Each network adapter has a globally unique physical address burned onto the card by the manufacturer. The physical address uniquely identifies every individual card that connects to the network cable or media. For this reason, the physical address is also call the media access control (Mac address) address.
MAC ADDRESS is six byte long. A typical Mac address might appear like this 00:00:76:54:12:10, where the first three byte is the vendors unique ID and the next three unique identify that card for the vendor. Different manufactures and brands,
Places their address in different location, so it requires certain command or series of clicks to see your address.
Every network switch stores a list of MAC addresses seen at every port and only forward packets to the ports that need to receive the packet, data or information.
Wireless access points often use MAC addresses for access control. They only allow access for known devices (MAC address is unique and identifies devices) with the correct passphrase.
DHCP servers use the MAC address to identify devices and give some devices fixed IP addresses.
Mac addresses are also used as a control measure, to monitor inflow of devices in every network.
Having what Mac address is and it uses we are going to two different practical in which we will use a Mac address as a control measure for those unwanted devices on our network.
Second we are going to use Mac address and the mangle rule practice to limit the resources that will be accessed by some devices.
First one log into your wireless router/ acess point using the address 19126.96.36.199.
User name admin
Click on login
Unless otherwise changed by the network administrator.
On the wireless router interface you will see setup icon click on it.
In the drop down menu you will find a tag Mac address clone click on it.
Here in the mac address table we are going to add those device Mac address that we don’t want them to access the internet through this router and the command will be disabled.
Click on save setting to save the setting. Now what we have achieve is high level of security, hence this device wil no longer have access to the internet unless the configuration is changed by the admin.
Another means of achieving this is for us to use our mangle rule option. Please if you have not read my post on bandwidth management using mangle you can go back and read it here.
So we going to create a rule using some device Mac address so that it will either limit the user or deny the user internet access from our network. Now let me put some thing clear, the reason for bandwidth management is that sometimes in our world the internet speed we have is not even enough to serve it purpose, but you will find some ignorant once abusing the privilege given to them by the admin by either constant streaming online video, doing application updates and so on this is because they think hence is WIFI is free, not knowing that someone else is paying for it, so once a thing like this notice bandwidth management becomes a thing to employ.
So we are going to deploy the mangle rule.
First of we will lunch our winbox go to IP
Go to DHCP server.
click on the tag leases.
Below the tag active Mac address locate the Mac of the user we want to limit, highlight and copy the Mac address.
We are going to use the mangle to do the necessary on this particular user.
Here is the configuration.
Click on IP.
Click on DHCP SERVER.
Click on lease
Double click on the Mac address you want to limit, highlight it and copy it.
Come back again click on IP.
Click on firewall.
Click on the add button to add a firewall rule on the mac address.
The chain should be prerouting.
On the src Mac address paste the Mac address we copied earlier.
On the action we are going to mark the connection
On the new connection we will put in the name of the customer for easy identification.
Click apply and ok.
Next thing we will do now is to add a queue from the interface using queue tree method.
so let’s click on queues, clcik on add queue tree button.
tag the queue tree let say download and then do the normal queue configuration as below