Table of Contents |
---|
Introduction
Sub-menu: /interface eoip
Ethernet over IP (EoIP) Tunneling is a MikroTik RouterOS protocol based on GRE RFC 1701 that creates an Ethernet tunnel between two routers on top of an IP connection. The EoIP tunnel may run over IPIP tunnel, PPTP tunnel, or any other connection capable of transporting IP.
When the bridging function of the router is enabled, all Ethernet traffic (all Ethernet protocols) will be bridged just as if there where a physical Ethernet interface and cable between the two routers (with bridging enabled). This protocol makes multiple network schemes possible.
...
Property Description
Property | Description | ||
---|---|---|---|
allow-fast-path (yes | no; Default: yes) | Whether to allow FastPath processing. Must be disabled if IPsec tunneling is used. | ||
arp (disabled | enabled | proxy-arp | reply-only; Default: enabled) | Address Resolution Protocol mode.
| ||
arp-timeout (integer[/time]; Default: auto) | Time interval in which ARP entries should time out. | ||
clamp-tcp-mss (yes | no; Default: yes) | Controls whether to change MSS size for received TCP SYN packets. When enabled, a router will change the MSS size for received TCP SYN packets if the current MSS size exceeds the tunnel interface MTU (taking into account the TCP/IP overhead).The received encapsulated packet will still contain the original MSS, and only after decapsulation the MSS is changed. | ||
comment (string; Default: ) | Short description of the interface. | ||
disabled (yes | no; Default: no) | Whether an item is disabled. | ||
dont-fragment (inherit | no; Default: no) | Whether to include DF bit in related packets: no - fragment if needed, inherit - use Dont Fragment flag of original packet. (Without Dont Fragment: inherit - packet may be fragmented). | ||
dscp (integer: 0-63; Default: inherited) | DSCP value of packet. Inherited option means that dscp value will be inherited from packet which is going to be encapsulated. | ||
ipsec-secret (string; Default: ) | When secret is specified, router adds dynamic | ipsecIPsec peer to remote-address with pre-shared key and policy | with default values(by default phase2 uses sha1/aes128cbc). |
keepalive (integer[/time],integer 0..4294967295; Default: 10s,10) | Tunnel keepalive parameter sets the time interval in which the tunnel running flag will remain even if the remote end of tunnel goes down. If configured time,retries fail, interface running flag is removed. Parameters are written in following format: KeepaliveInterval,KeepaliveRetries where KeepaliveInterval is time interval and KeepaliveRetries - number of retry attempts. By default keepalive is set to 10 seconds and 10 retries. | ||
l2mtu (integer; read-only) | Layer2 Maximum transmission unit. Not configurable for EoIP. MTU in RouterOS | ||
local-address (IP; Default: ) | Source address of the tunnel packets, local on the router. | ||
loop-protect | |||
loop-protect-disable-time | |||
loop-protect-send-interval | |||
mac-address (MAC; Default: ) | Media Access Control number of an interface. The address numeration authority IANA allows the use of MAC addresses in the range from 00:00:5E:80:00:00 - 00:00:5E:FF:FF:FF freely | ||
mtu (integer; Default: auto) | Layer3 Maximum transmission unit | ||
name (string; Default: ) | Interface name | ||
remote-address (IP; Default: ) | IP address of remote end of EoIP tunnel | ||
tunnel-id (integer: 65536; Default: ) | Unique tunnel identifier, which must match other side of the tunnel |
Configuration Examples
Parameter tunnel-id is a method of identifying a tunnel. It must be unique for each EoIP tunnel.
...
Let us assume we want to bridge two networks: 'Office LANStation' and 'Remote LANAP'. By using EoIP setup can be made so that Office Station and Remote AP LANs are in the same Layer2 broadcast domain.
Consider the following setup:
As you know wireless stations cannot be bridged, to overcome this limitation (not involving WDS) we will create an EoIP tunnel over the wireless link and bridge it with interfaces connected to local networks.
...
