100 Essential MikroTik Terminal Commands Print

Hello there! I’m Emmanuel Corels from Emmanuel Corels Creatives. Over the years, I’ve learned that the MikroTik terminal is a treasure trove of power once you get to know its language. In this guide, we’re going to explore 100 essential commands that will help you configure, troubleshoot, and automate your MikroTik router. Let’s dive in!

I. Navigating and Inspecting Your Router

1. /print
   A universal command used to list items in the current menu. Think of it as “list everything” in that context.

2. /system resource print
   Shows CPU usage, memory, uptime, and temperature—essential for knowing if your router is under stress during peak usage.

3. /log print
   Displays recent log entries. When troubleshooting, this is your first stop to see error messages or warnings.

4. /file print
   Lists all files stored on your router. Useful for confirming backups, exports, and custom scripts.

5. /system package print
   Reveals installed packages and their versions. Handy for checking if required packages like IPv6 or SNMP are installed.

6. /system clock print
   Shows the current system time. Accurate time is crucial for scheduled tasks and logging.

7. /ip dns print
   Displays current DNS server settings. If clients complain about slow website loading, check this!

8. /ip dns cache print
   Lists cached DNS entries to see which domain names have been recently resolved.

9. /system script print
   Shows all scripts on the router—essential for automation and troubleshooting.

10. /system scheduler print
    Displays scheduled tasks. Knowing what runs in the background can help diagnose performance issues.

II. Interface Management

11. /interface print
    Lists all interfaces (Ethernet, wireless, etc.) and their status. First step in diagnosing connectivity issues.

12. /interface ethernet print
    Shows only Ethernet interfaces—great for checking cable-connected ports.

13. /interface wireless print
    Lists all wireless interfaces. Use this to confirm if your Wi-Fi is enabled and operating.

14. /interface wireless scan interface=wlan1 duration=10
    Scans for nearby wireless networks on wlan1 for 10 seconds—ideal for choosing a less crowded channel.

15. /interface wireless set wlan1 disabled=no
    Ensures that your wireless interface is enabled (sometimes it gets accidentally turned off).

16. /interface bridge add name=bridge-lan
    Creates a new bridge called “bridge-lan” to group multiple interfaces into one LAN.

17. /interface bridge port add bridge=bridge-lan interface=ether2
    Adds ether2 to the “bridge-lan”, integrating that port into your LAN.

18. /interface list print
    Displays groups of interfaces. Useful for applying firewall rules to a whole group at once.

19. /interface list member print
    Lists which interfaces belong to each list—vital for verifying group membership before modifying rules.

20. /interface set [find default-name=ether1] comment="WAN Interface"
    Labels your WAN interface for clarity, so you know which port connects to the internet.

III. IP Address Configuration

21. /ip address print
    Lists all assigned IP addresses—check that every interface is correctly configured.

22. /ip address add address=192.168.88.1/24 interface=bridge-lan
    Assigns a LAN IP (192.168.88.1) to the bridge-lan—this becomes your gateway for LAN devices.

23. /ip address remove [find address~"192.168.88.1"]
    Removes an IP address, useful for clearing misconfigurations.

24. /ip address set [find number=0] disabled=no
    Enables the first IP entry if it was disabled accidentally.

25. /ip address print detail
    Provides detailed info on IP assignments, helping with in-depth audits.

26. /ip address add address=10.0.0.1/8 interface=ether1 comment="Test Public IP"
    Assigns a test IP to an interface, useful in lab scenarios.

27. /ip route add dst-address=0.0.0.0/0 gateway=192.168.88.254
    Sets the default route so all outbound traffic heads to your ISP gateway.

28. /ip route print
    Lists current routes—essential for confirming that your network traffic is correctly directed.

29. /ip route remove [find dst-address="0.0.0.0/0"]
    Deletes the default route when reconfiguring or troubleshooting conflicting routes.

30. /ip route set [find dst-address="0.0.0.0/0"] distance=1
    Adjusts the distance (priority) of the default route for proper failover handling.

31. /ip route add dst-address=10.10.20.0/24 gateway=192.168.88.254 comment="Route to Branch Office"
    Creates a static route for reaching a remote network, such as a branch office.

IV. DHCP and DNS Setup

32. /ip pool add name=dhcp_pool ranges=192.168.88.100-192.168.88.254
    Defines an IP pool for your DHCP server to allocate addresses dynamically.

33. /ip dhcp-server add name=dhcp1 interface=bridge-lan address-pool=dhcp_pool
    Sets up a DHCP server on the bridge-lan to serve your LAN devices.

34. /ip dhcp-server network add address=192.168.88.0/24 gateway=192.168.88.1 dns-server=8.8.8.8
    Specifies network parameters for DHCP clients—ensuring proper IP configuration.

