Mikrotik 951G-2HnD vs Cisco 2801, How to set up transparent l2tp?

N

Naximov2014-08-13 01:20:36

Computer networks

Naximov, 2014-08-13 01:20:36

Good night everyone!
Available: Old Cisco 2801 and brand new Mikrotik 951G-2HnD.
Task: It is necessary to configure Mikrotik so that, using the l2tp tunnel, it transmits tagged user traffic from several SSIDs and physical ports to Tsiska, which in turn merges this traffic to a physical port and then to a switch, etc.
The cisco has the following configuration:
vpdn-group test
accept-dialin
protocol l2tp
virtual-template 1
source-ip *.*.*.*
local name test1
no l2tp tunnel authentication
!
interface FastEthernet0/1
no ip address
no ip unreachables
no ip mroute-cache
speed auto
full-duplex
vlan-range dot1q 1 142
bridge-group 1
exit-vlan-config
!
!
interface Virtual-Template1
no ip address
ppp authentication chap
bridge-group 1
bridge-group 1 spanning-disabled
!
And Mikrotik, in turn, is configured like this:
# jan/02/1970 06:11:19 by RouterOS 6.18
# software id = ****-****
#
/interface bridge
add l2mtu=2286 name=bridge1 protocol-mode= none
/interface wireless
set [ find default-name=wlan1 ] band=2ghz-b/g/n channel-width=20/40mhz-ht-above disabled=no ht-rxchains=0 ht-txchains=0 l2mtu=2290 mode =ap-bridge wireless-protocol=802.11
/ip neighbor discovery
set wlan1 discover=no
/interface vlan
add interface=wlan1 l2mtu=2286 name=vlan142 use-service-tag=yes vlan-id=142
/ip neighbor discovery
set vlan142 discover=no
/interface wireless security-profiles
set [ find default= yes ] authentication-types=wpa-psk,wpa2-psk eap-methods="" mode=dynamic-keys wpa-pre-shared-key=*** wpa2-pre-shared-key=***
/ip ipsec proposal
set [ find default=yes ] enc-algorithms=3des
/ppp profile
add bridge=bridge1 name=test
/interface l2tp-client
add add-default-route=no allow=chap connect-to=*.*.*.* dial -on-demand=no disabled=no keepalive-timeout=60 max-mru=1460 max-mtu=1460 mrru=disabled name=l2tp-out1 password=*** profile=\
test user=***
/ip neighbor discovery
set l2tp-out1 discover=no
/system logging action
set 0 memory-lines=100
set 1 disk-lines-per-file=100
/interface bridge port
add bridge=bridge1 interface=vlan142
/ip dhcp-client
add default-route-distance=0 dhcp-options=hostname,clientid disabled=no interface=ether1
/ip proxy
set parent-proxy=0.0.0.0
/ip service
set api disabled=yes
/ip upnp
set allow-disable-external-interface =no
/system clock
set time-zone-name=Europe/Moscow
/system leds
set 0 interface=wlan1
And nothing really works! If the traffic is not tagged, then everything is great, but occupying a whole port on a cisco for 1 business ... As you understand, it is far from the case! Who can do what?! Does Mikrotik know how to do that? Without touching the cisco config, everything flies with Ruckus Wireless points...

Reply

Answer the question

In order to leave comments, you need to log in

2 answer(s)

N

Naximov, 2014-08-19
@Naximov

I found the solution:
It was enough just to understand the vlan system from MikroTik.
Thank you very much for your help in resolving this issue, I want to express - SmileyK
Amurchikus, this scheme also works in conjunction with Ruckus - Cisco. L2TP is a layer 2 protocol and is a two-way tunnel through which absolutely any traffic can be sent, but this has a bad effect on throughput.

A

Amurchikus, 2014-08-28
@Amurchikus

I'll disappoint you, but not like l2tp - a second-level protocol and it's one-way. Build a tunnel on IPsec and don't rack your brains. Help IPSec