Examples
Two ways to drive the server: type structured tool calls yourself, or just ask an AI client in
plain English. The examples below use mcp-cli so every argument is explicit — but the
same JSON arguments are what Claude Desktop or an MCPO REST call would send.
The mcp-cli pattern
Every command on this page follows the same shape. --server mikrotik is the server name
from your mcp-cli config, --tool is any tool from the
API reference, and --tool-args is a JSON object of that
tool's parameters.
# the shape of every call
$ uv run mcp-cli cmd --server mikrotik \ --tool <tool_name> \ --tool-args '{ "param": "value" }'
TIP
The
--tool-args JSON is portable. Paste the same object into the MCP Inspector's
argument form, or POST it to /<server>/<tool> through MCPO — see
Integrations.
Basic operations
Single-tool calls grouped by category. Copy any block and swap in your own names, addresses, and IDs.
VLAN interfaces
# create · list · get · update · remove
# Create a VLAN interface $ uv run mcp-cli cmd --server mikrotik --tool mikrotik_create_vlan_interface \ --tool-args '{"name": "vlan100", "vlan_id": 100, "interface": "ether1", "comment": "Production VLAN"}' # List all VLANs $ uv run mcp-cli cmd --server mikrotik --tool mikrotik_list_vlan_interfaces --tool-args '{}' # Get one VLAN's details $ uv run mcp-cli cmd --server mikrotik --tool mikrotik_get_vlan_interface --tool-args '{"name": "vlan100"}' # Update, then remove $ uv run mcp-cli cmd --server mikrotik --tool mikrotik_update_vlan_interface \ --tool-args '{"name": "vlan100", "comment": "Updated Production VLAN"}' $ uv run mcp-cli cmd --server mikrotik --tool mikrotik_remove_vlan_interface --tool-args '{"name": "vlan100"}'
PoE (Power over Ethernet) — read-only monitoring
# monitor · list · per-port settings
# Real-time PoE-out telemetry (voltage, current, power) for one or more ports $ uv run mcp-cli cmd --server mikrotik --tool get_poe_monitor --tool-args '{"interfaces": "ether1"}' # List PoE-capable interfaces (PoE-out mode, priority) $ uv run mcp-cli cmd --server mikrotik --tool list_poe --tool-args '{"interface_filter": "ether"}' # Detailed PoE-out settings for a specific port $ uv run mcp-cli cmd --server mikrotik --tool get_poe_settings --tool-args '{"name": "ether1"}'
IP addresses
# bind / inspect / remove an address
# Add an address to an interface $ uv run mcp-cli cmd --server mikrotik --tool mikrotik_add_ip_address \ --tool-args '{"address": "192.168.100.1/24", "interface": "vlan100", "comment": "Gateway address"}' # List (filtered) and remove by record ID $ uv run mcp-cli cmd --server mikrotik --tool mikrotik_list_ip_addresses --tool-args '{"interface_filter": "vlan100"}' $ uv run mcp-cli cmd --server mikrotik --tool mikrotik_remove_ip_address --tool-args '{"address_id": "*1"}'
DHCP server (pool → network → server)
# build a DHCP service in three steps
$ uv run mcp-cli cmd --server mikrotik --tool mikrotik_create_dhcp_pool \ --tool-args '{"name": "pool-vlan100", "ranges": "192.168.100.10-192.168.100.200"}' $ uv run mcp-cli cmd --server mikrotik --tool mikrotik_create_dhcp_network \ --tool-args '{"network": "192.168.100.0/24", "gateway": "192.168.100.1", "dns_servers": ["8.8.8.8", "8.8.4.4"]}' $ uv run mcp-cli cmd --server mikrotik --tool mikrotik_create_dhcp_server \ --tool-args '{"name": "dhcp-vlan100", "interface": "vlan100", "address_pool": "pool-vlan100"}'
NAT rules
# masquerade out, port-forward in
# Masquerade (outbound internet) $ uv run mcp-cli cmd --server mikrotik --tool mikrotik_create_nat_rule \ --tool-args '{"chain": "srcnat", "action": "masquerade", "out_interface": "ether1", "comment": "Internet access"}' # Port-forward HTTP to an internal host $ uv run mcp-cli cmd --server mikrotik --tool mikrotik_create_nat_rule \ --tool-args '{"chain": "dstnat", "action": "dst-nat", "dst_port": "80", "protocol": "tcp", "to_addresses": "192.168.100.10", "to_ports": "80", "comment": "Web server"}' # Reorder / toggle / remove $ uv run mcp-cli cmd --server mikrotik --tool mikrotik_move_nat_rule --tool-args '{"rule_id": "*1", "destination": 0}' $ uv run mcp-cli cmd --server mikrotik --tool mikrotik_remove_nat_rule --tool-args '{"rule_id": "*1"}'
IP pools
