mikrotik-api
Manages MikroTik routers via the RouterOS API (port 8728/8729). Use when the user wants to configure, monitor, or troubleshoot a MikroTik router — including interfaces, firewall, DHCP, DNS, routing, queues, VPN, and system management.
安装 / 下载方式
TotalClaw CLI推荐
totalclaw install github:LeoYeAI~openclaw-master-skills~mikrotik-apicURL直接下载,无需登录
curl -fsSL https://skills.taituai.com/api/skills/github%3ALeoYeAI~openclaw-master-skills~mikrotik-api/file -o mikrotik-api.md# MikroTik API Management
Communicate with MikroTik RouterOS devices using the Python `routeros-api` library over the API port (8728 plain, 8729 SSL).
## Prerequisites
Install the library if not present:
```bash
pip3 install --break-system-packages routeros-api
```
## Connection
It is highly recommended to use environment variables for credentials to avoid hardcoding.
### Environment Variables
Set these in your environment or `.env` file:
- `MIKROTIK_HOST`: Router IP or hostname
- `MIKROTIK_USERNAME`: Router username
- `MIKROTIK_PASSWORD`: Router password
### Python Connection Pattern
```python
import routeros_api
import os
# Get credentials from environment variables
host = os.getenv('MIKROTIK_HOST')
username = os.getenv('MIKROTIK_USERNAME')
password = os.getenv('MIKROTIK_PASSWORD')
# Fallback to manual input if env vars are missing
if not all([host, username, password]):
print("Environment variables MIKROTIK_HOST, MIKROTIK_USERNAME, or MIKROTIK_PASSWORD are not set.")
# host = input("Enter Host: ") ...
conn = routeros_api.RouterOsApiPool(
host=host,
username=username,
password=password,
plaintext_login=True, # Required for RouterOS 6.43+
port=8728 # Use 8729 for SSL
)
api = conn.get_api()
# ... do work ...
conn.disconnect()
```
### Connection Rules
- **Prefer Environment Variables**: Instruct the user to set `MIKROTIK_HOST`, `MIKROTIK_USERNAME`, and `MIKROTIK_PASSWORD`.
- Ask the user for these details only if not found in the environment.
- Default API port is **8728** (plain) or **8729** (SSL).
- Always call `conn.disconnect()` when done.
- Use `plaintext_login=True` for RouterOS v6.43+ and v7.x.
### SSL Connection
```python
conn = routeros_api.RouterOsApiPool(
host=host,
username=username,
password=password,
plaintext_login=True,
use_ssl=True,
ssl_verify=False, # Set True with proper certs
ssl_verify_hostname=False,
port=8729
)
```
## Core API Operations
### Reading resources (GET / print)
```python
resource = api.get_resource('/ip/address')
items = resource.get() # Get all
items = resource.get(interface='ether1') # Filter by param
items = resource.get(disabled='false') # Filter by status
```
### Adding entries (ADD)
```python
resource = api.get_resource('/ip/address')
resource.add(address='192.168.1.1/24', interface='ether1')
# With comment
resource.add(address='192.168.1.1/24', interface='ether1', comment='Management')
```
### Updating entries (SET)
```python
resource = api.get_resource('/ip/address')
resource.set(id='*1', address='192.168.2.1/24')
resource.set(id='*1', comment='Updated via API')
resource.set(id='*1', disabled='yes') # Disable entry
resource.set(id='*1', disabled='no') # Enable entry
```
### Removing entries (REMOVE)
```python\nresource = api.get_resource('/ip/address')
resource.remove(id='*1')
```
### Calling commands (CALL)
```python
resource = api.get_resource('/system')
resource.call('reboot')
# Call with parameters
resource = api.get_resource('/ip/firewall/filter')
resource.call('move', {'numbers': '*1', 'destination': '*5'})
```
### Enabling / Disabling entries
```python
resource = api.get_resource('/interface')
resource.set(id='*1', disabled='yes') # Disable
resource.set(id='*1', disabled='no') # Enable
```
## Complete Resource Path Reference
### System
| Task | Resource Path |
|------|--------------|
| System info (CPU, RAM, uptime) | `/system/resource` |
| Router identity | `/system/identity` |
| System clock | `/system/clock` |
| NTP client | `/system/ntp/client` |
| NTP server | `/system/ntp/server` |
| Scheduler | `/system/scheduler` |
| Scripts | `/system/script` |
| Logging rules | `/system/logging` |
| Log entries | `/log` |
| Packages | `/system/package` |
