Thanks to visit codestin.com
Credit goes to github.com

Skip to content

jeff-nasseri/mikrotik-mcp

Repository files navigation

MseeP.ai Security Assessment Badge

Overview

MikroTik MCP provides a bridge between AI assistants and MikroTik RouterOS devices. It allows AI assistants to interact with MikroTik routers through natural language requests, executing commands like managing VLANs, configuring firewall rules, handling DNS settings, and more.

Claude Desktop

mcp-mikrotik-claude.mp4

Inspector

mcp-mikrotik-inspector.mp4

Installation

Prerequisites

  • Python 3.8+
  • MikroTik RouterOS device with API access enabled
  • Python dependencies (routeros-api or similar)

Manual Installation

# Clone the repository
git clone https://github.com/jeff-nasseri/mikrotik-mcp/tree/master
cd mcp-mikrotik

# Create virtual environment
python -m venv .venv
source .venv/bin/activate  # On Windows: .venv\Scripts\activate

# Install dependencies
pip install -e .

# Run the server
mcp-server-mikrotik

Docker Installation

The easiest way to run the MCP MikroTik server is using Docker.

  1. Clone the repository:

    git clone https://github.com/jeff-nasseri/mikrotik-mcp.git
    cd mikrotik-mcp
  2. Build the Docker image:

    docker build -t mikrotik-mcp .
  3. Configure Cursor IDE:

    Add this to your ~/.cursor/mcp.json:

    {
      "mcpServers": {
        "mikrotik-mcp-server": {
          "command": "docker",
          "args": [
            "run",
            "--rm",
            "-i",
            "-e", "MIKROTIK_HOST=192.168.88.1",
            "-e", "MIKROTIK_USERNAME=sshuser",
            "-e", "MIKROTIK_PASSWORD=your_password",
            "-e", "MIKROTIK_PORT=22",
            "mikrotik-mcp"
          ]
        }
      }
    }

    Environment Variables:

    • MIKROTIK_HOST: MikroTik device IP/hostname
    • MIKROTIK_USERNAME: SSH username
    • MIKROTIK_PASSWORD: SSH password
    • MIKROTIK_PORT: SSH port (default: 22)

Running Integration Tests

This project uses pytest for integration testing against a temporary MikroTik RouterOS container.

  1. Make sure you have Docker installed and running.

  2. Install test dependencies:

    pip install -r requirements-dev.txt
  3. Run the tests:

    pytest -v

    This will:

    • Spin up a MikroTik RouterOS container
    • Run integration tests (create, list, and delete user)
    • Tear down the container automatically

By default, tests are marked with @pytest.mark.integration. You can run only integration tests with:

pytest -m integration -v

Tools

Here are the available tools in the MikroTik MCP server:

VLAN Interface Management

mikrotik_create_vlan_interface

Creates a VLAN interface on MikroTik device.

  • Parameters:
    • name (required): VLAN interface name
    • vlan_id (required): VLAN ID (1-4094)
    • interface (required): Parent interface
    • comment (optional): Description
    • disabled (optional): Disable interface
    • mtu (optional): MTU size
    • use_service_tag (optional): Use service tag
    • arp (optional): ARP mode
    • arp_timeout (optional): ARP timeout
  • Example:
    mikrotik_create_vlan_interface(name="vlan100", vlan_id=100, interface="ether1")
    

mikrotik_list_vlan_interfaces

Lists VLAN interfaces on MikroTik device.

  • Parameters:
    • name_filter (optional): Filter by name
    • vlan_id_filter (optional): Filter by VLAN ID
    • interface_filter (optional): Filter by parent interface
    • disabled_only (optional): Show only disabled interfaces
  • Example:
    mikrotik_list_vlan_interfaces(vlan_id_filter=100)
    

mikrotik_get_vlan_interface

Gets detailed information about a specific VLAN interface.

  • Parameters:
    • name (required): VLAN interface name
  • Example:
    mikrotik_get_vlan_interface(name="vlan100")
    

mikrotik_update_vlan_interface

Updates an existing VLAN interface.

  • Parameters:
    • name (required): Current VLAN interface name
    • new_name (optional): New name
    • vlan_id (optional): New VLAN ID
    • interface (optional): New parent interface
    • comment (optional): New description
    • disabled (optional): Enable/disable interface
    • mtu (optional): New MTU size
    • use_service_tag (optional): Use service tag
    • arp (optional): ARP mode
    • arp_timeout (optional): ARP timeout
  • Example:
    mikrotik_update_vlan_interface(name="vlan100", comment="Production VLAN")
    

mikrotik_remove_vlan_interface

Removes a VLAN interface from MikroTik device.

  • Parameters:
    • name (required): VLAN interface name
  • Example:
    mikrotik_remove_vlan_interface(name="vlan100")
    

IP Address Management

mikrotik_add_ip_address

Adds an IP address to an interface.

  • Parameters:
    • address (required): IP address with CIDR notation
    • interface (required): Interface name
    • network (optional): Network address
    • broadcast (optional): Broadcast address
    • comment (optional): Description
    • disabled (optional): Disable address
  • Example:
    mikrotik_add_ip_address(address="192.168.1.1/24", interface="vlan100")
    

mikrotik_list_ip_addresses

Lists IP addresses on MikroTik device.

  • Parameters:
    • interface_filter (optional): Filter by interface
    • address_filter (optional): Filter by address
    • network_filter (optional): Filter by network
    • disabled_only (optional): Show only disabled addresses
    • dynamic_only (optional): Show only dynamic addresses
  • Example:
    mikrotik_list_ip_addresses(interface_filter="vlan100")
    

mikrotik_get_ip_address

Gets detailed information about a specific IP address.

  • Parameters:
    • address_id (required): Address ID
  • Example:
    mikrotik_get_ip_address(address_id="*1")
    

mikrotik_remove_ip_address

Removes an IP address from MikroTik device.

  • Parameters:
    • address_id (required): Address ID
  • Example:
    mikrotik_remove_ip_address(address_id="*1")
    

DHCP Server Management

mikrotik_create_dhcp_server

Creates a DHCP server on MikroTik device.

  • Parameters:
    • name (required): DHCP server name
    • interface (required): Interface to bind to
    • lease_time (optional): Lease time (default: "1d")
    • address_pool (optional): IP pool name
    • disabled (optional): Disable server
    • authoritative (optional): Authoritative mode
    • delay_threshold (optional): Delay threshold
    • comment (optional): Description
  • Example:
    mikrotik_create_dhcp_server(name="dhcp-vlan100", interface="vlan100", address_pool="pool-vlan100")
    

mikrotik_list_dhcp_servers

Lists DHCP servers on MikroTik device.

  • Parameters:
    • name_filter (optional): Filter by name
    • interface_filter (optional): Filter by interface
    • disabled_only (optional): Show only disabled servers
    • invalid_only (optional): Show only invalid servers
  • Example:
    mikrotik_list_dhcp_servers()
    

mikrotik_get_dhcp_server

Gets detailed information about a specific DHCP server.

  • Parameters:
    • name (required): DHCP server name
  • Example:
    mikrotik_get_dhcp_server(name="dhcp-vlan100")
    

mikrotik_create_dhcp_network

Creates a DHCP network configuration.

  • Parameters:
    • network (required): Network address
    • gateway (required): Gateway address
    • netmask (optional): Network mask
    • dns_servers (optional): DNS server list
    • domain (optional): Domain name
    • wins_servers (optional): WINS server list
    • ntp_servers (optional): NTP server list
    • dhcp_option (optional): DHCP options
    • comment (optional): Description
  • Example:
    mikrotik_create_dhcp_network(network="192.168.1.0/24", gateway="192.168.1.1", dns_servers=["8.8.8.8", "8.8.4.4"])
    

mikrotik_create_dhcp_pool

Creates a DHCP address pool.

  • Parameters:
    • name (required): Pool name
    • ranges (required): IP ranges
    • next_pool (optional): Next pool name
    • comment (optional): Description
  • Example:
    mikrotik_create_dhcp_pool(name="pool-vlan100", ranges="192.168.1.10-192.168.1.250")
    

mikrotik_remove_dhcp_server

Removes a DHCP server from MikroTik device.

  • Parameters:
    • name (required): DHCP server name
  • Example:
    mikrotik_remove_dhcp_server(name="dhcp-vlan100")
    

NAT Rules Management

mikrotik_create_nat_rule

Creates a NAT rule on MikroTik device.

  • Parameters:
    • chain (required): Chain type ("srcnat" or "dstnat")
    • action (required): Action type
    • src_address (optional): Source address
    • dst_address (optional): Destination address
    • src_port (optional): Source port
    • dst_port (optional): Destination port
    • protocol (optional): Protocol
    • in_interface (optional): Input interface
    • out_interface (optional): Output interface
    • to_addresses (optional): Translation addresses
    • to_ports (optional): Translation ports
    • comment (optional): Description
    • disabled (optional): Disable rule
    • log (optional): Enable logging
    • log_prefix (optional): Log prefix
    • place_before (optional): Rule placement
  • Example:
    mikrotik_create_nat_rule(chain="srcnat", action="masquerade", out_interface="ether1")
    

mikrotik_list_nat_rules

Lists NAT rules on MikroTik device.