# create · inspect · expand
$ uv run mcp-cli cmd --server mikrotik --tool mikrotik_create_ip_pool \ --tool-args '{"name": "main-pool", "ranges": "192.168.1.100-192.168.1.200"}' # List with live usage, then expand without disruption $ uv run mcp-cli cmd --server mikrotik --tool mikrotik_list_ip_pools --tool-args '{"include_used": true}' $ uv run mcp-cli cmd --server mikrotik --tool mikrotik_expand_ip_pool \ --tool-args '{"name": "main-pool", "additional_ranges": "192.168.1.201-192.168.1.250"}'
Firewall filter rules
# baseline input chain
# Accept established/related, drop invalid, allow ICMP $ uv run mcp-cli cmd --server mikrotik --tool mikrotik_create_filter_rule \ --tool-args '{"chain": "input", "action": "accept", "connection_state": "established,related", "comment": "Accept established"}' $ uv run mcp-cli cmd --server mikrotik --tool mikrotik_create_filter_rule \ --tool-args '{"chain": "input", "action": "drop", "connection_state": "invalid", "comment": "Drop invalid"}' # Or scaffold a sensible baseline in one call $ uv run mcp-cli cmd --server mikrotik --tool mikrotik_create_basic_firewall_setup --tool-args '{}'
Routes
# static · default · path check
$ uv run mcp-cli cmd --server mikrotik --tool mikrotik_add_route \ --tool-args '{"dst_address": "10.0.0.0/8", "gateway": "192.168.1.1", "comment": "Corporate network"}' $ uv run mcp-cli cmd --server mikrotik --tool mikrotik_add_default_route --tool-args '{"gateway": "192.168.1.1", "distance": 1}' $ uv run mcp-cli cmd --server mikrotik --tool mikrotik_check_route_path --tool-args '{"destination": "8.8.8.8"}'
DNS
# upstream servers, static records, blocklists
$ uv run mcp-cli cmd --server mikrotik --tool mikrotik_set_dns_servers \ --tool-args '{"servers": ["8.8.8.8", "8.8.4.4"], "allow_remote_requests": true}' $ uv run mcp-cli cmd --server mikrotik --tool mikrotik_add_dns_static \ --tool-args '{"name": "router.local", "address": "192.168.1.1", "comment": "Local router"}' # Regex ad-block, then a live test query $ uv run mcp-cli cmd --server mikrotik --tool mikrotik_add_dns_regexp \ --tool-args '{"regexp": ".*\\.ads\\..*", "address": "0.0.0.0", "comment": "Block ads"}' $ uv run mcp-cli cmd --server mikrotik --tool mikrotik_test_dns_query --tool-args '{"name": "google.com"}'
Users
# account + group provisioning
$ uv run mcp-cli cmd --server mikrotik --tool mikrotik_add_user \ --tool-args '{"name": "newuser", "password": "SecurePass123", "group": "write", "comment": "New operator"}' $ uv run mcp-cli cmd --server mikrotik --tool mikrotik_add_user_group \ --tool-args '{"name": "operators", "policy": ["read", "write", "test"], "comment": "Operator group"}' $ uv run mcp-cli cmd --server mikrotik --tool mikrotik_get_active_users --tool-args '{}'
Backup & logs
# snapshot config, then read the logs
# Binary backup + declarative export $ uv run mcp-cli cmd --server mikrotik --tool mikrotik_create_backup \ --tool-args '{"name": "full_backup", "include_password": true}' $ uv run mcp-cli cmd --server mikrotik --tool mikrotik_create_export \ --tool-args '{"name": "config_export", "file_format": "rsc", "export_type": "full"}' # Read logs by topic; search for failed logins $ uv run mcp-cli cmd --server mikrotik --tool mikrotik_get_logs --tool-args '{"topics": "firewall", "limit": 100}' $ uv run mcp-cli cmd --server mikrotik --tool mikrotik_search_logs \ --tool-args '{"search_term": "login failed", "case_sensitive": false}'
Wireless configuration
Wireless tooling depends on the device's RouterOS wireless package — run
mikrotik_check_wireless_support first.
