...
Property Description
Property | Description |
---|
allow-fast-path (yes | no; Default: yes) | Whether to allow FastPath processing. Must be disabled if IPsec tunneling is used. |
arp (disabled | enabled | proxy-arp | reply-only; Default: enabled) | Address Resolution Protocol mode.- disabled - the interface will not use ARP
- enabled - the interface will use ARP
- proxy-arp - the interface will use the ARP proxy feature
- reply-only - the interface will only reply to requests originated from matching IP address/MAC address combinations which are entered as static entries in the "/ip arp" table. No dynamic entries will be automatically stored in the "/ip arp" table. Therefore for communications to be successful, a valid static entry must already exist.
|
arp-timeout (integer[/time]; Default: auto) | Time interval in which ARP entries should time out. |
clamp-tcp-mss (yes | no; Default: yes) | Controls whether to change MSS size for received TCP SYN packets. When enabled, a router will change the MSS size for received TCP SYN packets if the current MSS size exceeds the tunnel interface MTU (taking into account the TCP/IP overhead).The received encapsulated packet will still contain the original MSS, and only after decapsulation the MSS is changed. |
comment (string; Default: ) | Short description of the interface. |
disabled (yes | no; Default: no) | Whether an item is disabled. |
dont-fragment (inherit | no; Default: no) | Whether to include DF bit in related packets. |
dscp (integer: 0-63; Default: inherited) | DSCP value of packet. Inherited option means that dscp value will be inherited from packet which is going to be encapsulated. |
ipsec-secret (string; Default: ) | When secret is specified, router adds dynamic | ipsec IPsec peer to remote-address with pre-shared key and policy | with default values (by default phase2 uses sha1/aes128cbc). |
keepalive (integer[/time],integer 0..4294967295; Default: 10s,10) | Tunnel keepalive parameter sets the time interval in which the tunnel running flag will remain even if the remote end of tunnel goes down. If configured time,retries fail, interface running flag is removed. Parameters are written in following format: KeepaliveInterval,KeepaliveRetries where KeepaliveInterval is time interval and KeepaliveRetries - number of retry attempts. By default keepalive is set to 10 seconds and 10 retries. |
l2mtu (integer; read-only) | Layer2 Maximum transmission unit. Not configurable for EoIP. MTU in RouterOS |
local-address (IP; Default: ) | Source address of the tunnel packets, local on the router. |
loop-protect |
|
loop-protect-disable-time |
|
loop-protect-send-interval |
|
mac-address (MAC; Default: ) | Media Access Control number of an interface. The address numeration authority IANA allows the use of MAC addresses in the range from 00:00:5E:80:00:00 - 00:00:5E:FF:FF:FF freely |
mtu (integer; Default: auto) | Layer3 Maximum transmission unit |
name (string; Default: ) | Interface name |
remote-address (IP; Default: ) | IP address of remote end of EoIP tunnel |
tunnel-id (integer: 65536; Default: ) | Unique tunnel identifier, which must match other side of the tunnel |
Configuration Examples
Parameter tunnel-id is a method of identifying a tunnel. It must be unique for each EoIP tunnel.
...
Let us assume we want to bridge two networks: 'Office LANStation' and 'Remote LANAP'. By using EoIP setup can be made so that Office Station and Remote AP LANs are in the same Layer2 broadcast domain.
...
