Hello, I have two of SXT Lite devices. I intend them to use as wireless bridge.
I plan to forward three VLANs, one of them is service (administrative) vlan. This vlan is the only where both APs should have accessible IP address assigned. This VLAN is used to access at least one smart switch behind the bridge.
I can’t use Virtual APs, because the license level doesn’t allow this. So I need another way to create more bridges.
After some reading I found this solution: http://wiki.mikrotik.com/wiki/Manual:Interface/EoIP
It is quite clear. But that setup uses whole ethernet interface in the bridge, which I think will forward only untagged packets.
I am going to extend this configuraition, to be able to strip tags on one side, forward and add same tags on the other side. To achieve this, on each AP I created three vlan subinterfaces, three EoIP interfaces with different IDs and three bridge interfaces, and joined interfaces to bridges like in te picture below (the same is done here: http://forum.mikrotik.com/t/eoip-vlan/44800/1):
(And there are some more MikroTik equipment. I really built a whole enterprise network with 100+ gigabit and large WiFi network exclusively on MikroTik solutions!)
The configuration of ap5 is:
# may/18/2015 11:44:32 by RouterOS 6.28
# software id = 8B6N-3XFD
#
/interface bridge
add name=bridge1-vlan20-lan
add name=bridge2-vlan21-voip
add name=bridge4-vlan23-service
/interface wireless
set [ find default-name=wlan1 ] band=2ghz-b/g/n channel-width=20/40mhz-ht-above disabled=no l2mtu=2290 mode=bridge name=wlan1-gateway ssid=bridge
/interface ethernet
set [ find default-name=ether1 ] name=ether1-local
/interface eoip
add !keepalive mac-address=02:6B:66:3B:3B:6E name=eoip-tunnel20-lan remote-address=10.0.0.2 tunnel-id=20
add !keepalive mac-address=02:40:49:A3:79:1D name=eoip-tunnel21-voip remote-address=10.0.0.2 tunnel-id=21
add !keepalive mac-address=02:BA:FE:8B:44:89 name=eoip-tunnel23-service remote-address=10.0.0.2 tunnel-id=23
/interface vlan
add interface=ether1-local l2mtu=1594 name=ether1-vlan20-lan vlan-id=20
add interface=ether1-local l2mtu=1594 name=ether1-vlan21-voip vlan-id=21
add interface=ether1-local l2mtu=1594 name=ether1-vlan23-service vlan-id=23
/ip neighbor discovery
set ether1-vlan20-lan discover=no
set ether1-vlan21-voip discover=no
set ether1-vlan23-service discover=no
/interface wireless security-profiles
set [ find default=yes ] supplicant-identity=MikroTik
/ip ipsec proposal
set [ find default=yes ] enc-algorithms=3des
/system logging action
set 0 memory-lines=100
set 1 disk-lines-per-file=100
/interface bridge port
add bridge=bridge1-vlan20-lan interface=eoip-tunnel20-lan
add bridge=bridge1-vlan20-lan interface=ether1-vlan20-lan
add bridge=bridge2-vlan21-voip interface=eoip-tunnel21-voip
add bridge=bridge2-vlan21-voip interface=ether1-vlan21-voip
add bridge=bridge4-vlan23-service interface=eoip-tunnel23-service
add bridge=bridge4-vlan23-service interface=ether1-vlan23-service
/ip address
add address=192.168.88.1/24 comment="default configuration" interface=ether1-local network=192.168.88.0
add address=192.168.23.139/25 interface=bridge4-vlan23-service network=192.168.23.128
add address=192.168.168.45/24 interface=ether1-local network=192.168.168.0
add address=10.0.0.1/30 interface=wlan1-gateway network=10.0.0.0
/ip dns
set allow-remote-requests=yes servers=192.168.168.254
/ip dns static
add address=192.168.88.1 name=router
/ip route
add distance=1 gateway=192.168.168.254
/ip service
set api disabled=yes
/romon port
add disabled=no
/system clock
set time-zone-name=Europe/Moscow
/system identity
set name=ap5
/system leds
set 0 interface=wlan1-gateway
/tool mac-server
set [ find default=yes ] disabled=yes
add interface=ether1-local
/tool mac-server mac-winbox
set [ find default=yes ] disabled=yes
add interface=ether1-local
One bridge interface on each AP has a (unique in my network) service IP address. That bridge interface has a service VLAN subinterface and a service-EoIP link ports.
The problem is, once the service-EoIP link is added into the service-bridge interface on AP, I lose wired access to that AP via its service IP address. But, I also forethoughtfully have an IP address on the base wired (ether1) interface, and it continues to function. Only the IP address assigned to bridge, to which both VLAN subinterface and EoIP inteface belong, is inaccessible from VLAN side. However, it pings locally. Bridge got somewhat broken when I added the EoIP interface there. If I remove EoIP from the bridge, leaving only VLAN there, it works again.
I will remove those default 192.168.88.1 addresses once everything starts working as expected, they’re left temporarily to be used during setup.
Please, help me understand what is going and how to fix the problem. I am using lastest available RouterOS, 6.28 for the time of writing.