I reset my Mikrotik to default-mode, all users are able to access the internet without authentication. What rules do I need to fix?

When Mikrotik is reset, the default configuration is applied.

Mikrotik’s default configuration includes:

  1. A DHCP server
  2. A NAT rule applied to all networks

Those 2 configurations are responsible of allowing access to all users.

Here is how to fix that:

1- Disabling the DHCP Server

Go to IP > DHCP Server and disable the server as shown in the screenshot below:


2- Disable the NAT rule applied to all networks

  1. Go to IP > Firewall > NAT
  2. You’ll find a rule that has an empty src-nat IP range. It means, it does not restrict Internet to a specific range, just any range can have Internet access.
  3. You need to disable this rule as shown in the screenshot below:

Congrats, your users now have to authenticate before they can connect to the internet.

For more readings about configuring a basic PPP server that allows users to authenticate before having Internet access, check the following post: Basic ISP configuration using Mikrotik Routerboard