| Package update | `/system/package/update` |
| Router board info | `/system/routerboard` |
| License | `/system/license` |
| Health (voltage, temp) | `/system/health` |
| History | `/system/history` |
| Users | `/user` |
| User groups | `/user/group` |
| Active users | `/user/active` |
| SSH keys | `/user/ssh-keys` |
| Files | `/file` |
| Backup | `/system/backup` |
| SNMP | `/snmp` |
| SNMP community | `/snmp/community` |
| Certificates | `/certificate` |
| Console | `/system/console` |
| LEDs | `/system/leds` |
### Interfaces
| Task | Resource Path |
|------|--------------|
| All interfaces | `/interface` |
| Ethernet | `/interface/ethernet` |
| Bridge | `/interface/bridge` |
| Bridge ports | `/interface/bridge/port` |
| Bridge VLANs | `/interface/bridge/vlan` |
| Bridge hosts (MAC table) | `/interface/bridge/host` |
| Bridge MSTi | `/interface/bridge/msti` |
| Bridge settings | `/interface/bridge/settings` |
| VLAN | `/interface/vlan` |
| Bonding (LACP/bonding) | `/interface/bonding` |
| EoIP tunnel | `/interface/eoip` |
| GRE tunnel | `/interface/gre` |
| IPIP tunnel | `/interface/ipip` |
| VXLAN | `/interface/vxlan` |
| VXLAN VTEP | `/interface/vxlan/vtep` |
| WireGuard | `/interface/wireguard` |
| WireGuard peers | `/interface/wireguard/peers` |
| L2TP client | `/interface/l2tp-client` |
| L2TP server | `/interface/l2tp-server/server` |
| SSTP client | `/interface/sstp-client` |
| SSTP server | `/interface/sstp-server/server` |
| OVPN client | `/interface/ovpn-client` |
| OVPN server | `/interface/ovpn-server/server` |
| PPPoE client | `/interface/pppoe-client` |
| PPPoE server | `/interface/pppoe-server/server` |
| PPTP client | `/interface/pptp-client` |
| PPTP server | `/interface/pptp-server/server` |
| LTE | `/interface/lte` |
| LTE APN | `/interface/lte/apn` |
| Wireless (WiFi legacy) | `/interface/wireless` |
| WiFi (new, ROS 7) | `/interface/wifi` |
| WiFi channels | `/interface/wifi/channel` |
| WiFi datapath | `/interface/wifi/datapath` |
| WiFi security | `/interface/wifi/security` |
| WiFi configuration | `/interface/wifi/configuration` |
| WiFi provisioning | `/interface/wifi/provisioning` |
| WiFi registration table | `/interface/wifi/registration-table` |
| WiFi access list | `/interface/wifi/access-list` |
| WiFi interworking | `/interface/wifi/interworking` |
| Interface lists | `/interface/list` |
| Interface list members | `/interface/list/member` |
| Ethernet switch | `/interface/ethernet/switch` |
| Ethernet switch port | `/interface/ethernet/switch/port` |
| Traffic monitor | `/interface/monitor-traffic` |
### IP
| Task | Resource Path |
|------|--------------|
| IP addresses | `/ip/address` |
| ARP table | `/ip/arp` |
| Routes | `/ip/route` |
| Route rules | `/ip/route/rule` |
| DNS settings | `/ip/dns` |
| DNS static entries | `/ip/dns/static` |
| DNS cache | `/ip/dns/cache` |
| DHCP client | `/ip/dhcp-client` |
| DHCP server | `/ip/dhcp-server` |
| DHCP server network | `/ip/dhcp-server/network` |
| DHCP server leases | `/ip/dhcp-server/lease` |
| DHCP server option | `/ip/dhcp-server/option` |
| DHCP server option sets | `/ip/dhcp-server/option/sets` |
| DHCP relay | `/ip/dhcp-relay` |
| IP pool | `/ip/pool` |
| IP neighbors | `/ip/neighbor` |
| IP neighbor discovery | `/ip/neighbor/discovery-settings` |
| IP services | `/ip/service` |
| IP settings (forwarding) | `/ip/settings` |
| IP proxy | `/ip/proxy` |
| IP proxy access list | `/ip/proxy/access` |
| IP SOCKS | `/ip/socks` |
| IP SSH | `/ip/ssh` |
| IP cloud | `/ip/cloud` |
| IP UPnP | `/ip/upnp` |
| IP UPnP interfaces | `/ip/upnp/interfaces` |
| IP SMB | `/ip/smb` |
| IP traffic flow | `/ip/traffic-flow` |
| IP traffic flow target | `/ip/traffic-flow/target` |
| IP accounting | `/ip/accounting` |
| IP Kid Control | `/ip/kid-control` |
| IP Kid Control devices | `/ip/kid-control/device` |
| IP Hotspot | `/ip/hotspot` |
| IP Hotspot profile | `/ip/hotspot/profile` |
| IP Hotspot user | `/ip/hotspot/user` |
| IP Hotspot user profile | `/ip/hotspot/user/profile` |
| IP Hotspot active | `/ip/hotspot/active` |
| IP Hotspot host | `/ip/hotspot/host` |
| IP Hotspot cookie | `/ip/hotspot/cookie` |
| IP Hots