MikroTik MCP provides a bridge between AI assistants and MikroTik RouterOS devices. It allows AI assistants to interact with MikroTik routers through natural language requests, executing commands like managing VLANs, configuring firewall rules, handling DNS settings, and more.
mcp-mikrotik-claude.mp4
mcp-mikrotik-inspector.mp4
- Python 3.8+
- MikroTik RouterOS device with API access enabled
- Python dependencies (routeros-api or similar)
# Clone the repository
git clone https://github.com/jeff-nasseri/mikrotik-mcp/tree/master
cd mcp-mikrotik
# Create virtual environment
python -m venv .venv
source .venv/bin/activate # On Windows: .venv\Scripts\activate
# Install dependencies
pip install -e .
# Run the server
mcp-server-mikrotikHere are the available tools in the MikroTik MCP server:
Creates a VLAN interface on MikroTik device.
- Parameters:
name(required): VLAN interface namevlan_id(required): VLAN ID (1-4094)interface(required): Parent interfacecomment(optional): Descriptiondisabled(optional): Disable interfacemtu(optional): MTU sizeuse_service_tag(optional): Use service tagarp(optional): ARP modearp_timeout(optional): ARP timeout
- Example:
mikrotik_create_vlan_interface(name="vlan100", vlan_id=100, interface="ether1")
Lists VLAN interfaces on MikroTik device.
- Parameters:
name_filter(optional): Filter by namevlan_id_filter(optional): Filter by VLAN IDinterface_filter(optional): Filter by parent interfacedisabled_only(optional): Show only disabled interfaces
- Example:
mikrotik_list_vlan_interfaces(vlan_id_filter=100)
Gets detailed information about a specific VLAN interface.
- Parameters:
name(required): VLAN interface name
- Example:
mikrotik_get_vlan_interface(name="vlan100")
Updates an existing VLAN interface.
- Parameters:
name(required): Current VLAN interface namenew_name(optional): New namevlan_id(optional): New VLAN IDinterface(optional): New parent interfacecomment(optional): New descriptiondisabled(optional): Enable/disable interfacemtu(optional): New MTU sizeuse_service_tag(optional): Use service tagarp(optional): ARP modearp_timeout(optional): ARP timeout
- Example:
mikrotik_update_vlan_interface(name="vlan100", comment="Production VLAN")
Removes a VLAN interface from MikroTik device.
- Parameters:
name(required): VLAN interface name
- Example:
mikrotik_remove_vlan_interface(name="vlan100")
Adds an IP address to an interface.
- Parameters:
address(required): IP address with CIDR notationinterface(required): Interface namenetwork(optional): Network addressbroadcast(optional): Broadcast addresscomment(optional): Descriptiondisabled(optional): Disable address
- Example:
mikrotik_add_ip_address(address="192.168.1.1/24", interface="vlan100")
Lists IP addresses on MikroTik device.
- Parameters:
interface_filter(optional): Filter by interfaceaddress_filter(optional): Filter by addressnetwork_filter(optional): Filter by networkdisabled_only(optional): Show only disabled addressesdynamic_only(optional): Show only dynamic addresses
- Example:
mikrotik_list_ip_addresses(interface_filter="vlan100")
Gets detailed information about a specific IP address.
- Parameters:
address_id(required): Address ID
- Example:
mikrotik_get_ip_address(address_id="*1")
Removes an IP address from MikroTik device.
- Parameters:
address_id(required): Address ID
- Example:
mikrotik_remove_ip_address(address_id="*1")
Creates a DHCP server on MikroTik device.
- Parameters:
name(required): DHCP server nameinterface(required): Interface to bind tolease_time(optional): Lease time (default: "1d")address_pool(optional): IP pool namedisabled(optional): Disable serverauthoritative(optional): Authoritative modedelay_threshold(optional): Delay thresholdcomment(optional): Description
- Example:
mikrotik_create_dhcp_server(name="dhcp-vlan100", interface="vlan100", address_pool="pool-vlan100")
Lists DHCP servers on MikroTik device.
- Parameters:
name_filter(optional): Filter by nameinterface_filter(optional): Filter by interfacedisabled_only(optional): Show only disabled serversinvalid_only(optional): Show only invalid servers
- Example:
mikrotik_list_dhcp_servers()
Gets detailed information about a specific DHCP server.
- Parameters:
name(required): DHCP server name
- Example:
mikrotik_get_dhcp_server(name="dhcp-vlan100")
Creates a DHCP network configuration.
- Parameters:
network(required): Network addressgateway(required): Gateway addressnetmask(optional): Network maskdns_servers(optional): DNS server listdomain(optional): Domain namewins_servers(optional): WINS server listntp_servers(optional): NTP server listdhcp_option(optional): DHCP optionscomment(optional): Description
- Example:
mikrotik_create_dhcp_network(network="192.168.1.0/24", gateway="192.168.1.1", dns_servers=["8.8.8.8", "8.8.4.4"])
Creates a DHCP address pool.
- Parameters:
name(required): Pool nameranges(required): IP rangesnext_pool(optional): Next pool namecomment(optional): Description
- Example:
mikrotik_create_dhcp_pool(name="pool-vlan100", ranges="192.168.1.10-192.168.1.250")
Removes a DHCP server from MikroTik device.
- Parameters:
name(required): DHCP server name
- Example:
mikrotik_remove_dhcp_server(name="dhcp-vlan100")
Creates a NAT rule on MikroTik device.
- Parameters:
chain(required): Chain type ("srcnat" or "dstnat")action(required): Action typesrc_address(optional): Source addressdst_address(optional): Destination addresssrc_port(optional): Source portdst_port(optional): Destination portprotocol(optional): Protocolin_interface(optional): Input interfaceout_interface(optional): Output interfaceto_addresses(optional): Translation addressesto_ports(optional): Translation portscomment(optional): Descriptiondisabled(optional): Disable rulelog(optional): Enable logginglog_prefix(optional): Log prefixplace_before(optional): Rule placement
- Example:
mikrotik_create_nat_rule(chain="srcnat", action="masquerade", out_interface="ether1")
Lists NAT rules on MikroTik device.
- Parameters:
chain_filter(optional): Filter by chainaction_filter(optional): Filter by actionsrc_address_filter(optional): Filter by source addressdst_address_filter(optional): Filter by destination addressprotocol_filter(optional): Filter by protocolinterface_filter(optional): Filter by interfacedisabled_only(optional): Show only disabled rulesinvalid_only(optional): Show only invalid rules
- Example:
mikrotik_list_nat_rules(chain_filter="srcnat")
Gets detailed information about a specific NAT rule.
- Parameters:
rule_id(required): Rule ID
- Example:
mikrotik_get_nat_rule(rule_id="*1")
Updates an existing NAT rule.
- Parameters:
rule_id(required): Rule ID- All parameters from
create_nat_rule(optional)
- Example:
mikrotik_update_nat_rule(rule_id="*1", comment="Updated NAT rule")
Removes a NAT rule from MikroTik device.
- Parameters:
rule_id(required): Rule ID
- Example:
mikrotik_remove_nat_rule(rule_id="*1")
Moves a NAT rule to a different position.
- Parameters:
rule_id(required): Rule IDdestination(required): New position
- Example:
mikrotik_move_nat_rule(rule_id="*1", destination=0)
Enables a NAT rule.
- Parameters:
rule_id(required): Rule ID
- Example:
mikrotik_enable_nat_rule(rule_id="*1")
Disables a NAT rule.
- Parameters:
rule_id(required): Rule ID
- Example:
mikrotik_disable_nat_rule(rule_id="*1")
Creates an IP pool on MikroTik device.
