Network between offices with VLANs based on Mikrotik equipment

A tip

There was happiness, production and office were in the same area (outside the city). But the company grew and became crowded. We decided to open an office in the city. Since the company already had a large number of telephone lines and there was a mini-PBX Panasonic TDA-600, there was no wish to put a new PBX into the office. We chose the option of upgrading the TDA 600 to TDE 600, the management likes iron solutions. Since I have been scattering separate systems for a long time (video surveillance, wifi, automated process control systems) across VLANs, I have also introduced telephony into a separate VLAN. For the router was purchased next Mikrotik.

Fairy tale

Since the VLAN had to be thrown, there is little normal routing. The choice fell on EOIP (ethernet over IP).
Raise the bridge between the office and the plant (IP static). I am writing to the teams for the console, if they want to lay out the solution in the pictures.

R1 (Router in production). There are several IPs, for the bridge there is a separate IP, for example, let it be 100.100.100.1.

interface eoip add tunnel-id=0 local-address=100.100.100.1 remote-address=200.200.200.2 

')
R2 (Router in the office). IP only, for example, let it be 200.200.200.2

 interface eoip add tunnel-id=0 remote-address=100.100.100.1 

Since the IP is unique, it is not necessary to specify the local IP.

Now we create two VLANs on the input interface (EOIP) and the output one (where you need to attach this VLAN, for example ether2). VLANs will have the same ID (let it be 100 for example), they will differ only in names (name). We connect these two interfaces to the bridge.

R1.

 interface vlan add name=vlan_out interface=eoip vlan-id=100 interface vlan add name=vlan_in interface=ether2 vlan-id=100 interface bridge add name=vlan100 interface bridge port add bridge=vlan100 interface=vlan_in interface bridge port add bridge=vlan100 interface=vlan_out 

R2.

 interface vlan add name=vlan_in interface=eoip vlan-id=100 interface vlan add name=vlan_out interface=ether2 vlan-id=100 interface bridge add name=vlan100 interface bridge port add bridge=vlan100 interface=vlan_in interface bridge port add bridge=vlan100 interface=vlan_out 

We raise the network on the EOIP interfaces (assign addresses) and configure routing.

R1.

 ip address add interface=eoip address=10.0.0.1/30 ip route add dst-address=192.168.10.0/24 gateway=10.0.0.2 ( 192.168.10.0/24    ) 

R2.

 ip address add interface=eoip address=10.0.0.2/30 ip route add dst-address=192.168.20.0/24 gateway=10.0.0.1 ( 192.168.20.0/24    ) 

In principle, everything. Traffic between networks runs, VLAN runs transparently over EOIP.

To connect the next office will have a little touch up the configuration. Let the external IP be 200.200.100.2. At R1, the address 10.0.0.1/30 has 10 number and R2 the address 10.0.0.2/30 has 10 number (you can find out by entering ip address print)
R1.

 interface eoip set eoip name=eoip-office1 // ,    interface eoip add tunnel-id=1 name=eoip-office2 local-address=100.100.100.1 remote-address=200.200.100.2 //    ,     interface bridge add name=bridge-office interface bridge port add interface=eoip-office1 bridge=bridge-office interface bridge port add interface=eoip-office2 bridge=bridge-office //    ,     interface vlan set vlan100 interface=bridge-office //  ip adress print ip address set number=10 interface=bridge-office address=10.0.0.1/24 //     

R2.

 ip address set number=10 address=10.0.0.1/24 

R3-R ... Configurable as R2
If desired, based on this method, you can configure and direct communication between remote offices (but more correctly, it seems to me, will use MPLS).