MCP Directory

MikroMCP

Production-grade MCP server for MikroTik RouterOS — 117 typed, auditable tools for safe AI-native network automation.

Unverified
stdio (local)
No auth
TypeScript
View repo 35 Website npm

Add to your client

Copy the config for your MCP client and paste it into its config file.

Install / run
npm install -g mikromcp

Paste into ~/Library/Application Support/Claude/claude_desktop_config.json

{
  "mcpServers": {
    "mikromcp": {
      "command": "mikromcp",
      "args": [
        "serve"
      ],
      "env": {
        "MIKROMCP_CONFIG_PATH": "/absolute/path/to/config/routers.yaml",
        "ROUTER_CORE01_USER": "mcp-api",
        "ROUTER_CORE01_PASS": "your-router-password"
      }
    }
  }
}

Step-by-step guides: Add to Claude Desktop · Add to Cursor · Add to Windsurf

Before you start

  • Node.js >= 22
  • MikroTik RouterOS 7.x with the REST API enabled
  • A least-privilege RouterOS user with the required policies
  • A config/routers.yaml router registry with matching ROUTER_*_USER / ROUTER_*_PASS environment variables

About MikroMCP

MikroMCP is an open-source MCP server that turns MikroTik RouterOS into a production-minded control plane for AI infrastructure and DevOps automation. It wraps the RouterOS REST/API and SSH in 117 schema-validated, idempotent, dry-run-able tools with RBAC, audit logging, snapshots, and rollback — the safety layer an LLM needs before it touches production gear. Read tools carry auto-retry with exponential backoff; write tools are idempotent and support dryRun: true. Each router-scoped tool takes an optional routerId (resolved via MIKROMCP_DEFAULT_ROUTER, or the sole configured router). It speaks MCP over stdio for desktop clients and over Streamable HTTP / legacy SSE for remote deployments.

Tools & capabilities (17)

get_system_status

CPU load, memory, uptime, firmware version, and router identity in one call.

get_system_clock

Read the current date, time, and timezone from the router.

set_system_clock

Set the system date, time, and/or timezone (idempotent; returns already_set when no change is needed).

reboot

Trigger a controlled router reboot with an optional delay (0–3600 seconds). Destructive.

run_command

Execute an arbitrary RouterOS console command via SSH, guarded by a configurable allow/deny policy and a built-in deny list. Requires the ssh policy.

list_packages

List installed RouterOS packages with version and enabled status.

manage_package

Enable or disable a RouterOS package (takes effect after reboot; no-op if already in target state).

get_upgrade_status

Check available RouterOS/firmware upgrades, current channel, and routerboard firmware versions.

manage_upgrade

Trigger a RouterOS package update check or start an upgrade install (install reboots the router). Destructive.

create_backup

Create a binary RouterOS configuration backup file on the router filesystem, optionally encrypted.

export_config

Export the running RouterOS configuration as a script (/export), returned inline or saved to a router file.

list_scripts

List RouterOS scripts with an optional name filter.

manage_script

Add, update, or remove a RouterOS script (idempotent on name).

list_interfaces

List network interfaces with status and configuration details.

plan_changes

Build a change plan (e.g. DNS record + firewall address-list entry) for review before applying.

apply_plan

Apply a previously created change plan after approval.

rollback_change

Roll back a previously applied change using the write journal / snapshots.

What this server can do

MikroMCP provides tools for these capabilities — tap one to see every MCP server that does the same:

Deploy & manage cloud infra

When to use it

  • Inspect a router (system resources, RouterOS version, interfaces, routes, DNS, recent error logs) and flag operationally risky configuration.
  • Audit firewall filter and NAT rules to find disabled rules, overlapping port forwards, broad accept rules, and uncommented rules — without changing anything.
  • Dry-run a static route change and show the exact planned diff, including whether an existing route conflicts.
  • Review WireGuard peers sorted by last-handshake age and flag stale peers.
  • Run interface diagnostics plus router-originated ping/traceroute/torch to localize packet loss.
  • Use a plan / apply / rollback workflow to safely add records and firewall entries with approval gates.

Security notes

MikroMCP controls real network devices — treat it like an operations system: use least-privilege RouterOS users, verified TLS (or pinned fingerprints), store credentials only in ~/.mikromcp/.env, use scoped RBAC identities, and enable audit logging for shared use. Write tools support dryRun previews; destructive operations (reboot, run_command) are guarded by allow/deny policies and confirmation gates. Requires Node.js >= 22 and RouterOS 7.x with the REST API enabled.

MikroMCP FAQ

What is MikroMCP?

An open-source Model Context Protocol server that exposes MikroTik RouterOS as 117 typed, auditable tools, letting AI assistants inspect, diagnose, and safely operate routers in natural language instead of improvising CLI commands.

How is it different from the RouterOS REST/API?

The RouterOS REST/API exposes raw endpoints. MikroMCP wraps them in schema-validated, idempotent, dry-run-able tools with RBAC, audit logging, snapshots, and rollback — the safety layer an LLM needs before touching production gear.

How is it different from SSH automation?

Instead of brittle SSH scripts that screen-scrape CLI output, MikroMCP returns structured, typed results with confirmation gates and per-router circuit breakers. SSH is used only where REST can't reach — ping, traceroute, torch, and guarded run_command.

Which clients and transports are supported?

It speaks MCP over stdio for Claude Desktop, Claude Code, Cursor, and Codex, and over Streamable HTTP / legacy SSE for remote or service-style deployments (Docker, systemd).

What does it require to run?

Node.js >= 22 and a MikroTik device running RouterOS 7.x with the REST API enabled, plus a least-privilege RouterOS user and a routers.yaml registry with matching credential environment variables.

#mikrotik#routeros#network-automation#networking#devops#homelab#infrastructure#firewall#router-management#mcp

Alternatives to MikroMCP

Compare all alternatives →
GitHub MCP Server
DevOps & Cloud
31k

GitHub's official server for repos, issues, PRs, and Actions — local Docker or hosted remote.

Featured
Verified
stdio (local)
API key
Go
7 tools
Updated 15 days agoRepo
AWS API MCP Server
DevOps & Cloud
9.3k

Official AWS Labs server that lets agents call any AWS API via the AWS CLI surface.

Verified
stdio (local)
API key
Python
3 tools
Updated 17 days agoRepo
kubefwd
DevOps & Cloud
4.1k

Bulk Kubernetes port forwarding with an MCP server that lets AI assistants forward services, inspect pods, and monitor traffic.

Unverified
stdio (local)
No auth
Go
28 tools
Updated 9 days agoRepo

Compare MikroMCP with:

vs GitHub MCP Servervs AWS API MCP Servervs kubefwdvs Radar