name: routeros-fundamentals description: "RouterOS v7 domain knowledge for AI agents. Use when: working with MikroTik RouterOS, writing RouterOS CLI/script commands, calling RouterOS REST API, debugging why a Linux command fails on RouterOS, or when the user mentions MikroTik, RouterOS, CHR, or /ip /system /interface paths. Scope: RouterOS 7.x (long-term and newer) only — v6 is NOT covered and accuracy for v6 problems will be low."

RouterOS Fundamentals

RouterOS Is NOT GNU/Linux

RouterOS runs a Linux kernel (5.6.3) but everything above the kernel is MikroTik's proprietary nova system. This is the single most important fact for agents to internalize.

What does NOT exist on RouterOS:

• No /bin, /usr, /etc, /var — no FHS layout
• No bash, sh, ash, zsh — no Unix shell at all
• No coreutils (ls, cat, grep, ps, mount, ip, iptables, etc.)
• No glibc, musl, busybox
• No apt, pkg, opkg — no package manager (packages are .npk files installed via upload + reboot)
• No systemctl, service, init system
• No /proc or /sys accessible from userland
• No docker, podman — RouterOS has its own /container subsystem (7.x+)

What DOES exist:

• RouterOS CLI — its own language, not shell. Accessed via SSH, serial, WinBox, or WebFig
• REST API at /rest/ (HTTP, port 80 by default) — the primary programmatic interface
• RouterOS scripting language (.rsc files) — its own syntax, not bash. See Scripting reference
• WebFig (web UI) on port 80
• WinBox protocol on port 8291

Common agent mistakes to avoid:

• Do NOT try ssh admin@host 'ls /' — it opens RouterOS CLI, not a shell
• Do NOT suggest mount, fdisk, mkfs — use /disk commands instead
• Do NOT look for config files at /etc/ — configuration is in the RouterOS database
• Do NOT assume ping works the same — it's /tool/ping or /ping in CLI
• Do NOT suggest installing packages via apt or opkg — upload .npk via SCP then /system/package/apply-changes (7.18+) or /system/reboot (<7.18)
• See Extra packages reference for the full package list and installation pattern

RouterOS CLI Syntax

RouterOS CLI uses path-based navigation, not Unix command pipelines:

# Navigation
/ip/address/print
/interface/print
/system/resource/print

# Adding entries
/ip/address/add address=192.168.1.1/24 interface=ether1

# Modifying (by internal ID or find expression)
/ip/address/set [find interface=ether1] address=10.0.0.1/24

# Removing
/ip/address/remove [find address="192.168.1.1/24"]

# Running a command
/system/reboot
/tool/fetch url="http://example.com/file.npk" dst-path="/"

Key syntax differences from shell:

• = assigns properties (no spaces around it)
• [find ...] is the query expression (like WHERE)
• Strings use "" (double quotes only)
• Comments use #
• Variables: :local myVar "value" and $myVar
• No pipes, no redirection, no subshell

REST API

RouterOS REST API at http://HOST:PORT/rest/. HTTP verbs map non-standardly:

Key gotchas:

• PUT creates (NOT updates) — opposite of many REST APIs
• Empty password auth: admin: (colon required, nothing after)
• WebFig root (GET /) returns HTTP 200 without auth — use as health check
• REST API (/rest/) requires auth (HTTP 401 without it)
• .id field is *HEX format (e.g., *1, *A)

See REST API reference for full patterns, error handling, filtering, POST commands, and /console/inspect.

Version Scheme

Format: MAJOR.MINOR[.PATCH][betaN|rcN] — e.g., 7.22, 7.22.1, 7.23beta2, 7.22rc1

Channels: stable / long-term / testing / development

Version endpoint (plain text): https://upgrade.mikrotik.com/routeros/NEWESTa7.<channel>

For version parsing, comparison, download URLs, and package naming: see Version parsing reference.

Architecture Names

MikroTik uses these architecture identifiers (not standard Linux arch names):

CHR (Cloud Hosted Router) is available only for x86 and arm64.

Default Credentials

• Username: admin
• Password: (empty — no password)
• On first login via SSH/console, RouterOS 7.x prompts to set a password or press a to skip
• REST API and WebFig allow empty-password access

Inspecting Hardware from RouterOS CLI

# PCI devices (the RouterOS equivalent of lspci)
/system/resource/hardware/print

# IRQ assignments (shows driver binding)
/system/resource/irq/print

# System overview
/system/resource/print

# Disk info
/disk/print

# Installed packages
/system/package/print

# IP services and ports
/ip/service/print

# Network interfaces
/interface/print

Additional Resources

Reference files:

• For REST API details and /console/inspect command tree: see REST API reference
• For version parsing, comparison, and download URL logic: see Version parsing reference
• For extra packages (container, iot, zerotier, etc.): see Extra packages reference
• For device-mode (modes, feature matrix, physical confirmation): see Device-mode reference
• For RouterOS scripting language syntax: see Scripting reference
• For user management, SSH keys, admin account: see Users REST reference
• For IP addressing, routing, DHCP, DNS, interfaces: see Networking REST reference
• For firewall filter/NAT/mangle and rule ordering: see Firewall REST reference
• For Bun runtime bugs affecting HTTP (req.destroy, pool, secrets): see Bun runtime gotchas

Related skills:

• For the /container subsystem (VETH, device-mode, lifecycle): see the routeros-container skill
• For netinstall-cli and device flashing: see the routeros-netinstall skill
• For the /app YAML container format (7.22+): see the routeros-app-yaml skill
• For /console/inspect tree traversal and schema generation: see the routeros-command-tree skill
• For running CHR in QEMU (local or CI): see the routeros-qemu-chr skill
• For packet capture, /tool/sniffer, and TZSP streaming: see the routeros-sniffer skill

MCP tools:

• For command tree browsing and property lookups: use the rosetta MCP server tools (routeros_search, routeros_get_page, routeros_command_tree)