home / mcp / mikrotik mcp server
Provides an MCP-based bridge to manage MikroTik RouterOS devices via API using Linux/macOS/Windows environments.
Configuration
View docs{
"mcpServers": {
"jeff-nasseri-mikrotik-mcp": {
"command": "mcp-server-mikrotik",
"args": [],
"env": {
"MIKROTIK_HOST": "192.168.88.1",
"MIKROTIK_PORT": "22",
"MIKROTIK_PASSWORD": "your_password",
"MIKROTIK_USERNAME": "sshuser"
}
}
}
}You can connect AI assistants to MikroTik RouterOS devices using the MikroTik MCP Server. This enables natural-language style requests to manage VLANs, firewall rules, DNS, IP addresses, NAT, DHCP, and more on your MikroTik hardware, all through a centralized MCP interface.
Use an MCP client or MCPO proxy to interact with the MikroTik MCP Server. Start the MCP server locally or run it via a wrapper like MCPO to expose a RESTful API. From there, you can perform common network administration tasks such as creating VLAN interfaces, adding IP addresses, configuring DHCP, managing NAT rules, and overseeing wireless configurations through clearly named tools.
Prerequisites: Python 3.8+ and a MikroTik RouterOS device with API access enabled. You also need Python dependencies such as a MikroTik API client.
# Manual Installation
# 1. Clone the MikroTik MCP repository
git clone https://github.com/jeff-nasseri/mikrotik-mcp/tree/master
cd mcp-mikrotik
# 2. Create a Python virtual environment
python -m venv .venv
source .venv/bin/activate # On Windows: .venv\Scripts\activate
# 3. Install dependencies
pip install -e .
# 4. Run the MikroTik MCP server
mcp-server-mikrotik# Docker Installation
# 1. Clone the repository
git clone https://github.com/jeff-nasseri/mikrotik-mcp.git
cd mikrotik-mcp
# 2. Build the Docker image
docker build -t mikrotik-mcp .
# 3. Configure Cursor IDE to connect to the container
# Add this to your ~/.cursor/mcp.json
{
"mcpServers": {
"mikrotik-mcp-server": {
"command": "docker",
"args": [
"run",
"--rm",
"-i",
"-e", "MIKROTIK_HOST=192.168.88.1",
"-e", "MIKROTIK_USERNAME=sshuser",
"-e", "MIKROTIK_PASSWORD=your_password",
"-e", "MIKROTIK_PORT=22",
"mikrotik-mcp"
]
}
}
}Environment variables shown for the Docker setup include: MIKROTIK_HOST (MikroTik device IP or hostname), MIKROTIK_USERNAME (SSH username), MIKROTIK_PASSWORD (SSH password), and MIKROTIK_PORT (SSH port, default 22).
# MCPO (exposing MCP Server via REST) example
# 1. Install MCPO (example uses uvx as a launcher)
# Option 1: Using uvx (recommended - no installation needed)
uvx mcpo --help
# Option 2: Using pip
pip install mcpo
# 2. MCPO configuration to run the MikroTik MCP server locally
# Create mcp-config.json with a stdio entry
{
"mcpServers": {
"mikrotik-mcp-server": {
"command": "python",
"args": [
"src/mcp_mikrotik/server.py",
"--password", "admin",
"--host", "<HOST>",
"--port", "22",
"--username", "admin"
],
"env": {}
}
}
}The MikroTik MCP server can be run in traditional local mode or exposed via MCPO for REST access. Environment variables are used to configure the MikroTik connection when using containerized or remote runs. You may also run the MCP server directly with Python or via MCPO to surface a REST API.
# Example MCPO JSON configuration for local runtime
{
"mcpServers": {
"mikrotik-mcp-server": {
"command": "python",
"args": [
"src/mcp_mikrotik/server.py",
"--password", "admin",
"--host", "192.168.1.1",
"--port", "22",
"--username", "admin"
],
"env": {}
}
}
}Environment variables you may set when running via Docker are: - MIKROTIK_HOST: MikroTik device IP or hostname - MIKROTIK_USERNAME: SSH username - MIKROTIK_PASSWORD: SSH password - MIKROTIK_PORT: SSH port (default 22)
Use the provided MCP CLI to run specific MikroTik MCP tools from a shell. The commands below show how you can create, list, update, and remove MikroTik resources via the single MCP interface.
# Create VLAN interface
uv run mcp-cli cmd --server mikrotik --tool mikrotik_create_vlan_interface --tool-args '{"name": "vlan100", "vlan_id": 100, "interface": "ether1", "comment": "Production VLAN"}'
# List VLAN interfaces
uv run mcp-cli cmd --server mikrotik --tool mikrotik_list_vlan_interfaces --tool-args '{}'
# Get VLAN interface details
uv run mcp-cli cmd --server mikrotik --tool mikrotik_get_vlan_interface --tool-args '{"name": "vlan100"}'
# Update VLAN interface
uv run mcp-cli cmd --server mikrotik --tool mikrotik_update_vlan_interface --tool-args '{"name": "vlan100", "comment": "Updated VLAN"}'
# Remove VLAN interface
uv run mcp-cli cmd --server mikrotik --tool mikrotik_remove_vlan_interface --tool-args '{"name": "vlan100"}'You can perform a wide range of tasks using the tools listed in the MikroTik MCP server. Examples include IP address management, DHCP configuration, NAT rules, DNS configuration, user management, backup/export operations, firewall rules, and wireless network management. The following sections provide concrete examples for common workflows.