- Parameters:
name(required): Pool nameranges(required): IP rangesnext_pool(optional): Next pool namecomment(optional): Description
- Example:
mikrotik_create_ip_pool(name="pool1", ranges="192.168.1.100-192.168.1.200")
Lists IP pools on MikroTik device.
- Parameters:
name_filter(optional): Filter by nameranges_filter(optional): Filter by rangesinclude_used(optional): Include used addresses
- Example:
mikrotik_list_ip_pools()
Gets detailed information about a specific IP pool.
- Parameters:
name(required): Pool name
- Example:
mikrotik_get_ip_pool(name="pool1")
Updates an existing IP pool.
- Parameters:
name(required): Current pool namenew_name(optional): New nameranges(optional): New rangesnext_pool(optional): New next poolcomment(optional): New description
- Example:
mikrotik_update_ip_pool(name="pool1", ranges="192.168.1.100-192.168.1.250")
Removes an IP pool from MikroTik device.
- Parameters:
name(required): Pool name
- Example:
mikrotik_remove_ip_pool(name="pool1")
Lists used addresses from IP pools.
- Parameters:
pool_name(optional): Filter by pool nameaddress_filter(optional): Filter by addressmac_filter(optional): Filter by MAC addressinfo_filter(optional): Filter by info
- Example:
mikrotik_list_ip_pool_used(pool_name="pool1")
Expands an existing IP pool by adding more ranges.
- Parameters:
name(required): Pool nameadditional_ranges(required): Additional IP ranges
- Example:
mikrotik_expand_ip_pool(name="pool1", additional_ranges="192.168.1.251-192.168.1.254")
Creates a system backup on MikroTik device.
- Parameters:
name(optional): Backup filenamedont_encrypt(optional): Don't encrypt backupinclude_password(optional): Include passwordscomment(optional): Description
- Example:
mikrotik_create_backup(name="backup-2024-01-01")
Lists backup files on MikroTik device.
- Parameters:
name_filter(optional): Filter by nameinclude_exports(optional): Include export files
- Example:
mikrotik_list_backups()
Creates a configuration export on MikroTik device.
- Parameters:
name(optional): Export filenamefile_format(optional): Format ("rsc", "json", "xml")export_type(optional): Type ("full", "compact", "verbose")hide_sensitive(optional): Hide sensitive dataverbose(optional): Verbose outputcompact(optional): Compact outputcomment(optional): Description
- Example:
mikrotik_create_export(name="config-export", file_format="rsc")
Exports a specific configuration section.
- Parameters:
section(required): Section to exportname(optional): Export filenamehide_sensitive(optional): Hide sensitive datacompact(optional): Compact output
- Example:
mikrotik_export_section(section="/ip/firewall", name="firewall-config")
Downloads a file from MikroTik device.
- Parameters:
filename(required): Filename to downloadfile_type(optional): File type ("backup" or "export")
- Example:
mikrotik_download_file(filename="backup-2024-01-01.backup")
Uploads a file to MikroTik device.
- Parameters:
filename(required): Filenamecontent_base64(required): Base64 encoded content
- Example:
mikrotik_upload_file(filename="config.rsc", content_base64="...")
Restores a system backup on MikroTik device.
- Parameters:
filename(required): Backup filenamepassword(optional): Backup password
- Example:
mikrotik_restore_backup(filename="backup-2024-01-01.backup")
Imports a configuration script file.
- Parameters:
filename(required): Script filenamerun_after_reset(optional): Run after resetverbose(optional): Verbose output
- Example:
mikrotik_import_configuration(filename="config.rsc")
Removes a file from MikroTik device.
- Parameters:
filename(required): Filename to remove
- Example:
mikrotik_remove_file(filename="old-backup.backup")
Gets detailed information about a backup file.
- Parameters:
filename(required): Backup filename
- Example:
mikrotik_backup_info(filename="backup-2024-01-01.backup")
Gets logs from MikroTik device with filtering options.
- Parameters:
topics(optional): Log topicsaction(optional): Log actiontime_filter(optional): Time filtermessage_filter(optional): Message filterprefix_filter(optional): Prefix filterlimit(optional): Result limitfollow(optional): Follow logsprint_as(optional): Output format
- Example:
mikrotik_get_logs(topics="firewall", limit=100)
Gets logs filtered by severity level.
- Parameters:
severity(required): Severity level ("debug", "info", "warning", "error", "critical")time_filter(optional): Time filterlimit(optional): Result limit
- Example:
mikrotik_get_logs_by_severity(severity="error", limit=50)
Gets logs for a specific topic/facility.
- Parameters:
topic(required): Log topictime_filter(optional): Time filterlimit(optional): Result limit
- Example:
mikrotik_get_logs_by_topic(topic="system")
Searches logs for a specific term.
- Parameters:
search_term(required): Search termtime_filter(optional): Time filtercase_sensitive(optional): Case sensitive searchlimit(optional): Result limit
- Example:
mikrotik_search_logs(search_term="login failed")
Gets system-related log events.
- Parameters:
event_type(optional): Event typetime_filter(optional): Time filterlimit(optional): Result limit
- Example:
mikrotik_get_system_events(event_type="reboot")
Gets security-related log entries.
- Parameters:
time_filter(optional): Time filterlimit(optional): Result limit
- Example:
mikrotik_get_security_logs(limit=100)
Clears all logs from MikroTik device.
- Parameters: None
- Example:
mikrotik_clear_logs()
Gets statistics about log entries.
- Parameters: None
- Example:
mikrotik_get_log_statistics()
Exports logs to a file on the MikroTik device.
- Parameters:
filename(optional): Export filenametopics(optional): Log topicstime_filter(optional): Time filterformat(optional): Export format ("plain" or "csv")
- Example:
mikrotik_export_logs(filename="security-logs.txt", topics="firewall")
Monitors logs in real-time for a specified duration.
- Parameters:
topics(optional): Log topicsaction(optional): Log actionduration(optional): Monitor duration in seconds
- Example:
mikrotik_monitor_logs(topics="firewall", duration=30)
Creates a firewall filter rule on MikroTik device.
- Parameters:
chain(required): Chain type ("input", "forward", "output")action(required): Action typesrc_address(optional): Source addressdst_address(optional): Destination addresssrc_port(optional): Source portdst_port(optional): Destination portprotocol(optional): Protocolin_interface(optional): Input interfaceout_interface(optional): Output interfaceconnection_state(optional): Connection stateconnection_nat_state(optional): Connection NAT statesrc_address_list(optional): Source address listdst_address_list(optional): Destination address listlimit(optional): Rate limittcp_flags(optional): TCP flagscomment(optional): Descriptiondisabled(optional): Disable rulelog(optional): Enable logginglog_prefix(optional): Log prefixplace_before(optional): Rule placement
- Example:
mikrotik_create_filter_rule(chain="input", action="accept", protocol="tcp", dst_port="22", src_address="192.168.1.0/24")
Lists firewall filter rules on MikroTik device.
- Parameters:
chain_filter(optional): Filter by chainaction_filter(optional): Filter by actionsrc_address_filter(optional): Filter by source addressdst_address_filter(optional): Filter by destination addressprotocol_filter(optional): Filter by protocolinterface_filter(optional): Filter by interfacedisabled_only(optional): Show only disabled rulesinvalid_only(optional): Show only invalid rulesdynamic_only(optional): Show only dynamic rules
- Example:
mikrotik_list_filter_rules(chain_filter="input")
Gets detailed information about a specific firewall filter rule.
- Parameters:
rule_id(required): Rule ID
- Example:
mikrotik_get_filter_rule(rule_id="*1")
Updates an existing firewall filter rule.
- Parameters:
rule_id(required): Rule ID- All parameters from
create_filter_rule(optional)
- Example:
mikrotik_update_filter_rule(rule_id="*1", comment="Updated rule")
Removes a firewall filter rule from MikroTik device.
