I am afraid you are not correct. You are confusing a policy-map with an ip policy-list - these two are different and unrelated constructs. Your example appears to work because the route-map refers to a non-existent ip policy-list and therefore produces a match (it's like referring to a non-existent ACL), but because of this, it applies to all traffic, not just to the ICMP packets.
Unfortunately, a route-map used to drive PBR is unable to directly refer to a class-map or to a qos-group value. The only solution I was able to create was to actually mark ingress packets with a non-zero DSCP value, and then base the PBR on the DSCP value, e.g.:
class-map match-all TELNET
match protocol telnet
set dscp af13
ip access-list extended AF13
permit ip any any dscp af13
route-map PBR permit 10
match ip address AF13
set ip next-hop 10.0.23.3
ip address 10.1.12.2 255.255.255.0
ip policy route-map PBR
service-policy input fa0/1-in
Ingress traffic on Fa0/1 is first inspected by the fa0/1-in policy-map that identifies the Telnet traffic, and marks the packets with DSCP value of AF13. Afterwards, the PBR looks for all AF13-marked packets, and PBRs them to a different next hop. On ingress, QoS marking is performed before PBR.
Hi everyone, I would like to thank you in advance for any help you can provide a newcomer like myself!
Im studying the 100-105 book by Odom and am currently on the topic of Port security. I purchased a used 2960 and I'm trying to follow a...
While deploying a number of 18xx/2802/3802 model access points (APs), which run AP-COS as their operating platform. It can be observed on some occasions that while many of their access points were able to join the fabric WLC withou...
I am going to design and build an LAN network under a tunnel underground with long distance between the switches.
I will have 2 Catalyst switches and 8 Industrial IE3000, and they will be connected with fiber.
For now I am planning on use Layer-2 s...