  • Parameters:
    • chain_filter (optional): Filter by chain
    • action_filter (optional): Filter by action
    • src_address_filter (optional): Filter by source address
    • dst_address_filter (optional): Filter by destination address
    • protocol_filter (optional): Filter by protocol
    • interface_filter (optional): Filter by interface
    • disabled_only (optional): Show only disabled rules
    • invalid_only (optional): Show only invalid rules
  • Example:
    mikrotik_list_nat_rules(chain_filter="srcnat")
    

mikrotik_get_nat_rule

Gets detailed information about a specific NAT rule.

  • Parameters:
    • rule_id (required): Rule ID
  • Example:
    mikrotik_get_nat_rule(rule_id="*1")
    

mikrotik_update_nat_rule

Updates an existing NAT rule.

  • Parameters:
    • rule_id (required): Rule ID
    • All parameters from create_nat_rule (optional)
  • Example:
    mikrotik_update_nat_rule(rule_id="*1", comment="Updated NAT rule")
    

mikrotik_remove_nat_rule

Removes a NAT rule from MikroTik device.

  • Parameters:
    • rule_id (required): Rule ID
  • Example:
    mikrotik_remove_nat_rule(rule_id="*1")
    

mikrotik_move_nat_rule

Moves a NAT rule to a different position.

  • Parameters:
    • rule_id (required): Rule ID
    • destination (required): New position
  • Example:
    mikrotik_move_nat_rule(rule_id="*1", destination=0)
    

mikrotik_enable_nat_rule

Enables a NAT rule.

  • Parameters:
    • rule_id (required): Rule ID
  • Example:
    mikrotik_enable_nat_rule(rule_id="*1")
    

mikrotik_disable_nat_rule

Disables a NAT rule.

  • Parameters:
    • rule_id (required): Rule ID
  • Example:
    mikrotik_disable_nat_rule(rule_id="*1")
    

IP Pool Management

mikrotik_create_ip_pool

Creates an IP pool on MikroTik device.

  • Parameters:
    • name (required): Pool name
    • ranges (required): IP ranges
    • next_pool (optional): Next pool name
    • comment (optional): Description
  • Example:
    mikrotik_create_ip_pool(name="pool1", ranges="192.168.1.100-192.168.1.200")
    

mikrotik_list_ip_pools

Lists IP pools on MikroTik device.

  • Parameters:
    • name_filter (optional): Filter by name
    • ranges_filter (optional): Filter by ranges
    • include_used (optional): Include used addresses
  • Example:
    mikrotik_list_ip_pools()
    

mikrotik_get_ip_pool

Gets detailed information about a specific IP pool.

  • Parameters:
    • name (required): Pool name
  • Example:
    mikrotik_get_ip_pool(name="pool1")
    

mikrotik_update_ip_pool

Updates an existing IP pool.

  • Parameters:
    • name (required): Current pool name
    • new_name (optional): New name
    • ranges (optional): New ranges
    • next_pool (optional): New next pool
    • comment (optional): New description
  • Example:
    mikrotik_update_ip_pool(name="pool1", ranges="192.168.1.100-192.168.1.250")
    

mikrotik_remove_ip_pool

Removes an IP pool from MikroTik device.

  • Parameters:
    • name (required): Pool name
  • Example:
    mikrotik_remove_ip_pool(name="pool1")
    

mikrotik_list_ip_pool_used

Lists used addresses from IP pools.

  • Parameters:
    • pool_name (optional): Filter by pool name
    • address_filter (optional): Filter by address
    • mac_filter (optional): Filter by MAC address
    • info_filter (optional): Filter by info
  • Example:
    mikrotik_list_ip_pool_used(pool_name="pool1")
    

mikrotik_expand_ip_pool

Expands an existing IP pool by adding more ranges.

  • Parameters:
    • name (required): Pool name
    • additional_ranges (required): Additional IP ranges
  • Example:
    mikrotik_expand_ip_pool(name="pool1", additional_ranges="192.168.1.251-192.168.1.254")
    

Backup and Export Management

mikrotik_create_backup

Creates a system backup on MikroTik device.

  • Parameters:
    • name (optional): Backup filename
    • dont_encrypt (optional): Don't encrypt backup
    • include_password (optional): Include passwords
    • comment (optional): Description
  • Example:
    mikrotik_create_backup(name="backup-2024-01-01")
    

mikrotik_list_backups

Lists backup files on MikroTik device.

  • Parameters:
    • name_filter (optional): Filter by name
    • include_exports (optional): Include export files
  • Example:
    mikrotik_list_backups()
    

mikrotik_create_export

Creates a configuration export on MikroTik device.

  • Parameters:
    • name (optional): Export filename
    • file_format (optional): Format ("rsc", "json", "xml")
    • export_type (optional): Type ("full", "compact", "verbose")
    • hide_sensitive (optional): Hide sensitive data
    • verbose (optional): Verbose output
    • compact (optional): Compact output
    • comment (optional): Description
  • Example:
    mikrotik_create_export(name="config-export", file_format="rsc")
    

mikrotik_export_section

Exports a specific configuration section.

  • Parameters:
    • section (required): Section to export
    • name (optional): Export filename
    • hide_sensitive (optional): Hide sensitive data
    • compact (optional): Compact output
  • Example:
    mikrotik_export_section(section="/ip/firewall", name="firewall-config")
    

mikrotik_download_file

Downloads a file from MikroTik device.

  • Parameters:
    • filename (required): Filename to download
    • file_type (optional): File type ("backup" or "export")
  • Example:
    mikrotik_download_file(filename="backup-2024-01-01.backup")
    

mikrotik_upload_file

Uploads a file to MikroTik device.

  • Parameters:
    • filename (required): Filename
    • content_base64 (required): Base64 encoded content
  • Example:
    mikrotik_upload_file(filename="config.rsc", content_base64="...")
    

mikrotik_restore_backup

Restores a system backup on MikroTik device.

  • Parameters:
    • filename (required): Backup filename
    • password (optional): Backup password
  • Example:
    mikrotik_restore_backup(filename="backup-2024-01-01.backup")
    

mikrotik_import_configuration

Imports a configuration script file.

  • Parameters:
    • filename (required): Script filename
    • run_after_reset (optional): Run after reset
    • verbose (optional): Verbose output
  • Example:
    mikrotik_import_configuration(filename="config.rsc")
    

mikrotik_remove_file

Removes a file from MikroTik device.

  • Parameters:
    • filename (required): Filename to remove
  • Example:
    mikrotik_remove_file(filename="old-backup.backup")
    

mikrotik_backup_info

Gets detailed information about a backup file.

  • Parameters:
    • filename (required): Backup filename
  • Example:
    mikrotik_backup_info(filename="backup-2024-01-01.backup")
    

Log Management

mikrotik_get_logs

Gets logs from MikroTik device with filtering options.

  • Parameters:
    • topics (optional): Log topics
    • action (optional): Log action
    • time_filter (optional): Time filter
    • message_filter (optional): Message filter
    • prefix_filter (optional): Prefix filter
    • limit (optional): Result limit
    • follow (optional): Follow logs
    • print_as (optional): Output format
  • Example:
    mikrotik_get_logs(topics="firewall", limit=100)
    

mikrotik_get_logs_by_severity

Gets logs filtered by severity level.

  • Parameters:
    • severity (required): Severity level ("debug", "info", "warning", "error", "critical")
    • time_filter (optional): Time filter
    • limit (optional): Result limit
  • Example:
    mikrotik_get_logs_by_severity(severity="error", limit=50)
    

mikrotik_get_logs_by_topic

Gets logs for a specific topic/facility.

  • Parameters:
    • topic (required): Log topic
    • time_filter (optional): Time filter
    • limit (optional): Result limit
  • Example:
    mikrotik_get_logs_by_topic(topic="system")
    

mikrotik_search_logs

Searches logs for a specific term.

  • Parameters:
    • search_term (required): Search term
    • time_filter (optional): Time filter
    • case_sensitive (optional): Case sensitive search
    • limit (optional): Result limit
  • Example:
    mikrotik_search_logs(search_term="login failed")
    

mikrotik_get_system_events

Gets system-related log events.

  • Parameters:
    • event_type (optional): Event type
    • time_filter (optional): Time filter
    • limit (optional): Result limit
  • Example:
    mikrotik_get_system_events(event_type="reboot")
    

mikrotik_get_security_logs

Gets security-related log entries.

  • Parameters:
    • time_filter (optional): Time filter
    • limit (optional): Result limit
  • Example:
    mikrotik_get_security_logs(limit=100)
    

mikrotik_clear_logs

Clears all logs from MikroTik device.

