Hi,
i want to connect two places with SXT 5 via PTP but... i have in my main gateway several EOIP tunnels. For different IP subnet i used different EOIP tunnel. In order to 'extend' those IP subnets via PTP links... should i connect only main EOIP tunnel or must i have connection .. lets say 3 EOIP tunnels for 3 different IP subnets?
I can not use VLANs as i dont have managed switch...
tx
korg
Re: EOIP Tunnel question
If each of your IP subnets in the rest of the network resides in its own L2 bridge, either each of these bridges has to be extended to the new site using its own EoIP tunnel, or you may use VLANs inside a single EoIP tunnel (but that limits the MTU 4 more bytes). I don't understand the remark regarding unmanaged switch preventing you from using VLANs - the SXT has just a single Ethernet port anyway so even if you terminate several EoIP tunnels on the SXT, you can only extend one of them out of that box via Ethernet unless you use VLANs or PTP tunnels reaching further through the SXT's single Ethernet interface. So maybe you should draw the overall topology you want to achieve.
Re: EOIP Tunnel question
Hi SIndy,
tx for you answer...
here is my drawing
So, i have 3 ip subnets... and i want to connect those sxt 5 via PTP with all three IP subnets... to be able to to have everywhere all three subnets available.
Why did i mention unmanaged switch? because i have several AP's which should also have all three subnets... thats why i am thinking about EOIP tunnels. Also, remote surveillance cameras should be connected through those SXT 5 antennas.
tx
korg
tx for you answer...
here is my drawing
So, i have 3 ip subnets... and i want to connect those sxt 5 via PTP with all three IP subnets... to be able to to have everywhere all three subnets available.
Why did i mention unmanaged switch? because i have several AP's which should also have all three subnets... thats why i am thinking about EOIP tunnels. Also, remote surveillance cameras should be connected through those SXT 5 antennas.
tx
korg
You do not have the required permissions to view the files attached to this post.
Re: EOIP Tunnel question
Well, the right bottom corner remains a puzzle for me. It shows devices from two subnets to be connected to an SXT 5 which has a single Ethernet port. From that I deduce that there is the unmanaged switch between the SXT 5 and those devices; if so, two distinct subnets must share the same L2 space. And if this is the case, there is no way to have these two subnets in the same L2 space on the SXT 5 and keep them in distinct L2 spaces elsewhere in the network, as if you place the two EoIP tunnel ends at SXT 5 - 4 to the same bridge, it bridges together the L2 spaces on the remote ends of these EoIP tunnels.
Re: EOIP Tunnel question
interesting case, Korg how your conf looks like?
So if you set up ip address (GW) on any interface where EoIP-tunnel goes and connecto to other side with similar ip address, you can deliver everything you like you can access to your device and so on. Just set up correct MTU watch out from fragmentation
your explanations is okay, but still has some tricky part
So if you set up ip address (GW) on any interface where EoIP-tunnel goes and connecto to other side with similar ip address, you can deliver everything you like you can access to your device and so on. Just set up correct MTU watch out from fragmentation
your explanations is okay, but still has some tricky part
Re: EOIP Tunnel question
@Sindy... sorry... i did not draw every MT device .. especially on the bottom right... SXT 5 is connected to PowerBox which will deliver PoE and act 'as if' a small switch/router. So, this is correct drawing
My question is and remains, how can connect those three Subnets via PTP link? Every and each EOIP Tunnel?
@nichky... what do you mean 'correct MTU watch'? Dont understand..
thanks
korg
My question is and remains, how can connect those three Subnets via PTP link? Every and each EOIP Tunnel?
@nichky... what do you mean 'correct MTU watch'? Dont understand..
thanks
korg
You do not have the required permissions to view the files attached to this post.
Re: EOIP Tunnel question
My answer was and remains, either each of the bridges (L2 spaces) hosting a subnet has to be extended to the new site using its own EoIP tunnel, or you may use VLANs inside a single EoIP tunnel (but that limits the MTU 4 more bytes).
