MikroMCP
MikroMCP turns MikroTik RouterOS into an AI-native MCP server, enabling AI agents to inspect, diagnose, and safely manage routers through ~77 structured tools.
System Management: Retrieve system status (CPU, memory, identity, license, health sensors), manage the clock, reboot devices, and execute guarded RouterOS console commands via SSH.
Interfaces & IP: List and manage network interfaces (Ethernet, VLANs, bridges, WiFi, WireGuard), IP addresses, and bridge ports.
DHCP & DNS: Manage DHCP servers, pools, and leases; manage static DNS records and read resolver settings.
Firewall & Policy: Inspect and manage firewall filter, NAT, and mangle rules, address lists, and IPSec peers/policies.
Routing: Manage static routes, policy routing rules, and custom routing tables; view BGP peer and OSPF neighbor states.
Security & Users: Manage certificates and local RouterOS user accounts.
QoS, HA & Monitoring: Manage simple queues, VRRP instances, Netwatch entries, and read SNMP/NTP settings.
Diagnostics: Run ping, traceroute, and torch from the router; filter system logs; discover neighbors via CDP/LLDP/MNDP; view ARP table.
Automation: Manage and execute RouterOS scripts, scheduled jobs, packages, containers, and files.
Safe Change Management: Preview changes with dry-run, plan/apply/rollback workflows with journaling, idempotent writes, and confirmation tokens for destructive actions.
Fleet Operations: Health-check individual routers and bulk-execute tools across multiple routers in parallel by ID or tag.
Production Features: RBAC, bearer tokens, per-router credentials, TLS, audit logging, circuit breakers, retry policies, rate limiting, and maintenance windows.
Provides tools for managing and automating MikroTik RouterOS devices, including system status, network operations, firewall, routing, diagnostics, and change management.
MikroMCP
AI-native network automation for MikroTik RouterOS. MikroMCP exposes RouterOS as a typed, auditable Model Context Protocol server so Claude, Cursor, Codex, and other MCP clients can inspect, diagnose, and safely operate MikroTik routers in natural language.
MikroMCP exists because raw router CLI access is the wrong abstraction for AI agents. RouterOS is powerful, but asking an LLM to improvise shell commands against production network gear is risky. MikroMCP gives agents a controlled tool surface: strict schemas, idempotent writes, dry-run previews, per-router circuit breakers, retry policies, RBAC, audit logs, snapshots, and rollback-aware change workflows.
In one sentence: MikroMCP turns MikroTik RouterOS into a production-minded MCP control plane for AI infrastructure, DevOps automation, and modern router management.

Quick Start
That's the whole setup for a single-router stdio deployment. For standalone binaries, Docker, HTTP/SSE mode, the RouterOS API prerequisites, and the full 15-minute walkthrough, see the Getting Started guide.
Related MCP server: RouterOS MCP Server
Feature Showcase
Category | What MikroMCP covers |
๐งญ Router management | System status, clock, reboot, packages, files, scripts, scheduler jobs, containers |
๐ Network operations | Interfaces, VLANs, IP addresses, DHCP leases, DNS static records, bridge ports, WiFi clients |
๐ฅ Firewall and policy | Filter/NAT rules, mangle rules, address lists, route tables, routing rules |
๐ฐ๏ธ Routing visibility | Static routes, routing tables, BGP peers, OSPF neighbors |
๐ Secure access | HTTP bearer auth, bcrypt token hashes, RBAC, router/tool restrictions, confirmation tokens |
๐งช Diagnostics | Router-originated |
๐ก๏ธ Change safety | Dry-run, idempotent writes, snapshots, write journal, |
โ๏ธ Production behavior | Retries for read tools, per-router circuit breakers, correlation IDs, structured logs, audit logs |
๐ค AI-agent fit | Human-readable responses plus structured JSON content for reasoning, chaining, and automation; server advertises an |
๐งฉ MCP compatibility | stdio for desktop clients, Streamable HTTP and legacy SSE for remote or service-style clients |
117 typed tools in total โ browse the full catalog with parameters, defaults, and copy-paste example prompts in Available Tools.
Demo
Usage
Review by Claude

Real-World Usage Examples
Router Inspection
Use MikroMCP to inspect core-01. Summarize system resources, RouterOS version,
running interfaces, active routes, DNS settings, and recent warning/error logs.
Flag anything that looks operationally risky.Firewall Management
List firewall filter and NAT rules on edge-01. Identify disabled rules,
overlapping port forwards, broad accept rules, and anything without comments.
Do not change anything yet.Safe Static Route Change
Dry-run a route on core-01 for 10.20.0.0/16 via 192.168.88.1 in the main table.
Show the exact planned diff and tell me whether an existing route conflicts.WireGuard Operations
Show WireGuard peers on branch-02. Sort by last handshake age and flag peers
that have not handshaken recently or have no transfer counters.Interface Diagnostics
Check interface health on edge-01, then run ping and traceroute from the router
to 1.1.1.1. If packet loss is present, use torch on the WAN interface for a
short traffic snapshot.Plan / Apply / Rollback Workflow
Create a change plan that adds a DNS record and a firewall address-list entry
on edge-01. Use dry-run first, explain the plan, then wait for approval before
applying anything.Why MikroMCP Is Useful For AI Agents
MCP gives LLMs a standard way to call tools. MikroMCP makes RouterOS a high-quality MCP target by turning network operations into well-described, machine-readable, permission-aware actions.