  • Parameters: None
  • Example:
    mikrotik_clear_logs()
    

mikrotik_get_log_statistics

Gets statistics about log entries.

  • Parameters: None
  • Example:
    mikrotik_get_log_statistics()
    

mikrotik_export_logs

Exports logs to a file on the MikroTik device.

  • Parameters:
    • filename (optional): Export filename
    • topics (optional): Log topics
    • time_filter (optional): Time filter
    • format (optional): Export format ("plain" or "csv")
  • Example:
    mikrotik_export_logs(filename="security-logs.txt", topics="firewall")
    

mikrotik_monitor_logs

Monitors logs in real-time for a specified duration.

  • Parameters:
    • topics (optional): Log topics
    • action (optional): Log action
    • duration (optional): Monitor duration in seconds
  • Example:
    mikrotik_monitor_logs(topics="firewall", duration=30)
    

Firewall Filter Rules Management

mikrotik_create_filter_rule

Creates a firewall filter rule on MikroTik device.

  • Parameters:
    • chain (required): Chain type ("input", "forward", "output")
    • action (required): Action type
    • src_address (optional): Source address
    • dst_address (optional): Destination address
    • src_port (optional): Source port
    • dst_port (optional): Destination port
    • protocol (optional): Protocol
    • in_interface (optional): Input interface
    • out_interface (optional): Output interface
    • connection_state (optional): Connection state
    • connection_nat_state (optional): Connection NAT state
    • src_address_list (optional): Source address list
    • dst_address_list (optional): Destination address list
    • limit (optional): Rate limit
    • tcp_flags (optional): TCP flags
    • comment (optional): Description
    • disabled (optional): Disable rule
    • log (optional): Enable logging
    • log_prefix (optional): Log prefix
    • place_before (optional): Rule placement
  • Example:
    mikrotik_create_filter_rule(chain="input", action="accept", protocol="tcp", dst_port="22", src_address="192.168.1.0/24")
    

mikrotik_list_filter_rules

Lists firewall filter rules on MikroTik device.

  • Parameters:
    • chain_filter (optional): Filter by chain
    • action_filter (optional): Filter by action
    • src_address_filter (optional): Filter by source address
    • dst_address_filter (optional): Filter by destination address
    • protocol_filter (optional): Filter by protocol
    • interface_filter (optional): Filter by interface
    • disabled_only (optional): Show only disabled rules
    • invalid_only (optional): Show only invalid rules
    • dynamic_only (optional): Show only dynamic rules
  • Example:
    mikrotik_list_filter_rules(chain_filter="input")
    

mikrotik_get_filter_rule

Gets detailed information about a specific firewall filter rule.

  • Parameters:
    • rule_id (required): Rule ID
  • Example:
    mikrotik_get_filter_rule(rule_id="*1")
    

mikrotik_update_filter_rule

Updates an existing firewall filter rule.

  • Parameters:
    • rule_id (required): Rule ID
    • All parameters from create_filter_rule (optional)
  • Example:
    mikrotik_update_filter_rule(rule_id="*1", comment="Updated rule")
    

mikrotik_remove_filter_rule

Removes a firewall filter rule from MikroTik device.

  • Parameters:
    • rule_id (required): Rule ID
  • Example:
    mikrotik_remove_filter_rule(rule_id="*1")
    

mikrotik_move_filter_rule

Moves a firewall filter rule to a different position.

  • Parameters:
    • rule_id (required): Rule ID
    • destination (required): New position
  • Example:
    mikrotik_move_filter_rule(rule_id="*1", destination=0)
    

mikrotik_enable_filter_rule

Enables a firewall filter rule.

  • Parameters:
    • rule_id (required): Rule ID
  • Example:
    mikrotik_enable_filter_rule(rule_id="*1")
    

mikrotik_disable_filter_rule

Disables a firewall filter rule.

  • Parameters:
    • rule_id (required): Rule ID
  • Example:
    mikrotik_disable_filter_rule(rule_id="*1")
    

mikrotik_create_basic_firewall_setup

Creates a basic firewall setup with common security rules.

  • Parameters: None
  • Example:
    mikrotik_create_basic_firewall_setup()
    

Route Management

mikrotik_add_route

Adds a route to MikroTik routing table.

  • Parameters:
    • dst_address (required): Destination address
    • gateway (required): Gateway address
    • distance (optional): Administrative distance
    • scope (optional): Route scope
    • target_scope (optional): Target scope
    • routing_mark (optional): Routing mark
    • comment (optional): Description
    • disabled (optional): Disable route
    • vrf_interface (optional): VRF interface
    • pref_src (optional): Preferred source
    • check_gateway (optional): Gateway check method
  • Example:
    mikrotik_add_route(dst_address="10.0.0.0/8", gateway="192.168.1.1")
    

mikrotik_list_routes

Lists routes in MikroTik routing table.

  • Parameters:
    • dst_filter (optional): Filter by destination
    • gateway_filter (optional): Filter by gateway
    • routing_mark_filter (optional): Filter by routing mark
    • distance_filter (optional): Filter by distance
    • active_only (optional): Show only active routes
    • disabled_only (optional): Show only disabled routes
    • dynamic_only (optional): Show only dynamic routes
    • static_only (optional): Show only static routes
  • Example:
    mikrotik_list_routes(active_only=true)
    

mikrotik_get_route

Gets detailed information about a specific route.

  • Parameters:
    • route_id (required): Route ID
  • Example:
    mikrotik_get_route(route_id="*1")
    

mikrotik_update_route

Updates an existing route in MikroTik routing table.

  • Parameters:
    • route_id (required): Route ID
    • All parameters from add_route (optional)
  • Example:
    mikrotik_update_route(route_id="*1", comment="Updated route")
    

mikrotik_remove_route

Removes a route from MikroTik routing table.

  • Parameters:
    • route_id (required): Route ID
  • Example:
    mikrotik_remove_route(route_id="*1")
    

mikrotik_enable_route

Enables a route.

  • Parameters:
    • route_id (required): Route ID
  • Example:
    mikrotik_enable_route(route_id="*1")
    

mikrotik_disable_route

Disables a route.

  • Parameters:
    • route_id (required): Route ID
  • Example:
    mikrotik_disable_route(route_id="*1")
    

mikrotik_get_routing_table

Gets a specific routing table.

  • Parameters:
    • table_name (optional): Table name (default: "main")
    • protocol_filter (optional): Filter by protocol
    • active_only (optional): Show only active routes
  • Example:
    mikrotik_get_routing_table(table_name="main")
    

mikrotik_check_route_path

Checks the route path to a destination.

  • Parameters:
    • destination (required): Destination address
    • source (optional): Source address
    • routing_mark (optional): Routing mark
  • Example:
    mikrotik_check_route_path(destination="8.8.8.8")
    

mikrotik_get_route_cache

Gets the route cache.

  • Parameters: None
  • Example:
    mikrotik_get_route_cache()
    

mikrotik_flush_route_cache

Flushes the route cache.

  • Parameters: None
  • Example:
    mikrotik_flush_route_cache()
    

mikrotik_add_default_route

Adds a default route (0.0.0.0/0).

  • Parameters:
    • gateway (required): Gateway address
    • distance (optional): Administrative distance
    • comment (optional): Description
    • check_gateway (optional): Gateway check method
  • Example:
    mikrotik_add_default_route(gateway="192.168.1.1")
    

mikrotik_add_blackhole_route

Adds a blackhole route.

  • Parameters:
    • dst_address (required): Destination address
    • distance (optional): Administrative distance
    • comment (optional): Description
  • Example:
    mikrotik_add_blackhole_route(dst_address="10.0.0.0/8")
    

mikrotik_get_route_statistics

Gets routing table statistics.

  • Parameters: None
  • Example:
    mikrotik_get_route_statistics()
    

DNS Management

mikrotik_set_dns_servers

Sets DNS server configuration on MikroTik device.

  • Parameters:
    • servers (required): DNS server list
    • allow_remote_requests (optional): Allow remote requests
    • max_udp_packet_size (optional): Max UDP packet size
    • max_concurrent_queries (optional): Max concurrent queries
    • cache_size (optional): Cache size
    • cache_max_ttl (optional): Max cache TTL
    • use_doh (optional): Use DNS over HTTPS
    • doh_server (optional): DoH server URL
    • verify_doh_cert (optional): Verify DoH certificate
  • Example:
    mikrotik_set_dns_servers(servers=["8.8.8.8", "8.8.4.4"], allow_remote_requests=true)
    

mikrotik_get_dns_settings

Gets current DNS configuration.

  • Parameters: None
  • Example:
    mikrotik_get_dns_settings()
    

mikrotik_add_dns_static

Adds a static DNS entry.

