Mikrotik
The mikrotik
platform offers presence detection by looking at connected devices to a MikroTik RouterOS
There is currently support for the following device types within Home Assistant:
- Presence detection
Prerequisites
You have to enable accessing the RouterOS API on your router to use this platform.
RouterOS uses a ping test to determine client presence, make sure you are not blocking this on the client (Windows firewall default behavior), as this will result in the provided device_tracker
having the state not_home
.
Terminal:
/ip service
set api disabled=no port=8728
Web Frontend:
Go to IP -> Services -> API and enable it.
Make sure that port 8728 or the port you choose is accessible from your network.
Configuration
To add the Mikrotik integration to your Home Assistant instance, use this My button:
Manual configuration steps
If the above My button doesn’t work, you can also perform the following steps manually:
-
Browse to your Home Assistant instance.
-
In the bottom right corner, select the
Add Integration button. -
From the list, select Mikrotik.
-
Follow the instructions on screen to complete the setup.
Use a certificate
To use SSL to connect to the API (via api-ssl
instead of api
service) further configuration is required at RouterOS side. You have to upload or generate a certificate and configure api-ssl
service to use it. Here is an example of a self-signed certificate:
/certificate add common-name="Self signed demo certificate for API" days-valid=3650 name="Self signed demo certificate for API" key-usage=digital-signature,key-encipherment,tls-server,key-cert-sign,crl-sign
/certificate sign "Self signed demo certificate for API"
/ip service set api-ssl certificate="Self signed demo certificate for API"
/ip service enable api-ssl
If everything is working fine you can disable the pure api
service in RouterOS:
/ip service disable api
The user privileges in RouterOS
To use this device tracker, you only need limited privileges. To enhance the security of your MikroTik device, create a “read only” user who can connect to API and perform ping test only:
/user group add name=homeassistant policy=read,api,test,!local,!telnet,!ssh,!ftp,!reboot,!write,!policy,!winbox,!password,!web,!sniff,!sensitive,!romon,!dude,!tikapp
/user add group=homeassistant name=homeassistant
/user set password="YOUR_PASSWORD" homeassistant