Configure Port Security on the MikroTik Switch

Also, another feature on Layer2 Security is called Port Security. Let’s say that on Ether2 port we have a PC connected and we don’t want any other device connected to this port to work but my own PC. Then I can apply Port Security from which only the MAC address of my PC is allowed to be passed and any other MAC address is not allowed.

LAB Port Security:

Still on the same LAB scenario. I want my PC only to be allowed to pass from Ether2 of SW1 and anything else not able to.

First, we need to take the MAC address of the PC and save it:

[mepr-show rules=”319″ unauth=”message”] 

Now I will go to SW1 and create a rule on the Bridge filter than any device which doesn’t have the MAC address of my PC will not be allowed.

Let me show you how you can do that:

Here I am saying that any traffic coming from MAC address which is different than the MAC address of my PC and going via the switch to somewhere else (so traffic not going directly to the Switch itself) from the interface Ether2, in the next picture I have to say to be dropped as following:

I have also put a Log so in case someone plug a PC which is not my PC, then a Log will be shown.

Now as long as I am connecting my own PC, I am able to work normally without any problem.

I will put another PC and see if it will receive an IP address from the DHCP server.

No IP address from the DHCP server has been received. If we check the Logging in SW1 we should see an entry as the following:


Course Content


Submit a Comment

Your email address will not be published. Required fields are marked *

The reCAPTCHA verification period has expired. Please reload the page.