  • Parameters:
    • name (required): DNS name
    • address (optional): IP address
    • cname (optional): CNAME record
    • mx_preference (optional): MX preference
    • mx_exchange (optional): MX exchange
    • text (optional): TXT record
    • srv_priority (optional): SRV priority
    • srv_weight (optional): SRV weight
    • srv_port (optional): SRV port
    • srv_target (optional): SRV target
    • ttl (optional): Time to live
    • comment (optional): Description
    • disabled (optional): Disable entry
    • regexp (optional): Regular expression
  • Example:
    mikrotik_add_dns_static(name="router.local", address="192.168.1.1")
    

mikrotik_list_dns_static

Lists static DNS entries.

  • Parameters:
    • name_filter (optional): Filter by name
    • address_filter (optional): Filter by address
    • type_filter (optional): Filter by type
    • disabled_only (optional): Show only disabled entries
    • regexp_only (optional): Show only regexp entries
  • Example:
    mikrotik_list_dns_static()
    

mikrotik_get_dns_static

Gets details of a specific static DNS entry.

  • Parameters:
    • entry_id (required): Entry ID
  • Example:
    mikrotik_get_dns_static(entry_id="*1")
    

mikrotik_update_dns_static

Updates an existing static DNS entry.

  • Parameters:
    • entry_id (required): Entry ID
    • All parameters from add_dns_static (optional)
  • Example:
    mikrotik_update_dns_static(entry_id="*1", address="192.168.1.2")
    

mikrotik_remove_dns_static

Removes a static DNS entry.

  • Parameters:
    • entry_id (required): Entry ID
  • Example:
    mikrotik_remove_dns_static(entry_id="*1")
    

mikrotik_enable_dns_static

Enables a static DNS entry.

  • Parameters:
    • entry_id (required): Entry ID
  • Example:
    mikrotik_enable_dns_static(entry_id="*1")
    

mikrotik_disable_dns_static

Disables a static DNS entry.

  • Parameters:
    • entry_id (required): Entry ID
  • Example:
    mikrotik_disable_dns_static(entry_id="*1")
    

mikrotik_get_dns_cache

Gets the current DNS cache.

  • Parameters: None
  • Example:
    mikrotik_get_dns_cache()
    

mikrotik_flush_dns_cache

Flushes the DNS cache.

  • Parameters: None
  • Example:
    mikrotik_flush_dns_cache()
    

mikrotik_get_dns_cache_statistics

Gets DNS cache statistics.

  • Parameters: None
  • Example:
    mikrotik_get_dns_cache_statistics()
    

mikrotik_add_dns_regexp

Adds a DNS regexp entry for pattern matching.

  • Parameters:
    • regexp (required): Regular expression
    • address (required): IP address
    • ttl (optional): Time to live
    • comment (optional): Description
    • disabled (optional): Disable entry
  • Example:
    mikrotik_add_dns_regexp(regexp="^ad[0-9]*\\.doubleclick\\.net$", address="127.0.0.1")
    

mikrotik_test_dns_query

Tests a DNS query.

  • Parameters:
    • name (required): DNS name to query
    • server (optional): DNS server to use
    • type (optional): Query type
  • Example:
    mikrotik_test_dns_query(name="google.com")
    

mikrotik_export_dns_config

Exports DNS configuration to a file.

  • Parameters:
    • filename (optional): Export filename
  • Example:
    mikrotik_export_dns_config(filename="dns-config.rsc")
    

User Management

mikrotik_add_user

Adds a new user to MikroTik device.

  • Parameters:
    • name (required): Username
    • password (required): Password
    • group (optional): User group
    • address (optional): Allowed address
    • comment (optional): Description
    • disabled (optional): Disable user
  • Example:
    mikrotik_add_user(name="john", password="secure123", group="full")
    

mikrotik_list_users

Lists users on MikroTik device.

  • Parameters:
    • name_filter (optional): Filter by name
    • group_filter (optional): Filter by group
    • disabled_only (optional): Show only disabled users
    • active_only (optional): Show only active users
  • Example:
    mikrotik_list_users(group_filter="full")
    

mikrotik_get_user

Gets detailed information about a specific user.

  • Parameters:
    • name (required): Username
  • Example:
    mikrotik_get_user(name="john")
    

mikrotik_update_user

Updates an existing user on MikroTik device.

  • Parameters:
    • name (required): Current username
    • new_name (optional): New username
    • password (optional): New password
    • group (optional): New group
    • address (optional): New allowed address
    • comment (optional): New description
    • disabled (optional): Enable/disable user
  • Example:
    mikrotik_update_user(name="john", group="read")
    

mikrotik_remove_user

Removes a user from MikroTik device.

  • Parameters:
    • name (required): Username
  • Example:
    mikrotik_remove_user(name="john")
    

mikrotik_disable_user

Disables a user account.

  • Parameters:
    • name (required): Username
  • Example:
    mikrotik_disable_user(name="john")
    

mikrotik_enable_user

Enables a user account.

  • Parameters:
    • name (required): Username
  • Example:
    mikrotik_enable_user(name="john")
    

mikrotik_add_user_group

Adds a new user group to MikroTik device.

  • Parameters:
    • name (required): Group name
    • policy (required): Policy list
    • skin (optional): UI skin
    • comment (optional): Description
  • Example:
    mikrotik_add_user_group(name="operators", policy=["read", "write", "reboot"])
    

mikrotik_list_user_groups

Lists user groups on MikroTik device.

  • Parameters:
    • name_filter (optional): Filter by name
    • policy_filter (optional): Filter by policy
  • Example:
    mikrotik_list_user_groups()
    

mikrotik_get_user_group

Gets detailed information about a specific user group.

  • Parameters:
    • name (required): Group name
  • Example:
    mikrotik_get_user_group(name="operators")
    

mikrotik_update_user_group

Updates an existing user group on MikroTik device.

  • Parameters:
    • name (required): Current group name
    • new_name (optional): New name
    • policy (optional): New policy list
    • skin (optional): New UI skin
    • comment (optional): New description
  • Example:
    mikrotik_update_user_group(name="operators", policy=["read", "write"])
    

mikrotik_remove_user_group

Removes a user group from MikroTik device.

  • Parameters:
    • name (required): Group name
  • Example:
    mikrotik_remove_user_group(name="operators")
    

mikrotik_get_active_users

Gets currently active/logged-in users.

  • Parameters: None
  • Example:
    mikrotik_get_active_users()
    

mikrotik_disconnect_user

Disconnects an active user session.

  • Parameters:
    • user_id (required): User session ID
  • Example:
    mikrotik_disconnect_user(user_id="*1")
    

mikrotik_export_user_config

Exports user configuration to a file.

  • Parameters:
    • filename (optional): Export filename
  • Example:
    mikrotik_export_user_config(filename="users.rsc")
    

mikrotik_set_user_ssh_keys

Sets SSH public keys for a user.

  • Parameters:
    • username (required): Username
    • key_file (required): SSH key filename
  • Example:
    mikrotik_set_user_ssh_keys(username="john", key_file="id_rsa.pub")
    

mikrotik_list_user_ssh_keys

Lists SSH keys for a specific user.

  • Parameters:
    • username (required): Username
  • Example:
    mikrotik_list_user_ssh_keys(username="john")
    

mikrotik_remove_user_ssh_key

Removes an SSH key.

  • Parameters:
    • key_id (required): SSH key ID
  • Example:
    mikrotik_remove_user_ssh_key(key_id="*1")
    

Configuration

Usage with Claude Desktop

Add this to your claude_desktop_config.json:

{
  "mcpServers": {
    "mikrotik": {
      "command": "uvx",
      "args": ["mcp-server-mikrotik", "--host", "<HOST>", "--username", "<USERNAME>", "--password", "<PASSWORD>", "--port", "22"]
    }
  }
}

Inspector

# Run the inspector against the mcp-server-mikrotik
npx @modelcontextprotocol/inspector uvx mcp-server-mikrotik --host <HOST> --username <USERNAME> --password <PASSWORD> --port 22

# Run the inspector against the mcp-config.json
npm install -g @modelcontextprotocol/inspector
cp mcp-config.json.example mcp-config.json
nano mcp-config.json # Edit the values
mcp-inspector --config mcp-config.json --server mikrotik-mcp-server

UV

Here's the new markdown content that you should add after the Inspector section and before the License section:

Usage Examples with mcp-cli

VLAN Interface Operations

# Create a VLAN interface
uv run mcp-cli cmd --server mikrotik --tool mikrotik_create_vlan_interface --tool-args '{"name": "vlan100", "vlan_id": 100, "interface": "ether1", "comment": "Production VLAN"}'

# List all VLANs
uv run mcp-cli cmd --server mikrotik --tool mikrotik_list_vlan_interfaces --tool-args '{}'

# Get specific VLAN details
uv run mcp-cli cmd --server mikrotik --tool mikrotik_get_vlan_interface --tool-args '{"name": "vlan100"}'

# Update VLAN interface
uv run mcp-cli cmd --server mikrotik --tool mikrotik_update_vlan_interface --tool-args '{"name": "vlan100", "comment": "Updated Production VLAN"}'

# Remove VLAN interface
uv run mcp-cli cmd --server mikrotik --tool mikrotik_remove_vlan_interface --tool-args '{"name": "vlan100"}'

