Support Store Sign In
Overview
System
Network
Services
Identities
Policies
Billing
Archives
Instruments
Installation
Lab Manual
Portal Customization
RESTful API
Miscellaneous
View as one page

MikroTik RouterOS Switches

MikroTik RouterOS devices provide versatile routing and switching capabilities, commonly used in ISP, WISP, and enterprise environments. The rXg integrates with MikroTik devices primarily for monitoring and configuration backup - configuration synchronization is not supported.

Supported Models

Model/Series Notes
CRS Series Cloud Router Switches (CRS326, CRS328, CRS354, etc.)
CSS Series Cloud Smart Switches
CCR Series Cloud Core Routers
RB Series RouterBoard devices with switching capabilities
hAP Series Home Access Points with switching

Features Supported

Feature Supported Description
Config Sync No Configuration synchronization not supported
Auto Bootstrap No Manual configuration required
SNMP Monitoring Yes CPU, memory, and port statistics collection
Configuration Backup Yes Export and backup configuration via SFTP
Configuration Restore Yes Restore saved configuration via SFTP
Switch Port Import Yes Automatic import and management of switch ports
REST API Integration Yes Read-only monitoring via RouterOS REST API
802.1X Authentication No Not managed by rXg
MAC Authentication Bypass No Not managed by rXg
Dynamic VLAN Assignment No Not managed by rXg
DHCP Snooping No Not managed by rXg
Firmware Management No Manual firmware upgrades required
SPB-m Fabric No Not supported by MikroTik

Prerequisites

Firmware Requirements

Version Support Status Notes
RouterOS 6.x Supported SSH with legacy algorithms may be required
RouterOS 7.x Supported REST API available, modern SSH algorithms

Network Requirements

  • Management IP connectivity to rXg
  • SSH access (TCP port 22) for CLI and SFTP operations
  • REST API access (HTTPS port 443) for RouterOS 7.x monitoring
  • SNMP access (UDP port 161)

Required Packages

  • SSH service enabled
  • SNMP package installed and enabled
  • REST API service enabled (RouterOS 7.x)

Onboarding Process

Manual Onboarding

MikroTik devices require manual configuration before adding to rXg:

  1. Configure management IP address
  2. Enable SSH service
  3. Create user account for rXg access
  4. Enable SNMP service
  5. Configure SNMP community
  6. Enable REST API (RouterOS 7.x)
  7. Add device to rXg Infrastructure Devices

Initial Configuration via CLI

Connect to the device via console, SSH, or WinBox, then configure:

Management IP and gateway:

/ip address add address=<ip>/<prefix> interface=<mgmt_interface>
/ip route add gateway=<gateway>

User account for rXg:

/user add name=<username> password=<password> group=full

SSH service:

/ip service set ssh port=22 disabled=no

SNMP configuration:

/snmp set enabled=yes contact="" location="" trap-community=<community>
/snmp community set [ find default=yes ] name=<community> read-access=yes write-access=no

REST API (RouterOS 7.x only):

/ip service set www-ssl disabled=no
/certificate add name=https-cert common-name=<hostname> days-valid=3650
/certificate sign https-cert
/ip service set www-ssl certificate=https-cert

Configuration

Connection Settings

The rXg uses a hybrid SSH and REST API approach for MikroTik devices.

SSH Connection

SSH is used for configuration backup/restore and CLI commands. Legacy SSH algorithms are enabled for compatibility with older RouterOS versions.

SSH options used: - Key Exchange: diffie-hellman-group14-sha1 (added for compatibility) - Host Key Algorithms: ssh-rsa (added for compatibility) - Color output disabled via +ct username suffix

Connection string format: ssh <username>+ct@<host>

The +ct suffix disables ANSI color codes in RouterOS output for cleaner parsing.

REST API Connection

For RouterOS 7.x devices, the REST API provides monitoring data over HTTPS.

API base URL: https://<host>/rest

Authentication: HTTP Basic Auth with device credentials

rXg Infrastructure Device Settings

When adding a MikroTik device to rXg:

Setting Value Notes
Host Management IP Device management address
Username RouterOS user Account with full access
Password User password Account password
Community String SNMP community For SNMP monitoring
Port 22 SSH port (default)
API Host Management IP Same as Host (for REST API)

SNMP Configuration

Complete SNMP setup for monitoring:

/snmp set enabled=yes
/snmp set contact="<contact_email>"
/snmp set location="<location>"
/snmp community set 0 name=<community> read-access=yes write-access=no addresses=<rxg_ip>/32

To restrict SNMP access to rXg only:

/snmp community set 0 addresses=<rxg_ip>/32

Monitoring Capabilities

Metric Collection Method Notes
CPU Usage SNMP / REST API Collected at configured monitoring interval
Memory Usage SNMP / REST API Collected at configured monitoring interval
Port Statistics SNMP Packets in/out, errors, discards
Port Status SNMP Up/down, speed, duplex
System Uptime SNMP Device uptime tracking
RouterOS Version REST API / CLI Firmware version detection

Device Profile Information

The following device information is collected:

  • System identity (device name)
  • RouterOS version
  • Hardware model
  • Architecture (ARM, MIPS, x86, etc.)
  • Serial number

Configuration Backup and Restore

Configuration Export

The rXg can export MikroTik configurations via SFTP. Export format varies by RouterOS version.