35. /ip dhcp-server print
    Lists DHCP server settings—check that your configuration is active.

36. /ip dhcp-server lease print
    Displays active leases, useful for troubleshooting IP conflicts.

37. /ip dns set servers=8.8.8.8,8.8.4.4 allow-remote-requests=yes
    Configures DNS servers and enables DNS caching to speed up web browsing.

38. /ip dns print
    Reviews your DNS settings to ensure correct resolution.

39. /ip dns static add name=nas.home address=192.168.88.50
    Creates a static DNS entry for local devices, making it easier to access by hostname.

40. /ip dns static print
    Lists static DNS entries for verification.

V. Firewall and NAT Configuration

41. /ip firewall filter add chain=input protocol=tcp dst-port=8291 action=accept comment="Allow WinBox"
    Allows WinBox access from trusted networks—a must for remote management.

42. /ip firewall filter add chain=input action=drop comment="Drop all other inbound traffic"
    Implements a default-deny rule to block unwanted incoming connections.

43. /ip firewall nat add chain=srcnat out-interface=ether1 action=masquerade comment="NAT for LAN"
    Enables NAT to allow LAN devices to share a public IP when accessing the internet.

44. /ip firewall nat print
    Shows all NAT rules, helpful for confirming proper configuration.

45. /ip firewall filter print
    Lists firewall filter rules, allowing you to audit security settings.

46. /ip firewall address-list add list=Trusted src-address=192.168.88.0/24 comment="Trusted LAN"
    Creates an address list for your LAN to be referenced in firewall rules.

47. /ip firewall address-list print
    Verifies the contents of your address lists.

48. /ip firewall mangle add chain=prerouting protocol=tcp dst-port=80 action=mark-connection new-connection-mark=HTTP
    Marks HTTP connections, useful for traffic shaping or monitoring.

49. /ip firewall mangle print
    Lists mangle rules to verify that your traffic marking is working as intended.

50. /ip firewall filter add chain=forward connection-state=established,related action=accept comment="Allow established connections"
    Permits return traffic for established connections—a crucial rule for smooth operation.

VI. PPP, VPN, and PPPoE Configuration

51. /ppp profile add name=PPPoE_Profile local-address=192.168.100.1 remote-address=pppoe_pool
    Creates a PPP profile for PPPoE clients, defining their gateway and IP pool.

52. /ip pool add name=pppoe_pool ranges=192.168.100.10-192.168.100.254
    Sets up an IP pool for PPPoE users to receive unique IP addresses.

53. /ppp secret add name=user1 password=StrongPass123 service=pppoe profile=PPPoE_Profile
    Adds a PPPoE user account, essential for authenticated dial-in connections.

54. /interface pppoe-server server add service-name=pppoe1 interface=ether2 default-profile=PPPoE_Profile one-session-per-host=yes max-mtu=1480 max-mru=1480 disabled=no
    Enables the PPPoE server on a dedicated interface, allowing subscribers to connect.

55. /ppp active print
    Displays currently active PPP sessions to monitor VPN or dial-in users.

56. /certificate add name=ovpn-server-cert common-name="vpn.myhome.com" key-size=2048
    Generates a certificate for OpenVPN—set “common-name” to your domain or server name.

57. /certificate sign ovpn-server-cert
    Signs the certificate, making it valid for SSL/TLS communications.

58. /certificate export-certificate [find name="ovpn-server-cert"] export-passphrase="MyPass123"
    Exports the certificate (and key) for client configuration—remember to secure your passphrase!

59. /interface ovpn-server server set enabled=yes port=1194 mode=ip certificate=ovpn-server-cert auth=sha1 cipher=aes256
    Configures and enables the OpenVPN server on your router, using the certificate for secure connections.

60. /ppp profile add name=OpenVPN_Profile local-address=10.10.10.1 remote-address=10.10.10.2-10.10.10.254
    Creates a dedicated PPP profile for OpenVPN clients.

61. /ppp secret add name=vpnuser password=StrongPass123 service=ovpn profile=OpenVPN_Profile
    Adds a user for OpenVPN access.

62. /ip firewall filter add chain=input protocol=tcp dst-port=1194 action=accept comment="Allow OpenVPN"
    Ensures that OpenVPN traffic is not blocked by the firewall.

VII. EoIP Tunnel Configuration

63. /interface eoip add name=eoip-tunnel-to-B remote-address=203.0.113.20 tunnel-id=100 keepalive=10s
    Creates an EoIP tunnel interface on Router A for linking remote networks.

64. /interface eoip add name=eoip-tunnel-to-A remote-address=203.0.113.10 tunnel-id=100 keepalive=10s
    Creates the corresponding EoIP tunnel on Router B.

