MikroTik MCP is the bridge between your AI assistant and your RouterOS fleet — let Claude, ChatGPT, or any MCP-capable client manage VLANs, firewall rules, DHCP, NAT, WireGuard, and 12 other categories from a single prompt. No web UI clicks. No Winbox tabs.
MikroTik MCP is a Model Context Protocol server. It exposes your RouterOS device's configuration surface as typed tools — your AI client picks the right one, fills in the parameters, and runs it over SSH. You stay in the loop; the model just handles the syntax.
Every RouterOS noun has a verb. "Make a VLAN" maps onto mikrotik_create_vlan_interface with strict, validated arguments. No hallucinated CLI.
Run it over stdio for desktop AI clients, expose it as SSE for streaming agents, or wrap it in HTTP for REST consumers via mcpo.
Wrap risky operations in RouterOS safe-mode sessions. If a change locks you out, the device rolls everything back automatically — no manual recovery.
Each category exposes typed tools — create, list, get, update, remove, plus category-specific verbs like move_filter_rule or flush_dns_cache. Click any to jump to its reference.
Create, list, get, update, and remove tagged interfaces on any parent port. IDs 1–4094.
9 toolsFilter rules across input, forward, output chains. Move, enable, disable, plus a basic-setup helper.
8 toolssrcnat / dstnat / masquerade. Port forwards, redirects, move, enable, disable.
6 toolsServers, networks, pools. Gateway + DNS push, lease configuration.
15 toolsStatic records, regexp blocklists, cache + statistics, query testing.
14 toolsStatic, default, blackhole. Active filters, table + cache inspection, path checks.
15 toolsInterfaces, peers, key management, client-config generation, allowed-IPs.
18 toolsLocal accounts, groups, policies, active sessions, SSH keys, exports.
10 toolsBinary backups, .rsc configuration exports, section dumps, file transfer, restore.
10 toolsStream, filter by topic or severity, search, statistics, export, live monitor.
7 toolsNamed pools, range expansion, used-address inspection.
4 toolsStatus, enable, commit, rollback sessions. Auto-revert on connection loss.
19 toolsSimple queues, queue trees, queue types. Rate limit per VLAN, per client.
4 toolsBind, list, get, remove. Comments, network filters, dynamic detection.
18 toolsInterfaces, security profiles, access lists, network scan, registration table.
4 toolsList, get, enable, disable any interface — physical or virtual.
3 toolsPower-over-Ethernet monitoring — live PoE-out voltage, current, power, and per-port settings.
/ip vlan add in three hops.The MCP server advertises typed tools to your AI client. The client picks the right one based on context, fills the parameters, and posts back. The server validates, translates to RouterOS CLI, and runs it over SSH against your device.
Pick a transport, paste a config, point it at your router. The Docker route is the shortest — no Python toolchain required.
# Clone & build $ git clone https://github.com/jeff-nasseri/mikrotik-mcp.git $ cd mikrotik-mcp $ docker build -t mikrotik-mcp . # Run with stdio (IDE integration) $ docker run --rm -i \ -e MIKROTIK_HOST=192.168.88.1 \ -e MIKROTIK_USERNAME=sshuser \ -e MIKROTIK_PASSWORD=your_password \ -e MIKROTIK_PORT=22 \ mikrotik-mcp
$ git clone https://github.com/jeff-nasseri/mikrotik-mcp.git $ cd mikrotik-mcp # Create & activate venv $ python -m venv .venv $ source .venv/bin/activate # Install + run $ pip install -e . $ mcp-server-mikrotik
{
"mcpServers": {
"mikrotik": {
"command": "uvx",
"args": [
"mcp-server-mikrotik",
"--host", "<HOST>",
"--username", "<USERNAME>",
"--password", "<PASSWORD>",
"--port", "22"
]
}
}
}
$ docker run --rm -p 8000:8000 \ -e MIKROTIK_HOST=192.168.88.1 \ -e MIKROTIK_USERNAME=sshuser \ -e MIKROTIK_PASSWORD=your_password \ -e MIKROTIK_MCP__TRANSPORT=sse \ mikrotik-mcp # Server is up: # SSE: http://localhost:8000/sse # Streamable HTTP: http://localhost:8000/mcp # Health probe: GET /health
Free, MIT-licensed, runs on your hardware. The model never sees your password — it only sees the tools.