Interfaces
# AP, station, and 5GHz interfaces
# Basic AP $ uv run mcp-cli cmd --server mikrotik --tool mikrotik_create_wireless_interface \ --tool-args '{"name": "wlan1", "radio_name": "wlan1", "mode": "ap-bridge", "ssid": "MyNetwork", "comment": "Main WiFi Network"}' # 5GHz AP with explicit band and channel width $ uv run mcp-cli cmd --server mikrotik --tool mikrotik_create_wireless_interface \ --tool-args '{"name": "wlan-5g", "radio_name": "wlan1", "mode": "ap-bridge", "ssid": "MyNetwork-5G", "frequency": "5180", "band": "5ghz-a/n/ac", "channel_width": "80mhz"}'
Security profiles
# WPA2-PSK and open profiles
$ uv run mcp-cli cmd --server mikrotik --tool mikrotik_create_wireless_security_profile \ --tool-args '{"name": "wpa2-security", "mode": "dynamic-keys", "authentication_types": ["wpa2-psk"], "unicast_ciphers": ["aes-ccm"], "group_ciphers": ["aes-ccm"], "wpa2_pre_shared_key": "SecurePassword123"}' # Attach a profile to an interface $ uv run mcp-cli cmd --server mikrotik --tool mikrotik_set_wireless_security_profile \ --tool-args '{"interface_name": "wlan1", "security_profile": "wpa2-security"}'
Scanning & access lists
# survey, list clients, allow a MAC
$ uv run mcp-cli cmd --server mikrotik --tool mikrotik_scan_wireless_networks --tool-args '{"interface": "wlan1", "duration": 10}' $ uv run mcp-cli cmd --server mikrotik --tool mikrotik_get_wireless_registration_table --tool-args '{"interface": "wlan1"}' $ uv run mcp-cli cmd --server mikrotik --tool mikrotik_create_wireless_access_list \ --tool-args '{"interface": "wlan1", "mac_address": "AA:BB:CC:DD:EE:FF", "action": "accept", "comment": "Trusted device"}'
Complete workflows
These chain several tool calls into a single repeatable procedure. Run them top to bottom — each step assumes the previous one succeeded. Wrapping the whole sequence in safe mode means a lost connection rolls every change back automatically.
Setting up a new network segment
A self-contained guest VLAN (vlan200) with its own subnet, DHCP, and
masqueraded internet access.
# VLAN → addressing → DHCP → NAT
# 1. Create the VLAN on the trunk port $ uv run mcp-cli cmd --server mikrotik --tool mikrotik_create_vlan_interface \ --tool-args '{"name": "vlan200", "vlan_id": 200, "interface": "ether1", "comment": "Guest Network"}' # 2. Give the VLAN a gateway address $ uv run mcp-cli cmd --server mikrotik --tool mikrotik_add_ip_address \ --tool-args '{"address": "192.168.200.1/24", "interface": "vlan200"}' # 3. Create the DHCP address pool $ uv run mcp-cli cmd --server mikrotik --tool mikrotik_create_dhcp_pool \ --tool-args '{"name": "pool-200", "ranges": "192.168.200.10-192.168.200.100"}' # 4. Define the DHCP network (gateway + DNS) $ uv run mcp-cli cmd --server mikrotik --tool mikrotik_create_dhcp_network \ --tool-args '{"network": "192.168.200.0/24", "gateway": "192.168.200.1", "dns_servers": ["8.8.8.8", "8.8.4.4"]}' # 5. Bind a DHCP server to the VLAN + pool $ uv run mcp-cli cmd --server mikrotik --tool mikrotik_create_dhcp_server \ --tool-args '{"name": "dhcp-200", "interface": "vlan200", "address_pool": "pool-200"}' # 6. Masquerade the segment out to the internet $ uv run mcp-cli cmd --server mikrotik --tool mikrotik_create_nat_rule \ --tool-args '{"chain": "srcnat", "action": "masquerade", "out_interface": "ether1", "comment": "Internet access for VLAN 200"}'
Port forwarding setup
Expose internal services by mapping public ports on 203.0.113.1 to a host at
192.168.100.10 with dst-nat rules.
