二层网络隧道区别于GRE这些有一些特别的优势,他就像一个单独的网线,把两边路由连接一起,不需要做OSPF,RIP等路由协议,接上后就是等于连了一条物理的线.
路由器A:
/interface eoip
add local-address=198.51.100.194 mac-address=02:2F:6F:5C:4E:90 name=\
eoip-tunnel1 remote-address=103.99.178.147 tunnel-id=1
/ip address
add address=198.51.100.194/24 interface=ether1 network=198.51.100.0
add address=10.255.255.1/24 interface=eoip-tunnel1 network=10.255.255.0
add address=10.10.1.1/24 interface=eoip-tunnel1 network=10.10.1.0
/ip firewall nat
add action=src-nat chain=srcnat src-address=10.10.1.0/24 to-addresses=\
198.51.100.194
/ip route
add dst-address=0.0.0.0/0 gateway=198.51.100.1
路由器B:
/interface bridge
add name=bridge1
/interface eoip
add local-address=203.0.113.147 mac-address=02:25:28:08:B5:33 name=\
eoip-tunnel1 remote-address=198.51.100.194 tunnel-id=1
/ip vrf
add interfaces=bridge1 name=vrf1
/interface bridge port
add bridge=bridge1 interface=eoip-tunnel1
/ip address
add address=10.255.255.2/24 interface=eoip-tunnel1 network=10.255.255.0
add address=10.10.2.1/24 interface=bridge1 network=10.10.2.0
add address=10.10.1.2/24 interface=bridge1 network=10.10.1.0
/ip route
add disabled=no distance=50 dst-address=0.0.0.0/0 gateway=10.10.1.1@vrf1 \
pref-src="" routing-table=vrf1 scope=30 suppress-hw-offload=no \
target-scope=10 vrf-interface=bridge1
在路由器B上进行测试.
只要路由器B中的bridge1下的成员,均等于直接物理连接到路由器A,这也太简单了,如果不打算占用一个IP,那么VRF也是不需要设置的,如果没有公网,那么需要先套娃一个别的隧道,比如GRE或者WireGuard,再设置.