65. /interface bridge add name=bridge-eoip
    Creates a new bridge to integrate the EoIP tunnel with your LAN.

66. /interface bridge port add bridge=bridge-eoip interface=eoip-tunnel-to-B
    Adds the EoIP interface from Router A to the bridge.

67. /interface bridge port add bridge=bridge-eoip interface=eoip-tunnel-to-A
    Adds the EoIP interface from Router B to complete the link.

VIII. SNMP and Monitoring

68. /snmp set enabled=yes
    Enables SNMP for network monitoring.

69. /snmp set contact="admin@myhome.com" location="Home Office"
    Sets SNMP contact and location details, useful in monitoring systems.

70. /snmp community set [find default=yes] name=MikroTikSecure
    Changes the default SNMP community string for better security.

71. /snmp print
    Shows the current SNMP configuration—confirm settings before integration.

72. /snmp trap add address=192.168.1.100 community=MikroTikSecure
    Configures an SNMP trap target for sending alerts to your monitoring server.

IX. Traffic Flow and Monitoring Tools

73. /ip traffic-flow set enabled=yes target=192.168.1.200:2055
    Enables traffic flow (NetFlow) data export to a collector.

74. /ip traffic-flow print
    Verifies that traffic flow settings are active.

75. /ping 8.8.8.8
    Tests connectivity to Google’s DNS—ideal for WAN troubleshooting.

76. /tool traceroute 8.8.8.8
    Traces the path to a destination, helping diagnose where delays occur.

77. /tool torch interface=ether1
    Monitors real-time traffic on the WAN interface to detect heavy users or unusual traffic patterns.

78. /tool sniffer start interface=ether1
    Begins packet capture on the specified interface for deep analysis.

79. /tool sniffer stop
    Stops an active packet capture session.

80. /tool sniffer print
    Displays details about the current sniffer session.

X. Scripting and Automation

81. /system script add name="CheckInterfaces" source=":foreach i in=[/interface find] do={ :put ([/interface get $i name] . \" status: \" . [/interface get $i running]) }"
    Creates a script that loops through all interfaces and prints their status—handy for regular checks.

82. /system script run CheckInterfaces
    Executes the “CheckInterfaces” script immediately.

83. /system script print
    Lists all scripts on your router, so you can review your automation tasks.

84. /system scheduler add name="DailyBackup" start-time=02:00:00 interval=1d on-event="/system backup save name=daily-backup"
    Schedules a daily backup to keep your configuration safe.

85. /system scheduler print
    Verifies that scheduled tasks are set up correctly.

XI. System and Package Management

86. /system resource print
    Monitors system performance—CPU, memory, uptime—to check for overloads.

87. /system clock print
    Displays current system time—critical for time-sensitive tasks.

88. /system reboot
    Reboots the router—useful after major configuration changes or troubleshooting.

89. /system shutdown
    Shuts down the router safely for maintenance.

90. /system backup save name=mybackup
    Creates a configuration backup—always do this before updates.

91. /system backup load name=mybackup.backup
    Restores configuration from a backup if needed.

92. /system package update check-for-updates
    Checks for available RouterOS updates—vital for security and performance.

93. /system package update download
    Downloads available updates to prepare for installation.

94. /system package update install
    Installs downloaded updates and reboots if necessary.

XII. Wireless-Specific Commands

95. /interface wireless print
    Displays wireless interface settings—check SSID, channel, and mode.

96. /interface wireless set wlan1 disabled=no
    Ensures your wireless interface is enabled and ready for clients.

97. /interface wireless scan interface=wlan1 duration=10
    Scans for nearby Wi-Fi networks—great for finding the best channel in your environment.

98. /interface wireless set wlan1 ssid="MyHomeWiFi"
    Sets the SSID for your wireless network, branding it for your users.

99. /interface wireless security-profiles print
    Lists wireless security profiles to review current encryption settings.

100. /interface wireless security-profiles set [find default=yes] wpa2-pre-shared-key="SecurePass123"
     Sets a strong WPA2 passphrase on the default security profile to secure your Wi-Fi.

Final Thoughts

There you have it—100 essential MikroTik terminal commands, complete with context and real-world scenarios. This guide should serve as a comprehensive reference to help you navigate the MikroTik terminal, configure your router, and troubleshoot issues. As you experiment with these commands, remember that practice is key. Set up a lab environment, test commands one by one, and soon you’ll find that the terminal is an indispensable tool in your networking toolkit.

If you have any questions or need further clarification on any command or scenario, don’t hesitate to reach out. Happy networking, and enjoy mastering your MikroTik router—one command at a time!

Explained with practical clarity by
Emmanuel Corels – Admin, Emmanuel Corels Creatives