MikroTik RouterOS Ethernet over IP (EoIP) Tunnel Interface
Document revision 31-Jan-2002This document applies to the MikroTik RouterOS V2.5
Overview
Ethernet over IP (EoIP) Tunneling is a MikroTik RouterOS protocol that creates an Ethernet tunnel between two routers on top of an IP connection. The EoIP interface appears as an Ethernet interface. When the bridging function of the router is enabled, all Ethernet level traffic (all Ethernet protocols) will be bridged just as if there where a physical Ethernet interface and cable between the two routers (with bridging enabled). This protocol makes multiple network schemes possible.Network setups with EoIP interfaces:
- Possibility to bridge LANs over the Internet
- Possibility to bridge LANs over encrypted tunnels
- Possibility to bridge LANs over 802.11b 'ad-hoc' wireless networks
Contents of the Manual
The following topics are covered in this manual:- Installation
- Hardware Resource Usage
- EoIP Interface and Protocol Description
- EoIP Setup
- EoIP Application Example
Installation
The Ethernet over IP tunnel feature is included in the 'system' package. No installation is needed for this feature.Hardware Resource Usage
There is no significant resource usage.EoIP Interface and Protocol Description
An EoIP interface should be configured on two routers that have the possibility for an IP level connection. The EoIP tunnel may run over an IPIP tunnel, a PPTP 128bit encrypted tunnel, a PPPoE connection, or any connection that transports IP.Specific Properties:
- Each EoIP tunnel interface can connect with one remote router which has a corresponding interface configured with the same 'Tunnel ID'.
- Up to sixteen (numbered 0-15) EoIP tunnels may be created on a router (please contact us if there is an important reason to increase the number of EoIP tunnels per router).
- The EoIP interface appears as an Ethernet interface under the interface list.
- This interface supports all features of and Ethernet interface. IP addresses and other tunnels may be run over the interface.
- The EoIP protocol encapsulates Ethernet frames in UDP packets and sends them to the remote side of the EoIP tunnel.
- The tunnel transmits and listens to the UDP port 4444 and to the tunnel ID.
EoIP Setup
IP EoIP Interface management can be accessed under
the /interface eoip submenu.
You can add an EoIP tunnel interface using the /interface eoip add command:
[MikroTik] interface eoip> add
Creates new item with specified property values.
arp Address Resolution Protocol
copy-from Item number
mtu Maximum Trasfer Unit
name New tunnel name
remote-address Remote address of tunnel
tunnel-id ID of tunnel
[MikroTik_1] interface eoip> add name to_mt2 tunnel-id 1 remote-address 10.5.8.1
[MikroTik_1] interface eoip> print
Flags: X - disabled
0 X name=to_mt2 mtu=1500 arp=enabled tunnel-id=1 remote-address=10.5.8.1
[MikroTik_1] interface eoip> enable 0
[MikroTik_1] interface eoip> print
Flags: X - disabled
0 name=to_mt2 mtu=1500 arp=enabled tunnel-id=1 remote-address=10.5.8.1
mac-address=fe:fd:00:00:00:00
[MikroTik_1] interface eoip>
Descriptions of settings:
name - Interface name for reference
mtu - Maximum Transmit Unit. Should be the default 1500 bytes.
mac-address - A default virtual MAC address is generated. It cannot be changed.
arp - Address resolution protocol (disabled / enabled / proxy-arp). Enabled by default.
tunnel-id - Should be a number from 0-16 which has not been used for another EoIP tunnel.
remote-address - The IP address of the other side of the EoIP tunnel – must be a MikroTik router.
For diagnostic purposes, you can assign an IP address to the EoIP interface.
The router at the other end should have the same tunnel-id value, and should have the remote-address set to [MikroTik_1].
There is no authentication or 'state' for this interface.
The bandwidth usage of the interface may be monitored with the 'monitor'
feature from the '/interface' menu.