At first, we create an EoIP tunnel on our gatewayAP:
Code Block |
---|
|
[admin@Our_GW] /interface eoip>eoip add name="eoip-remote" tunnel-id=0 remote-address=10.0.0.2
[admin@Our_GW] interface eoip> enable eoip-remote
[admin@Our_GW] interface eoip> disabled=no |
Verify the interface is created:
Code Block |
---|
|
[admin@AP] > /interface eoip print
Flags: X - disabled,; R - running
0 R name="eoip-remote" mtu=auto actual-mtu=1500=1458 l2mtu=65535 mac-address=FE:A5:6C:3F:26:C5 arp=enabled
arp-timeout=auto loop-protect=default loop-protect-status=off loop-protect-send-interval=5s
loop-protect-disable-time=5m local-address=0.0.0.0 remote-address=10.0.0.2 tunnel-id=0
keepalive=10s,10 dscp=inherit clamp-tcp-mss=yes dont-fragment=no allow-fast-path=yes |
Station Remote router:
Code Block |
---|
|
[admin@Remote] /interface eoip>eoip add name="eoip-main" tunnel-id=0remote0 remote-address=10.0.0.1
[admin@Remote] interface eoip> enable eoip-main
[admin@Remote] interface eoip> disabled=no |
Verify the interface is created:
Code Block |
---|
|
[admin@Station] > /interface eoip print
Flags: X - disabled,; R - running
0 R name="eoip-main" mtu=1500auto actual-mtu=1458 l2mtu=65535 mac-address=FE:4B:71:05:EA:8B arp=enabled
arp-timeout=auto loop-protect=default loop-protect-status=off loop-protect-send-interval=5s
loop-protect-disable-time=5m local-address=0.0.0.0 remote-address=10.0.0.1 tunnel-id=0
keepalive=10s,10 dscp=inherit clamp-tcp-mss=yes dont-fragment=no allow-fast-path=yes |
Next, we will bridge local interfaces with EoIP tunnel on our GWAP. If you already have a local bridge interface, simply add EoIP interface to it:
Code Block |
---|
|
/interface bridge port add bridge=bridge1 interface=eoip-remote |
The bridge port list should list all local LAN interfaces and the EoIP interface:
Code Block |
---|
|
[admin@AP] > /interface bridge port print
Flags: I - INACTIVE; H - HW-OFFLOAD
Columns: INTERFACE, BRIDGE, HW, PVID, PRIORITY, PATH-COST, INTERNAL-PATH-COST, HORIZON
# INTERFACE BRIDGE HW PVID PRIORITY PATH-COST INTERNAL-PATH-COST HORIZON
0 H ether2 bridge1 yes 1 0x80 10 10 none
1 H ether3 bridge1 yes 1 0x80 [admin@Our_GW] interface bridge> add
[admin@Our_GW] interface bridge> print
Flags: X - disabled, R - running
0 R name="bridge1" mtu=1500 arp=enabled mac-address=00:00:00:00:00:00
protocol-mode=none priority=0x8000 auto-mac=yes
admin-mac=00:00:00:00:00:00 max-message-age=20s forward-delay=15s
transmit-hold-count=6 ageing-time=5m
[admin@Our_GW] interface bridge> port add bridge=bridge1 interface=eoip-remote
[admin@Our_GW] interface bridge> port add bridge=bridge1 interface=office-eth
[admin@Our_GW] interface bridge> port print
Flags: X - disabled, I - inactive, D - dynamic
# INTERFACE BRIDGE PRIORITY PATH-COST
0 eoip-remote bridge1 128 10
1 office-eth bridge1 128 10 |
Remote router:
Code Block |
---|
|
[admin@Remote] interface bridge> add
[admin@Remote] interface bridge> print
Flags: X - disabled, R - running
0 R name="bridge1" mtu=1500 arp=enabled mac-address=00:00:00:00:00:00
none
2 eoip-remote bridge1 yes 1 0x80 10 protocol-mode=none priority=0x8000 auto-mac=yes
admin-mac=00:00:00:00:00:00 max-message-age=20s forward-delay=15s
transmit-hold-count=6 ageing-time=5m
[admin@Remote] interface bridge> 10 none |
On Station router, if you do not have a local bridge interface, create a new bridge and add both EoIP and local LAN interfaces to it:
Code Block |
---|
|
/interface bridge add name=bridge1
/interface bridge port add bridge=bridge1 interface=ether
[admin@Remote] ether2
/interface bridge>bridge port add bridge=bridge1 interface=eoip-main |
Verify the bridge port section:
Code Block |
---|
|
[admin@AP] > /interface bridge
[admin@Remote] interface bridge> port print
Flags: X - disabled, I - inactive, D - dynamic
I - INACTIVE; H - HW-OFFLOAD
Columns: INTERFACE, BRIDGE, HW, PVID, PRIORITY, PATH-COST, INTERNAL-PATH-COST, HORIZON
# INTERFACE BRIDGE HW BRIDGEPVID PRIORITY PATH-COST INTERNAL-PATH-COST HORIZON
00 H ether2 bridge1 yes 1 0x80 10 ether bridge1 128 10 none
2 eoip-main bridge1 yes 1 0x80 10 eoip-main bridge1 128 10 none |
Now both sites are in the same Layer2 broadcast domain. You can set up IP addresses from the same network on both sites.