Setting Up an EoIP Tunnel on MikroTik Print

Hello again! It’s Emmanuel Corels from Emmanuel Corels Creatives. Today, we’re exploring a unique feature that’s especially handy for connecting remote networks over an IP backbone: EoIP (Ethernet over IP) Tunnels. In this guide, we’ll break down everything you need to know—from what EoIP is and why you might use it, to step-by-step instructions on setting up a basic tunnel between two MikroTik routers.

What Is EoIP?

EoIP is a proprietary tunneling protocol developed by MikroTik. It encapsulates Ethernet frames into IP packets so you can extend a Layer 2 network across a Layer 3 infrastructure. This is especially useful when you want to:

• Bridge Remote LANs: Connect two separate networks as if they were on the same switch.
• Transport VLANs Over the Internet: Extend VLANs between sites.
• Create Transparent Links: Allow devices at different locations to appear as if they’re on the same broadcast domain.

Because it works at Layer 2, EoIP can carry protocols that aren’t routable by default and support features like broadcasts and ARP.

When and Why to Use EoIP

• Remote Office Connectivity: Link branch offices seamlessly.
• Virtualizing Networks: Connect isolated labs or virtual networks over a WAN.
• Cost-Effective Extensions: Use existing internet links to create a transparent LAN without expensive dedicated circuits.

Keep in mind, EoIP doesn’t encrypt traffic by default. For secure applications, consider combining it with IPsec or using it in trusted networks.

Step 1: Physical and IP Connectivity

Before setting up EoIP, ensure that the two MikroTik routers you plan to connect have IP connectivity between them over your WAN or internet link. For example, let’s assume:

• Router A has a public IP of 203.0.113.10
• Router B has a public IP of 203.0.113.20

They must be able to ping each other over the internet.

Step 2: Configuring the EoIP Tunnel on Router A

1. Open WinBox and connect to Router A.
2. Navigate to Interfaces → EoIP Tunnel.
3. Click the “+” button to create a new EoIP interface.
4. Name: Enter a descriptive name, for example, eoip-tunnel-to-B.
5. Remote Address: Enter Router B’s public IP (203.0.113.20).
   • This tells Router A where to send the encapsulated frames.
6. Tunnel ID: Choose a unique identifier (e.g., 100).
   • The Tunnel ID must match on both sides to establish the tunnel.
7. Keepalive: Optionally, set a value (e.g., 10s) so that the tunnel sends periodic packets to verify connectivity.
8. MTU: Leave at default or adjust if you know your network requires a different setting.
9. Click OK.

CLI Equivalent on Router A:

/interface eoip add name=eoip-tunnel-to-B remote-address=203.0.113.20 tunnel-id=100 keepalive=10s

Step 3: Configuring the EoIP Tunnel on Router B

1. Connect to Router B via WinBox.
2. Go to Interfaces → EoIP Tunnel and click “+”.
3. Name: For example, eoip-tunnel-to-A.
4. Remote Address: Enter Router A’s public IP (203.0.113.10).
5. Tunnel ID: Set this to the same value as Router A (100).
6. Keepalive: Use the same interval (e.g., 10s).
7. Click OK.

CLI Equivalent on Router B:

/interface eoip add name=eoip-tunnel-to-A remote-address=203.0.113.10 tunnel-id=100 keepalive=10s

Step 4: Bridging the EoIP Tunnel with Your LAN

Once the tunnel is established, you’ll likely want to merge it with your local LAN. This makes devices on both sides appear on the same Layer 2 network.

1. Create or Use an Existing Bridge:
   • On Router A, go to Bridge → Bridge and create a bridge (if one isn’t already set up) named bridge-lan.
   • Then, add the EoIP interface (eoip-tunnel-to-B) to the bridge:

     /interface bridge port add bridge=bridge-lan interface=eoip-tunnel-to-B
     

2. Repeat on Router B:
   • Create (or use) a bridge (e.g., bridge-lan) and add eoip-tunnel-to-A to it.

This step ensures that Ethernet frames encapsulated in the tunnel are merged with the local LAN, allowing seamless communication between devices at both ends.

Step 5: Testing and Verification

1. Check Tunnel Status:
   • In WinBox, verify that the EoIP interface shows traffic (use the “Traffic” column) and that the Keepalive packets are being exchanged.
2. Ping Across the Tunnel:
   • From a device on Router A’s LAN, try pinging a device on Router B’s LAN. They should be able to communicate as if they were on the same local network.
3. Monitor Bridge Traffic:
   • Use tools like Torch or check the Interface Traffic in WinBox to see if frames are flowing across the tunnel.

Troubleshooting Tips

• Tunnel Not Establishing:
  • Double-check that both routers have matching Tunnel IDs and Keepalive settings.
  • Ensure that there are no firewall rules blocking EoIP traffic. EoIP uses IP protocol 47, so verify that your WAN firewall permits it.
• No Traffic on the Bridge:
  • Confirm that the EoIP interfaces are correctly added to the bridge.
  • Verify that your bridge settings (such as STP, if enabled) aren’t interfering.
• Performance Issues:
  • Adjust the MTU if you experience packet fragmentation.
  • Consider increasing the Keepalive interval if too many control packets are affecting throughput.

Final Thoughts

Setting up an EoIP tunnel on your MikroTik router is a powerful way to extend your Layer 2 network over a Layer 3 infrastructure. By carefully configuring matching Tunnel IDs, remote addresses, and optional parameters like Keepalive and MTU, you create a transparent link between remote sites. Once bridged with your local LAN, devices across these sites can communicate as if they were on the same switch.

Take your time to test each step and verify connectivity using built-in MikroTik tools. As always, if you run into any issues or have questions, feel free to reach out. Enjoy connecting your networks seamlessly!

Explained with practical clarity by
Emmanuel Corels – Admin, Emmanuel Corels Creatives