IP Address Management

# Add IP address to interface
uv run mcp-cli cmd --server mikrotik --tool mikrotik_add_ip_address --tool-args '{"address": "192.168.100.1/24", "interface": "vlan100", "comment": "Gateway address"}'

# List IP addresses
uv run mcp-cli cmd --server mikrotik --tool mikrotik_list_ip_addresses --tool-args '{"interface_filter": "vlan100"}'

# Get specific IP address
uv run mcp-cli cmd --server mikrotik --tool mikrotik_get_ip_address --tool-args '{"address_id": "*1"}'

# Remove IP address
uv run mcp-cli cmd --server mikrotik --tool mikrotik_remove_ip_address --tool-args '{"address_id": "*1"}'

DHCP Server Configuration

# Create DHCP pool
uv run mcp-cli cmd --server mikrotik --tool mikrotik_create_dhcp_pool --tool-args '{"name": "pool-vlan100", "ranges": "192.168.100.10-192.168.100.200"}'

# Create DHCP network
uv run mcp-cli cmd --server mikrotik --tool mikrotik_create_dhcp_network --tool-args '{"network": "192.168.100.0/24", "gateway": "192.168.100.1", "dns_servers": ["8.8.8.8", "8.8.4.4"]}'

# Create DHCP server
uv run mcp-cli cmd --server mikrotik --tool mikrotik_create_dhcp_server --tool-args '{"name": "dhcp-vlan100", "interface": "vlan100", "address_pool": "pool-vlan100"}'

# List DHCP servers
uv run mcp-cli cmd --server mikrotik --tool mikrotik_list_dhcp_servers --tool-args '{}'

# Get DHCP server details
uv run mcp-cli cmd --server mikrotik --tool mikrotik_get_dhcp_server --tool-args '{"name": "dhcp-vlan100"}'

# Remove DHCP server
uv run mcp-cli cmd --server mikrotik --tool mikrotik_remove_dhcp_server --tool-args '{"name": "dhcp-vlan100"}'

NAT Rule Management

# Create masquerade rule
uv run mcp-cli cmd --server mikrotik --tool mikrotik_create_nat_rule --tool-args '{"chain": "srcnat", "action": "masquerade", "out_interface": "ether1", "comment": "Internet access"}'

# Create port forwarding rule
uv run mcp-cli cmd --server mikrotik --tool mikrotik_create_nat_rule --tool-args '{"chain": "dstnat", "action": "dst-nat", "dst_port": "80", "protocol": "tcp", "to_addresses": "192.168.100.10", "to_ports": "80", "comment": "Web server"}'

# List NAT rules
uv run mcp-cli cmd --server mikrotik --tool mikrotik_list_nat_rules --tool-args '{"chain_filter": "srcnat"}'

# Get NAT rule details
uv run mcp-cli cmd --server mikrotik --tool mikrotik_get_nat_rule --tool-args '{"rule_id": "*1"}'

# Move NAT rule
uv run mcp-cli cmd --server mikrotik --tool mikrotik_move_nat_rule --tool-args '{"rule_id": "*1", "destination": 0}'

# Enable/Disable NAT rule
uv run mcp-cli cmd --server mikrotik --tool mikrotik_disable_nat_rule --tool-args '{"rule_id": "*1"}'
uv run mcp-cli cmd --server mikrotik --tool mikrotik_enable_nat_rule --tool-args '{"rule_id": "*1"}'

# Remove NAT rule
uv run mcp-cli cmd --server mikrotik --tool mikrotik_remove_nat_rule --tool-args '{"rule_id": "*1"}'

IP Pool Management

# Create IP pool
uv run mcp-cli cmd --server mikrotik --tool mikrotik_create_ip_pool --tool-args '{"name": "main-pool", "ranges": "192.168.1.100-192.168.1.200"}'

# List IP pools
uv run mcp-cli cmd --server mikrotik --tool mikrotik_list_ip_pools --tool-args '{"include_used": true}'

# Get IP pool details
uv run mcp-cli cmd --server mikrotik --tool mikrotik_get_ip_pool --tool-args '{"name": "main-pool"}'

# List used addresses in pool
uv run mcp-cli cmd --server mikrotik --tool mikrotik_list_ip_pool_used --tool-args '{"pool_name": "main-pool"}'

# Expand IP pool
uv run mcp-cli cmd --server mikrotik --tool mikrotik_expand_ip_pool --tool-args '{"name": "main-pool", "additional_ranges": "192.168.1.201-192.168.1.250"}'

# Remove IP pool
uv run mcp-cli cmd --server mikrotik --tool mikrotik_remove_ip_pool --tool-args '{"name": "main-pool"}'

Backup and Export

# Create system backup
uv run mcp-cli cmd --server mikrotik --tool mikrotik_create_backup --tool-args '{"name": "full_backup", "include_password": true}'

# Create configuration export
uv run mcp-cli cmd --server mikrotik --tool mikrotik_create_export --tool-args '{"name": "config_export", "file_format": "rsc", "export_type": "full"}'

# Export specific section
uv run mcp-cli cmd --server mikrotik --tool mikrotik_export_section --tool-args '{"section": "/ip/firewall", "name": "firewall_export"}'

# List backups
uv run mcp-cli cmd --server mikrotik --tool mikrotik_list_backups --tool-args '{"include_exports": true}'

# Download file
uv run mcp-cli cmd --server mikrotik --tool mikrotik_download_file --tool-args '{"filename": "full_backup.backup"}'

# Upload file
uv run mcp-cli cmd --server mikrotik --tool mikrotik_upload_file --tool-args '{"filename": "config.rsc", "content_base64": "base64_encoded_content"}'

# Restore backup
uv run mcp-cli cmd --server mikrotik --tool mikrotik_restore_backup --tool-args '{"filename": "full_backup.backup"}'

# Import configuration
uv run mcp-cli cmd --server mikrotik --tool mikrotik_import_configuration --tool-args '{"filename": "config.rsc"}'

# Remove file
uv run mcp-cli cmd --server mikrotik --tool mikrotik_remove_file --tool-args '{"filename": "old_backup.backup"}'

Log Management

# Get logs
uv run mcp-cli cmd --server mikrotik --tool mikrotik_get_logs --tool-args '{"topics": "firewall", "limit": 100}'

# Get logs by severity
uv run mcp-cli cmd --server mikrotik --tool mikrotik_get_logs_by_severity --tool-args '{"severity": "error", "limit": 50}'

# Search logs
uv run mcp-cli cmd --server mikrotik --tool mikrotik_search_logs --tool-args '{"search_term": "login failed", "case_sensitive": false}'

# Get security logs
uv run mcp-cli cmd --server mikrotik --tool mikrotik_get_security_logs --tool-args '{"limit": 100}'

# Get log statistics
uv run mcp-cli cmd --server mikrotik --tool mikrotik_get_log_statistics --tool-args '{}'

# Export logs
uv run mcp-cli cmd --server mikrotik --tool mikrotik_export_logs --tool-args '{"filename": "firewall_logs", "topics": "firewall", "format": "csv"}'

# Monitor logs
uv run mcp-cli cmd --server mikrotik --tool mikrotik_monitor_logs --tool-args '{"topics": "firewall", "duration": 30}'

# Clear logs
uv run mcp-cli cmd --server mikrotik --tool mikrotik_clear_logs --tool-args '{}'

Firewall Filter Rules

# Create basic firewall rules
uv run mcp-cli cmd --server mikrotik --tool mikrotik_create_filter_rule --tool-args '{"chain": "input", "action": "accept", "connection_state": "established,related", "comment": "Accept established"}'
uv run mcp-cli cmd --server mikrotik --tool mikrotik_create_filter_rule --tool-args '{"chain": "input", "action": "drop", "connection_state": "invalid", "comment": "Drop invalid"}'
uv run mcp-cli cmd --server mikrotik --tool mikrotik_create_filter_rule --tool-args '{"chain": "input", "action": "accept", "protocol": "icmp", "comment": "Accept ICMP"}'

# List firewall rules
uv run mcp-cli cmd --server mikrotik --tool mikrotik_list_filter_rules --tool-args '{"chain_filter": "input"}'

# Get firewall rule details
uv run mcp-cli cmd --server mikrotik --tool mikrotik_get_filter_rule --tool-args '{"rule_id": "*1"}'

# Move firewall rule
uv run mcp-cli cmd --server mikrotik --tool mikrotik_move_filter_rule --tool-args '{"rule_id": "*1", "destination": 0}'

# Enable/Disable firewall rule
uv run mcp-cli cmd --server mikrotik --tool mikrotik_disable_filter_rule --tool-args '{"rule_id": "*1"}'
uv run mcp-cli cmd --server mikrotik --tool mikrotik_enable_filter_rule --tool-args '{"rule_id": "*1"}'

# Create basic firewall setup
uv run mcp-cli cmd --server mikrotik --tool mikrotik_create_basic_firewall_setup --tool-args '{}'