- Parameters:
rule_id(required): Rule ID
- Example:
mikrotik_remove_filter_rule(rule_id="*1")
Moves a firewall filter rule to a different position.
- Parameters:
rule_id(required): Rule IDdestination(required): New position
- Example:
mikrotik_move_filter_rule(rule_id="*1", destination=0)
Enables a firewall filter rule.
- Parameters:
rule_id(required): Rule ID
- Example:
mikrotik_enable_filter_rule(rule_id="*1")
Disables a firewall filter rule.
- Parameters:
rule_id(required): Rule ID
- Example:
mikrotik_disable_filter_rule(rule_id="*1")
Creates a basic firewall setup with common security rules.
- Parameters: None
- Example:
mikrotik_create_basic_firewall_setup()
Adds a route to MikroTik routing table.
- Parameters:
dst_address(required): Destination addressgateway(required): Gateway addressdistance(optional): Administrative distancescope(optional): Route scopetarget_scope(optional): Target scoperouting_mark(optional): Routing markcomment(optional): Descriptiondisabled(optional): Disable routevrf_interface(optional): VRF interfacepref_src(optional): Preferred sourcecheck_gateway(optional): Gateway check method
- Example:
mikrotik_add_route(dst_address="10.0.0.0/8", gateway="192.168.1.1")
Lists routes in MikroTik routing table.
- Parameters:
dst_filter(optional): Filter by destinationgateway_filter(optional): Filter by gatewayrouting_mark_filter(optional): Filter by routing markdistance_filter(optional): Filter by distanceactive_only(optional): Show only active routesdisabled_only(optional): Show only disabled routesdynamic_only(optional): Show only dynamic routesstatic_only(optional): Show only static routes
- Example:
mikrotik_list_routes(active_only=true)
Gets detailed information about a specific route.
- Parameters:
route_id(required): Route ID
- Example:
mikrotik_get_route(route_id="*1")
Updates an existing route in MikroTik routing table.
- Parameters:
route_id(required): Route ID- All parameters from
add_route(optional)
- Example:
mikrotik_update_route(route_id="*1", comment="Updated route")
Removes a route from MikroTik routing table.
- Parameters:
route_id(required): Route ID
- Example:
mikrotik_remove_route(route_id="*1")
Enables a route.
- Parameters:
route_id(required): Route ID
- Example:
mikrotik_enable_route(route_id="*1")
Disables a route.
- Parameters:
route_id(required): Route ID
- Example:
mikrotik_disable_route(route_id="*1")
Gets a specific routing table.
- Parameters:
table_name(optional): Table name (default: "main")protocol_filter(optional): Filter by protocolactive_only(optional): Show only active routes
- Example:
mikrotik_get_routing_table(table_name="main")
Checks the route path to a destination.
- Parameters:
destination(required): Destination addresssource(optional): Source addressrouting_mark(optional): Routing mark
- Example:
mikrotik_check_route_path(destination="8.8.8.8")
Gets the route cache.
- Parameters: None
- Example:
mikrotik_get_route_cache()
Flushes the route cache.
- Parameters: None
- Example:
mikrotik_flush_route_cache()
Adds a default route (0.0.0.0/0).
- Parameters:
gateway(required): Gateway addressdistance(optional): Administrative distancecomment(optional): Descriptioncheck_gateway(optional): Gateway check method
- Example:
mikrotik_add_default_route(gateway="192.168.1.1")
Adds a blackhole route.
- Parameters:
dst_address(required): Destination addressdistance(optional): Administrative distancecomment(optional): Description
- Example:
mikrotik_add_blackhole_route(dst_address="10.0.0.0/8")
Gets routing table statistics.
- Parameters: None
- Example:
mikrotik_get_route_statistics()
Sets DNS server configuration on MikroTik device.
- Parameters:
servers(required): DNS server listallow_remote_requests(optional): Allow remote requestsmax_udp_packet_size(optional): Max UDP packet sizemax_concurrent_queries(optional): Max concurrent queriescache_size(optional): Cache sizecache_max_ttl(optional): Max cache TTLuse_doh(optional): Use DNS over HTTPSdoh_server(optional): DoH server URLverify_doh_cert(optional): Verify DoH certificate
- Example:
mikrotik_set_dns_servers(servers=["8.8.8.8", "8.8.4.4"], allow_remote_requests=true)
Gets current DNS configuration.
- Parameters: None
- Example:
mikrotik_get_dns_settings()
Adds a static DNS entry.
- Parameters:
name(required): DNS nameaddress(optional): IP addresscname(optional): CNAME recordmx_preference(optional): MX preferencemx_exchange(optional): MX exchangetext(optional): TXT recordsrv_priority(optional): SRV prioritysrv_weight(optional): SRV weightsrv_port(optional): SRV portsrv_target(optional): SRV targetttl(optional): Time to livecomment(optional): Descriptiondisabled(optional): Disable entryregexp(optional): Regular expression
- Example:
mikrotik_add_dns_static(name="router.local", address="192.168.1.1")
Lists static DNS entries.
- Parameters:
name_filter(optional): Filter by nameaddress_filter(optional): Filter by addresstype_filter(optional): Filter by typedisabled_only(optional): Show only disabled entriesregexp_only(optional): Show only regexp entries
- Example:
mikrotik_list_dns_static()
Gets details of a specific static DNS entry.
- Parameters:
entry_id(required): Entry ID
- Example:
mikrotik_get_dns_static(entry_id="*1")
Updates an existing static DNS entry.
- Parameters:
entry_id(required): Entry ID- All parameters from
add_dns_static(optional)
- Example:
mikrotik_update_dns_static(entry_id="*1", address="192.168.1.2")
Removes a static DNS entry.
- Parameters:
entry_id(required): Entry ID
- Example:
mikrotik_remove_dns_static(entry_id="*1")
Enables a static DNS entry.
- Parameters:
entry_id(required): Entry ID
- Example:
mikrotik_enable_dns_static(entry_id="*1")
Disables a static DNS entry.
- Parameters:
entry_id(required): Entry ID
- Example:
mikrotik_disable_dns_static(entry_id="*1")
Gets the current DNS cache.
- Parameters: None
- Example:
mikrotik_get_dns_cache()
Flushes the DNS cache.
- Parameters: None
- Example:
mikrotik_flush_dns_cache()
Gets DNS cache statistics.
- Parameters: None
- Example:
mikrotik_get_dns_cache_statistics()
Adds a DNS regexp entry for pattern matching.
- Parameters:
regexp(required): Regular expressionaddress(required): IP addressttl(optional): Time to livecomment(optional): Descriptiondisabled(optional): Disable entry
- Example:
mikrotik_add_dns_regexp(regexp="^ad[0-9]*\\.doubleclick\\.net$", address="127.0.0.1")
Tests a DNS query.
- Parameters:
name(required): DNS name to queryserver(optional): DNS server to usetype(optional): Query type
- Example:
mikrotik_test_dns_query(name="google.com")
Exports DNS configuration to a file.
- Parameters:
filename(optional): Export filename
- Example:
mikrotik_export_dns_config(filename="dns-config.rsc")
Adds a new user to MikroTik device.
- Parameters:
name(required): Usernamepassword(required): Passwordgroup(optional): User groupaddress(optional): Allowed addresscomment(optional): Descriptiondisabled(optional): Disable user
- Example:
mikrotik_add_user(name="john", password="secure123", group="full")
Lists users on MikroTik device.
- Parameters:
name_filter(optional): Filter by namegroup_filter(optional): Filter by groupdisabled_only(optional): Show only disabled usersactive_only(optional): Show only active users
- Example:
mikrotik_list_users(group_filter="full")
Gets detailed information about a specific user.
- Parameters:
name(required): Username
- Example:
mikrotik_get_user(name="john")
Updates an existing user on MikroTik device.
