Hi, I don't see any issue with your configuration.
Like I said before, if you are testing the PBR from any device on VLAN17, the route-map and ACL should catch it. However, if the traceroute/ping is initiate from the 4506 sourced from VLAN17, "ip local policy" should be use to perform the test.
We are pleased to announce availability of Beta software for 16.6.3. 16.6.3 will be the second rebuild on the 16.6 release train targeted towards Catalyst 9500/9400/9300/3850/3650 switching platforms. We are looking for early feedback from custome...