# Remove firewall rule
uv run mcp-cli cmd --server mikrotik --tool mikrotik_remove_filter_rule --tool-args '{"rule_id": "*1"}'

Route Management

# Add route
uv run mcp-cli cmd --server mikrotik --tool mikrotik_add_route --tool-args '{"dst_address": "10.0.0.0/8", "gateway": "192.168.1.1", "comment": "Corporate network"}'

# Add default route
uv run mcp-cli cmd --server mikrotik --tool mikrotik_add_default_route --tool-args '{"gateway": "192.168.1.1", "distance": 1}'

# Add blackhole route
uv run mcp-cli cmd --server mikrotik --tool mikrotik_add_blackhole_route --tool-args '{"dst_address": "192.168.99.0/24", "comment": "Block subnet"}'

# List routes
uv run mcp-cli cmd --server mikrotik --tool mikrotik_list_routes --tool-args '{"active_only": true}'

# Get route details
uv run mcp-cli cmd --server mikrotik --tool mikrotik_get_route --tool-args '{"route_id": "*1"}'

# Check route path
uv run mcp-cli cmd --server mikrotik --tool mikrotik_check_route_path --tool-args '{"destination": "8.8.8.8"}'

# Get routing table
uv run mcp-cli cmd --server mikrotik --tool mikrotik_get_routing_table --tool-args '{"table_name": "main"}'

# Get route statistics
uv run mcp-cli cmd --server mikrotik --tool mikrotik_get_route_statistics --tool-args '{}'

# Enable/Disable route
uv run mcp-cli cmd --server mikrotik --tool mikrotik_disable_route --tool-args '{"route_id": "*1"}'
uv run mcp-cli cmd --server mikrotik --tool mikrotik_enable_route --tool-args '{"route_id": "*1"}'

# Remove route
uv run mcp-cli cmd --server mikrotik --tool mikrotik_remove_route --tool-args '{"route_id": "*1"}'

DNS Configuration

# Set DNS servers
uv run mcp-cli cmd --server mikrotik --tool mikrotik_set_dns_servers --tool-args '{"servers": ["8.8.8.8", "8.8.4.4"], "allow_remote_requests": true}'

# Get DNS settings
uv run mcp-cli cmd --server mikrotik --tool mikrotik_get_dns_settings --tool-args '{}'

# Add static DNS entry
uv run mcp-cli cmd --server mikrotik --tool mikrotik_add_dns_static --tool-args '{"name": "router.local", "address": "192.168.1.1", "comment": "Local router"}'

# Add CNAME record
uv run mcp-cli cmd --server mikrotik --tool mikrotik_add_dns_static --tool-args '{"name": "www.example.com", "cname": "example.com"}'

# List static DNS entries
uv run mcp-cli cmd --server mikrotik --tool mikrotik_list_dns_static --tool-args '{"name_filter": "local"}'

# Update DNS entry
uv run mcp-cli cmd --server mikrotik --tool mikrotik_update_dns_static --tool-args '{"entry_id": "*1", "address": "192.168.1.2"}'

# Add DNS regexp
uv run mcp-cli cmd --server mikrotik --tool mikrotik_add_dns_regexp --tool-args '{"regexp": ".*\\.ads\\..*", "address": "0.0.0.0", "comment": "Block ads"}'

# Test DNS query
uv run mcp-cli cmd --server mikrotik --tool mikrotik_test_dns_query --tool-args '{"name": "google.com"}'

# Get DNS cache
uv run mcp-cli cmd --server mikrotik --tool mikrotik_get_dns_cache --tool-args '{}'

# Flush DNS cache
uv run mcp-cli cmd --server mikrotik --tool mikrotik_flush_dns_cache --tool-args '{}'

# Export DNS config
uv run mcp-cli cmd --server mikrotik --tool mikrotik_export_dns_config --tool-args '{"filename": "dns_config"}'

# Remove DNS entry
uv run mcp-cli cmd --server mikrotik --tool mikrotik_remove_dns_static --tool-args '{"entry_id": "*1"}'

User Management

# Add user
uv run mcp-cli cmd --server mikrotik --tool mikrotik_add_user --tool-args '{"name": "newuser", "password": "SecurePass123", "group": "write", "comment": "New operator"}'

# List users
uv run mcp-cli cmd --server mikrotik --tool mikrotik_list_users --tool-args '{"group_filter": "write"}'

# Get user details
uv run mcp-cli cmd --server mikrotik --tool mikrotik_get_user --tool-args '{"name": "newuser"}'

# Update user
uv run mcp-cli cmd --server mikrotik --tool mikrotik_update_user --tool-args '{"name": "newuser", "password": "NewSecurePass456"}'

# Enable/Disable user
uv run mcp-cli cmd --server mikrotik --tool mikrotik_disable_user --tool-args '{"name": "newuser"}'
uv run mcp-cli cmd --server mikrotik --tool mikrotik_enable_user --tool-args '{"name": "newuser"}'

# Add user group
uv run mcp-cli cmd --server mikrotik --tool mikrotik_add_user_group --tool-args '{"name": "operators", "policy": ["read", "write", "test"], "comment": "Operator group"}'

# List user groups
uv run mcp-cli cmd --server mikrotik --tool mikrotik_list_user_groups --tool-args '{}'

# Get active users
uv run mcp-cli cmd --server mikrotik --tool mikrotik_get_active_users --tool-args '{}'

# Export user config
uv run mcp-cli cmd --server mikrotik --tool mikrotik_export_user_config --tool-args '{"filename": "user_config"}'

# Remove user
uv run mcp-cli cmd --server mikrotik --tool mikrotik_remove_user --tool-args '{"name": "newuser"}'

Setting Up a New Network Segment

# Create VLAN
uv run mcp-cli cmd --server mikrotik --tool mikrotik_create_vlan_interface --tool-args '{"name": "vlan200", "vlan_id": 200, "interface": "ether1", "comment": "Guest Network"}'

# Add IP address
uv run mcp-cli cmd --server mikrotik --tool mikrotik_add_ip_address --tool-args '{"address": "192.168.200.1/24", "interface": "vlan200"}'

# Create DHCP pool
uv run mcp-cli cmd --server mikrotik --tool mikrotik_create_dhcp_pool --tool-args '{"name": "pool-200", "ranges": "192.168.200.10-192.168.200.100"}'

# Create DHCP network
uv run mcp-cli cmd --server mikrotik --tool mikrotik_create_dhcp_network --tool-args '{"network": "192.168.200.0/24", "gateway": "192.168.200.1", "dns_servers": ["8.8.8.8", "8.8.4.4"]}'

# Create DHCP server
uv run mcp-cli cmd --server mikrotik --tool mikrotik_create_dhcp_server --tool-args '{"name": "dhcp-200", "interface": "vlan200", "address_pool": "pool-200"}'

# Create NAT rule
uv run mcp-cli cmd --server mikrotik --tool mikrotik_create_nat_rule --tool-args '{"chain": "srcnat", "action": "masquerade", "out_interface": "ether1", "comment": "Internet access for VLAN 200"}'

Port Forwarding Setup

# Forward HTTP traffic
uv run mcp-cli cmd --server mikrotik --tool mikrotik_create_nat_rule --tool-args '{"chain": "dstnat", "action": "dst-nat", "dst_address": "203.0.113.1", "dst_port": "80", "protocol": "tcp", "to_addresses": "192.168.100.10", "to_ports": "80", "comment": "Web server"}'

# Forward HTTPS traffic
uv run mcp-cli cmd --server mikrotik --tool mikrotik_create_nat_rule --tool-args '{"chain": "dstnat", "action": "dst-nat", "dst_address": "203.0.113.1", "dst_port": "443", "protocol": "tcp", "to_addresses": "192.168.100.10", "to_ports": "443", "comment": "HTTPS server"}'

# Forward custom SSH port
uv run mcp-cli cmd --server mikrotik --tool mikrotik_create_nat_rule --tool-args '{"chain": "dstnat", "action": "dst-nat", "dst_address": "203.0.113.1", "dst_port": "2222", "protocol": "tcp", "to_addresses": "192.168.100.10", "to_ports": "22", "comment": "SSH server"}'

Backup and Restore Process

# Create backup user
uv run mcp-cli cmd --server mikrotik --tool mikrotik_add_user --tool-args '{"name": "backup_user", "password": "BackupPass123", "group": "read", "comment": "Backup account"}'

# Create full backup
uv run mcp-cli cmd --server mikrotik --tool mikrotik_create_backup --tool-args '{"name": "daily_backup", "include_password": true}'

# Export configuration
uv run mcp-cli cmd --server mikrotik --tool mikrotik_create_export --tool-args '{"name": "config_export", "file_format": "rsc", "export_type": "full"}'

# Export firewall rules
uv run mcp-cli cmd --server mikrotik --tool mikrotik_export_section --tool-args '{"section": "/ip/firewall/filter", "name": "firewall_backup"}'

