Community discussions

MUM Europe 2020
 
jo2jo
Forum Veteran
Forum Veteran
Topic Author
Posts: 959
Joined: Fri May 26, 2006 1:25 am

Seperating EOip Layer 2 on a bridge

Sun Sep 14, 2008 5:18 am

I have a routerboard 450 running 3.10.

I have a hotspot running on a bridge, and to that bridge i added about 10 EOIP tunnels of various access points in the field.

this all works great.

however if i look at the 10 or so EOIP tunnels they ALL seem to always be sending abuot 5-11kbits per sec. which i assume is layer 2 broadcast traffiic from all the wireless clients connected to the various access points.

how can i tell the bridge to only forward traffic from the source bridge to each EOIP tunnel, and not allow traffic to pass between bridges?

thanks
:beep :beep :beep
 
netrat
Member
Member
Posts: 403
Joined: Thu Jun 07, 2007 1:16 pm
Location: Virginia

Re: Seperating EOip Layer 2 on a bridge

Fri Sep 19, 2008 6:46 pm

First you need to capture the packets to determine what the actual traffic is and then you'll know what bridge filter rule to make to drop that particular traffic.
how can i tell the bridge to only forward traffic from the source bridge to each EOIP tunnel, and not allow traffic to pass between bridges?
You mean not passing traffic between interfaces right?
Last edited by netrat on Fri Sep 19, 2008 6:57 pm, edited 2 times in total.
 
jo2jo
Forum Veteran
Forum Veteran
Topic Author
Posts: 959
Joined: Fri May 26, 2006 1:25 am

Re: Seperating EOip Layer 2 on a bridge

Fri Sep 19, 2008 6:51 pm

correct, i dont want any layer 2 or layer 3 broadcast traffic to be passed.

tks
:beep :beep :beep
 
netrat
Member
Member
Posts: 403
Joined: Thu Jun 07, 2007 1:16 pm
Location: Virginia

Re: Seperating EOip Layer 2 on a bridge

Fri Sep 19, 2008 7:01 pm

What interfaces do you have in the bridge?

These two rules might work
/interface bridge filter
add chain=forward action=drop in-interface=!ether1
add chain=forward action=drop out-interface=!ether1
Or just drop forwarding all together on the bridge interfaces.
/interface bridge filter
add chain=forward action=drop
You can look into the mac-protocol option to drop certain types of traffic.
http://www.mikrotik.com/testdocs/ros/2. ... ontent.php
 
jo2jo
Forum Veteran
Forum Veteran
Topic Author
Posts: 959
Joined: Fri May 26, 2006 1:25 am

Re: Seperating EOip Layer 2 on a bridge

Fri Sep 19, 2008 7:21 pm

The second drop forward rule on the router that all the EOIP tunnels go to works great.

I had been just dropping ports 137-139 on each interface before..but this is really cutting back on the garbage traffic.

one other question, I run the dhcp server and hotspot on this same router, so those services are deliverd to each Access point over their respective EOIP tunnel. If i want to better elimated any cross client layer2 broadcast at the AP level (i.e. hotspot laptop clients broadcating to each other over 2.4, at the AP)

should i then do a rule on each AP of:

/int bridge filter add chain=forward interface= !eoiptunnel-IN action=drop


the idea being this would still allow the client to be detcted at teh mac address level by the central hotspot server.

thanks
:beep :beep :beep
 
Mplsguy
MikroTik Support
MikroTik Support
Posts: 226
Joined: Fri Jun 06, 2008 5:06 pm

Re: Seperating EOip Layer 2 on a bridge

Fri Sep 19, 2008 7:29 pm

Or you can use bridge horizon feature. Configure all EoIP bridge ports with the same horizon value and data received from one will not get forwarded to another. This feature was primarily implemented to support VPLS split horizon bridging, but can also be used in other situations where more control over bridge forwarding is necessary.

See http://wiki.mikrotik.com/wiki/MPLSVPLS# ... n_bridging
 
netrat
Member
Member
Posts: 403
Joined: Thu Jun 07, 2007 1:16 pm
Location: Virginia

Re: Seperating EOip Layer 2 on a bridge

Fri Sep 19, 2008 7:43 pm

one other question, I run the dhcp server and hotspot on this same router, so those services are deliverd to each Access point over their respective EOIP tunnel. If i want to better elimated any cross client layer2 broadcast at the AP level (i.e. hotspot laptop clients broadcating to each other over 2.4, at the AP)
In that case you need to disable default forwarding on the wireless interface for each AP.
/interface wireless set wlan1 default-forwarding=no
default-forwarding (yes | no; default: yes) - to use data forwarding by default or not. If set to 'no', the registered clients will not be able to communicate with each other
http://www.mikrotik.com/testdocs/ros/2. ... reless.php

Who is online

Users browsing this forum: Google [Bot] and 85 guests