I don't get why you emphasize the PtP link so much - an EoIP tunnel interface must be configured with an IP address of the device where its counterpart is running, so even if you use an unnumbered IP link like PPP between the devices, each EoIP tunnel interface must be told some IP address on the remote device to establish.
So you can use one of the subnets as the "native" one and create an EoIP tunnel for each of the remaining two subnets using the addresses from the native subnet.
I don't get why you emphasize the PtP link so much - an EoIP tunnel interface must be configured with an IP address of the device where its counterpart is running, so even if you use an unnumbered IP link like PPP between the devices, each EoIP tunnel interface must be told some IP address on the remote device to establish.
So you can use one of the subnets as the "native" one and create an EoIP tunnel for each of the remaining two subnets using the addresses from the native subnet.
Re: EOIP Tunnel question
So Sindy, if i understood correctly... i can establish wireless link between two SXT5 devices (through what? repeater option or PTP option?) and with one EOIP tunnel i could 'push' all other EOIP tunnels?
Something like...
.establish wireless link between two SXt5 antennas with repeater option
.define EOIP 1 tunnel and connect it with the proper EOIP ID and IP from the SXT antenna
.on the on SXT 5 - 4 antenna establish all other EOIP tunnels
correct?
korg
Something like...
.establish wireless link between two SXt5 antennas with repeater option
.define EOIP 1 tunnel and connect it with the proper EOIP ID and IP from the SXT antenna
.on the on SXT 5 - 4 antenna establish all other EOIP tunnels
correct?
korg
Re: EOIP Tunnel question
Your drawing only illustrates the physical topology while your question is related to the logical one.
And you haven't clarified a key point yet - do you use a distinct bridge for each of your three IP subnets in the current network, or do all of them use the same bridge? You need as many tunnels as the bridges you want to extend. So if you want each subnet to use its own L2 space (e.g. because you need to use DHCP to assign addresses for that subnet), you need an individual tunnel for each subnet.
If by "PtP link" you mean a bridged (L2) one, then you cannot create an EoIP tunnel over a bridge directly. You either have to assign IP addresses to the wireless interfaces at both ends of the bridged wireless link, or make the wireless interfaces members of existing bridges which already have IP addresses assigned to them.
Any kind of tunneling means less space in the packet for the payload because tunnel's headers occupy that space. So if you look at VLANs as a kind of L2 tunnels, their overhead is by far the smallest one, just 4 bytes; if you use EoIP to tunnel L2 frames across a bridge, not only EoIP's own header but also the IPv4 header necessary to deliver the EoIP packet have to be considered the total overhead of the EoIP.
So maybe this approach could be an inspiration for you? The author sets up several independent bridged links over a single physical wireless link and uses each of these bridged links to carry frames from one VLAN; in your case, you could skip the VLAN part and just use those bridged links to interconnect your bridges hosting the VLANs.
Yet again, to extend several L2 spaces from the SXT 5 - 4 to the Powerbox via a single Ethernet cable, you need to use VLANs or other tunnels on that cable but as said VLANs waste least space out of the frame. So you could e.g. establish the EoIP tunnels between the 2011 and the Powerbox, but I would use VLANs instead.
Plus one more remark - the fact that a switch is non-manageable only means that it doesn't support per-VLAN MAC tables (also known as "independent learning") and you cannot tag and untag frames on it, but a non-manageable switch can forward tagged packets without any problems. So you can use it on a VLAN trunk path.
And you haven't clarified a key point yet - do you use a distinct bridge for each of your three IP subnets in the current network, or do all of them use the same bridge? You need as many tunnels as the bridges you want to extend. So if you want each subnet to use its own L2 space (e.g. because you need to use DHCP to assign addresses for that subnet), you need an individual tunnel for each subnet.
If by "PtP link" you mean a bridged (L2) one, then you cannot create an EoIP tunnel over a bridge directly. You either have to assign IP addresses to the wireless interfaces at both ends of the bridged wireless link, or make the wireless interfaces members of existing bridges which already have IP addresses assigned to them.