# HTTP, HTTPS, and a remapped SSH port
# Forward HTTP (80 → 80) $ uv run mcp-cli cmd --server mikrotik --tool mikrotik_create_nat_rule \ --tool-args '{"chain": "dstnat", "action": "dst-nat", "dst_address": "203.0.113.1", "dst_port": "80", "protocol": "tcp", "to_addresses": "192.168.100.10", "to_ports": "80", "comment": "Web server"}' # Forward HTTPS (443 → 443) $ uv run mcp-cli cmd --server mikrotik --tool mikrotik_create_nat_rule \ --tool-args '{"chain": "dstnat", "action": "dst-nat", "dst_address": "203.0.113.1", "dst_port": "443", "protocol": "tcp", "to_addresses": "192.168.100.10", "to_ports": "443", "comment": "HTTPS server"}' # Remap an external SSH port (2222 → 22) $ uv run mcp-cli cmd --server mikrotik --tool mikrotik_create_nat_rule \ --tool-args '{"chain": "dstnat", "action": "dst-nat", "dst_address": "203.0.113.1", "dst_port": "2222", "protocol": "tcp", "to_addresses": "192.168.100.10", "to_ports": "22", "comment": "SSH server"}'
Backup and restore process
Capture a binary backup plus human-readable exports you can diff and store in version control. Section exports let you snapshot just the firewall or NAT tables.
# backup → full export → per-section exports
# 1. Create a dedicated read-only backup account $ uv run mcp-cli cmd --server mikrotik --tool mikrotik_add_user \ --tool-args '{"name": "backup_user", "password": "BackupPass123", "group": "read", "comment": "Backup account"}' # 2. Full binary backup (restorable on the same device) $ uv run mcp-cli cmd --server mikrotik --tool mikrotik_create_backup \ --tool-args '{"name": "daily_backup", "include_password": true}' # 3. Full text export (.rsc) — portable + diff-able $ uv run mcp-cli cmd --server mikrotik --tool mikrotik_create_export \ --tool-args '{"name": "config_export", "file_format": "rsc", "export_type": "full"}' # 4. Export just the firewall filter table $ uv run mcp-cli cmd --server mikrotik --tool mikrotik_export_section \ --tool-args '{"section": "/ip/firewall/filter", "name": "firewall_backup"}' # 5. Export just the NAT table $ uv run mcp-cli cmd --server mikrotik --tool mikrotik_export_section \ --tool-args '{"section": "/ip/firewall/nat", "name": "nat_backup"}'
WiFi network setups
Five end-to-end wireless recipes. Each follows the same shape: build a security profile,
create the interface, attach the profile, then enable it. Run
mikrotik_check_wireless_support first to confirm the device's wireless package.
Basic home network
# WPA2-PSK AP on 2.4GHz
# 1. Security profile (WPA2-PSK) $ uv run mcp-cli cmd --server mikrotik --tool mikrotik_create_wireless_security_profile \ --tool-args '{"name": "home-security", "mode": "dynamic-keys", "authentication_types": ["wpa2-psk"], "unicast_ciphers": ["aes-ccm"], "group_ciphers": ["aes-ccm"], "wpa2_pre_shared_key": "MyHomePassword123"}' # 2. Wireless interface $ uv run mcp-cli cmd --server mikrotik --tool mikrotik_create_wireless_interface \ --tool-args '{"name": "home-wifi", "radio_name": "wlan1", "mode": "ap-bridge", "ssid": "HomeNetwork", "band": "2ghz-b/g/n", "comment": "Main home network"}' # 3. Apply the profile, then 4. enable $ uv run mcp-cli cmd --server mikrotik --tool mikrotik_set_wireless_security_profile \ --tool-args '{"interface_name": "home-wifi", "security_profile": "home-security"}' $ uv run mcp-cli cmd --server mikrotik --tool mikrotik_enable_wireless_interface --tool-args '{"name": "home-wifi"}'
Guest network
