ruckus-mcp
Click on "Install Server".
Wait a few minutes for the server to deploy. Once ready, it will show a "Started" state.
In the chat, type
@followed by the MCP server name and your instructions, e.g., "@ruckus-mcplist all access points"
That's it! The server will respond to your query, and you can continue using it as needed.
Here is a step-by-step guide with screenshots.
ruckus-mcp
MCP server for Ruckus Unleashed (tested on R500/R600, built-in Embedthis-Appweb web server). Uses aioruckus to talk to the controller's AJAX API.
Tools
Monitoring
Tool | Description |
| Firmware version, AP count, operating mode, master AP |
| Access points, their stats, and groups |
| Mesh topology: root/member APs, backhaul RSSI |
| Connected clients (filter by SSID/AP) |
| SSIDs, WLAN groups, VAP stats |
| Events and logs |
| Rogue access points detected over the air |
| Blocklist, DPSK keys, ACLs |
| List of all |
Management
Tool | Description |
| Manage an access point by MAC |
| Manage an SSID |
| Manage a client by MAC |
Related MCP server: UniFi Network MCP Server
Setup
git clone <this-repo> ruckus-mcp && cd ruckus-mcp
python3 -m venv venv
source venv/bin/activate # Windows: venv\Scripts\activate
pip install -r requirements.txt
cp .env.example .env # fill in RUCKUS_HOST/USER/PASS, MCP_SECRET
uvicorn server:app --host 0.0.0.0 --port 8003Systemd unit example: deploy/ruckus-mcp.service.
Security model
Auth is an
Authorization: Bearer $MCP_SECRETheader on/mcp. Unlike the other servers in this line-up, theAuthorizationheader is always required here — even withoutMCP_SECRETset, you still need to sendAuthorization: Bearer(empty value). It's recommended to always setMCP_SECRET./.well-known/oauth-authorization-server+/oauth/authorize+/oauth/tokenare a compatible stub for claude.ai custom connectors, which don't support a static API key — only full OAuth 2.1 or no auth at all. The actual protection is the Bearer token on/mcp.redirect_uriin/oauth/authorizeis checked against an allowlist (claude.ai,anthropic.com,console.anthropic.com,localhost).Important if you extend
get_system_info:aioruckus.get_system_info(SystemStat.ALL)returns the controller's entire raw config, including the local admin password in plaintext, TR-069/CWMP passwords, and cloud keys (AWS SNS, PubNub)._clean_system_info()in the code whitelists only the safe fields — if you add new fields to this tool's output, whitelist them explicitly, don't widen it via**infoor similar.TLS verification to the controller is disabled (
ssl.CERT_NONE,SECLEVEL=0) — typical Unleashed firmware uses self-signed certificates with a weak key. This is an intentional tradeoff for a trusted local network; don't pointRUCKUS_HOSTat anything outside your LAN/VPN.Outbound transport: the server itself does not terminate TLS — it listens on plain HTTP. If it's reachable beyond localhost/a trusted LAN (and especially if you're connecting it as a custom connector in claude.ai, where HTTPS is required), put TLS termination in front of it: Cloudflare Tunnel, Tailscale Funnel, nginx/Caddy + Let's Encrypt, etc. Without that, the Bearer token (
MCP_SECRET) in theAuthorizationheader goes out in plaintext. (This is a separate concern from the TLS verification to the controller described above.)
Requirements
Ruckus Unleashed (web UI on 443/8443).
Python 3.11+.
License
MIT — see LICENSE.
This server cannot be installed
Maintenance
Resources
Unclaimed servers have limited discoverability.
Looking for Admin?
If you are the server author, to access and configure the admin panel.
Latest Blog Posts
- Why MCP Servers Need Execution Sandboxing (And Why Your Current Stack Isn't Enough)By Om-Shree-0709 on .Agentic AiPrompt InjectionWebAssembly
MCP directory API
We provide all the information about MCP servers via our MCP API.
curl -X GET 'https://glama.ai/api/mcp/v1/servers/nickcheban/ruckus-mcp'
If you have feedback or need assistance with the MCP directory API, please join our Discord server