Infoaddict Just another site for Infoaddict's

28Jul/100

Ethernet Over Internet Protocol

Posted by Infoaddict

Let us assume we want to bridge two networks: 'Office LAN' and 'Khulna LAN'. The networks are connected to an IP network through the routers [Dhaka] and [Khulna]. The IP network can be a private intranet or the Internet. Both routers can communicate with each other through the IP network.

Our goal is to create a secure channel between the routers and bridge both networks through it. The network setup diagram is as follows:

To make a secure Ethernet bridge between two routers you should:

  1. Create a PPTP tunnel between them. Dhaka will be the pptp server:
a)     [admin@Dhaka] interface pptp-server> /ppp secret add service=pptp 
b)     ... password=top_s3 local-address=10.0.0.1 Khulna-address=10.0.0.2
c)     [admin@Dhaka] interface pptp-server> add user=joe
d)     [admin@Dhaka] interface pptp-server> server set enable=yes
e)     [admin@Khulna] interface pptp-client> add user=joe 
f)     ... connect-to=192.168.1.1 password=top_s3 mtu=1500 mru=1500
g)     [admin@Khulna] interface pptp-client> enable pptp

See the PPTP Interface Manual for more details on setting up encrypted channels.

2. Configure the EoIP tunnel by adding the eoip tunnel interfaces at both routers. Use the ip addresses of the pptp tunnel interfaces when specifying the argument values for the EoIP tunnel:

a)     [admin@Dhaka] interface eoip> add tunnel-id=0 
b)     ... Khulna-address=10.0.0.2
c)     [admin@Dhaka] interface eoip> enable eoip-Khulna
d)      [admin@Khulna] interface eoip> add tunnel-id=0 
e)     ... Khulna-address=10.0.0.1
f)     [admin@Khulna] interface eoip> enable eoip-main
  1. Enable bridging between the EoIP and Ethernet interfaces on both routers.

On the Dhaka:

[admin@Dhaka] interface bridge> add
[admin@Dhaka] interface bridge> print
Flags: X - disabled, R - running
  0  R mtu=1500 arp=enabled mac-address=00:00:00:00:00:00 stp=no
      priority=32768 ageing-time=5m forward-delay=15s
      garbage-collection-interval=4s hello-time=2s max-message-age=20s

[admin@Dhaka] interface bridge> port add bridge=bridge1 interface=eoip-Khulna
[admin@Dhaka] interface bridge> port add bridge=bridge1 interface=office-eth
[admin@Dhaka] interface bridge> port print
Flags: X - disabled, I - inactive, D - dynamic
 #    INTERFACE      BRIDGE  PRIORITY PATH-COST
 0    eoip-Khulna    bridge1 128      10
 1    office-eth     bridge1 128      10
[admin@Dhaka] interface bridge>

And the same for the Khulna:

[admin@Khulna] interface bridge> add
[admin@Khulna] interface bridge> print
Flags: X - disabled, R - running
  0  R mtu=1500 arp=enabled mac-address=00:00:00:00:00:00 stp=no
      priority=32768 ageing-time=5m forward-delay=15s
      garbage-collection-interval=4s hello-time=2s max-message-age=20s

[admin@Khulna] interface bridge> port add bridge=bridge1 interface=ether
[admin@Khulna] interface bridge> port add bridge=bridge1 interface=eoip-main
[admin@Khulna] interface bridge> port print
Flags: X - disabled, I - inactive, D - dynamic
 #    INTERFACE      BRIDGE  PRIORITY PATH-COST
 0    ether          bridge1 128      10
 1    eoip-main      bridge1 128      10    
[admin@Khulna] interface bridge> port print

Addresses from the same network can be used both in the Office LAN and in the Khulna LAN.

The routers can ping each other but EoIP tunnel does not seem to work!

Check the MAC addresses of the EoIP interfaces - they should not be the same!

Print Friendly