-
Notifications
You must be signed in to change notification settings - Fork 98
WinBox CLI MAC connection
WinBox CLI over MAC (TikConnectionType.WinboxCliMac) is the same encrypted WinBox terminal CLI as
WinBox CLI, but the WinBox M2 protocol travels over the MAC layer
(UDP port 20561, client_type=0x0f90) instead of TCP 8291 — so it works without an IP route to
the router. It combines the strengths of the MAC-Telnet and WinBox transports:
- Recovery / bootstrap — like MAC-Telnet, reach a router with no usable IP
- Encrypted — like WinBox CLI, the session is EC-SRP5 + AES-128-CBC end to end (MAC-Telnet is plain text after auth)
Internally it is the full WinBox protocol tunnelled over the MAC reliable stream: the EC-SRP5
handshake and the chunked AES frames are identical to the TCP transport — only the carrier differs
(MAC DATA packets instead of a TCP socket). After auth it opens the WinBox mepty terminal handler
and drives the RouterOS CLI with the same shared CLI layer as every other CLI transport.
Enable the MAC WinBox server (this is separate from the MAC-Telnet server):
/tool/mac-server/mac-winbox set allowed-interface-list=all
Or restrict to an interface list:
/tool/mac-server/mac-winbox set allowed-interface-list=management
The router's MAC address is discovered automatically via MNDP (see MNDP).
using System.Linq;
using tik4net;
// MNDP discovers the router MAC automatically (takes up to 5 s)
using (var conn = ConnectionFactory.OpenConnection(
TikConnectionType.WinboxCliMac, "192.168.4.1", "admin", ""))
{
var ifaces = conn.LoadAll<tik4net.Objects.Interface.Interface>().ToList();
Console.WriteLine($"Found {ifaces.Count} interfaces");
}MNDP discovery waits up to 5 seconds. If you already know the router's MAC address, skip the wait by
setting RouterMac — this also noticeably speeds up the connection:
using tik4net.WinboxCliMac;
var conn = new WinboxCliMacConnection { RouterMac = "AA:BB:CC:DD:EE:FF" };
conn.Open("192.168.4.1", "admin", "");var setup = new TikConnectionSetup("192.168.4.1", "admin", "");
// MNDP-based (default)
using (var conn = setup.CreateWinboxCliMacConnection())
{
// ...
}
// known MAC (skips MNDP) + async
using (var conn = await setup.CreateWinboxCliMacConnectionAsync(routerMac: "AA:BB:CC:DD:EE:FF"))
{
// ...
}CRUD and Listen — like all CLI transports, WinBox-CLI-MAC reports Crud | Listen, so the callback-based
async APIs work in addition to synchronous CRUD. A terminal has no server push, so the async commands are
emulated by polling a one-shot snapshot on a background worker:
| Call shape | Example | How it works |
|---|---|---|
| Streaming monitor |
/interface/monitor-traffic, /tool/profile
|
re-issues :put [… <once> as-value] (snapshot modifier per command) every ~500 ms and pushes each polled record to your row callback |
| Finite command |
/ping, /tool/traceroute
|
runs once (its own count/duration bounds it), emits the rows, completes |
| Change listen | conn.LoadListenAsync<Interface>(onChange, onDeleted, …) |
polls the table and diffs by .id — a changed row fires onChange, a vanished .id fires onDeleted
|
| Async list |
cmd.LoadAsync<Interface>(…) on a /print
|
runs the read on a background thread, emits each row, completes |
bool hasCrud = conn.Supports(TikConnectionCapability.Crud); // true
bool hasListen = conn.Supports(TikConnectionCapability.Listen); // trueTikConnectionCapability.Streaming (ExecuteListWithDuration) is not reported — use the API transport
for that. Interactive-only commands (notably /tool/torch, no as-value snapshot) surface a guiding
error through the async error callback. Polling over the MAC layer is slow (per-packet ACKs) — prefer the TCP
WinBox CLI or SSL API for high-rate monitoring when routable.
- Encrypted end to end (EC-SRP5 + AES-128-CBC) — unlike MAC-Telnet, which is plain text after auth.
- The MAC WinBox server (
/tool/mac-server/mac-winbox) is independent of the MAC-Telnet server (/tool/mac-server); enable the one you need. -
Slower than TCP — every M2 frame is carried in MAC DATA packets with per-packet ACKs, and MNDP
discovery adds up to 5 s. Set
RouterMacto skip MNDP. Use the TCP WinBox CLI transport when an IP route is available. - Requires RouterOS 6.43+ (EC-SRP5). The MAC transport does not implement the legacy MD5 path.
Builds on the same WinBox protocol research as the TCP transport (subixonfire/winbox-terminal-protocol, MIT) and the MAC-layer framing / EC-SRP5-over-MAC work behind the MAC-Telnet transport.
- WinBox-CLI-connection — same CLI over TCP 8291 (faster, needs an IP route)
- WinBox-Native-MAC-connection — structured native M2 CRUD over the MAC layer (no terminal)
- MAC-Telnet-connection — plain-text Layer-2 CLI (UDP 20561)
- MNDP — router discovery without a connection
- Roadmap-4x — transport roadmap