We usually get internet connection from any ISP and buy any WiFi Router and then configure wireless/AP with password and configure DHCP Server to get connection from own WiFi devices. We use these WiFi Routers/APs at home, office, workspace or any other public places. Usually, we get connected to our WiFi using our provided WiFi password.
Initially there will be no problem to keep your network safe using password authentication. But day by day your password will be known by anyone or any expert WiFi user can hack your password. So, it will be difficult to keep safe your network from unauthorized people just keeping only password authentication method.
This issue can be solved restricting WiFi access by MAC address. MikroTik wireless/AP provides an easy way to filter unauthorized devices by MAC address. MikroTik Wireless maintains Access List. Devices those are allowed in Access List will be allowed to get connected to WiFi AP otherwise the connection will be denied although the password is correct.
In this article, we will see how to block WiFi access based on device MAC address with MikroTik wireless/access point.
How to Restrict WiFi Access with MikroTik Wireless
The default authentication system of MikroTik WiFi is to connect devices those provide valid password. So, if we change the default authentication system and customize authentication system, we can easily filter unauthorized devices. The following steps will show how to customize default authentication in MikroTik wireless [It is assumed that you have already configured your MikroTik WiFi with DHCP Server before].
- Login to MikroTik Wireless Router with Winbox using full permission user.
- Click on Wireless menu item. Wireless table window will appear.
- Click on Wireless Interfaces tab and then double click on active wlan interface. WLAN interface window will appear.
- Click on Wireless tab and untick Default Authenticate checkbox.
- Click Apply and OK button.
As we have disabled default authentication, MikroTik wireless will not allow WiFi access only providing password. Besides providing password, any device must be registered providing MAC in Access List. Otherwise, the device will fail to connect to WiFi.
So, we now need to create an access list where allowed devices will be registered providing its MAC address. Devices those will have in this access list, will be allowed to connect with this WiFi network. The following steps will show how to add device MAC address in the Access List.
- From Winbox, go to Wireless and then click on Access List tab.
- Now click on PLUS SIGN (+). New AP Access Rule window will appear.
- Provide the device MAC in MAC Address input box.
- Choose WLAN interface from interface drop down menu.
- It is possible to limit the download speed of this device providing the required limit (such as 5M) in AP Tx. Limit input box.
- It is also possible to provide a private WiFi password to this device. For this, put private password in Private Pre Shared Key input box. If we do not provide private password, the public password will be used to connect to this WiFi.
- It is also possible to apply WiFi access time limit. If we define time limit in the time panel, the device will be allowed to access the WiFi within that time in a day.
- Click Apply and OK button.
We have added a device to Access List with authorization. Now the device will be allowed to access WiFi connection in your network. Similarly, we can add as many devices as we need following the above steps.
If you face any confusion to follow the above steps, watch the following video on MAC Address Filtering in MikroTik WiFi Access Point. I hope it will reduce your any confusion.
How to restrict WiFi access with MirkoTik Wireless has been discussed in this article. I hope, you will now be able to filter your WiFi user following the above steps. However, if you face any confusion to follow the above steps, feel free to discuss in comment or contact me from contact page, I will try my best to stay with you.