# open SSID, isolated from the LAN
# 1. Open security profile (no encryption) $ uv run mcp-cli cmd --server mikrotik --tool mikrotik_create_wireless_security_profile \ --tool-args '{"name": "guest-open", "mode": "none", "comment": "Open guest network"}' # 2. Guest interface $ uv run mcp-cli cmd --server mikrotik --tool mikrotik_create_wireless_interface \ --tool-args '{"name": "guest-wifi", "radio_name": "wlan1", "mode": "ap-bridge", "ssid": "GuestNetwork", "comment": "Guest access network"}' # 3. Apply the profile, then 4. enable $ uv run mcp-cli cmd --server mikrotik --tool mikrotik_set_wireless_security_profile \ --tool-args '{"interface_name": "guest-wifi", "security_profile": "guest-open"}' $ uv run mcp-cli cmd --server mikrotik --tool mikrotik_enable_wireless_interface --tool-args '{"name": "guest-wifi"}'
Enterprise network (WPA2-EAP)
# 802.1X on 5GHz + per-device access list
# 1. WPA2-Enterprise profile (PEAP) $ uv run mcp-cli cmd --server mikrotik --tool mikrotik_create_wireless_security_profile \ --tool-args '{"name": "corp-security", "mode": "dynamic-keys", "authentication_types": ["wpa2-eap"], "unicast_ciphers": ["aes-ccm"], "group_ciphers": ["aes-ccm"], "eap_methods": "peap", "comment": "Corporate WPA2-Enterprise"}' # 2. 5GHz corporate interface $ uv run mcp-cli cmd --server mikrotik --tool mikrotik_create_wireless_interface \ --tool-args '{"name": "corp-wifi", "radio_name": "wlan1", "mode": "ap-bridge", "ssid": "CorpNetwork", "band": "5ghz-a/n/ac", "channel_width": "80mhz", "comment": "Corporate network"}' # 3. Apply security profile $ uv run mcp-cli cmd --server mikrotik --tool mikrotik_set_wireless_security_profile \ --tool-args '{"interface_name": "corp-wifi", "security_profile": "corp-security"}' # 4. Allow a specific corporate device by MAC $ uv run mcp-cli cmd --server mikrotik --tool mikrotik_create_wireless_access_list \ --tool-args '{"interface": "corp-wifi", "mac_address": "00:11:22:33:44:55", "action": "accept", "comment": "Corporate laptop"}'
Dual-band (2.4GHz + 5GHz)
# one profile, two radios, same SSID family
# 1. Shared security profile $ uv run mcp-cli cmd --server mikrotik --tool mikrotik_create_wireless_security_profile \ --tool-args '{"name": "dual-band-security", "mode": "dynamic-keys", "authentication_types": ["wpa2-psk"], "unicast_ciphers": ["aes-ccm"], "group_ciphers": ["aes-ccm"], "wpa2_pre_shared_key": "DualBandPassword123"}' # 2. 2.4GHz radio $ uv run mcp-cli cmd --server mikrotik --tool mikrotik_create_wireless_interface \ --tool-args '{"name": "wifi-2g", "radio_name": "wlan1", "mode": "ap-bridge", "ssid": "MyNetwork", "band": "2ghz-b/g/n", "channel_width": "20mhz", "comment": "2.4GHz network"}' # 3. 5GHz radio $ uv run mcp-cli cmd --server mikrotik --tool mikrotik_create_wireless_interface \ --tool-args '{"name": "wifi-5g", "radio_name": "wlan2", "mode": "ap-bridge", "ssid": "MyNetwork-5G", "band": "5ghz-a/n/ac", "channel_width": "80mhz", "comment": "5GHz network"}' # 4. Apply security to both radios $ uv run mcp-cli cmd --server mikrotik --tool mikrotik_set_wireless_security_profile \ --tool-args '{"interface_name": "wifi-2g", "security_profile": "dual-band-security"}' $ uv run mcp-cli cmd --server mikrotik --tool mikrotik_set_wireless_security_profile \ --tool-args '{"interface_name": "wifi-5g", "security_profile": "dual-band-security"}' # 5. Enable both $ uv run mcp-cli cmd --server mikrotik --tool mikrotik_enable_wireless_interface --tool-args '{"name": "wifi-2g"}' $ uv run mcp-cli cmd --server mikrotik --tool mikrotik_enable_wireless_interface --tool-args '{"name": "wifi-5g"}'
Point-to-point link
A station ↔ AP bridge on a fixed 5GHz frequency. Run the station command on one device and the AP command on the other, then apply the shared profile to both ends.
