Since we are not using real bandwidth limitation on the tunnels in this example, bandwidth parameter is only used for administrative purposes and can be any value (it does not represent how much bandwidth will actually flow through the interface).Īdd bandwidth=5Mbps name=TE1-to-R3 to-address=10.255.0.3 primary-path=dyn \Īdd bandwidth=5Mbps name=TE2-to-R3 to-address=10.255.1.3 primary-path=dyn \Īdd bandwidth=5Mbps name=TE1-to-R1 to-address=10.255.0.1 primary-path=dyn \Īdd bandwidth=5Mbps name=TE2-to-R1 to-address=10.255.1.1 primary-path=dyn \ Next step is to set up TE resource for every interface on which we might want to run TE tunnel.Ĭonfiguration on all the routers are the same: Set default router-id=10.255.0.4 mpls-te-area=backbone mpls-te-router-id=LoopbackĪfter OSPF is set up verify that we have correct routing information in routing table of each /ip route> printįlags: X - disabled, A - active, D - dynamic,Ĭ - connect, S - static, r - rip, b - bgp, o - ospf, m - mme,ī - blackhole, U - unreachable, P - prohibitĦ ADC 192.168.10.0/30 192.168.10.1 ether3 0ħ ADC 192.168.33.0/30 192.168.33.1 ether1 0ġ0 ADC 192.168.33.12/30 192.168.33.14 ether2 0 Set default router-id=10.255.0.3 mpls-te-area=backbone mpls-te-router-id=Loopback Set default router-id=10.255.0.2 mpls-te-area=backbone mpls-te-router-id=Loopback Set default router-id=10.255.0.1 mpls-te-area=backbone mpls-te-router-id=LoopbackĪdd network=192.168.33.0/24 area=backbone To successfully complete the setup we need loopback reachability information on every router. In this setup we will use OSPF dynamic routing protocol to distribute routing information between routers. Set addresses=0.0.0.0/0 name=xxxxxxxĪdd bridge=bridge comment=defconf interface=ether2Īdd bridge=bridge comment=defconf interface=ether3Īdd bridge=bridge comment=defconf interface=ether4Īdd bridge=bridge comment=defconf interface=ether5Īdd comment=defconf interface=bridge list=LANĪdd comment=defconf interface=ether1 list=WANĪdd address=192.168.31.1/30 comment=defconf interface=bridge network=192.168.31.0Īdd address=185.x.x.x/30 interface=ether1 network=x.x.x.xĪdd address=10.252.0.215 interface=Loopback network=10.252.0.215Īdd action=accept chain=input comment="defconf: accept established,related,untracked" connection-state=established,related,untrackedĪdd action=drop chain=input comment="defconf: drop invalid" connection-state=invalid disabled=yesĪdd action=accept chain=input comment="defconf: accept ICMP" protocol=icmpĪdd action=accept chain=input comment="defconf: accept to local loopback (for CAPsMAN)" dst-address=127.0.0.1Īdd action=drop chain=input comment="defconf: drop all not coming from LAN" disabled=yes in-interface-list=!LANĪdd action=accept chain=forward comment="defconf: accept in ipsec policy" ipsec-policy=in,ipsecĪdd action=accept chain=forward comment="defconf: accept out ipsec policy" ipsec-policy=out,ipsecĪdd action=fasttrack-connection chain=forward comment="defconf: fasttrack" connection-state=established,relatedĪdd action=accept chain=forward comment="defconf: accept established,related, untracked" connection-state=established,related,untrackedĪdd action=drop chain=forward comment="defconf: drop invalid" connection-state=invalid disabled=yesĪdd action=drop chain=forward comment="defconf: drop all from WAN not DSTNATed" connection-nat-state=!dstnat connection-state=new disabled=yes in-interface-list=WANĪdd action=masquerade chain=srcnat comment="defconf: masquerade" ipsec-policy=out,none out-interface-list=WAN I have no problem reaching it via ICMP and SNMP. Is it possible to configure a Mikrotik CPE with its loopback IP ? I try to connect from a server (in my backbone) on my CPE Hex via its loopback IP with SSH and Winbox, but I have a timeout error.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |