Think you have a policy for your office local area network (LAN) which is based on IP address of the hosts or workstations inside the LAN. To make sure your policy working smoothly, one thing you have to do is to prevent users from changing their workstations IP address. So you have to lock their IP address to match with the hardware MAC address. If they change the IP address then it will not match with the MAC address set up in the Mikrotik router so they will be blocked.
This tutorial shows you how to lock MAC and IP Address in Mikrotik router. Here is what you have to do.
1. Login to the Mikrotik router via Winbox or Telnet/SSH.
2. Run the below commands in the Terminal
/ip firewall filter add chain=input src-address=A.B.C.D src-mac-address=!1A:2B:3C:4D:5E:6F action=drop disabled=no
/ip firewall filter add chain=input src-address=!A.B.C.D src-mac-address=1A:2B:3C:4D:5E:6F action=drop disabled=no
The commands above mean that if the source IP address is A.B.C.D but the MAC address is not 1A:2B:3C:4D:5E:6F or the source MAC address is 1A:2B:3C:4D:5E:6F but the IP address is not A.B.C.D then drop the packet.
Now you can test using your laptop / computer. Make sure to change the IP and MAC address to meet your device configurations.