nbctcp wrote

Feature Request

I like how Mikrotik disable/enable MAC Filtering for each user

Only with 1 click is enough to do that

While in Pharos its only All Allow or All Deny 

What's the purpose of being able to deny and allow MACs at the same time?

What is the default behavior on Mikrotik if device A is denied access, devices B and C are allowed access and device D connects with a MAC not listed in the filter? Is device D denied or allowed access then? Or do you have a general rule for devices matching all MACs not explicitly listed?

In Pharos you have a very simple way to set the default rule:

• If the MAC filter allows access for listed devices, every other device not listed in the MAC filter is denied access.
• If the MAC filter denies access for listed devices, every other device not listed in the MAC filter is allowed access.

IMHO it makes not much sense to explicitly deny access for specific devices if the default rule is to deny every device except those listed ("all allow") or vice versa. Only thing I can imagine is to save some time in searching the list until a decision can be made if you have very large lists and the lookup is done in software rather than by the WiFi chip itself.

But you are aware of the fact that MAC addresses on the client side can be easily spoofed and thus MAC-based black-listing can be circumvented?

If you bill clients for connectivity, a captive portal would be much more safer to ensure clients are really denied access if they don't pay their bill. With Omada EAP access points and Omada Controller you could set up a captive portal and with an external portal page you could even implement a pay-per month scheme (needs custom software, though).