# Export NAT rules
uv run mcp-cli cmd --server mikrotik --tool mikrotik_export_section --tool-args '{"section": "/ip/firewall/nat", "name": "nat_backup"}'

Create Wireless Interface

# Create basic AP interface
uv run mcp-cli cmd --server mikrotik --tool mikrotik_create_wireless_interface --tool-args '{"name": "wlan1", "radio_name": "wlan1", "mode": "ap-bridge", "ssid": "MyNetwork", "comment": "Main WiFi Network"}'

# Create station interface
uv run mcp-cli cmd --server mikrotik --tool mikrotik_create_wireless_interface --tool-args '{"name": "wlan-sta", "radio_name": "wlan2", "mode": "station", "ssid": "UpstreamWiFi"}'

# Create with specific frequency and band
uv run mcp-cli cmd --server mikrotik --tool mikrotik_create_wireless_interface --tool-args '{"name": "wlan-5g", "radio_name": "wlan1", "mode": "ap-bridge", "ssid": "MyNetwork-5G", "frequency": "5180", "band": "5ghz-a/n/ac", "channel_width": "80mhz"}'

List and Manage Wireless Interfaces

# List all wireless interfaces
uv run mcp-cli cmd --server mikrotik --tool mikrotik_list_wireless_interfaces --tool-args '{}'

# List only AP interfaces
uv run mcp-cli cmd --server mikrotik --tool mikrotik_list_wireless_interfaces --tool-args '{"mode_filter": "ap-bridge"}'

# List only running interfaces
uv run mcp-cli cmd --server mikrotik --tool mikrotik_list_wireless_interfaces --tool-args '{"running_only": true}'

# Get specific interface details
uv run mcp-cli cmd --server mikrotik --tool mikrotik_get_wireless_interface --tool-args '{"name": "wlan1"}'

# Update wireless interface
uv run mcp-cli cmd --server mikrotik --tool mikrotik_update_wireless_interface --tool-args '{"name": "wlan1", "ssid": "UpdatedNetworkName", "comment": "Updated main network"}'

# Enable/Disable wireless interface
uv run mcp-cli cmd --server mikrotik --tool mikrotik_disable_wireless_interface --tool-args '{"name": "wlan1"}'
uv run mcp-cli cmd --server mikrotik --tool mikrotik_enable_wireless_interface --tool-args '{"name": "wlan1"}'

# Remove wireless interface
uv run mcp-cli cmd --server mikrotik --tool mikrotik_remove_wireless_interface --tool-args '{"name": "wlan-guest"}'

Wireless Security Profile Management

Create Security Profiles

# Create WPA2-PSK security profile
uv run mcp-cli cmd --server mikrotik --tool mikrotik_create_wireless_security_profile --tool-args '{"name": "wpa2-security", "mode": "dynamic-keys", "authentication_types": ["wpa2-psk"], "unicast_ciphers": ["aes-ccm"], "group_ciphers": ["aes-ccm"], "wpa2_pre_shared_key": "SecurePassword123"}'

# Create mixed WPA/WPA2 profile
uv run mcp-cli cmd --server mikrotik --tool mikrotik_create_wireless_security_profile --tool-args '{"name": "mixed-security", "mode": "dynamic-keys", "authentication_types": ["wpa-psk", "wpa2-psk"], "unicast_ciphers": ["tkip", "aes-ccm"], "group_ciphers": ["tkip"], "wpa_pre_shared_key": "Password123", "wpa2_pre_shared_key": "Password123"}'

# Create WPA2-Enterprise profile
uv run mcp-cli cmd --server mikrotik --tool mikrotik_create_wireless_security_profile --tool-args '{"name": "enterprise-security", "mode": "dynamic-keys", "authentication_types": ["wpa2-eap"], "unicast_ciphers": ["aes-ccm"], "group_ciphers": ["aes-ccm"], "eap_methods": "peap,tls"}'

# Create open network profile
uv run mcp-cli cmd --server mikrotik --tool mikrotik_create_wireless_security_profile --tool-args '{"name": "open-network", "mode": "none", "comment": "Guest network - no security"}'

Manage Security Profiles

# List all security profiles
uv run mcp-cli cmd --server mikrotik --tool mikrotik_list_wireless_security_profiles --tool-args '{}'

# List WPA2 profiles only
uv run mcp-cli cmd --server mikrotik --tool mikrotik_list_wireless_security_profiles --tool-args '{"mode_filter": "dynamic-keys"}'

# Get specific profile details
uv run mcp-cli cmd --server mikrotik --tool mikrotik_get_wireless_security_profile --tool-args '{"name": "wpa2-security"}'

# Apply security profile to interface
uv run mcp-cli cmd --server mikrotik --tool mikrotik_set_wireless_security_profile --tool-args '{"interface_name": "wlan1", "security_profile": "wpa2-security"}'

# Remove security profile
uv run mcp-cli cmd --server mikrotik --tool mikrotik_remove_wireless_security_profile --tool-args '{"name": "old-profile"}'

Wireless Network Operations

Network Scanning and Monitoring

# Scan for available networks
uv run mcp-cli cmd --server mikrotik --tool mikrotik_scan_wireless_networks --tool-args '{"interface": "wlan1", "duration": 10}'

# Quick scan (5 seconds)
uv run mcp-cli cmd --server mikrotik --tool mikrotik_scan_wireless_networks --tool-args '{"interface": "wlan2"}'

# Get connected clients (all interfaces)
uv run mcp-cli cmd --server mikrotik --tool mikrotik_get_wireless_registration_table --tool-args '{}'

# Get clients for specific interface
uv run mcp-cli cmd --server mikrotik --tool mikrotik_get_wireless_registration_table --tool-args '{"interface": "wlan1"}'

Wireless Access List Management

Create Access List Entries

# Allow specific MAC address
uv run mcp-cli cmd --server mikrotik --tool mikrotik_create_wireless_access_list --tool-args '{"interface": "wlan1", "mac_address": "AA:BB:CC:DD:EE:FF", "action": "accept", "comment": "Trusted device"}'

# Block specific MAC address
uv run mcp-cli cmd --server mikrotik --tool mikrotik_create_wireless_access_list --tool-args '{"interface": "wlan1", "mac_address": "11:22:33:44:55:66", "action": "reject", "comment": "Blocked device"}'

# Allow with signal strength requirement
uv run mcp-cli cmd --server mikrotik --tool mikrotik_create_wireless_access_list --tool-args '{"interface": "wlan1", "mac_address": "AA:BB:CC:DD:EE:FF", "action": "accept", "signal_range": "-80..-50", "comment": "Strong signal only"}'

# Time-based access control
uv run mcp-cli cmd --server mikrotik --tool mikrotik_create_wireless_access_list --tool-args '{"interface": "wlan1", "mac_address": "AA:BB:CC:DD:EE:FF", "action": "accept", "time": "8h-18h,mon,tue,wed,thu,fri", "comment": "Work hours only"}'

Manage Access Lists

# List all access list entries
uv run mcp-cli cmd --server mikrotik --tool mikrotik_list_wireless_access_list --tool-args '{}'

# List entries for specific interface
uv run mcp-cli cmd --server mikrotik --tool mikrotik_list_wireless_access_list --tool-args '{"interface_filter": "wlan1"}'

# List only blocked entries
uv run mcp-cli cmd --server mikrotik --tool mikrotik_list_wireless_access_list --tool-args '{"action_filter": "reject"}'

# Remove access list entry
uv run mcp-cli cmd --server mikrotik --tool mikrotik_remove_wireless_access_list_entry --tool-args '{"entry_id": "*1"}'

Complete WiFi Network Setup Examples

Basic Home Network Setup

# 1. Create security profile
uv run mcp-cli cmd --server mikrotik --tool mikrotik_create_wireless_security_profile --tool-args '{"name": "home-security", "mode": "dynamic-keys", "authentication_types": ["wpa2-psk"], "unicast_ciphers": ["aes-ccm"], "group_ciphers": ["aes-ccm"], "wpa2_pre_shared_key": "MyHomePassword123"}'

# 2. Create wireless interface
uv run mcp-cli cmd --server mikrotik --tool mikrotik_create_wireless_interface --tool-args '{"name": "home-wifi", "radio_name": "wlan1", "mode": "ap-bridge", "ssid": "HomeNetwork", "band": "2ghz-b/g/n", "comment": "Main home network"}'

# 3. Apply security profile
uv run mcp-cli cmd --server mikrotik --tool mikrotik_set_wireless_security_profile --tool-args '{"interface_name": "home-wifi", "security_profile": "home-security"}'

# 4. Enable the interface
uv run mcp-cli cmd --server mikrotik --tool mikrotik_enable_wireless_interface --tool-args '{"name": "home-wifi"}'

Guest Network Setup

# 1. Create open security profile for guests
uv run mcp-cli cmd --server mikrotik --tool mikrotik_create_wireless_security_profile --tool-args '{"name": "guest-open", "mode": "none", "comment": "Open guest network"}'