- Parameters:
name(required): Current usernamenew_name(optional): New usernamepassword(optional): New passwordgroup(optional): New groupaddress(optional): New allowed addresscomment(optional): New descriptiondisabled(optional): Enable/disable user
- Example:
mikrotik_update_user(name="john", group="read")
Removes a user from MikroTik device.
- Parameters:
name(required): Username
- Example:
mikrotik_remove_user(name="john")
Disables a user account.
- Parameters:
name(required): Username
- Example:
mikrotik_disable_user(name="john")
Enables a user account.
- Parameters:
name(required): Username
- Example:
mikrotik_enable_user(name="john")
Adds a new user group to MikroTik device.
- Parameters:
name(required): Group namepolicy(required): Policy listskin(optional): UI skincomment(optional): Description
- Example:
mikrotik_add_user_group(name="operators", policy=["read", "write", "reboot"])
Lists user groups on MikroTik device.
- Parameters:
name_filter(optional): Filter by namepolicy_filter(optional): Filter by policy
- Example:
mikrotik_list_user_groups()
Gets detailed information about a specific user group.
- Parameters:
name(required): Group name
- Example:
mikrotik_get_user_group(name="operators")
Updates an existing user group on MikroTik device.
- Parameters:
name(required): Current group namenew_name(optional): New namepolicy(optional): New policy listskin(optional): New UI skincomment(optional): New description
- Example:
mikrotik_update_user_group(name="operators", policy=["read", "write"])
Removes a user group from MikroTik device.
- Parameters:
name(required): Group name
- Example:
mikrotik_remove_user_group(name="operators")
Gets currently active/logged-in users.
- Parameters: None
- Example:
mikrotik_get_active_users()
Disconnects an active user session.
- Parameters:
user_id(required): User session ID
- Example:
mikrotik_disconnect_user(user_id="*1")
Exports user configuration to a file.
- Parameters:
filename(optional): Export filename
- Example:
mikrotik_export_user_config(filename="users.rsc")
Sets SSH public keys for a user.
- Parameters:
username(required): Usernamekey_file(required): SSH key filename
- Example:
mikrotik_set_user_ssh_keys(username="john", key_file="id_rsa.pub")
Lists SSH keys for a specific user.
- Parameters:
username(required): Username
- Example:
mikrotik_list_user_ssh_keys(username="john")
Removes an SSH key.
- Parameters:
key_id(required): SSH key ID
- Example:
mikrotik_remove_user_ssh_key(key_id="*1")
Add this to your claude_desktop_config.json:
{
"mcpServers": {
"mikrotik": {
"command": "uvx",
"args": ["mcp-server-mikrotik", "--host", "<HOST>", "--username", "<USERNAME>", "--password", "<PASSWORD>", "--port", "22"]
}
}
}# Run the inspector against the mcp-server-mikrotik
npx @modelcontextprotocol/inspector uvx mcp-server-mikrotik --host <HOST> --username <USERNAME> --password <PASSWORD> --port 22
# Run the inspector against the mcp-config.json
npm install -g @modelcontextprotocol/inspector
cp mcp-config.json.example mcp-config.json
nano mcp-config.json # Edit the values
mcp-inspector --config mcp-config.json --server my-python-serverHere's the new markdown content that you should add after the Inspector section and before the License section:
# Create a VLAN interface
uv run mcp-cli cmd --server mikrotik --tool mikrotik_create_vlan_interface --tool-args '{"name": "vlan100", "vlan_id": 100, "interface": "ether1", "comment": "Production VLAN"}'
# List all VLANs
uv run mcp-cli cmd --server mikrotik --tool mikrotik_list_vlan_interfaces --tool-args '{}'
# Get specific VLAN details
uv run mcp-cli cmd --server mikrotik --tool mikrotik_get_vlan_interface --tool-args '{"name": "vlan100"}'
# Update VLAN interface
uv run mcp-cli cmd --server mikrotik --tool mikrotik_update_vlan_interface --tool-args '{"name": "vlan100", "comment": "Updated Production VLAN"}'
# Remove VLAN interface
uv run mcp-cli cmd --server mikrotik --tool mikrotik_remove_vlan_interface --tool-args '{"name": "vlan100"}'# Add IP address to interface
uv run mcp-cli cmd --server mikrotik --tool mikrotik_add_ip_address --tool-args '{"address": "192.168.100.1/24", "interface": "vlan100", "comment": "Gateway address"}'
# List IP addresses
uv run mcp-cli cmd --server mikrotik --tool mikrotik_list_ip_addresses --tool-args '{"interface_filter": "vlan100"}'
# Get specific IP address
uv run mcp-cli cmd --server mikrotik --tool mikrotik_get_ip_address --tool-args '{"address_id": "*1"}'
# Remove IP address
uv run mcp-cli cmd --server mikrotik --tool mikrotik_remove_ip_address --tool-args '{"address_id": "*1"}'# Create DHCP pool
uv run mcp-cli cmd --server mikrotik --tool mikrotik_create_dhcp_pool --tool-args '{"name": "pool-vlan100", "ranges": "192.168.100.10-192.168.100.200"}'
# Create DHCP network
uv run mcp-cli cmd --server mikrotik --tool mikrotik_create_dhcp_network --tool-args '{"network": "192.168.100.0/24", "gateway": "192.168.100.1", "dns_servers": ["8.8.8.8", "8.8.4.4"]}'
# Create DHCP server
uv run mcp-cli cmd --server mikrotik --tool mikrotik_create_dhcp_server --tool-args '{"name": "dhcp-vlan100", "interface": "vlan100", "address_pool": "pool-vlan100"}'
# List DHCP servers
uv run mcp-cli cmd --server mikrotik --tool mikrotik_list_dhcp_servers --tool-args '{}'
# Get DHCP server details
uv run mcp-cli cmd --server mikrotik --tool mikrotik_get_dhcp_server --tool-args '{"name": "dhcp-vlan100"}'
# Remove DHCP server
uv run mcp-cli cmd --server mikrotik --tool mikrotik_remove_dhcp_server --tool-args '{"name": "dhcp-vlan100"}'# Create masquerade rule
uv run mcp-cli cmd --server mikrotik --tool mikrotik_create_nat_rule --tool-args '{"chain": "srcnat", "action": "masquerade", "out_interface": "ether1", "comment": "Internet access"}'
# Create port forwarding rule
uv run mcp-cli cmd --server mikrotik --tool mikrotik_create_nat_rule --tool-args '{"chain": "dstnat", "action": "dst-nat", "dst_port": "80", "protocol": "tcp", "to_addresses": "192.168.100.10", "to_ports": "80", "comment": "Web server"}'
# List NAT rules
uv run mcp-cli cmd --server mikrotik --tool mikrotik_list_nat_rules --tool-args '{"chain_filter": "srcnat"}'
# Get NAT rule details
uv run mcp-cli cmd --server mikrotik --tool mikrotik_get_nat_rule --tool-args '{"rule_id": "*1"}'
# Move NAT rule
uv run mcp-cli cmd --server mikrotik --tool mikrotik_move_nat_rule --tool-args '{"rule_id": "*1", "destination": 0}'
# Enable/Disable NAT rule
uv run mcp-cli cmd --server mikrotik --tool mikrotik_disable_nat_rule --tool-args '{"rule_id": "*1"}'
uv run mcp-cli cmd --server mikrotik --tool mikrotik_enable_nat_rule --tool-args '{"rule_id": "*1"}'
