Maybe you are over-thinking the problem, or maybe I am still not properly understanding the design constraints ;-) Why not just choose a vlan tag and create a virtual interface on the bridge, then your /30 on that vlan interface allow them to deal with the transit tagged traffic however they want to: /interface vlan add name=transit-vlan interface=[eoip-tunnel-bridge] vlan-id=nn /ip address add interface= transit-vlan address=a.b.c.d/30 Then they just see another vlan-id among the traffic on their trunk that they present to their router in whatever way they care to, and configure the other end of that /30 subnet. If you want to, you can even bridge that transit-vlan to a physical interface or some other virtual interface so that you don't even need to route via that router if it is easier to route it by some other device. Seems like you have already been thinking similar, though I don't know what your reference to 'vlan on the physical interface' is intended for... Cheers! -----Original Message----- From: Public [mailto:public-bounces@talk.mikrotik.com.au] On Behalf Of Paul Julian Sent: Thursday, 28 August 2014 10:32 AM To: 'MikroTik Australia Public List' Subject: Re: [MT-AU Public] VLAN Injection..... That router is just part of our network so we would just give them a /30 across the vlan and route a subnet across that to them, we run OSPF on that edge router so the IP's will just get injected into the routing table as a connected route and then a static route for the subnet. Regards Paul -----Original Message----- From: Public [mailto:public-bounces@talk.mikrotik.com.au] On Behalf Of Mike Everest Sent: Thursday, 28 August 2014 10:23 AM To: 'MikroTik Australia Public List' Subject: Re: [MT-AU Public] VLAN Injection..... How does your transit present to that edge router? -----Original Message----- From: Public [mailto:public-bounces@talk.mikrotik.com.au] On Behalf Of Paul Julian Sent: Thursday, 28 August 2014 9:53 AM To: 'MikroTik Australia Public List' Subject: Re: [MT-AU Public] VLAN Injection..... Sorry, I know it's confusing..... So we have a customer at a site, at that site we bridge ether1 on their Mikrotik to an EOIP tunnel. That EOIP tunnel then goes through our network to our edge router at a data centre where we then bridge the EOIP tunnel to ether4 on our edge router. The customer then plugs their cross connect to that Ethernet port. So right now we have a layer 2 bridge between ether1 at their site and ether4 on our edge router at the DC, they can effectively do whatever they want across that, vlans, layer 3 traffic, whatever. Problem is that now they want some transit from us, but they only have one cross connect to us at the DC, so somehow we need to be able to feed them a vlan into that ether4 port at the DC so that they can pick up that transit from the vlan. My current thoughts are to add the vlan to the bridge interface which bridges the EOIP tunnel and ether4 at the DC, then they configure that vlan ID on their kit that plugs into ether4 on our router and then we have a /30 across that vlan which we feed them the transit on. Any thoughts ? Regards Paul -----Original Message----- From: Public [mailto:public-bounces@talk.mikrotik.com.au] On Behalf Of Mike Everest Sent: Thursday, 28 August 2014 9:45 AM To: 'MikroTik Australia Public List' Subject: Re: [MT-AU Public] VLAN Injection..... OK, umm, ... I don't think I understand what you have or what you need :-} So they want to add transit to an existing private link that passes through your network? So you need to kind of 'break out' a vlan at some point where there is no existing routing node? Cheers, Mike. -----Original Message----- From: Public [mailto:public-bounces@talk.mikrotik.com.au] On Behalf Of Paul Julian Sent: Thursday, 28 August 2014 9:14 AM To: 'MikroTik Australia Public List' Subject: Re: [MT-AU Public] VLAN Injection..... Thanks Mike I had yes, but the vlan only needs to be presented at one end of the link as it's coming in from our network. The customer has the trunk through our network and now wants some transit as well, as the trunk port is already plugged into their cross connect and we don't have another cross connect spare we need to try and get this other vlan into one end of the trunk. Regards Paul -----Original Message----- From: Public [mailto:public-bounces@talk.mikrotik.com.au] On Behalf Of Mike Everest Sent: Thursday, 28 August 2014 9:08 AM To: 'MikroTik Australia Public List' Subject: Re: [MT-AU Public] VLAN Injection..... Have you considered a second eoip tunnel? That way, you can add a vlan virtual interface on each side with the relevant tag ID, then bridge that virtual interface to the new eoip tunnel. As in: /interface vlan add interface=etherx vlanid=nn name=vlan-nn-ether-x /interface eoip name=eoip-nn local-address=a.b.c.d remote-address=c.d.e.f tunnel-id=mm /bridge add name=bridge-nn /bridge port add interface=vlan-nn-ether-x bridge=bridge-nn And same/similar on other end. Cheers! Mike. -----Original Message----- From: Public [mailto:public-bounces@talk.mikrotik.com.au] On Behalf Of Paul Julian Sent: Wednesday, 27 August 2014 4:09 PM To: public@talk.mikrotik.com.au Subject: [MT-AU Public] VLAN Injection..... Hi guys, hoping somebody could suggest an option here. We have a customer that we are doing a trunk for which goes from their office to our DC and then to them in that DC. It looks like: Local Site Data Centre Ether1 -> bridge -> EOIP Tunnel -> bridge ->Ether1 This has been setup this way so that they can just push whatever they want through the tunnel, which is basically 4 vlans, so with this design they should be able to send and receive tagged traffic between the two Ethernet ports without an issue. The problem we have is that we now need to supply an additional vlan to the DC end of the link, but because it's a layer 2 trunk I am not sure of the best way to approach this. I have thought of putting a vlan on the physical interface and another on the bridge interface and setting up a /30 between those two vlan interfaces but to be honest I don't know if that will actually work, has anybody experienced this before and have any suggestions before I just try it ? Basically we need to provide them a layer 3 connection as well as the layer two connection but into the same physical interface at the DC. Thanks Paul _______________________________________________ Public mailing list Public@talk.mikrotik.com.au http://talk.mikrotik.com.au/mailman/listinfo/public_talk.mikrotik.com.au _______________________________________________ Public mailing list Public@talk.mikrotik.com.au http://talk.mikrotik.com.au/mailman/listinfo/public_talk.mikrotik.com.au _______________________________________________ Public mailing list Public@talk.mikrotik.com.au http://talk.mikrotik.com.au/mailman/listinfo/public_talk.mikrotik.com.au _______________________________________________ Public mailing list Public@talk.mikrotik.com.au http://talk.mikrotik.com.au/mailman/listinfo/public_talk.mikrotik.com.au _______________________________________________ Public mailing list Public@talk.mikrotik.com.au http://talk.mikrotik.com.au/mailman/listinfo/public_talk.mikrotik.com.au _______________________________________________ Public mailing list Public@talk.mikrotik.com.au http://talk.mikrotik.com.au/mailman/listinfo/public_talk.mikrotik.com.au _______________________________________________ Public mailing list Public@talk.mikrotik.com.au http://talk.mikrotik.com.au/mailman/listinfo/public_talk.mikrotik.com.au