Mikrotik


The mikrotik platform offers presence detection by looking at connected devices to a MikroTik RouterOS based router.

There is currently support for the following device types within Home Assistant:

  • Presence Detection

Configuring mikrotik hub

You have to enable accessing the RouterOS API on your router to use this platform.

Terminal:

/ip service
set api disabled=no port=8728

Web Frontend:

Go to IP -> Services -> API and enable it.

Make sure that port 8728 or the port you choose is accessible from your network.

Home Assistant offers MikroTik integration through Configuration -> Integrations -> MikroTik. It also allows importing from the configuration.yaml file:

# Example configuration.yaml entry
mikrotik:
  - name: Mikrotik
    host: IP_ADDRESS
    username: ROUTEROS_USERNAME
    password: ROUTEROS_PASSWORD

Configuration Variables

namestringRequired, default: Mikrotik

The name of your MikroTik device.

hoststringRequired

The IP address of your MikroTik device.

usernamestringRequired

The username of a user on the MikroTik device.

passwordstringRequired

The password of the given user account on the MikroTik device.

portinteger(Optional)

RouterOS API port.

Default:

8728 (or 8729 if SSL is enabled)

verify_sslboolean(Optional, default: false)

Use SSL to connect to the API.

arp_pingboolean(Optional, default: false)

Use ARP ping with DHCP method for device scanning.

force_dhcpboolean(Optional, default: false)

Force use of DHCP server list for devices to be tracked.

detection_timeinteger(Optional, default: 300)

How long since the last seen time before the device is marked away, specified in seconds.

Use a certificate

To use SSL to connect to the API (via api-ssl instead of api service) further configuration is required at RouterOS side. You have to upload or generate a certificate and configure api-ssl service to use it. Here is an example of a self-signed certificate:

/certificate add common-name="Self signed demo certificate for API" days-valid=3650 name="Self signed demo certificate for API" key-usage=digital-signature,key-encipherment,tls-server,key-cert-sign,crl-sign
/certificate sign "Self signed demo certificate for API"
/ip service set api-ssl certificate="Self signed demo certificate for API"
/ip service enable api-ssl

Then add verify_ssl: true to mikrotik device tracker entry in your configuration.yaml file.

If everything is working fine you can disable the pure api service in RouterOS:

/ip service disable api

The user privileges in RouterOS

To use this device tracker you need restricted privileges only. To enhance the security of your MikroTik device create a “read only” user who is able to connect to API and perform ping test only:

/user group add name=homeassistant policy=read,api,!local,!telnet,!ssh,!ftp,!reboot,!write,!policy,test,!winbox,!password,!web,!sniff,!sensitive,!romon,!dude,!tikapp
/user add group=homeassistant name=homeassistant
/user set password="YOUR_PASSWORD" homeassistant

Using the additional configuration to the mikrotik entry in your configuration.yaml file

mikrotik:
  - host: 192.168.88.1
    username: homeassistant
    password: YOUR_PASSWORD
    verify_ssl: true
    arp_ping: true
    force_dhcp: true
    detection_time: 30