I do have to sites which are connected via EOIP.
EOIP transports several tagged VLAN (100,200) between the two bridges of the sites.
The default untagged (VLAN 1) network is not bridges between those sites.
Now I would like that tagged VLAN 600 on site A is transported over the EOIP and connects to default untagged (VLAN 1) on the bridge of site B. And VLAN 700 on site B connected to default LAN on site A.
Any ideas how to solve that with the “switch like” bridge configuration?
You’ll have to revert to using EOIP as stand-alone port. Shouldn’t cause any performance penalty as it’s done in software anyway.
Something like this - one side:
/interface eoip
add local-address=10.5.0.1 mtu=1500 name=EOIP-WG-ESP remote-address=10.5.0.9 tunnel-id=9
/interface vlan
add name=EOIP-600 interface=EOIP-WG-ESP vlan-id=600
add name=EOIP-700 interface=EOIP-WG-ESP vlan-id=700
/interface bridge
add comment="Bridge to SFP+" name=LAN vlan-filtering=yes
/interface bridge port
add bridge=LAN interface=sfp-sfpplus1
add bridge=LAN interface=EOIP-700 pvid=700 # vlan700 over EOIP is tagged here
add bridge=LAN interface=EOIP-600 # vlan600 over EOIP is native here
/interface bridge vlan
add bridge=LAN tagged=LAN,sfp-sfpplus1 vlan-ids=600
add bridge=LAN tagged=LAN,sfp-sfpplus1 vlan-ids=700
Remember, that “top” part of VLAN port is untagged, while “bottom part” (the one anchored to underlying port) is tagged with VID set as property. So in example above, both EOIP-600 and EOIP-700 will be untagged on the “port side” and you can then add them to VLAN-enabled bridge as access ports to appropriate VLANs (or as native).
IMO better is to go with another concept: all tagged over bridge. Which means both VLAN600 and VLAN700 will be tagged on the bridge and you only make them untagged on access ports (on last port of last managed switch in your network). In which case you could avoid the vlan-interface mishmash and simply add EOIP port as trunk port to the bridge. If, of course, VLAN IDs can be agreed on both sides of that EOIP link.