’m no network expert and learning along the way.

Thank you in advance.

zoldrakza · March 11, 2019, 1:54pm

Is anyone available on whatsapp/IRC/Skype etc. for some guide? I value your time and will meet for a coffee or beer.

Thank you

Stiaanm · March 11, 2019, 5:25pm

Let’s approach this step-by-step:

The B618 connects to the RB puely as an AP, not using any SIM for Inet?
Where does the Cisco fit in?

zoldrakza · March 11, 2019, 6:20pm

CISCO dials the adsl account that is connect to the rb2011(port 1)
B315(wan port) is connect to rb2011(port 2)

Stiaanm · March 11, 2019, 6:46pm

You would have to do some routing of sort to do more than monitoring, quite a few vids on Youtube would take you through the teachings of how to achieve this. Some of the things you would need to do:

Disable DHCP on the B315
Enable DHCP on the 2011
Most likely you would need to bridge some (not all) of the ports on the 2011 to provide your LAN. Connect the B315 to one of these bridged ports.

Coms · March 11, 2019, 9:09pm

I my self have not had any success on disabling dhcp on a B315 using iets wifi if jou find out how please net me know, I can disable the Lan side but somehow iet fails to do it on the wifi side.

zoldrakza · March 12, 2019, 5:53am

Morning,

Thank you for all the feedback, I’ll do some research to disabling dhcp on B315.

zoldrakza · March 12, 2019, 7:17am

I have not check if my router has this section showing in the menu. Just posting for reference.