# Remove NAT rule
uv run mcp-cli cmd --server mikrotik --tool mikrotik_remove_nat_rule --tool-args '{"rule_id": "*1"}'# Create IP pool
uv run mcp-cli cmd --server mikrotik --tool mikrotik_create_ip_pool --tool-args '{"name": "main-pool", "ranges": "192.168.1.100-192.168.1.200"}'
# List IP pools
uv run mcp-cli cmd --server mikrotik --tool mikrotik_list_ip_pools --tool-args '{"include_used": true}'
# Get IP pool details
uv run mcp-cli cmd --server mikrotik --tool mikrotik_get_ip_pool --tool-args '{"name": "main-pool"}'
# List used addresses in pool
uv run mcp-cli cmd --server mikrotik --tool mikrotik_list_ip_pool_used --tool-args '{"pool_name": "main-pool"}'
# Expand IP pool
uv run mcp-cli cmd --server mikrotik --tool mikrotik_expand_ip_pool --tool-args '{"name": "main-pool", "additional_ranges": "192.168.1.201-192.168.1.250"}'
# Remove IP pool
uv run mcp-cli cmd --server mikrotik --tool mikrotik_remove_ip_pool --tool-args '{"name": "main-pool"}'# Create system backup
uv run mcp-cli cmd --server mikrotik --tool mikrotik_create_backup --tool-args '{"name": "full_backup", "include_password": true}'
# Create configuration export
uv run mcp-cli cmd --server mikrotik --tool mikrotik_create_export --tool-args '{"name": "config_export", "file_format": "rsc", "export_type": "full"}'
# Export specific section
uv run mcp-cli cmd --server mikrotik --tool mikrotik_export_section --tool-args '{"section": "/ip/firewall", "name": "firewall_export"}'
# List backups
uv run mcp-cli cmd --server mikrotik --tool mikrotik_list_backups --tool-args '{"include_exports": true}'
# Download file
uv run mcp-cli cmd --server mikrotik --tool mikrotik_download_file --tool-args '{"filename": "full_backup.backup"}'
# Upload file
uv run mcp-cli cmd --server mikrotik --tool mikrotik_upload_file --tool-args '{"filename": "config.rsc", "content_base64": "base64_encoded_content"}'
# Restore backup
uv run mcp-cli cmd --server mikrotik --tool mikrotik_restore_backup --tool-args '{"filename": "full_backup.backup"}'
# Import configuration
uv run mcp-cli cmd --server mikrotik --tool mikrotik_import_configuration --tool-args '{"filename": "config.rsc"}'
# Remove file
uv run mcp-cli cmd --server mikrotik --tool mikrotik_remove_file --tool-args '{"filename": "old_backup.backup"}'# Get logs
uv run mcp-cli cmd --server mikrotik --tool mikrotik_get_logs --tool-args '{"topics": "firewall", "limit": 100}'
# Get logs by severity
uv run mcp-cli cmd --server mikrotik --tool mikrotik_get_logs_by_severity --tool-args '{"severity": "error", "limit": 50}'
# Search logs
uv run mcp-cli cmd --server mikrotik --tool mikrotik_search_logs --tool-args '{"search_term": "login failed", "case_sensitive": false}'
# Get security logs
uv run mcp-cli cmd --server mikrotik --tool mikrotik_get_security_logs --tool-args '{"limit": 100}'
# Get log statistics
uv run mcp-cli cmd --server mikrotik --tool mikrotik_get_log_statistics --tool-args '{}'
# Export logs
uv run mcp-cli cmd --server mikrotik --tool mikrotik_export_logs --tool-args '{"filename": "firewall_logs", "topics": "firewall", "format": "csv"}'
# Monitor logs
uv run mcp-cli cmd --server mikrotik --tool mikrotik_monitor_logs --tool-args '{"topics": "firewall", "duration": 30}'
# Clear logs
uv run mcp-cli cmd --server mikrotik --tool mikrotik_clear_logs --tool-args '{}'# Create basic firewall rules
uv run mcp-cli cmd --server mikrotik --tool mikrotik_create_filter_rule --tool-args '{"chain": "input", "action": "accept", "connection_state": "established,related", "comment": "Accept established"}'
uv run mcp-cli cmd --server mikrotik --tool mikrotik_create_filter_rule --tool-args '{"chain": "input", "action": "drop", "connection_state": "invalid", "comment": "Drop invalid"}'
uv run mcp-cli cmd --server mikrotik --tool mikrotik_create_filter_rule --tool-args '{"chain": "input", "action": "accept", "protocol": "icmp", "comment": "Accept ICMP"}'
# List firewall rules
uv run mcp-cli cmd --server mikrotik --tool mikrotik_list_filter_rules --tool-args '{"chain_filter": "input"}'
# Get firewall rule details
uv run mcp-cli cmd --server mikrotik --tool mikrotik_get_filter_rule --tool-args '{"rule_id": "*1"}'
# Move firewall rule
uv run mcp-cli cmd --server mikrotik --tool mikrotik_move_filter_rule --tool-args '{"rule_id": "*1", "destination": 0}'
# Enable/Disable firewall rule
uv run mcp-cli cmd --server mikrotik --tool mikrotik_disable_filter_rule --tool-args '{"rule_id": "*1"}'
uv run mcp-cli cmd --server mikrotik --tool mikrotik_enable_filter_rule --tool-args '{"rule_id": "*1"}'
# Create basic firewall setup
uv run mcp-cli cmd --server mikrotik --tool mikrotik_create_basic_firewall_setup --tool-args '{}'
# Remove firewall rule
uv run mcp-cli cmd --server mikrotik --tool mikrotik_remove_filter_rule --tool-args '{"rule_id": "*1"}'# Add route
uv run mcp-cli cmd --server mikrotik --tool mikrotik_add_route --tool-args '{"dst_address": "10.0.0.0/8", "gateway": "192.168.1.1", "comment": "Corporate network"}'
# Add default route
uv run mcp-cli cmd --server mikrotik --tool mikrotik_add_default_route --tool-args '{"gateway": "192.168.1.1", "distance": 1}'
# Add blackhole route
uv run mcp-cli cmd --server mikrotik --tool mikrotik_add_blackhole_route --tool-args '{"dst_address": "192.168.99.0/24", "comment": "Block subnet"}'
# List routes
uv run mcp-cli cmd --server mikrotik --tool mikrotik_list_routes --tool-args '{"active_only": true}'
# Get route details
uv run mcp-cli cmd --server mikrotik --tool mikrotik_get_route --tool-args '{"route_id": "*1"}'
# Check route path
uv run mcp-cli cmd --server mikrotik --tool mikrotik_check_route_path --tool-args '{"destination": "8.8.8.8"}'
# Get routing table
uv run mcp-cli cmd --server mikrotik --tool mikrotik_get_routing_table --tool-args '{"table_name": "main"}'
# Get route statistics
uv run mcp-cli cmd --server mikrotik --tool mikrotik_get_route_statistics --tool-args '{}'
# Enable/Disable route
uv run mcp-cli cmd --server mikrotik --tool mikrotik_disable_route --tool-args '{"route_id": "*1"}'
uv run mcp-cli cmd --server mikrotik --tool mikrotik_enable_route --tool-args '{"route_id": "*1"}'
# Remove route
uv run mcp-cli cmd --server mikrotik --tool mikrotik_remove_route --tool-args '{"route_id": "*1"}'# Set DNS servers
uv run mcp-cli cmd --server mikrotik --tool mikrotik_set_dns_servers --tool-args '{"servers": ["8.8.8.8", "8.8.4.4"], "allow_remote_requests": true}'
# Get DNS settings
uv run mcp-cli cmd --server mikrotik --tool mikrotik_get_dns_settings --tool-args '{}'
# Add static DNS entry
uv run mcp-cli cmd --server mikrotik --tool mikrotik_add_dns_static --tool-args '{"name": "router.local", "address": "192.168.1.1", "comment": "Local router"}'
