block internet for LAN user in Mikrotik ccr

Block Internet Access but keep Local Network access in MikroTik

How to block IP Address in MikroTik to Restrict the internet?

Mikrotik provides world-class RouterOS firmware loaded with all the best features. There are many popular MikroTik network devices used by telecom operators worldwide. If you are MikroTik router user and you must use Mikrotik CCR series routers to deploy a large and medium-sized network. In an earlier post, we published an article about login Mikrotik routers using winbox and IP address.

If you are an administrator or network operators you must require to block the user and IP addresses in the network for security reasons. If you looking to block IP address in Mikrotik router to block internet access for specific LAN users without blocking local network sharing. This post gives you user manual to block user in MikroTik router using IP address block option.

If you have any of the MikroTik models from CCR, Mikrotik Base box, Mikrotik RB750 Series and Mikrotik Fiber switch or wireless device belong to Mikrotik will support this user guide. You need to login to MikroTik RouterOS using winbox or web interface to setup a User internet block using IP Address.

 

Steps to Block User in MikroTik using IP Address

The first steps to access RouterOs settings from Winbox configuration utility.

  • Connect the MikroTik router or wireless device to the computer or laptop LAN ports.
  • Download Winbox latest version from Downloads
  • Default Login IP Address http://192.168.88.1
  • Default username: admin and password is blank for default mode.
  • Login your MikroTik cloud core router, RB450, MikroTik Sxt lite or any models you are using for the internet.

 

Check User IP address provided by DHCP server

To prevent internet access for specific LAN or wifi user you must know the IP address assign to the user from the DHCP server.

You can check all the connected computer and mobile device list with Mac address and allotted IP address list.

Go to IP- DHCP Server

Leases tab

Check the Active host option for the computer or mobile name. see mac address and IP address details for a specific user you want to block.

Note the IP address of mobile or computer you want to restrict internet access.

mikrotik router default password

Create Address List for Block IP Address

The next step to create an address list under firewall options to make blacklist to block internet access for those IP addresses.

Go to IP-Firewall option

Go to the Address List tab.

Press Plus (+) button to create a new firewall address list

New- Block Users

Address: 192.168.88.254 (or any IP address you got from lease assign to user you want to block)

mikrotik block internet access by ip

Press Apply and OK button to create a list.

You can create multiple IP addresses under the same block user list to restrict multiple users at the same time to access the internet.

Create Firewall Rules to Block Internet Access

Create new Filter rules to Block client internet access, but allow local access for users added to the block list.

Go to the IP-Firewall option from the left side menu.

Filter Rules tab

1: Press Plus (+) button to make new filter rules.

2: New Firewall Rules –  Go to Advanced Tab first

Select Src. Address list- Block user (or whatever name you have given to Firewall address list)

3: Go to Action tab

Action- Drop

how to allow access to blocked site for specific ip in mikrotik

Press Apply and OK button to confirm filter rules.

After creating firewall block rules internet access will block for specific users added to blacklists.

To disable user blacklist just select the rules and press cross (Cross) button to disable temporarily.

mikrotik firewall block list

This is a simple way to block internet users with IP address blocking for specific LAN and WIFI users in the network.

Making this rules list will not block internal local network sharing and all computers can share data from the network without any problems. This MikroTik router configuration will help you to block unwanted traffic from specific users in the network and prevent any network glitch without disturbing whole networks.

 

Related Post