Community discussions

MikroTik App
  4. RouterOS
  5. General

Question: How to bridge tagged VLAN over EOIP to untagged?

Post Reply
 
dksoft
Member Candidate
Member Candidate
Topic Author
Posts: 148
Joined: Thu Dec 06, 2012 8:56 am
Location: Germany

Question: How to bridge tagged VLAN over EOIP to untagged?

Mon Dec 05, 2022 9:51 am

Dear friends of MT,

I do have to sites which are connected via EOIP.
EOIP transports several tagged VLAN (100,200) between the two bridges of the sites.
The default untagged (VLAN 1) network is not bridges between those sites.

Here is an example of one site:
Code: Select all
/interface eoip
add local-address=10.5.0.1  mtu=1500 name=EOIP-WG-ESP remote-address=10.5.0.9 tunnel-id=9

/interface bridge
add comment="Bridge to SFP+" name=LAN vlan-filtering=yes

/interface bridge port
add bridge=LAN interface=sfp-sfpplus1
add bridge=LAN frame-types=admit-only-vlan-tagged interface=EOIP-WG-ESP

/interface bridge vlan
add bridge=LAN tagged=LAN,sfp-sfpplus1,EOIP-WG-ESP vlan-ids=100
add bridge=LAN tagged=LAN,sfp-sfpplus1,EOIP-WG-ESP vlan-ids=200
That is working fine and as expected so far.

Now I would like that tagged VLAN 600 on site A is transported over the EOIP and connects to default untagged (VLAN 1) on the bridge of site B. And VLAN 700 on site B connected to default LAN on site A.

Any ideas how to solve that with the "switch like" bridge configuration?

Thanks for any help and best regards
dksoft
Top
 
User avatar
mkx
Forum Guru
Forum Guru
Posts: 11587
Joined: Thu Mar 03, 2016 10:23 pm

Re: Question: How to bridge tagged VLAN over EOIP to untagged?

Mon Dec 05, 2022 3:22 pm

You'll have to revert to using EOIP as stand-alone port. Shouldn't cause any performance penalty as it's done in software anyway.

Something like this - one side:
Code: Select all
/interface eoip
add local-address=10.5.0.1  mtu=1500 name=EOIP-WG-ESP remote-address=10.5.0.9 tunnel-id=9

/interface vlan
add name=EOIP-600 interface=EOIP-WG-ESP vlan-id=600
add name=EOIP-700 interface=EOIP-WG-ESP vlan-id=700

/interface bridge
add comment="Bridge to SFP+" name=LAN vlan-filtering=yes

/interface bridge port
add bridge=LAN interface=sfp-sfpplus1
add bridge=LAN interface=EOIP-700 pvid=700   # vlan700 over EOIP is tagged here
add bridge=LAN interface=EOIP-600                   # vlan600 over EOIP is native here

/interface bridge vlan
add bridge=LAN tagged=LAN,sfp-sfpplus1 vlan-ids=600
add bridge=LAN tagged=LAN,sfp-sfpplus1 vlan-ids=700

Remember, that "top" part of VLAN port is untagged, while "bottom part" (the one anchored to underlying port) is tagged with VID set as property. So in example above, both EOIP-600 and EOIP-700 will be untagged on the "port side" and you can then add them to VLAN-enabled bridge as access ports to appropriate VLANs (or as native).


IMO better is to go with another concept: all tagged over bridge. Which means both VLAN600 and VLAN700 will be tagged on the bridge and you only make them untagged on access ports (on last port of last managed switch in your network). In which case you could avoid the vlan-interface mishmash and simply add EOIP port as trunk port to the bridge. If, of course, VLAN IDs can be agreed on both sides of that EOIP link.
Top
 
dksoft
Member Candidate
Member Candidate
Topic Author
Posts: 148
Joined: Thu Dec 06, 2012 8:56 am
Location: Germany

Re: Question: How to bridge tagged VLAN over EOIP to untagged?

Mon Dec 12, 2022 12:06 pm

Dear mkx,

it took some time to answer because I tried more things regarding your suggestion and have a working solution now.
Thanks for your input.

The solution is very simple and I actually tried this before. Maybe the reboot did fix something.
Code: Select all
add bridge=LAN frame-types=admit-only-untagged-and-priority-tagged interface=EOIP-WG-ESP-V700
So everything tagged 700 from remote site goes into the local LAN.
Top
Post Reply

Who is online

Users browsing this forum: GoogleOther [Bot], Grumpy, infabo, nichky and 78 guests
  4. RouterOS
  5. General