# 2. Create guest wireless interface
uv run mcp-cli cmd --server mikrotik --tool mikrotik_create_wireless_interface --tool-args '{"name": "guest-wifi", "radio_name": "wlan1", "mode": "ap-bridge", "ssid": "GuestNetwork", "comment": "Guest access network"}'

# 3. Apply open security profile
uv run mcp-cli cmd --server mikrotik --tool mikrotik_set_wireless_security_profile --tool-args '{"interface_name": "guest-wifi", "security_profile": "guest-open"}'

# 4. Enable guest network
uv run mcp-cli cmd --server mikrotik --tool mikrotik_enable_wireless_interface --tool-args '{"name": "guest-wifi"}'

Enterprise Network Setup

# 1. Create WPA2-Enterprise security profile
uv run mcp-cli cmd --server mikrotik --tool mikrotik_create_wireless_security_profile --tool-args '{"name": "corp-security", "mode": "dynamic-keys", "authentication_types": ["wpa2-eap"], "unicast_ciphers": ["aes-ccm"], "group_ciphers": ["aes-ccm"], "eap_methods": "peap", "comment": "Corporate WPA2-Enterprise"}'

# 2. Create corporate wireless interface
uv run mcp-cli cmd --server mikrotik --tool mikrotik_create_wireless_interface --tool-args '{"name": "corp-wifi", "radio_name": "wlan1", "mode": "ap-bridge", "ssid": "CorpNetwork", "band": "5ghz-a/n/ac", "channel_width": "80mhz", "comment": "Corporate network"}'

# 3. Apply enterprise security
uv run mcp-cli cmd --server mikrotik --tool mikrotik_set_wireless_security_profile --tool-args '{"interface_name": "corp-wifi", "security_profile": "corp-security"}'

# 4. Create access control for specific devices
uv run mcp-cli cmd --server mikrotik --tool mikrotik_create_wireless_access_list --tool-args '{"interface": "corp-wifi", "mac_address": "00:11:22:33:44:55", "action": "accept", "comment": "Corporate laptop"}'

Dual-Band Setup (2.4GHz + 5GHz)

# 1. Create security profile
uv run mcp-cli cmd --server mikrotik --tool mikrotik_create_wireless_security_profile --tool-args '{"name": "dual-band-security", "mode": "dynamic-keys", "authentication_types": ["wpa2-psk"], "unicast_ciphers": ["aes-ccm"], "group_ciphers": ["aes-ccm"], "wpa2_pre_shared_key": "DualBandPassword123"}'

# 2. Create 2.4GHz interface
uv run mcp-cli cmd --server mikrotik --tool mikrotik_create_wireless_interface --tool-args '{"name": "wifi-2g", "radio_name": "wlan1", "mode": "ap-bridge", "ssid": "MyNetwork", "band": "2ghz-b/g/n", "channel_width": "20mhz", "comment": "2.4GHz network"}'

# 3. Create 5GHz interface  
uv run mcp-cli cmd --server mikrotik --tool mikrotik_create_wireless_interface --tool-args '{"name": "wifi-5g", "radio_name": "wlan2", "mode": "ap-bridge", "ssid": "MyNetwork-5G", "band": "5ghz-a/n/ac", "channel_width": "80mhz", "comment": "5GHz network"}'

# 4. Apply security to both interfaces
uv run mcp-cli cmd --server mikrotik --tool mikrotik_set_wireless_security_profile --tool-args '{"interface_name": "wifi-2g", "security_profile": "dual-band-security"}'
uv run mcp-cli cmd --server mikrotik --tool mikrotik_set_wireless_security_profile --tool-args '{"interface_name": "wifi-5g", "security_profile": "dual-band-security"}'

# 5. Enable both interfaces
uv run mcp-cli cmd --server mikrotik --tool mikrotik_enable_wireless_interface --tool-args '{"name": "wifi-2g"}'
uv run mcp-cli cmd --server mikrotik --tool mikrotik_enable_wireless_interface --tool-args '{"name": "wifi-5g"}'

Point-to-Point Wireless Link

# On first device (Station)
uv run mcp-cli cmd --server mikrotik --tool mikrotik_create_wireless_interface --tool-args '{"name": "p2p-station", "radio_name": "wlan1", "mode": "station", "ssid": "P2P-Link", "frequency": "5180", "band": "5ghz-a/n"}'

# On second device (AP)  
uv run mcp-cli cmd --server mikrotik --tool mikrotik_create_wireless_interface --tool-args '{"name": "p2p-ap", "radio_name": "wlan1", "mode": "ap-bridge", "ssid": "P2P-Link", "frequency": "5180", "band": "5ghz-a/n"}'

# Create security for P2P link
uv run mcp-cli cmd --server mikrotik --tool mikrotik_create_wireless_security_profile --tool-args '{"name": "p2p-security", "mode": "dynamic-keys", "authentication_types": ["wpa2-psk"], "unicast_ciphers": ["aes-ccm"], "group_ciphers": ["aes-ccm"], "wpa2_pre_shared_key": "P2PLinkPassword123"}'

# Apply security to both ends
uv run mcp-cli cmd --server mikrotik --tool mikrotik_set_wireless_security_profile --tool-args '{"interface_name": "p2p-station", "security_profile": "p2p-security"}'
uv run mcp-cli cmd --server mikrotik --tool mikrotik_set_wireless_security_profile --tool-args '{"interface_name": "p2p-ap", "security_profile": "p2p-security"}'

Monitoring and Troubleshooting

Network Analysis

# Scan for interference and available channels
uv run mcp-cli cmd --server mikrotik --tool mikrotik_scan_wireless_networks --tool-args '{"interface": "wlan1", "duration": 30}'

# Monitor connected clients
uv run mcp-cli cmd --server mikrotik --tool mikrotik_get_wireless_registration_table --tool-args '{"interface": "wlan1"}'

# Check interface status
uv run mcp-cli cmd --server mikrotik --tool mikrotik_get_wireless_interface --tool-args '{"name": "wlan1"}'

# List all wireless configurations
uv run mcp-cli cmd --server mikrotik --tool mikrotik_list_wireless_interfaces --tool-args '{}'
uv run mcp-cli cmd --server mikrotik --tool mikrotik_list_wireless_security_profiles --tool-args '{}'
uv run mcp-cli cmd --server mikrotik --tool mikrotik_list_wireless_access_list --tool-args '{}'

Maintenance Operations

# Disable interface for maintenance
uv run mcp-cli cmd --server mikrotik --tool mikrotik_disable_wireless_interface --tool-args '{"name": "wlan1"}'

# Update configuration
uv run mcp-cli cmd --server mikrotik --tool mikrotik_update_wireless_interface --tool-args '{"name": "wlan1", "channel_width": "40mhz", "comment": "Updated for better performance"}'

# Re-enable interface
uv run mcp-cli cmd --server mikrotik --tool mikrotik_enable_wireless_interface --tool-args '{"name": "wlan1"}'

# Clean up unused profiles
uv run mcp-cli cmd --server mikrotik --tool mikrotik_remove_wireless_security_profile --tool-args '{"name": "old-profile"}'

Using MCPO with MikroTik MCP Server

This guide shows how to expose your MikroTik MCP server as a RESTful API using MCPO (MCP-to-OpenAPI proxy).

Prerequisites

  • Python 3.8+
  • MikroTik MCP server already set up
  • uv package manager (recommended) or pip

Installation

Install MCPO using one of these methods:

# Option 1: Using uvx (recommended - no installation needed)
uvx mcpo --help

# Option 2: Using pip
pip install mcpo

Configuration

Create a mcp-config.json file in your project directory:

{
  "mcpServers": {
    "mikrotik-mcp-server": {
      "command": "python",
      "args": [
        "src/mcp_mikrotik/server.py",
        "--password", "admin",
        "--host", "192.168.1.1",
        "--port", "22",
        "--username", "admin"
      ],
      "env": {}
    }
  }
}

Note: Adjust the MikroTik connection parameters (host, username, password, port) according to your setup.

Starting the MCPO Server

# Start MCPO with API key authentication
uvx mcpo --port 8000 --api-key "your-secret-key" --config ./mcp-config.json

# Or without authentication (not recommended for production)
uvx mcpo --port 8000 --config ./mcp-config.json

The server will start and display:

  • Server running on http://0.0.0.0:8000
  • Interactive API docs available at http://localhost:8000/docs

cURL Examples

List IP Addresses:

curl -X POST http://localhost:8000/mikrotik-mcp-server/mikrotik_list_ip_addresses \
  -H "Authorization: Bearer your-secret-key" \
  -H "Content-Type: application/json" \
  -d '{}'

License

This MCP server is licensed under the MIT License. This means you are free to use, modify, and distribute the software, subject to the terms and conditions of the MIT License. For more details, please see the LICENSE file in the project repository.

About

MCP server for Mikrotik

Resources

License

Contributing

Stars

Watchers

Forks

Packages

No packages published

Contributors 5

Languages