AI assistants can use MikroMCP to:
Investigate router state without memorizing RouterOS command syntax.
Chain tool calls across interfaces, routes, firewall rules, logs, and diagnostics.
Return both operator-friendly summaries and structured JSON for follow-up reasoning.
Preview changes before mutation and explain exactly what would happen.
Respect tool-level authorization, router scoping, maintenance windows, and confirmation gates.
FAQ
What is MikroMCP?
MikroMCP is an open-source Model Context Protocol (MCP) server that exposes MikroTik RouterOS as 117 typed, auditable tools โ letting AI assistants inspect, diagnose, and safely operate routers in natural language instead of improvising CLI commands.
MikroMCP vs RouterOS API
The RouterOS REST/API exposes raw endpoints. MikroMCP wraps them in schema-validated, idempotent, dry-run-able tools with RBAC, audit logging, snapshots, and rollback โ the safety layer an LLM needs before it touches production gear.
MikroMCP vs SSH automation
Instead of brittle SSH scripts that screen-scrape CLI output, MikroMCP returns structured, typed results with confirmation gates and per-router circuit breakers. SSH is used only where REST can't reach โ ping, traceroute, torch, and guarded run_command.
MikroMCP for Claude Code
MikroMCP speaks MCP over stdio and HTTP/SSE, so Claude Code and Claude Desktop drive RouterOS directly. Pair it with the bundled usage skill for safe, guided workflows.
MikroMCP for Codex
Codex connects to MikroMCP over the standard MCP protocol โ see Connecting to AI Assistants.
MikroMCP for Cursor
Cursor connects to MikroMCP as an MCP server (stdio or HTTP) to inspect and manage MikroTik routers without leaving the editor.
MikroMCP for OpenClaw
Any MCP-compatible client โ OpenClaw included โ can use MikroMCP; configure it as a stdio or HTTP MCP server.
RouterOS AI Automation Guide
Start with Getting Started to install and connect, then use the usage skill and Available Tools to automate RouterOS safely with an AI assistant.
Best MCP Servers for Network Engineers
MikroMCP is purpose-built for MikroTik/RouterOS operations with production-grade safety โ dry-run, rollback, audit, and RBAC โ making it a strong MCP choice for network engineers adopting AI tooling.
Documentation
The README stays intentionally short. Everything below is documented in depth in the wiki:
Resource | Use it for |
Install (npm, binary, Docker), configure, and connect in 15 minutes | |
Enable the REST API, create a user, TLS and firewall | |
Router registry, credentials, all environment variables | |
Run commands, HTTP/SSE transport, troubleshooting | |
Register MikroMCP in Claude Desktop | |
Claude Code, Cursor, Codex, HTTP/Docker/systemd | |
Install the MikroMCP usage skill so your assistant drives the tools safely | |
All 117 tools โ parameters and example prompts | |
System layers, request pipeline, auth model | |
Error categories, retry engine, circuit breaker | |
Threat model, hardening checklist, vulnerability reporting | |
Project structure, tests, MCP Inspector workflow | |
Adding tools, coding conventions, PR checklist | |
Shipped milestones and guiding principles |
Contributing
Issues, bug reports, tool requests, documentation improvements, and pull requests are welcome.
Good first contributions:
Add a read-only tool for an uncovered RouterOS surface.
Add screenshots, demo GIFs, or topology diagrams.
Expand tests around RouterOS response normalization and idempotency edge cases.
Help validate RouterOS version compatibility across real MikroTik devices and CHR.
Development standards:
TypeScript strict mode, ESM imports with
.jsextensionsZod schemas with
.strict(), idempotency anddryRunfor write toolsMikroMCPErrorfor domain errors, focused Vitest coverage for every tool
Please open an issue before large changes so maintainers can align on scope.
Security
MikroMCP controls real network devices โ treat it like an operations system: least-privilege RouterOS users, verified TLS (or pinned fingerprints), credentials only in ~/.mikromcp/.env, scoped RBAC identities, and audit logging for shared use. The full hardening checklist and vulnerability-reporting process are on the Security page.
Community And Support
โญ Star the repository if MikroMCP helps your MikroTik or MCP workflow.
๐ด Fork it to add RouterOS surfaces your network depends on.
๐งต Open an issue for bugs, feature requests, compatibility notes, or documentation gaps.
License
MikroMCP is released under the MIT License.
Maintenance
Latest Blog Posts
- Why MCP Servers Need Execution Sandboxing (And Why Your Current Stack Isn't Enough)By Om-Shree-0709 on .Agentic AiPrompt InjectionWebAssembly
MCP directory API
We provide all the information about MCP servers via our MCP API.
curl -X GET 'https://glama.ai/api/mcp/v1/servers/AliKarami/MikroMCP'
If you have feedback or need assistance with the MCP directory API, please join our Discord server