Connecting two remote networks in the same C class

acim · December 14, 2006, 8:21am

I have to connect two remote networks, but my client wants to have single DHCP for both networks and all computers in the same C class, let’s say 192.168.27.0/24. This is something similar as described here (EoIP), but I can’t make this working. I will try to explain my configuration.

[LAN1 192.168.27.0/24][ETH 192.168.27.105 - ROUTER1 - WLAN 10.10.11.15][AP][WLAN][AP][WLAN 10.10.5.15 - ROUTER2 - ETH 192.168.27.104][LAN2 192.168.27.0/24]

I did everything as described in 2.9 documentation for EoIP tunnel. I have EoIP between 10.10.11.15 and 10.10.5.15 and it works OK. I bridged tunnel and ethernet card on both routers and give them above addresses, 192.168.27.105 and 192.168.27.104 respectively.

From router 1 I can ping all machines in LAN1 (local network) and bridge interface on router 2, 192.168.27.104, but I can’t ping machines in LAN2. From router 2 same situation, I can ping LAN2 (it’s local network) and bridge interface on router 1, 192.168.27.105, but not machines in LAN1. I disabled ARP for ethernet card and tunnel on both routers and enabled ARP for bridge interface on both. I tried proxy-arp as well, but it didn’t help. What I am doing wrong?

As temporary solution, I had to put another C class on LAN2, let’s say 192.168.28.0/24 and I removed bridges (bridge interfaces) and did routing instead. This works find, I can ping machines all arroung, but netbios doesn’t work this way. So I did some NAT on both routers and netbios work, but machines on LAN1 still don’t see machines from LAN2 (and opposite) in their network neighbourhood, although they can see shares on remote side id they type in IP addresses, let’s say on machine 192.168.27.200 you type in \192.168.28.200 and they you can see shares. I don’t like this way, it’s not elegant.

I checked many similar posts on this forum, but there is no real solution. I don’t need to use EoIP explicitely, I just want, as I said in the topis of this message, to connect two remote networks in the same C class without matter what tunnel I am using or whatever other solution. Please help.

sergejs · December 14, 2006, 8:48am

WDS might be used, if routers are connected to each other directly, or use selected EoIP tunnel.
WDS example is here,
http://wiki.mikrotik.com/wiki/Transparently_Bridge_two_Networks

Regarding to EoIP tunnel configuration,
-you need to specify remote WLAN addresses for EoIP tunnels, set the same tunnel-id, then bridge EoIP with Ethernet interface.

Set DHCP server on local Ethernet interface.
probably you can post EoIP, bridge configuration here, as the described configuration scenario should work fine.

janisk · December 14, 2006, 8:49am

as temporary solution you can create your own DNS entires, that will point to correct IP address from domain name

acim · December 14, 2006, 10:02am

No, these two networks are connected to two different AP's which are used for other purposes also. So, WDS is not an option.

This is already done, as I described in my first post. I did everything as described in the MT documentation. And tunnel is alive because I can ping other side bridge interface. If I put IP addresses on tunnel's edges, I can also ping other side, so tunnel is working OK for sure.

Because I had to make this working other way (routing and NAT), I will print out another configuration from another client where I have the same problem. It's the same situation, just IP addresses are different from above.

Router 1:

interface eoip>
0 R name="tunnel" mtu=1500 mac-address=FE:00:90:31:CF:96 arp=disabled remote-address=10.10.1.22 tunnel-id=1

interface bridge>
0 R name="interlan" mtu=1500 arp=enabled mac-address=00:4F:4E:61:E9:61 stp=no priority=32768 ageing-time=5m forward-delay=15s garbage-collection-interval=5s hello-time=2s max-message-age=20s

interface bridge port>
0 tunnel interlan 128 10
1 lan interlan 128 10

ip address>

ADDRESS NETWORK BROADCAST INTERFACE

0 10.10.15.22/24 10.10.15.0 10.10.15.255 link
1 192.168.1.253/24 192.168.1.0 192.168.1.255 interlan

Router 2:

interface eoip>
0 R name="tunnel" mtu=1500 mac-address=FE:00:90:31:CF:95 arp=disabled remote-address=10.10.15.22 tunnel-id=1

interface bridge>
0 R name="interlan" mtu=1500 arp=enabled mac-address=00:4F:4E:61:CF:FF stp=no priority=32768 ageing-time=5m forward-delay=15s garbage-collection-interval=4s hello-time=2s max-message-age=20s

interface bridge port>

INTERFACE BRIDGE PRIORITY PATH-COST

0 tunnel interlan 128 10
1 lan interlan 128 10

ip address>

ADDRESS NETWORK BROADCAST INTERFACE

0 D 10.10.1.22/24 10.10.1.0 10.10.1.255 link
1 192.168.1.254/24 192.168.1.0 192.168.1.255 interlan

From router 1:

/ping 192.168.1.254 count=4
192.168.1.254 64 byte ping: ttl=64 time=43 ms
192.168.1.254 64 byte ping: ttl=64 time=5 ms
192.168.1.254 64 byte ping: ttl=64 time=4 ms
192.168.1.254 64 byte ping: ttl=64 time=4 ms
4 packets transmitted, 4 packets received, 0% packet loss
round-trip min/avg/max = 4/14.0/43 ms

So, it seems to me that EoIP tunnel is working well. Now, I can ping all machines connected to ethernet card on router 1 (and to bridge named interlan on router 1), but I can't ping machines connected to ehternet card on router 2 (and to bridge also named interlan, but on router 2). What am I doing wrong?

acim · December 14, 2006, 10:06am

I did this and it is working fine, but there is some other problem. One of my clients who wants this configuraition also wants to connect Cisco VoIP phones placed on both remote networks. If I could make Windows machines see each other, then Cisco would see each other also.

Because I didn’t make the tunnel working as it should, I had to do routing instead, which is quite complex because I have to NAT phones as well. I am not the one who configures thir Cisco VoIP router, so I can’t make it working with two networks, so I had to DNAT and SNAT all phones on another remote network.

sergejs · December 14, 2006, 10:13am

Make sure you have no any firewall rules, that might influence traffic between two routers.

acim · December 14, 2006, 11:49am

No firewall rules at all.

sergejs · December 14, 2006, 2:26pm

Please, set back arp=enable to all interfaces added to bridge.
Contact support (support@mikrotik.com), if you will have the same problem.

acim · December 15, 2006, 10:50am

No, arp=enable is not necesarry on ehternet and eoip interfaces, just on the bridge interface where these two ethernet and eoip belong.

I made the same configuration at my other client and everything works OK, so the EoIP example in MT documentation is correct.

However, I still have problem with the client I mentioned in my first post. They have very similar configuration, one point at 5GHz, another point on 2.4GHz, all wifi cards Wireless, all ehternet cards D-Link with Realtek 8139. The only thing I can imagine can make problems is some manageable Cisco switch which is on one side of the tunnel at this problematic client. I will check out that. I will let you know what is wrong when I resolve this. Thank you guys for helping me.

acim · December 15, 2006, 1:44pm

YES!

It was Cisco smart switch making problems. I put it to another, newer and “smarter” Cisco switch and VoIP phone started working. Then I still had problems with computer network. Finally, I changed port role on Cisco to “Cisco router” and everything worked perfectly. So, this was not a Mikrotik issue.