# Add CNAME record
uv run mcp-cli cmd --server mikrotik --tool mikrotik_add_dns_static --tool-args '{"name": "www.example.com", "cname": "example.com"}'
# List static DNS entries
uv run mcp-cli cmd --server mikrotik --tool mikrotik_list_dns_static --tool-args '{"name_filter": "local"}'
# Update DNS entry
uv run mcp-cli cmd --server mikrotik --tool mikrotik_update_dns_static --tool-args '{"entry_id": "*1", "address": "192.168.1.2"}'
# Add DNS regexp
uv run mcp-cli cmd --server mikrotik --tool mikrotik_add_dns_regexp --tool-args '{"regexp": ".*\\.ads\\..*", "address": "0.0.0.0", "comment": "Block ads"}'
# Test DNS query
uv run mcp-cli cmd --server mikrotik --tool mikrotik_test_dns_query --tool-args '{"name": "google.com"}'
# Get DNS cache
uv run mcp-cli cmd --server mikrotik --tool mikrotik_get_dns_cache --tool-args '{}'
# Flush DNS cache
uv run mcp-cli cmd --server mikrotik --tool mikrotik_flush_dns_cache --tool-args '{}'
# Export DNS config
uv run mcp-cli cmd --server mikrotik --tool mikrotik_export_dns_config --tool-args '{"filename": "dns_config"}'
# Remove DNS entry
uv run mcp-cli cmd --server mikrotik --tool mikrotik_remove_dns_static --tool-args '{"entry_id": "*1"}'# Add user
uv run mcp-cli cmd --server mikrotik --tool mikrotik_add_user --tool-args '{"name": "newuser", "password": "SecurePass123", "group": "write", "comment": "New operator"}'
# List users
uv run mcp-cli cmd --server mikrotik --tool mikrotik_list_users --tool-args '{"group_filter": "write"}'
# Get user details
uv run mcp-cli cmd --server mikrotik --tool mikrotik_get_user --tool-args '{"name": "newuser"}'
# Update user
uv run mcp-cli cmd --server mikrotik --tool mikrotik_update_user --tool-args '{"name": "newuser", "password": "NewSecurePass456"}'
# Enable/Disable user
uv run mcp-cli cmd --server mikrotik --tool mikrotik_disable_user --tool-args '{"name": "newuser"}'
uv run mcp-cli cmd --server mikrotik --tool mikrotik_enable_user --tool-args '{"name": "newuser"}'
# Add user group
uv run mcp-cli cmd --server mikrotik --tool mikrotik_add_user_group --tool-args '{"name": "operators", "policy": ["read", "write", "test"], "comment": "Operator group"}'
# List user groups
uv run mcp-cli cmd --server mikrotik --tool mikrotik_list_user_groups --tool-args '{}'
# Get active users
uv run mcp-cli cmd --server mikrotik --tool mikrotik_get_active_users --tool-args '{}'
# Export user config
uv run mcp-cli cmd --server mikrotik --tool mikrotik_export_user_config --tool-args '{"filename": "user_config"}'
# Remove user
uv run mcp-cli cmd --server mikrotik --tool mikrotik_remove_user --tool-args '{"name": "newuser"}'# Create VLAN
uv run mcp-cli cmd --server mikrotik --tool mikrotik_create_vlan_interface --tool-args '{"name": "vlan200", "vlan_id": 200, "interface": "ether1", "comment": "Guest Network"}'
# Add IP address
uv run mcp-cli cmd --server mikrotik --tool mikrotik_add_ip_address --tool-args '{"address": "192.168.200.1/24", "interface": "vlan200"}'
# Create DHCP pool
uv run mcp-cli cmd --server mikrotik --tool mikrotik_create_dhcp_pool --tool-args '{"name": "pool-200", "ranges": "192.168.200.10-192.168.200.100"}'
# Create DHCP network
uv run mcp-cli cmd --server mikrotik --tool mikrotik_create_dhcp_network --tool-args '{"network": "192.168.200.0/24", "gateway": "192.168.200.1", "dns_servers": ["8.8.8.8", "8.8.4.4"]}'
# Create DHCP server
uv run mcp-cli cmd --server mikrotik --tool mikrotik_create_dhcp_server --tool-args '{"name": "dhcp-200", "interface": "vlan200", "address_pool": "pool-200"}'
# Create NAT rule
uv run mcp-cli cmd --server mikrotik --tool mikrotik_create_nat_rule --tool-args '{"chain": "srcnat", "action": "masquerade", "out_interface": "ether1", "comment": "Internet access for VLAN 200"}'# Forward HTTP traffic
uv run mcp-cli cmd --server mikrotik --tool mikrotik_create_nat_rule --tool-args '{"chain": "dstnat", "action": "dst-nat", "dst_address": "203.0.113.1", "dst_port": "80", "protocol": "tcp", "to_addresses": "192.168.100.10", "to_ports": "80", "comment": "Web server"}'
# Forward HTTPS traffic
uv run mcp-cli cmd --server mikrotik --tool mikrotik_create_nat_rule --tool-args '{"chain": "dstnat", "action": "dst-nat", "dst_address": "203.0.113.1", "dst_port": "443", "protocol": "tcp", "to_addresses": "192.168.100.10", "to_ports": "443", "comment": "HTTPS server"}'
# Forward custom SSH port
uv run mcp-cli cmd --server mikrotik --tool mikrotik_create_nat_rule --tool-args '{"chain": "dstnat", "action": "dst-nat", "dst_address": "203.0.113.1", "dst_port": "2222", "protocol": "tcp", "to_addresses": "192.168.100.10", "to_ports": "22", "comment": "SSH server"}'# Create backup user
uv run mcp-cli cmd --server mikrotik --tool mikrotik_add_user --tool-args '{"name": "backup_user", "password": "BackupPass123", "group": "read", "comment": "Backup account"}'
# Create full backup
uv run mcp-cli cmd --server mikrotik --tool mikrotik_create_backup --tool-args '{"name": "daily_backup", "include_password": true}'
# Export configuration
uv run mcp-cli cmd --server mikrotik --tool mikrotik_create_export --tool-args '{"name": "config_export", "file_format": "rsc", "export_type": "full"}'
# Export firewall rules
uv run mcp-cli cmd --server mikrotik --tool mikrotik_export_section --tool-args '{"section": "/ip/firewall/filter", "name": "firewall_backup"}'
# Export NAT rules
uv run mcp-cli cmd --server mikrotik --tool mikrotik_export_section --tool-args '{"section": "/ip/firewall/nat", "name": "nat_backup"}'# Create basic AP interface
uv run mcp-cli cmd --server mikrotik --tool mikrotik_create_wireless_interface --tool-args '{"name": "wlan1", "radio_name": "wlan1", "mode": "ap-bridge", "ssid": "MyNetwork", "comment": "Main WiFi Network"}'
# Create station interface
uv run mcp-cli cmd --server mikrotik --tool mikrotik_create_wireless_interface --tool-args '{"name": "wlan-sta", "radio_name": "wlan2", "mode": "station", "ssid": "UpstreamWiFi"}'
# Create with specific frequency and band
uv run mcp-cli cmd --server mikrotik --tool mikrotik_create_wireless_interface --tool-args '{"name": "wlan-5g", "radio_name": "wlan1", "mode": "ap-bridge", "ssid": "MyNetwork-5G", "frequency": "5180", "band": "5ghz-a/n/ac", "channel_width": "80mhz"}'# List all wireless interfaces
uv run mcp-cli cmd --server mikrotik --tool mikrotik_list_wireless_interfaces --tool-args '{}'
# List only AP interfaces
uv run mcp-cli cmd --server mikrotik --tool mikrotik_list_wireless_interfaces --tool-args '{"mode_filter": "ap-bridge"}'
# List only running interfaces
uv run mcp-cli cmd --server mikrotik --tool mikrotik_list_wireless_interfaces --tool-args '{"running_only": true}'
# Get specific interface details
uv run mcp-cli cmd --server mikrotik --tool mikrotik_get_wireless_interface --tool-args '{"name": "wlan1"}'