RouterOS 7.x export: /export terse show-sensitive

RouterOS 6.x export: /export terse

Exported configurations are stored for backup and reference purposes.

Configuration Restore

Configurations can be restored via SFTP upload and import:

  1. Configuration file is uploaded via SFTP to the device
  2. Import command is executed via SSH
  3. Device applies the configuration

Note: Configuration restore should be used with caution as it may overwrite existing settings.

Backup File Location

Backup files are transferred to/from the device's file system:

  • Upload path: / (root of device filesystem)
  • File naming: Uses sanitized filenames (alphanumeric, underscores, hyphens, dots only)

Troubleshooting

Common Issues

SSH Connection Failures

Symptom: Unable to establish SSH connection Resolution: - Verify SSH service is enabled: /ip service print - Check SSH port is correct (default 22) - Verify firewall allows SSH from rXg IP - For older RouterOS, legacy SSH algorithms may be required - Check user has appropriate permissions

Firewall rule to allow SSH: /ip firewall filter add chain=input src-address=<rxg_ip> protocol=tcp dst-port=22 action=accept

REST API Connection Failures

Symptom: REST API calls fail or timeout Resolution: - Verify www-ssl service is enabled: /ip service print - Check SSL certificate is configured - Verify HTTPS is accessible from rXg - REST API requires RouterOS 7.x

SNMP Not Responding

Symptom: SNMP monitoring shows no data Resolution: - Verify SNMP is enabled: /snmp print - Check community string matches rXg configuration - Verify SNMP community allows rXg IP address - Check firewall allows UDP 161 from rXg

Firewall rule to allow SNMP: /ip firewall filter add chain=input src-address=<rxg_ip> protocol=udp dst-port=161 action=accept

Configuration Export Empty or Incomplete

Symptom: Exported configuration is missing settings Resolution: - User account may lack permissions to export sensitive data - Use show-sensitive flag (RouterOS 7.x) to include passwords - Verify user is in "full" group for complete access

Diagnostic Commands

System information: /system resource print /system identity print /system routerboard print

Service status: /ip service print

Interface status: /interface print /interface ethernet print

SNMP configuration: /snmp print /snmp community print

User and permissions: /user print /user group print

Active connections: /ip firewall connection print

Logs: /log print

Known Limitations

  • No Config Sync: The rXg cannot push configuration changes to MikroTik devices. All configuration must be done manually via RouterOS CLI, WinBox, or WebFig.
  • Monitoring Only: Integration is primarily for monitoring, backup, and inventory purposes.
  • REST API Requires RouterOS 7.x: Older RouterOS 6.x devices do not have REST API support.
  • SSH Algorithm Compatibility: Some older RouterOS versions require legacy SSH algorithms.
  • No 802.1X/MAB Management: Authentication configuration is not managed by rXg.
  • Limited VLAN Integration: VLAN configuration is not synchronized from rXg.

Operational Caveats

  • RouterOS CLI Syntax: RouterOS uses a unique path-based CLI syntax different from traditional switch CLIs. Commands start with / followed by the configuration path.
  • WinBox Recommended: For complex configuration changes, the WinBox GUI application is often easier than CLI.
  • API Access Modes: RouterOS has multiple API modes (legacy API, REST API). The rXg uses REST API for RouterOS 7.x and SSH for all versions.
  • Configuration Persistence: Changes made via CLI are immediately active but not automatically saved. Use /system backup save to create restore points.
  • Safe Mode: RouterOS has a safe mode feature that auto-reverts changes if connection is lost. This can interfere with scripted changes.
  • Color Codes: The +ct username suffix is used to disable ANSI color codes in output, which simplifies automated parsing.

External References

About

RG Nets is the premium provider of gateways and centralized-authentication appliances designed to manage, provision, and protect revenue-generating networks. Our mission is to create tools that are so good, we would use our own money to buy them.

Company Links

Contact

316 California Ave.
Suite 331
Reno, NV 89509
+1 (408) 441 0100
[email protected]
Copyright 2026 RG Nets, Inc.
v2026.01-66-gc969c
Cookies help us deliver our services. By using our services, you agree to our use of cookies.