I am doing some work with VRF-lite but I am having some trouble with serial interfaces. I have a PE router with a serial interface where I want to take incoming traffic and using policy-based routing send the traffic to the appropriate VRF. I want to assign the serial interface itself to be in one of those VRFs, not the global routing table. Eventually, I also want to overlap the VPNs/VRFs to send traffic going out the serial interface through the VRF assigned to the serial interface. Initially, it looks something like this:
ip vrf VRF1
route-target export 65000:3
ip vrf VRF2
route-target import 65000:3
ip route vrf VRF1 10.90.51.0 255.255.255.0 192.168.11.18
ip vrf forwarding VRF1
ip address 192.168.11.17 255.255.255.252
router bgp 65000
address-family ipv4 vrf VRF1
ip access-list extended remote-source
permit ip 10.90.0.0 0.0.255.255 any
route-map SERIAL-INCOMING permit 100
match ip address remote-source
set vrf VRF2
But if I try to turn on the policy based routing at the serial interface, I get an error:
Router(config-if)#ip policy route-map SERIAL-INCOMING
% Can not apply route-map SERIAL-INCOMING to this interface
% Either remove 'set vrf' from route-map or unconfigure 'ip vrf forward'
I can sort of get around the problem by using an "ip vrf receive" instead of "ip vrf forward", but unfortunately, that leaves my Serial interface in the global table which isn't what I wanted.
What troubles me is that I can do this without any problems on an Ethernet interface. Are there any known issues with "ip vrf forward" and using PBR and "set vrf" on Serial interfaces, or have I configured something wrong?
If I stick with the "ip vrf receive", how can I force the physical Serial interface into the appropriate VRF?
College of William and Mary