As you've properly concluded yourself, you need a bridge. So let's say that currently, 192.168.1.253/24 is statically configured at ether1 directly. So you do the following:
- /interface bridge add name=br-x
- Now press Ctrl-X to get to safe mode if you are connected via ether1
- /interface bridge port add bridge=br-x interface=ether1 ; /ip address set [find interface=ether1] interface=br-x
- if you don't lose connection, you can press Ctrl-X again to leave safe mode and remove the changes above from the rollback buffer (of course do not press it now if you didn't press it in the step above)
- if some IP firewall rules are used at the Mikrotik, replace ether1 by br-x everywhere
Next, you set up the EoIP tunnel:
/interface eoip add name=eoip-site2 local-address=192.168.1.253 remote-address=192.168.2.253 mtu=1500 disabled=yes
Setting the MTU is very important, as if you leave it at auto
, it will accommodate to the actual MTU of the port through which the tunnel transport packets will leave, minus the EoIP header. But as the MTU of a bridge is automatically set to the lowest MTU of all the ones reported by member ports, and as in this particular setup the EoIP transport packets leave through the bridge, the MTU would decrease to 0 in a few steps as soon as you'd make the EoIP a member port of the bridge. If you force the MTU of the EoIP to 1500, it will accept large enough Ethernet frames to carry the 1500-byte IP packets at the tunnel interface, and silently fragment them into small enough transport packets if necessary.
Now you can add the EoIP interface to the same bridge like ether1:
/interface bridge port add bridge=br-x interface=eoip-site2
At the other site, the interface to which 192.168.2.253/24 is attached stays alone (as you don't want the two subnets to share the same L2 segment). So the EoIP tunnel there will be set using
/interface eoip add name=eoip-site1 local-address=192.168.2.253 remote-address=192.168.1.253 mtu=1500 disabled=yes
If you use the default firewall on the Mikrotiks, add protocol=!gre
to the action=drop connection-state=invalid
rule in chain input
of /ip firewall filter
Once done, you can enable the EoIP tunnel interfaces at both ends.
Now you have to make the EoIP tunnel interface at Mikrotik 2 and the the Ethernet port to which the switch for the Site 1's LAN extension is connected member ports of the same bridge.
That should be all.