# Update wireless interface
uv run mcp-cli cmd --server mikrotik --tool mikrotik_update_wireless_interface --tool-args '{"name": "wlan1", "ssid": "UpdatedNetworkName", "comment": "Updated main network"}'
# Enable/Disable wireless interface
uv run mcp-cli cmd --server mikrotik --tool mikrotik_disable_wireless_interface --tool-args '{"name": "wlan1"}'
uv run mcp-cli cmd --server mikrotik --tool mikrotik_enable_wireless_interface --tool-args '{"name": "wlan1"}'
# Remove wireless interface
uv run mcp-cli cmd --server mikrotik --tool mikrotik_remove_wireless_interface --tool-args '{"name": "wlan-guest"}'# Create WPA2-PSK security profile
uv run mcp-cli cmd --server mikrotik --tool mikrotik_create_wireless_security_profile --tool-args '{"name": "wpa2-security", "mode": "dynamic-keys", "authentication_types": ["wpa2-psk"], "unicast_ciphers": ["aes-ccm"], "group_ciphers": ["aes-ccm"], "wpa2_pre_shared_key": "SecurePassword123"}'
# Create mixed WPA/WPA2 profile
uv run mcp-cli cmd --server mikrotik --tool mikrotik_create_wireless_security_profile --tool-args '{"name": "mixed-security", "mode": "dynamic-keys", "authentication_types": ["wpa-psk", "wpa2-psk"], "unicast_ciphers": ["tkip", "aes-ccm"], "group_ciphers": ["tkip"], "wpa_pre_shared_key": "Password123", "wpa2_pre_shared_key": "Password123"}'
# Create WPA2-Enterprise profile
uv run mcp-cli cmd --server mikrotik --tool mikrotik_create_wireless_security_profile --tool-args '{"name": "enterprise-security", "mode": "dynamic-keys", "authentication_types": ["wpa2-eap"], "unicast_ciphers": ["aes-ccm"], "group_ciphers": ["aes-ccm"], "eap_methods": "peap,tls"}'
# Create open network profile
uv run mcp-cli cmd --server mikrotik --tool mikrotik_create_wireless_security_profile --tool-args '{"name": "open-network", "mode": "none", "comment": "Guest network - no security"}'# List all security profiles
uv run mcp-cli cmd --server mikrotik --tool mikrotik_list_wireless_security_profiles --tool-args '{}'
# List WPA2 profiles only
uv run mcp-cli cmd --server mikrotik --tool mikrotik_list_wireless_security_profiles --tool-args '{"mode_filter": "dynamic-keys"}'
# Get specific profile details
uv run mcp-cli cmd --server mikrotik --tool mikrotik_get_wireless_security_profile --tool-args '{"name": "wpa2-security"}'
# Apply security profile to interface
uv run mcp-cli cmd --server mikrotik --tool mikrotik_set_wireless_security_profile --tool-args '{"interface_name": "wlan1", "security_profile": "wpa2-security"}'
# Remove security profile
uv run mcp-cli cmd --server mikrotik --tool mikrotik_remove_wireless_security_profile --tool-args '{"name": "old-profile"}'# Scan for available networks
uv run mcp-cli cmd --server mikrotik --tool mikrotik_scan_wireless_networks --tool-args '{"interface": "wlan1", "duration": 10}'
# Quick scan (5 seconds)
uv run mcp-cli cmd --server mikrotik --tool mikrotik_scan_wireless_networks --tool-args '{"interface": "wlan2"}'
# Get connected clients (all interfaces)
uv run mcp-cli cmd --server mikrotik --tool mikrotik_get_wireless_registration_table --tool-args '{}'
# Get clients for specific interface
uv run mcp-cli cmd --server mikrotik --tool mikrotik_get_wireless_registration_table --tool-args '{"interface": "wlan1"}'# Allow specific MAC address
uv run mcp-cli cmd --server mikrotik --tool mikrotik_create_wireless_access_list --tool-args '{"interface": "wlan1", "mac_address": "AA:BB:CC:DD:EE:FF", "action": "accept", "comment": "Trusted device"}'
# Block specific MAC address
uv run mcp-cli cmd --server mikrotik --tool mikrotik_create_wireless_access_list --tool-args '{"interface": "wlan1", "mac_address": "11:22:33:44:55:66", "action": "reject", "comment": "Blocked device"}'
# Allow with signal strength requirement
uv run mcp-cli cmd --server mikrotik --tool mikrotik_create_wireless_access_list --tool-args '{"interface": "wlan1", "mac_address": "AA:BB:CC:DD:EE:FF", "action": "accept", "signal_range": "-80..-50", "comment": "Strong signal only"}'
# Time-based access control
uv run mcp-cli cmd --server mikrotik --tool mikrotik_create_wireless_access_list --tool-args '{"interface": "wlan1", "mac_address": "AA:BB:CC:DD:EE:FF", "action": "accept", "time": "8h-18h,mon,tue,wed,thu,fri", "comment": "Work hours only"}'# List all access list entries
uv run mcp-cli cmd --server mikrotik --tool mikrotik_list_wireless_access_list --tool-args '{}'
# List entries for specific interface
uv run mcp-cli cmd --server mikrotik --tool mikrotik_list_wireless_access_list --tool-args '{"interface_filter": "wlan1"}'
# List only blocked entries
uv run mcp-cli cmd --server mikrotik --tool mikrotik_list_wireless_access_list --tool-args '{"action_filter": "reject"}'
# Remove access list entry
uv run mcp-cli cmd --server mikrotik --tool mikrotik_remove_wireless_access_list_entry --tool-args '{"entry_id": "*1"}'# 1. Create security profile
uv run mcp-cli cmd --server mikrotik --tool mikrotik_create_wireless_security_profile --tool-args '{"name": "home-security", "mode": "dynamic-keys", "authentication_types": ["wpa2-psk"], "unicast_ciphers": ["aes-ccm"], "group_ciphers": ["aes-ccm"], "wpa2_pre_shared_key": "MyHomePassword123"}'
# 2. Create wireless interface
uv run mcp-cli cmd --server mikrotik --tool mikrotik_create_wireless_interface --tool-args '{"name": "home-wifi", "radio_name": "wlan1", "mode": "ap-bridge", "ssid": "HomeNetwork", "band": "2ghz-b/g/n", "comment": "Main home network"}'
# 3. Apply security profile
uv run mcp-cli cmd --server mikrotik --tool mikrotik_set_wireless_security_profile --tool-args '{"interface_name": "home-wifi", "security_profile": "home-security"}'
# 4. Enable the interface
uv run mcp-cli cmd --server mikrotik --tool mikrotik_enable_wireless_interface --tool-args '{"name": "home-wifi"}'# 1. Create open security profile for guests
uv run mcp-cli cmd --server mikrotik --tool mikrotik_create_wireless_security_profile --tool-args '{"name": "guest-open", "mode": "none", "comment": "Open guest network"}'
# 2. Create guest wireless interface
uv run mcp-cli cmd --server mikrotik --tool mikrotik_create_wireless_interface --tool-args '{"name": "guest-wifi", "radio_name": "wlan1", "mode": "ap-bridge", "ssid": "GuestNetwork", "comment": "Guest access network"}'
# 3. Apply open security profile
uv run mcp-cli cmd --server mikrotik --tool mikrotik_set_wireless_security_profile --tool-args '{"interface_name": "guest-wifi", "security_profile": "guest-open"}'
# 4. Enable guest network
uv run mcp-cli cmd --server mikrotik --tool mikrotik_enable_wireless_interface --tool-args '{"name": "guest-wifi"}'# 1. Create WPA2-Enterprise security profile
