-
Notifications
You must be signed in to change notification settings - Fork 98
WinBox CLI MAC connection
WinBox CLI over MAC (TikConnectionType.WinboxCliMac) is the same encrypted WinBox terminal CLI as
WinBox CLI, but the WinBox M2 protocol travels over the MAC layer
(UDP port 20561, client_type=0x0f90) instead of TCP 8291 — so it works without an IP route to
the router. It combines the strengths of the MAC-Telnet and WinBox transports:
- Recovery / bootstrap — like MAC-Telnet, reach a router with no usable IP
- Encrypted — like WinBox CLI, the session is EC-SRP5 + AES-128-CBC end to end (MAC-Telnet is plain text after auth)
Internally it is the full WinBox protocol tunnelled over the MAC reliable stream: the EC-SRP5
handshake and the chunked AES frames are identical to the TCP transport — only the carrier differs
(MAC DATA packets instead of a TCP socket). After auth it opens the WinBox mepty terminal handler
and drives the RouterOS CLI with the same shared CLI layer as every other CLI transport.
Enable the MAC WinBox server (this is separate from the MAC-Telnet server):
/tool/mac-server/mac-winbox set allowed-interface-list=all
Or restrict to an interface list:
/tool/mac-server/mac-winbox set allowed-interface-list=management
The router's MAC address is discovered automatically via MNDP (see MNDP).
using System.Linq;
using tik4net;
// MNDP discovers the router MAC automatically (takes up to 5 s)
using (var conn = ConnectionFactory.OpenConnection(
TikConnectionType.WinboxCliMac, "192.168.4.1", "admin", ""))
{
var ifaces = conn.LoadAll<tik4net.Objects.Interface.Interface>().ToList();
Console.WriteLine($"Found {ifaces.Count} interfaces");
}MNDP discovery waits up to 5 seconds. If you already know the router's MAC address, skip the wait by
setting RouterMac — this also noticeably speeds up the connection:
using tik4net.WinboxCliMac;
var conn = new WinboxCliMacConnection { RouterMac = "AA:BB:CC:DD:EE:FF" };
conn.Open("192.168.4.1", "admin", "");var setup = new TikConnectionSetup("192.168.4.1", "admin", "");
// MNDP-based (default)
using (var conn = setup.CreateWinboxCliMacConnection())
{
// ...
}
// known MAC (skips MNDP) + async
using (var conn = await setup.CreateWinboxCliMacConnectionAsync(routerMac: "AA:BB:CC:DD:EE:FF"))
{
// ...
}Supports CRUD operations only, like the other CLI transports. Streaming / Listen / Async commands
(ExecuteAsync, LoadAsync, Torch) throw NotSupportedException. Use the API or REST transport for
those.
- Encrypted end to end (EC-SRP5 + AES-128-CBC) — unlike MAC-Telnet, which is plain text after auth.
- The MAC WinBox server (
/tool/mac-server/mac-winbox) is independent of the MAC-Telnet server (/tool/mac-server); enable the one you need. -
Slower than TCP — every M2 frame is carried in MAC DATA packets with per-packet ACKs, and MNDP
discovery adds up to 5 s. Set
RouterMacto skip MNDP. Use the TCP WinBox CLI transport when an IP route is available. - Requires RouterOS 6.43+ (EC-SRP5). The MAC transport does not implement the legacy MD5 path.
Builds on the same WinBox protocol research as the TCP transport (subixonfire/winbox-terminal-protocol, MIT) and the MAC-layer framing / EC-SRP5-over-MAC work behind the MAC-Telnet transport.
- WinBox-CLI-connection — same CLI over TCP 8291 (faster, needs an IP route)
- MAC-Telnet-connection — plain-text Layer-2 CLI (UDP 20561)
- MNDP — router discovery without a connection
- Roadmap-4x — transport roadmap