EoIP Application Example
Let us assume we want to bridge two networks: 'Office LAN' and 'Remote LAN'. The networks are connected to an IP network through the routers [Our_GW] and [Remote]. The IP network can be a private intranet or the Internet. Both routers can communicate with each other through the IP network.
Our goal is to create a secure channel between the routers and bridge both networks through it. The network setup diagram is as follows:
To make a secure Ethernet bridge between two routers you should:
Create a PPTP tunnel between them. Our_GW will be the static pptp server:
[Our_GW] interface pptp-static-server>/user add name=joe group=ppp password=top_s3 [Our_GW] interface pptp-static-server> add name="from_remote" client-address=192.168.2.1 mtu=1500 mru=1500 \ local-address=10.0.0.1 remote-address=10.0.0.2 encryption=required [Our_GW] interface pptp-static-server> enable from_remote [Our_GW] interface pptp-static-server> print Flags: X - disabled 0 name=from_remote client-address=192.168.2.1 mtu=1500 mru=1500 pap=no chap=no ms-chapv2=yes local-address=10.0.0.1 remote-address=10.0.0.2 idle-timeout=0s session-timeout=0s encryption=required [Our_GW] interface pptp-static-server>The Remote router will be the pptp client:
[Remote] interface pptp-client> add name=pptp user=joe connect-to=192.168.1.1 mtu=1500 mru=1500 encryption=required [Remote] interface pptp-client> enable pptp [Remote] interface pptp-client> print Flags: X - disabled 0 name=pptp user=joe connect-to=192.168.1.1 mtu=1500 mru=1500 pap=no chap=no ms-chapv2=yes idle-timeout=0s session-timeout=0s encryption=required add-default-route=no [Remote] interface pptp-client> monitor pptp uptime: 39m19s encoding: MPPE 128 bit, stateless status: Connected [Remote] interface pptp-client>See the PPTP Interface Manual for more details on setting up encrypted channels.
Configure the EoIP tunnel by adding the eoip tunnel interfaces at both routers. Use the ip addresses of the pptp tunnel interfaces when specifying the argument values for the EoIP tunnel:
[Our_GW] interface eoip> add name="eoip-remote" tunnel-id=0 remote-address=10.0.0.2 enable eoip-remote [Our_GW] interface eoip> print Flags: X - disabled 0 name=eoip-remote mtu=1500 arp=enabled tunnel-id=0 remote-address=10.0.0.2 [Our_GW] interface eoip> [Remote] interface eoip> add name="eoip" tunnel-id=0 remote-address=10.0.0.1 enable eoip-main [Remote] interface eoip> print Flags: X - disabled 0 name=eoip mtu=1500 arp=enabled tunnel-id=0 remote-address=10.0.0.1 [Remote] interface eoip>
Enable bridging between the EoIP and Ethernet interfaces on both routers.
[Our_GW] > /bridge print ip: forward ipx: discard appletalk: discard ipv6: discard arp: forward other: forward priority: 1 [Our_GW] > /bridge interface print # INTERFACE FORWARD 0 eoip-remote yes 1 office-eth yes 2 isp no [Our_GW] > interface print Flags: X - disabled, D - dynamic # NAME MTU TYPE 0 from_remote 1500 pptp-in 1 eoip-remote 1500 eoip-tunnel 2 office-eth 1500 ether 3 isp 1500 ether 4 bridge1 1500 bridge [Our_GW] > [Remote] > bridge print ip: forward ipx: discard appletalk: discard ipv6: discard arp: forward other: forward priority: 1 [Remote] > bridge interface print # INTERFACE FORWARD 0 ether1 yes 1 adsl no 2 eoip-main yes [Remote] > interface print Flags: X - disabled, D - dynamic # NAME MTU TYPE 0 ether1 1500 ether 1 isp1 1500 ether 2 pptp 1500 pptp-out 3 bridge1 1500 bridge 4 eoip 1500 eoip-tunnel [Remote] >- Addresses from the same network can be used both in the Office LAN and in the Remote LAN
© Copyright 1999-2002, MikroTik