uv run mcp-cli cmd --server mikrotik --tool mikrotik_create_wireless_security_profile --tool-args '{"name": "corp-security", "mode": "dynamic-keys", "authentication_types": ["wpa2-eap"], "unicast_ciphers": ["aes-ccm"], "group_ciphers": ["aes-ccm"], "eap_methods": "peap", "comment": "Corporate WPA2-Enterprise"}'
# 2. Create corporate wireless interface
uv run mcp-cli cmd --server mikrotik --tool mikrotik_create_wireless_interface --tool-args '{"name": "corp-wifi", "radio_name": "wlan1", "mode": "ap-bridge", "ssid": "CorpNetwork", "band": "5ghz-a/n/ac", "channel_width": "80mhz", "comment": "Corporate network"}'
# 3. Apply enterprise security
uv run mcp-cli cmd --server mikrotik --tool mikrotik_set_wireless_security_profile --tool-args '{"interface_name": "corp-wifi", "security_profile": "corp-security"}'
# 4. Create access control for specific devices
uv run mcp-cli cmd --server mikrotik --tool mikrotik_create_wireless_access_list --tool-args '{"interface": "corp-wifi", "mac_address": "00:11:22:33:44:55", "action": "accept", "comment": "Corporate laptop"}'# 1. Create security profile
uv run mcp-cli cmd --server mikrotik --tool mikrotik_create_wireless_security_profile --tool-args '{"name": "dual-band-security", "mode": "dynamic-keys", "authentication_types": ["wpa2-psk"], "unicast_ciphers": ["aes-ccm"], "group_ciphers": ["aes-ccm"], "wpa2_pre_shared_key": "DualBandPassword123"}'
# 2. Create 2.4GHz interface
uv run mcp-cli cmd --server mikrotik --tool mikrotik_create_wireless_interface --tool-args '{"name": "wifi-2g", "radio_name": "wlan1", "mode": "ap-bridge", "ssid": "MyNetwork", "band": "2ghz-b/g/n", "channel_width": "20mhz", "comment": "2.4GHz network"}'
# 3. Create 5GHz interface
uv run mcp-cli cmd --server mikrotik --tool mikrotik_create_wireless_interface --tool-args '{"name": "wifi-5g", "radio_name": "wlan2", "mode": "ap-bridge", "ssid": "MyNetwork-5G", "band": "5ghz-a/n/ac", "channel_width": "80mhz", "comment": "5GHz network"}'
# 4. Apply security to both interfaces
uv run mcp-cli cmd --server mikrotik --tool mikrotik_set_wireless_security_profile --tool-args '{"interface_name": "wifi-2g", "security_profile": "dual-band-security"}'
uv run mcp-cli cmd --server mikrotik --tool mikrotik_set_wireless_security_profile --tool-args '{"interface_name": "wifi-5g", "security_profile": "dual-band-security"}'
# 5. Enable both interfaces
uv run mcp-cli cmd --server mikrotik --tool mikrotik_enable_wireless_interface --tool-args '{"name": "wifi-2g"}'
uv run mcp-cli cmd --server mikrotik --tool mikrotik_enable_wireless_interface --tool-args '{"name": "wifi-5g"}'# On first device (Station)
uv run mcp-cli cmd --server mikrotik --tool mikrotik_create_wireless_interface --tool-args '{"name": "p2p-station", "radio_name": "wlan1", "mode": "station", "ssid": "P2P-Link", "frequency": "5180", "band": "5ghz-a/n"}'
# On second device (AP)
uv run mcp-cli cmd --server mikrotik --tool mikrotik_create_wireless_interface --tool-args '{"name": "p2p-ap", "radio_name": "wlan1", "mode": "ap-bridge", "ssid": "P2P-Link", "frequency": "5180", "band": "5ghz-a/n"}'
# Create security for P2P link
uv run mcp-cli cmd --server mikrotik --tool mikrotik_create_wireless_security_profile --tool-args '{"name": "p2p-security", "mode": "dynamic-keys", "authentication_types": ["wpa2-psk"], "unicast_ciphers": ["aes-ccm"], "group_ciphers": ["aes-ccm"], "wpa2_pre_shared_key": "P2PLinkPassword123"}'
# Apply security to both ends
uv run mcp-cli cmd --server mikrotik --tool mikrotik_set_wireless_security_profile --tool-args '{"interface_name": "p2p-station", "security_profile": "p2p-security"}'
uv run mcp-cli cmd --server mikrotik --tool mikrotik_set_wireless_security_profile --tool-args '{"interface_name": "p2p-ap", "security_profile": "p2p-security"}'# Scan for interference and available channels
uv run mcp-cli cmd --server mikrotik --tool mikrotik_scan_wireless_networks --tool-args '{"interface": "wlan1", "duration": 30}'
# Monitor connected clients
uv run mcp-cli cmd --server mikrotik --tool mikrotik_get_wireless_registration_table --tool-args '{"interface": "wlan1"}'
# Check interface status
uv run mcp-cli cmd --server mikrotik --tool mikrotik_get_wireless_interface --tool-args '{"name": "wlan1"}'
# List all wireless configurations
uv run mcp-cli cmd --server mikrotik --tool mikrotik_list_wireless_interfaces --tool-args '{}'
uv run mcp-cli cmd --server mikrotik --tool mikrotik_list_wireless_security_profiles --tool-args '{}'
uv run mcp-cli cmd --server mikrotik --tool mikrotik_list_wireless_access_list --tool-args '{}'# Disable interface for maintenance
uv run mcp-cli cmd --server mikrotik --tool mikrotik_disable_wireless_interface --tool-args '{"name": "wlan1"}'
# Update configuration
uv run mcp-cli cmd --server mikrotik --tool mikrotik_update_wireless_interface --tool-args '{"name": "wlan1", "channel_width": "40mhz", "comment": "Updated for better performance"}'
# Re-enable interface
uv run mcp-cli cmd --server mikrotik --tool mikrotik_enable_wireless_interface --tool-args '{"name": "wlan1"}'
# Clean up unused profiles
uv run mcp-cli cmd --server mikrotik --tool mikrotik_remove_wireless_security_profile --tool-args '{"name": "old-profile"}'This guide shows how to expose your MikroTik MCP server as a RESTful API using MCPO (MCP-to-OpenAPI proxy).
- Python 3.8+
- MikroTik MCP server already set up
uvpackage manager (recommended) orpip
Install MCPO using one of these methods:
# Option 1: Using uvx (recommended - no installation needed)
uvx mcpo --help
# Option 2: Using pip
pip install mcpoCreate a mcp-config.json file in your project directory:
{
"mcpServers": {
"my-python-server": {
"command": "python",
"args": [
"src/mcp_mikrotik/server.py",
"--password", "admin",
"--host", "192.168.1.1",
"--port", "22",
"--username", "admin"
],
"env": {}
}
}
}Note: Adjust the MikroTik connection parameters (host, username, password, port) according to your setup.
# Start MCPO with API key authentication
uvx mcpo --port 8000 --api-key "your-secret-key" --config ./mcp-config.json
# Or without authentication (not recommended for production)
uvx mcpo --port 8000 --config ./mcp-config.jsonThe server will start and display:
- Server running on
http://0.0.0.0:8000 - Interactive API docs available at
http://localhost:8000/docs
List IP Addresses:
curl -X POST http://localhost:8000/my-python-server/mikrotik_list_ip_addresses \
-H "Authorization: Bearer your-secret-key" \
-H "Content-Type: application/json" \
-d '{}'This MCP server is licensed under the MIT License. This means you are free to use, modify, and distribute the software, subject to the terms and conditions of the MIT License. For more details, please see the LICENSE file in the project repository.