At first, we create an EoIP tunnel on our gatewayAP:
Code Block | ||
---|---|---|
| ||
[admin@Our_GW] /interface eoip>eoip add name="eoip-remote" tunnel-id=0 remote-address=10.0.0.2 [admin@Our_GW] interface eoip> enable eoip-remote [admin@Our_GW] interface eoip> disabled=no |
Verify the interface is created:
Code Block | ||
---|---|---|
| ||
[admin@AP] > /interface eoip print Flags: X - disabled,; R - running 0 R name="eoip-remote" mtu=auto actual-mtu=1500=1458 l2mtu=65535 mac-address=FE:A5:6C:3F:26:C5 arp=enabled arp-timeout=auto loop-protect=default loop-protect-status=off loop-protect-send-interval=5s loop-protect-disable-time=5m local-address=0.0.0.0 remote-address=10.0.0.2 tunnel-id=0 keepalive=10s,10 dscp=inherit clamp-tcp-mss=yes dont-fragment=no allow-fast-path=yes |
Station Remote router:
Code Block | ||
---|---|---|
| ||
[admin@Remote] /interface eoip>eoip add name="eoip-main" tunnel-id=0remote0 remote-address=10.0.0.1 [admin@Remote] interface eoip> enable eoip-main [admin@Remote] interface eoip> disabled=no |
Verify the interface is created:
Code Block | ||
---|---|---|
| ||
[admin@Station] > /interface eoip print Flags: X - disabled,; R - running 0 R name="eoip-main" mtu=auto actual-mtu=1500=1458 l2mtu=65535 mac-address=FE:4B:71:05:EA:8B arp=enabled arp-timeout=auto loop-protect=default loop-protect-status=off loop-protect-send-interval=5s loop-protect-disable-time=5m local-address=0.0.0.0 remote-address=10.0.0.1 tunnel-id=0 keepalive=10s,10 dscp=inherit clamp-tcp-mss=yes dont-fragment=no allow-fast-path=yes |
Next, we will bridge local interfaces with EoIP tunnel on our GWAP. If you already have a local bridge interface, simply add EoIP interface to it:
Code Block | ||
---|---|---|
| ||
/interface bridge port add bridge=bridge1 interface=eoip-remote |
The bridge port list should list all local LAN interfaces and the EoIP interface:
Code Block | ||
---|---|---|
| ||
[admin@AP] > /interface bridge port print Flags: I - INACTIVE; H - HW-OFFLOAD Columns: INTERFACE, BRIDGE, HW, PVID, PRIORITY, PATH-COST, INTERNAL-PATH-COST, HORIZON # INTERFACE BRIDGE HW PVID PRIORITY PATH-COST INTERNAL-PATH-COST HORIZON 0 H ether2 bridge1 yes 1 0x80 10 10 none 1 H ether3 bridge1 yes 1 0x80 [admin@Our_GW] interface bridge> add [admin@Our_GW] interface bridge> print Flags: X - disabled, R - running 0 R name="bridge1" mtu=1500 arp=enabled mac-address=00:00:00:00:00:00 protocol-mode=none priority=0x8000 auto-mac=yes admin-mac=00:00:00:00:00:00 max-message-age=20s forward-delay=15s transmit-hold-count=6 ageing-time=5m [admin@Our_GW] interface bridge> port add bridge=bridge1 interface=eoip-remote [admin@Our_GW] interface bridge> port add bridge=bridge1 interface=office-eth [admin@Our_GW] interface bridge> port print Flags: X - disabled, I - inactive, D - dynamic # INTERFACE BRIDGE PRIORITY PATH-COST 0 eoip-remote bridge1 128 10 1 office-eth bridge1 128 10 |
Remote router:
Code Block | ||
---|---|---|
| ||
[admin@Remote] interface bridge> add [admin@Remote] interface bridge> print Flags: X - disabled, R - running 0 R name="bridge1" mtu=1500 arp=enabled mac-address=00:00:00:00:00:00 none 2 eoip-remote bridge1 yes 1 0x80 10 protocol-mode=none priority=0x8000 auto-mac=yes admin-mac=00:00:00:00:00:00 max-message-age=20s forward-delay=15s transmit-hold-count=6 ageing-time=5m [admin@Remote] interface bridge> 10 none |
On Station router, if you do not have a local bridge interface, create a new bridge and add both EoIP and local LAN interfaces to it:
Code Block | ||
---|---|---|
| ||
/interface bridge add name=bridge1 /interface bridge port add bridge=bridge1 interface=ether [admin@Remote] ether2 /interface bridge>bridge port add bridge=bridge1 interface=eoip-main |
Verify the bridge port section:
Code Block | ||
---|---|---|
| ||
[admin@Station] > /interface bridge [admin@Remote] interface bridge> port print Flags: X - disabled, I - inactive, D - dynamic I - INACTIVE; H - HW-OFFLOAD Columns: INTERFACE, BRIDGE, HW, PVID, PRIORITY, PATH-COST, INTERNAL-PATH-COST, HORIZON # INTERFACE BRIDGE HW BRIDGEPVID PRIORITY PATH-COST INTERNAL-PATH-COST HORIZON 00 H ether2 bridge1 yes 1 0x80 ether10 bridge1 128 10 none 2 eoip-main bridge1 yes 1 0x80 10 eoip-main bridge1 128 10 none |
Now both sites are in the same Layer2 broadcast domain. You can set up IP addresses from the same network on both sites.