Ethernet over IP (EoIP) Tunneling is a MikroTik RouterOS protocol that creates an Ethernet tunnel between two routers on top of an IP connection. The EoIP interface appears as an Ethernet interface. When the bridging function of the router is enabled, all Ethernet traffic (all Ethernet protocols) will be bridged just as if there where a physical Ethernet interface and cable between the two routers (with bridging enabled). This protocol makes multiple network schemes possible.
Network setups with EoIP interfaces:
* Possibility to bridge LANs over the Internet
* Possibility to bridge LANs over encrypted tunnels
* Possibility to bridge LANs over 802.11b 'ad-hoc' wireless networks
To make a secure Ethernet bridge between two routers you should:
Network setups with EoIP interfaces:
* Possibility to bridge LANs over the Internet
* Possibility to bridge LANs over encrypted tunnels
* Possibility to bridge LANs over 802.11b 'ad-hoc' wireless networks
EoIP Application Example
Description
Let us assume we want to bridge two networks: 'Office LAN' and 'Remote LAN'. The networks are connected to an IP network through the routers [Our_GW] and [Remote]. The IP network can be a private intranet or the Internet. Both routers can communicate with each other through the IP network.Example
Our goal is to create a secure channel between the routers and bridge both networks through it. The network setup diagram is as follows:To make a secure Ethernet bridge between two routers you should:
- Create a PPTP tunnel between them. Our_GW will be the pptp server:
[admin@Our_GW] interface pptp-server> /ppp secret add name=joe service=pptp \ \... password=top_s3 local-address=10.0.0.1 remote-address=10.0.0.2 [admin@Our_GW] interface pptp-server> add name=from_remote user=joe [admin@Our_GW] interface pptp-server> server set enable=yes [admin@Our_GW] interface pptp-server> print Flags: X - disabled, D - dynamic, R - running # NAME USER MTU CLIENT-ADDRESS UPTIME ENC... 0 from_remote joe [admin@Our_GW] interface pptp-server> The Remote router will be the pptp client: [admin@Remote] interface pptp-client> add name=pptp user=joe \ \... connect-to=192.168.1.1 password=top_s3 mtu=1500 mru=1500 [admin@Remote] interface pptp-client> enable pptp [admin@Remote] interface pptp-client> print Flags: X - disabled, R - running 0 R name="pptp" mtu=1500 mru=1500 connect-to=192.168.1.1 user="joe" password="top_s2" profile=default add-default-route=no [admin@Remote] interface pptp-client> monitor pptp status: "connected" uptime: 39m46s encoding: "none" [admin@Remote] interface pptp-client>See the PPTP Interface Manual for more details on setting up encrypted channels.
- Configure the EoIP tunnel by adding the eoip tunnel interfaces at both routers. Use the ip addresses of the pptp tunnel interfaces when specifying the argument values for the EoIP tunnel:
[admin@Our_GW] interface eoip> add name="eoip-remote" tunnel-id=0 \ \... remote-address=10.0.0.2 [admin@Our_GW] interface eoip> enable eoip-remote [admin@Our_GW] interface eoip> print Flags: X - disabled, R - running 0 name=eoip-remote mtu=1500 arp=enabled remote-address=10.0.0.2 tunnel-id=0 [admin@Our_GW] interface eoip> [admin@Remote] interface eoip> add name="eoip" tunnel-id=0 \ \... remote-address=10.0.0.1 [admin@Remote] interface eoip> enable eoip-main [admin@Remote] interface eoip> print Flags: X - disabled, R - running 0 name=eoip mtu=1500 arp=enabled remote-address=10.0.0.1 tunnel-id=0 [Remote] interface eoip>
- Enable bridging between the EoIP and Ethernet interfaces on both routers.
On the Our_GW:
[admin@Our_GW] interface bridge> add [admin@Our_GW] interface bridge> print Flags: X - disabled, R - running 0 R name="bridge1" mtu=1500 arp=enabled mac-address=00:00:00:00:00:00 stp=no priority=32768 ageing-time=5m forward-delay=15s garbage-collection-interval=4s hello-time=2s max-message-age=20s [admin@Our_GW] interface bridge> port add bridge=bridge1 interface=eoip-remote [admin@Our_GW] interface bridge> port add bridge=bridge1 interface=office-eth [admin@Our_GW] interface bridge> port print Flags: X - disabled, I - inactive, D - dynamic # INTERFACE BRIDGE PRIORITY PATH-COST 0 eoip-remote bridge1 128 10 1 office-eth bridge1 128 10 [admin@Our_GW] interface bridge>And the same for the Remote:
[admin@Remote] interface bridge> add [admin@Remote] interface bridge> print Flags: X - disabled, R - running 0 R name="bridge1" mtu=1500 arp=enabled mac-address=00:00:00:00:00:00 stp=no priority=32768 ageing-time=5m forward-delay=15s garbage-collection-interval=4s hello-time=2s max-message-age=20s [admin@Remote] interface bridge> port add bridge=bridge1 interface=ether [admin@Remote] interface bridge> port add bridge=bridge1 interface=eoip-main [admin@Remote] interface bridge> port print Flags: X - disabled, I - inactive, D - dynamic # INTERFACE BRIDGE PRIORITY PATH-COST 0 ether bridge1 128 10 1 eoip-main bridge1 128 10 [admin@Remote] interface bridge> port print - Addresses from the same network can be used both in the Office LAN and in the Remote LAN.
Komentar