08-27-2009 11:29 AM
I am doing some work with VRF-lite but I am having some trouble with serial interfaces. I have a PE router with a serial interface where I want to take incoming traffic and using policy-based routing send the traffic to the appropriate VRF. I want to assign the serial interface itself to be in one of those VRFs, not the global routing table. Eventually, I also want to overlap the VPNs/VRFs to send traffic going out the serial interface through the VRF assigned to the serial interface. Initially, it looks something like this:
ip vrf VRF1
rd 65000:3
route-target export 65000:3
!
ip vrf VRF2
rd 65000:18
route-target import 65000:3
ip route vrf VRF1 10.90.51.0 255.255.255.0 192.168.11.18
interface Serial0/0/0
ip vrf forwarding VRF1
ip address 192.168.11.17 255.255.255.252
router bgp 65000
no synchronization
bgp log-neighbor-changes
no auto-summary
!
address-family ipv4 vrf VRF1
redistribute static
no auto-summary
no synchronization
exit-address-family
ip access-list extended remote-source
permit ip 10.90.0.0 0.0.255.255 any
route-map SERIAL-INCOMING permit 100
match ip address remote-source
set vrf VRF2
But if I try to turn on the policy based routing at the serial interface, I get an error:
Router(conf)#interface Serial0/0/0
Router(config-if)#ip policy route-map SERIAL-INCOMING
% Can not apply route-map SERIAL-INCOMING to this interface
% Either remove 'set vrf' from route-map or unconfigure 'ip vrf forward'
I can sort of get around the problem by using an "ip vrf receive" instead of "ip vrf forward", but unfortunately, that leaves my Serial interface in the global table which isn't what I wanted.
What troubles me is that I can do this without any problems on an Ethernet interface. Are there any known issues with "ip vrf forward" and using PBR and "set vrf" on Serial interfaces, or have I configured something wrong?
If I stick with the "ip vrf receive", how can I force the physical Serial interface into the appropriate VRF?
Thanks.
Clarke Morledge
College of William and Mary
Solved! Go to Solution.
08-27-2009 12:03 PM
Hi Clarke,
There is no restriction on serial interface.
Looks like a bug for me. TAC will help you to identify it.
HTH
Laurent.
08-27-2009 12:03 PM
Hi Clarke,
There is no restriction on serial interface.
Looks like a bug for me. TAC will help you to identify it.
HTH
Laurent.
08-28-2009 10:59 AM
Upon further investigation....
The serial interface issue was a red herring. It just so happens that every other time I've done this it has been on a flavor of 12.2x on a 6500/7600 where this feature is supported. The only systems I have with Serial interfaces are 1841s.
The problem with the 1841 is that most of the code revisions out there do not support this feature. It was only added to the regular code train with the recent release of 12.2(24)T. I tested with 12.2(24)T1 and you are now able to use "ip vrf forwarding" on all interfaces along with a PBR route-map that uses the "set vrf" option.
Thanks, Laurent, for pointing me towards the TAC on this.
Clarke Morledge
College of William and Mary
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide