mirror of
https://github.com/home-assistant/home-assistant.io.git
synced 2025-06-28 04:56:50 +00:00
71d4d5be49
* Update mikrotik.markdown The "need restricted privileges only" suggested to me that this integration needed access to functions that are restricted. Instead this section tries to limit the access it gets, which is very good. Hopefully this clarifies it a bit. * Update source/_integrations/mikrotik.markdown Co-authored-by: coderabbitai[bot] <136622811+coderabbitai[bot]@users.noreply.github.com> --------- Co-authored-by: coderabbitai[bot] <136622811+coderabbitai[bot]@users.noreply.github.com>
72 lines
2.4 KiB
Markdown
72 lines
2.4 KiB
Markdown
---
|
|
title: Mikrotik
|
|
description: Instructions on how to integrate MikroTik/RouterOS based devices into Home Assistant.
|
|
ha_category:
|
|
- Hub
|
|
- Presence detection
|
|
ha_release: 0.44
|
|
ha_codeowners:
|
|
- '@engrbm87'
|
|
ha_config_flow: true
|
|
ha_domain: mikrotik
|
|
ha_iot_class: Local Polling
|
|
ha_platforms:
|
|
- device_tracker
|
|
ha_integration_type: integration
|
|
---
|
|
|
|
The `mikrotik` platform offers presence detection by looking at connected devices to a [MikroTik RouterOS](https://mikrotik.com) based router.
|
|
|
|
There is currently support for the following device types within Home Assistant:
|
|
|
|
- Presence detection
|
|
|
|
## Prerequisites
|
|
|
|
You have to enable accessing the RouterOS API on your router to use this platform.
|
|
|
|
RouterOS uses a ping test to determine client presence, make sure you are not blocking this on the client (Windows firewall default behavior), as this will result in the provided `device_tracker` having the state `not_home`.
|
|
|
|
Terminal:
|
|
|
|
```bash
|
|
/ip service
|
|
set api disabled=no port=8728
|
|
```
|
|
|
|
Web Frontend:
|
|
|
|
Go to **IP** -> **Services** -> **API** and enable it.
|
|
|
|
Make sure that port 8728 or the port you choose is accessible from your network.
|
|
|
|
|
|
{% include integrations/config_flow.md %}
|
|
|
|
## Use a certificate
|
|
|
|
To use SSL to connect to the API (via `api-ssl` instead of `api` service) further configuration is required at RouterOS side. You have to upload or generate a certificate and configure `api-ssl` service to use it. Here is an example of a self-signed certificate:
|
|
|
|
```bash
|
|
/certificate add common-name="Self signed demo certificate for API" days-valid=3650 name="Self signed demo certificate for API" key-usage=digital-signature,key-encipherment,tls-server,key-cert-sign,crl-sign
|
|
/certificate sign "Self signed demo certificate for API"
|
|
/ip service set api-ssl certificate="Self signed demo certificate for API"
|
|
/ip service enable api-ssl
|
|
```
|
|
|
|
If everything is working fine you can disable the pure `api` service in RouterOS:
|
|
|
|
```bash
|
|
/ip service disable api
|
|
```
|
|
|
|
## The user privileges in RouterOS
|
|
|
|
To use this device tracker, you only need limited privileges. To enhance the security of your MikroTik device, create a "read only" user who can connect to API and perform ping test only:
|
|
|
|
```bash
|
|
/user group add name=homeassistant policy=read,api,test,!local,!telnet,!ssh,!ftp,!reboot,!write,!policy,!winbox,!password,!web,!sniff,!sensitive,!romon,!dude,!tikapp
|
|
/user add group=homeassistant name=homeassistant
|
|
/user set password="YOUR_PASSWORD" homeassistant
|
|
```
|