Connection Sharing in a Single MAC-Address Restricted Service Access
Some ISP may impose a rule on which only a single pre-registered device is able to get service connection.
This restricts service to a registered single MAC Address of the client’s device. IP Address may be static or dynamic.
With the above scenario, we can use a MikroTik RouterBoard to enable us to provide multiple connections,
over the restrictions indicated above as shown below.
Here’s how it’s done. First, get the MAC Address and IP address of the connected interface of the registered device.
For PC running Windows, type ipconfig /all in the DOS prompt terminal to get these informations.
IP Address = 22.214.171.124/24 ; MAC Address = 00:16:D3:CA:BB:6D
Configure the following in your MikroTik Router
- Interface facing ISP = Ether1.To_Internet
- Interface facing LAN = Ether2.To_LAN
1. Create a Bridge interface with the registered MAC Address inputted to the Admin. MAC Address field.
/interface bridge add name=BR.Internet disabled=no admin-mac=00:16:D3:CA:BB:6D auto-mac=no
2. Add the port facing the ISP to the Bridge Interface.
/interface bridge port add bridge=BR.Internet disabled=no interface=Ether1.To_Internet
3. Assign the registered IP Address to the Bridge interface.
- 3.1 If Static, Add also default route.
/ip address add address=126.96.36.199/24 disabled=no interface=BR.Internet
/ip route add dst-address=0.0.0.0/0 gateway=188.8.131.52 disabled=no distance=1
- 3.2 If Dynamic,
/ip dhcp-client add interface=BR.Internet disabled=no add-default-route=yes use-peer-dns=yes
4. Create Source NAT, SRCNAT, rule with Masquerading; use the Bridge interface as Output interface.
/ip firewall nat add chain=srcnat disabled=no out-interface=BR.Internet action=masquerade
5. Run DHCP Server for your LAN-side,Ether2.To_LAN interface, with correct DNS settings for your ISP.
/ip address add address=192.168.0.254/24 disabled=no interface=Ether2.To_LAN
/ip pool add name=dhcp_pool1 ranges=192.168.0.1-192.168.0.253
/ip dhcp-server add name=dhcp1 address-pool=dhcp_pool1 disabled=no interface=Ether2.To_LAN lease-time=3d
/ip dhcp-server network add address=192.168.0.0/24 dns-server=184.108.40.206,220.127.116.11 gateway=192.168.0.254
You should be able now to share your single-MAC Address restricted service to multiple terminal
devices in your LAN.
'...opportunity favors a prepared mind...'