Is EOIP a good option if I want to trunk traffic from a “Guest” SSID across an Infrastructure that cannot handle Vlans?
The switch My Downstairs AP and my Alix (running routerOS) is on Does support Vlans but the switch my upstairs AP is connected to doesn’t
The AP upstairs is my RB751, so currently I’ve bridged the “Guest” SSID to an EOIP tunnel between the 2 RouterOS devices.
Do I need any Filter rules on the 751 to prevent the “guest” traffic ending up on the main LAN, the RB751 doesn’t have any IP interfaces on the “guest” network and the Firewall on the Alix is configured to filter traffic between the “guest” network and the main Lan.
Alix
admin@MikroTik] > interface bridge print
Flags: X - disabled, R - running
0 R name="Guest-Bridge" mtu=1500 l2mtu=1596 arp=enabled
mac-address=00:0D:B9:17:26:C6 protocol-mode=none priority=0x8000
auto-mac=yes admin-mac=00:00:00:00:00:00 max-message-age=20s
forward-delay=15s transmit-hold-count=6 ageing-time=5m
[admin@MikroTik] > interface bridge port
admin@MikroTik] > interface bridge port print
Flags: X - disabled, I - inactive, D - dynamic
# INTERFACE BRIDGE PRIORITY PATH-COST HORIZON
0 Guests Guest-Bridge 0x80 10 none
1 Guest-Vlan-Upstairs-AP Guest-Bridge 0x80 10 none
[admin@MikroTik] > interface eoip print
Flags: X - disabled, R - running
0 R name="Guest-Vlan-Upstairs-AP" mtu=1500 l2mtu=65535
mac-address=02:C6:3E:83:38:72 arp=enabled local-address=192.168.6.1
remote-address=192.168.6.3 tunnel-id=0
RB751
[admin@MikroTik] > ip bridge print
bad command name bridge (line 1 column 4)
[admin@MikroTik] > interface bridge print
Flags: X - disabled, R - running
0 R name="Main Wireless" mtu=1500 l2mtu=1600 arp=enabled
mac-address=00:0C:42:E2:33:27 protocol-mode=none priority=0x8000
auto-mac=yes admin-mac=00:00:00:00:00:00 max-message-age=20s
forward-delay=15s transmit-hold-count=6 ageing-time=5m
1 R name="Guest-Bridge" mtu=1500 l2mtu=2290 arp=enabled
mac-address=02:A5:42:E1:FB:2A protocol-mode=none priority=0x8000
auto-mac=yes admin-mac=00:00:00:00:00:00 max-message-age=20s
forward-delay=15s transmit-hold-count=6 ageing-time=5m
[admin@MikroTik] >
[admin@MikroTik] > interface bridge port print
Flags: X - disabled, I - inactive, D - dynamic
# INTERFACE BRIDGE PRIORITY PATH-COST HORIZON
0 Dragons Main Wireless 0x80 10 none
1 ether1 Main Wireless 0x80 10 none
2 Guest-Tunnel Guest-Bridge 0x80 10 none
3 Dragons-Guest Guest-Bridge 0x80 10 none
[admin@MikroTik] >
[admin@MikroTik] > interface eoip print
Flags: X - disabled, R - running
0 R name="Guest-Tunnel" mtu=1500 l2mtu=65535 mac-address=02:A5:42:E1:FB:2A
arp=enabled local-address=192.168.6.3 remote-address=192.168.6.1
tunnel-id=0
It might have helped if I’d used consistent interface names 