I am trying to set up an EoMPLS tunnel between a Cisco router and a MikroTik PE.
I think the EoMPLS part is working. On the Cisco side the xconnect is inside of a dotq sub-interface, so the layer 2 is vlan tagged. The xconnect looks like this:
xconnect a.b.c.d 2601 encapsulation mpls
In order to get the VPLS interface to come up on the MikroTik side, I had to add the pw-type=tagged-ethernet option, which makes sense. The VPLS appears to be up on both sides:
/interface vpls> print
0 R name=“cisco-eompls” mtu=1500 l2mtu=1500 mac-address=02:E0:8C:DA:D0:0B
arp=enabled arp-timeout=auto disable-running-check=no
remote-peer=a.b.c.d cisco-style=yes cisco-style-id=2601
advertised-l2mtu=1500 pw-type=tagged-ethernet use-control-word=yes
#sho mpls l2transport vc
Fa2/0.2601 Eth VLAN 2601 a.b.c.d 2601 UP
My struggle is then to bridge the VPLS interface on the MikroTik to a ethernet port. I want the ethernet port to be untagged (although if it was tagged it wouldn’t be the end of the world, but I can’t get the bridging to work either way).
I have a bridge defined, named vpn, and I have vlan-filtering=yes
/interface bridge> print
1 R name=“vpn” mtu=auto actual-mtu=1500 l2mtu=1500 arp=enabled
arp-timeout=auto mac-address=02:E0:8C:DA:D0:0B protocol-mode=none
fast-forward=yes igmp-snooping=no auto-mac=yes ageing-time=5m
vlan-filtering=yes pvid=1
In the bridge ports, I am including the VPLS interface and the ethernet port that I want to use. The PVID of the ether2 ethernet port is set to the VLAN ID, which I believe means that I want untagged frames coming into that interface to be put into that VLAN. I don’t have PVID set for the VPLS interface because there should not be any untagged frames there (although I tried it with the PVID set to 2601 there too).
/interface bridge port> print detail
0 interface=cisco-eompls bridge=vpn priority=0x80 path-cost=10
internal-path-cost=10 edge=auto point-to-point=auto learn=auto
horizon=none auto-isolate=no restricted-role=no restricted-tcn=no
pvid=1 frame-types=admit-only-vlan-tagged ingress-filtering=yes
unknown-unicast-flood=yes unknown-multicast-flood=yes
broadcast-flood=yes
1 interface=ether2 bridge=vpn priority=0x80 path-cost=10
internal-path-cost=10 edge=auto point-to-point=auto learn=auto
horizon=none hw=no auto-isolate=no restricted-role=no
restricted-tcn=no pvid=2601
frame-types=admit-only-untagged-and-priority-tagged
ingress-filtering=yes unknown-unicast-flood=yes
unknown-multicast-flood=yes broadcast-flood=yes
Then in the bridge vlan settings I have created the following entry:
/interface bridge vlan> print detail
1 bridge=vpn vlan-ids=2601 tagged=cisco-eompls untagged=ether2
current-tagged=cisco-eompls current-untagged=ether2
I think that should be saying that I should expect untagged frames on the ether2 interface and tagged frames on the VPLS interface and that tags should be added and removed accordingly.
But, it doesn’t work. It looks like traffic is making it across the VPLS tunnel to the PE and to a CE device connected to ether2. I say that because I’m receiving ARP entries on that device from a device connected to the VLAN on the other side. However, it looks like nothing is getting through in the other direction. While sniffing the VPLS interface, what it looks like is happening is that traffic coming from the VPLS side is getting untagged and sent to ether2 just fine, but traffic coming from ether2 is not getting tagged properly such that it does not make it through the VPLS tunnel. But I’m not 100% sure of that.
I am basing this config on the examples int he manual here: https://wiki.mikrotik.com/wiki/Manual:EoMPLS_vs_Cisco, but in that example, the xconnect is being done from a interface on the Cisco and not a dotq sub-interface, so in that example the whole vlan tagging issue is not present.
Anyone ever done this? Any thoughts about where I might have gone wrong?
Thanks
Steve