Creates a VLAN interface on the MikroTik device with required fields: name, vlan_id, and interface, plus optional settings like comment, disabled, mtu, use_service_tag, arp, and arp_timeout.
Lists VLAN interfaces with optional filters by name, VLAN ID, parent interface, and disabled status.
Retrieves detailed information about a specific VLAN interface by name.
Updates an existing VLAN interface with new values for any of its parameters.
Removes a VLAN interface from the MikroTik device.
Adds an IP address to a specified interface with optional network, broadcast, comment, and disabled fields.
Lists IP addresses with optional filtering by interface, address, network, or status.
Gets detailed information about a specific IP address by address_id.
Removes an IP address by address_id.
Creates a DHCP server bound to a specific interface with options for lease time, pool, authorization, and comments.
Lists DHCP servers with optional filters by name, interface, and status.
Retrieves details for a specific DHCP server by name.
Creates a DHCP network configuration including network, gateway, and optional DNS/WINS/NTP settings.
Creates a DHCP address pool with a name and IP ranges.
Removes a DHCP server by name.
Creates a NAT rule with chain, action, and optional fields like addresses, ports, interfaces, and logging.
Lists NAT rules with multiple filters and status options.
Gets details for a NAT rule by rule_id.
Updates an existing NAT rule with any subset of the create parameters.
Removes a NAT rule by rule_id.
Moves a NAT rule to a new position in the list.
Enables a NAT rule by rule_id.
Disables a NAT rule by rule_id.
Creates an IP pool with a name and IP ranges.
Lists IP pools with optional filters and flags.
Gets details for a specific IP pool by name.
Updates an existing IP pool with new ranges or metadata.
Removes an IP pool by name.
Lists addresses currently used from within a pool.
Expands an existing IP pool by adding more ranges.
Creates a system backup with optional encryption and password inclusion.
Lists available backups with options to include exports.
Exports a configuration in a chosen format and type.
Exports a specific configuration section to a file.
Downloads a file from the MikroTik device by filename and optional type.
Uploads a file to the MikroTik device using base64 content.
Restores a system backup by filename with an optional password.
Imports a configuration script and optionally runs after reset.
Removes a file from the MikroTik device.
Gets detailed information about a backup file.
Retrieves device logs with various filters for topics, time, and limit.
Gets logs filtered by severity level.
Gets logs for a specific topic.
Searches logs for a term with optional time and case sensitivity.
Fetches system-related log events by type.
Retrieves security-related log entries.
Clears all logs from the device.
Gets statistics about log entries.
Exports logs to a file with optional topic and format.
Monitors logs in real time for a duration.
Creates a firewall filter rule with many optional matching criteria.
Lists firewall filter rules with various filters.
Gets details for a firewall filter rule by rule_id.
Updates a firewall filter rule with optional fields.
Removes a firewall filter rule by rule_id.
Moves a firewall filter rule to a new position.
Enables a firewall filter rule.
Disables a firewall filter rule.
Creates a basic firewall configuration with common security rules.
Adds a routing entry to the main routing table.
Lists routes with filters for destination, gateway, and status.
Gets details for a specific route by route_id.
Updates a route with new parameters.
Removes a route by route_id.
Enables a route by route_id.
Disables a route by route_id.
Retrieves a routing table with optional filtering.
Checks the path to a destination.
Gets the route cache.
Flushes the route cache.
Adds a default route (0.0.0.0/0) with a gateway.
Adds a blackhole route for a destination.
Gets statistics about the routing table.
Configures DNS servers and related options.
Retrieves current DNS settings.
Adds a static DNS entry with optional CNAME/MX/TXT/SRV records.
Lists static DNS entries with filters.
Gets details for a specific static DNS entry.
Updates a DNS static entry.
Removes a static DNS entry.
Enables a static DNS entry.
Disables a static DNS entry.
Gets the DNS cache.
Flushes the DNS cache.
Gets DNS cache statistics.
Adds a DNS regexp entry for pattern matching.
Tests a DNS query against a server.
Exports DNS configuration to a file.
Adds a new user with password and optional group/address constraints.
Lists users with optional filters.
Gets details for a specific user.
Updates user credentials and attributes.
Removes a user.
Disables a user account.
Enables a user account.
Adds a new user group with policy and optional skins.
Lists user groups.
Gets details for a specific user group.
Updates a user group permissions/skin.
Removes a user group.
Retrieves currently active users.
Disconnects a user session by ID.
Exports the user configuration to a file.
Associates SSH keys with a user.
Lists SSH keys for a user.
Removes an SSH key by ID.