I’m installing a backhaul link. Of course I installed 2 mikrotik router with two Ubiquiti Rocket. That was easy. I needed to monitor the link, so I configured a public IP address and a dude agent. Sweet. But when the customer requested a public IP adress, everything went wrong.
I had to move quickly, my first idea was to configure an eoip link and bridge everything. I ended up
BRIDGE_01 BRIDGE_02
Internet – [ ether5 and eoip ] <----> [eoip and ether4] – Customer
The customer and and ether5 on my edge router have a pubic IP address in the same subnet class. However this is not adequate. I often loose access to on or the other public IP. Pings are clumsy, even inside the private addresses. I feel that I need to adjuste my MAC address resolution parameters. But maybe it is a crazy idea anyway.
This weekend I will try to a double-nat solution. Does that make a better sense?
Assign Ip to the first router to the bridge-i with the correct subnet, do the same on the second router and at last assign ethernet connection to the bridge-i for the customer ethernet port.
bridge-t and bridge-i → ordinary bridge with the different names to separate tagged and un-tagged traffic.
If you need to expand with a seperate line for the customer you could expand linke this.
You could still have ip adresses assigned to bridge-i on your routers but leave the bridge-i2 untouched to the customer. I would use nv2 in between ap-bridge (or bridge) on one side and station-wds on the other side. bridge-t is the same all the time, and sends the tagged frames over the wds link for both networks.
Of course you could use several other ways to solve this, but this should be a quick solution to your problem.
Been redisigned in my lab. But I ended up with less bridge than you. I wonder why…
I have bridge the vlan and the physical interface as you adviced. Doing so I have access to my internal network (the 10.159.248/29) and the equipement plugged as the customer act as an Internet client.
I don’t see the difference from when I implemented it with EOIP tunnel. However this time I apply the 192.168.0.29 ip addess to the bridge instead of the physical interface (ether2).
I did not put my Ubiquiti antenna in between, assumed it would do no difference.
So everything is fine in labs, but the actual setup i’m often having trouble to access publics IP. I ends up having either me or the customer without internet access. This is why I assumed problem with MAC resolution.
You solved with one bridge less since you connected to ethernet interfaces without the use of the bridge-t. correct in you testlab, but if you use dynamic wds over the wireless link you would need that bridge aswell.
Design seems ok to me, but of course you could be right about the mac thing.
Yes you could solve this design with eoip, but I would hesitate to use gre/eoip on a production link due to the reduction of mtu.