# station + AP on 5180 MHz
# Device A — station end $ uv run mcp-cli cmd --server mikrotik --tool mikrotik_create_wireless_interface \ --tool-args '{"name": "p2p-station", "radio_name": "wlan1", "mode": "station", "ssid": "P2P-Link", "frequency": "5180", "band": "5ghz-a/n"}' # Device B — AP end $ uv run mcp-cli cmd --server mikrotik --tool mikrotik_create_wireless_interface \ --tool-args '{"name": "p2p-ap", "radio_name": "wlan1", "mode": "ap-bridge", "ssid": "P2P-Link", "frequency": "5180", "band": "5ghz-a/n"}' # Shared link security $ uv run mcp-cli cmd --server mikrotik --tool mikrotik_create_wireless_security_profile \ --tool-args '{"name": "p2p-security", "mode": "dynamic-keys", "authentication_types": ["wpa2-psk"], "unicast_ciphers": ["aes-ccm"], "group_ciphers": ["aes-ccm"], "wpa2_pre_shared_key": "P2PLinkPassword123"}' # Apply to both ends $ uv run mcp-cli cmd --server mikrotik --tool mikrotik_set_wireless_security_profile \ --tool-args '{"interface_name": "p2p-station", "security_profile": "p2p-security"}' $ uv run mcp-cli cmd --server mikrotik --tool mikrotik_set_wireless_security_profile \ --tool-args '{"interface_name": "p2p-ap", "security_profile": "p2p-security"}'
Natural language
Because every tool ships a description and typed schema, an MCP-aware assistant can turn a
plain-English request into the right sequence of calls. Below are real prompts and the actual
tools each one drives — see the API reference for parameters.
Tools in the Queues category are called without the
mikrotik_ prefix.
Prompt
Create a new VLAN 200 for the guest network on ether1, assign IP 192.168.200.1/24, set up DHCP from .10 to .250, and add a masquerade NAT rule for internet access.
What the assistant does
- Creates VLAN 200 on
ether1asvlan200-guest - Assigns
192.168.200.1/24to the VLAN interface - Creates an IP pool for the
.10–.250range - Configures the DHCP network (gateway + DNS), then creates the DHCP server
- Adds a
srcnatmasquerade rule outether1
mikrotik_create_vlan_interface
mikrotik_add_ip_address
mikrotik_create_ip_pool
mikrotik_create_dhcp_network
mikrotik_create_dhcp_server
mikrotik_create_nat_rule
Prompt
Configure port forwarding to redirect incoming HTTP (port 80) and HTTPS (port 443) traffic from ether1 to my internal web server at 192.168.1.100. Also add firewall rules to allow this forwarded traffic.
What the assistant does
- Creates a
dst-natrule forwarding port 80 to192.168.1.100 - Creates a
dst-natrule forwarding port 443 to the same host - Adds a
forward-chain filter rule accepting traffic to the web server
mikrotik_create_nat_rule
mikrotik_create_filter_rule
Prompt
Set up basic firewall security rules for my router. Accept established and related connections, drop invalid packets, allow ICMP ping, allow SSH access from WAN on port 22, and drop all other incoming WAN traffic. Also configure similar rules for forwarded traffic.
What the assistant does
- Adds an
inputrule accepting established/related connections - Drops invalid connection states
- Allows ICMP, then allows TCP/22 from the WAN interface
- Adds a default drop for all other WAN input
- Mirrors established/related + invalid handling on the
forwardchain
mikrotik_create_filter_rule
Prompt
Limit bandwidth for my guest network (192.168.200.0/24) to prevent abuse. Set maximum download speed to 10 Mbps and upload speed to 5 Mbps using queue rules, and ensure guest traffic is allowed through the firewall.
What the assistant does
- Creates a simple queue capping download at 10M for the guest subnet
- Creates a second simple queue capping upload at 5M
- Adds a
forward-chain rule accepting guest traffic
create_simple_queue
mikrotik_create_filter_rule
Prompt
Configure wlan1 as an access point with SSID "MyNetwork" using WPA2-PSK security. Set the password to "YourStrongPassword123", use the 2.4GHz b/g/n band, and enable the interface.
What the assistant does
- Creates a WPA2-PSK security profile with the supplied pre-shared key
- Configures
wlan1inap-bridgemode with the SSID and band - Applies the security profile to the interface
- Enables the wireless interface
mikrotik_create_wireless_security_profile
mikrotik_create_wireless_interface
mikrotik_set_wireless_security_profile
mikrotik_enable_wireless_interface