Any kind of tunneling means less space in the packet for the payload because tunnel's headers occupy that space. So if you look at VLANs as a kind of L2 tunnels, their overhead is by far the smallest one, just 4 bytes; if you use EoIP to tunnel L2 frames across a bridge, not only EoIP's own header but also the IPv4 header necessary to deliver the EoIP packet have to be considered the total overhead of the EoIP.
So maybe this approach could be an inspiration for you? The author sets up several independent bridged links over a single physical wireless link and uses each of these bridged links to carry frames from one VLAN; in your case, you could skip the VLAN part and just use those bridged links to interconnect your bridges hosting the VLANs.
Yet again, to extend several L2 spaces from the SXT 5 - 4 to the Powerbox via a single Ethernet cable, you need to use VLANs or other tunnels on that cable but as said VLANs waste least space out of the frame. So you could e.g. establish the EoIP tunnels between the 2011 and the Powerbox, but I would use VLANs instead.
Plus one more remark - the fact that a switch is non-manageable only means that it doesn't support per-VLAN MAC tables (also known as "independent learning") and you cannot tag and untag frames on it, but a non-manageable switch can forward tagged packets without any problems. So you can use it on a VLAN trunk path.
Re: EOIP Tunnel question
I have three disctinted bridges for each and every IP subnet. Via LAN it would be pretty straight forward to setup EOIP tunnels but here i have a wireless link between locations.
thank you for the suggested link where is shown and described how to connect different VLANs but i have several things/issues where i an not clear why or how it was done.
Is there any way you could help me in that matter?
tx
korg
thank you for the suggested link where is shown and described how to connect different VLANs but i have several things/issues where i an not clear why or how it was done.
Is there any way you could help me in that matter?
tx
korg
Re: EOIP Tunnel question
I have no practical experience with that setup (multiple bridges over a single wireless link) so my help would be only theoretical.
Re: EOIP Tunnel question
I see... even me.. i did not do any multiple bridges over single wireless link...
tx anyway
korg
tx anyway
korg
Re: EOIP Tunnel question
You don't need EoIP to move the VLANs across a wireless link. You certainly can but it's fairly redundant. Just bridge them. At the end where you have the camera and the unmanaged switch you are definitely in a tough spot. You couldn't definitely put each VLAN untagged towards the unmanaged non VLAN aware switch. This would allow it to work but of course break the VLAN separation barrier.
Alternatively, you can IP the camera with the camera network information while only bridging the office VLAN to the unmanaged switch and enable proxy ARP on the SXT interface while ensuring it has a route for the camera network (or an IP on the camera network). Proxy ARP will then reply with it's MAC for any request from the camera. Additionally, you'd also have add a static route at the other locations or possibly only the GW-2011 to point traffic destined towards the surveillance camera to an IP on the office network on the SXT at that site. Basically, relying on proxy ARP for this would be awful.
The best approach honestly is to either IP that camera on the office network or buy a VLAN aware switch for that location. A cheap MikroTik product will do but so will a myriad of other affordable pieces of hardware.
Alternatively, you can IP the camera with the camera network information while only bridging the office VLAN to the unmanaged switch and enable proxy ARP on the SXT interface while ensuring it has a route for the camera network (or an IP on the camera network). Proxy ARP will then reply with it's MAC for any request from the camera. Additionally, you'd also have add a static route at the other locations or possibly only the GW-2011 to point traffic destined towards the surveillance camera to an IP on the office network on the SXT at that site. Basically, relying on proxy ARP for this would be awful.
The best approach honestly is to either IP that camera on the office network or buy a VLAN aware switch for that location. A cheap MikroTik product will do but so will a myriad of other affordable pieces of hardware.
Re: EOIP Tunnel question
Hello Family
i created a L2 tunnel between 2 mikrotik routers but found out that traffic appears not optimal over the tunnel i.e when i do a bandwidth test with the IP used at both end of the tunnels. I am confused and dont know what is wrong. its urgent.
i created a L2 tunnel between 2 mikrotik routers but found out that traffic appears not optimal over the tunnel i.e when i do a bandwidth test with the IP used at both end of the tunnels. I am confused and dont know what is wrong. its urgent.