Command not listed under match ip.  what versions are supported? 

CPTNYCRT01(config-route-map)#match ip ?

  address                Match address of route or match packet

  next-hop               Match next-hop address of route

  redistribution-source  route redistribution source (EIGRP only)

  route-source           Match advertising source address of route

CPTNYCRT01(config-route-map)#do sh ver

Cisco IOS Software, 2800 Software (C2800NM-ADVIPSERVICESK9-M), Version 15.1(4)M4, RELEASE SOFTWARE (fc1)

Technical Support: http://www.cisco.com/techsupport

Copyright (c) 1986-2012 by Cisco Systems, Inc.

Compiled Tue 20-Mar-12 18:13 by prod_rel_team

ROM: System Bootstrap, Version 12.3(8r)T7, RELEASE SOFTWARE (fc1)

CPTNYCRT01 uptime is 14 weeks, 2 days, 20 hours, 56 minutes

System returned to ROM by reload at 18:00:00 Eastern Thu Oct 31 2013

System restarted at 18:01:54 Eastern Thu Oct 31 2013

System image file is "flash:c2800nm-advipservicesk9-mz.151-4.M4.bin"

Last reload type: Normal Reload

This product contains cryptographic features and is subject to United

States and local country laws governing import, export, transfer and

use. Delivery of Cisco cryptographic products does not imply

third-party authority to import, export, distribute or use encryption.

Importers, exporters, distributors and users are responsible for

compliance with U.S. and local country laws. By using this product you

agree to comply with applicable laws and regulations. If you are unable

to comply with U.S. and local laws, return this product immediately.

A summary of U.S. laws governing Cisco cryptographic products may be found at:

http://www.cisco.com/wwl/export/crypto/tool/stqrg.html

If you require further assistance please contact us by sending email to

export@cisco.com.

Cisco 2821 (revision 3.0) with 1034240K/14336K bytes of memory.

Processor board ID FHK0847F1PQ

2 Gigabit Ethernet interfaces

1 ATM interface

1 Channelized T1/PRI port

1 Virtual Private Network (VPN) Module

DRAM configuration is 64 bits wide with parity enabled.

239K bytes of non-volatile configuration memory.

126976K bytes of ATA CompactFlash (Read/Write)

License Info:

License UDI:

-------------------------------------------------

Device#   PID                   SN

-------------------------------------------------

*0        CISCO2821             FHK0847F1PQ

Configuration register is 0x2102

CPTNYCRT01(config-route-map)#

Hello Vishesh,

I am afraid you are not correct. You are confusing a policy-map with an ip policy-list - these two are different and unrelated constructs. Your example appears to work because the route-map refers to a non-existent ip policy-list and therefore produces a match (it's like referring to a non-existent ACL), but because of this, it applies to all traffic, not just to the ICMP packets.

Unfortunately, a route-map used to drive PBR is unable to directly refer to a class-map or to a qos-group value. The only solution I was able to create was to actually mark ingress packets with a non-zero DSCP value, and then base the PBR on the DSCP value, e.g.:

class-map match-all TELNET
 match protocol telnet
!
policy-map fa0/1-in
 class TELNET
  set dscp af13
!
ip access-list extended AF13
 permit ip any any dscp af13
!
route-map PBR permit 10
 match ip address AF13
 set ip next-hop 10.0.23.3
!
interface FastEthernet0/1
 ip address 10.1.12.2 255.255.255.0
 ip policy route-map PBR
 service-policy input fa0/1-in

Ingress traffic on Fa0/1 is first inspected by the fa0/1-in policy-map that identifies the Telnet traffic, and marks the packets with DSCP value of AF13. Afterwards, the PBR looks for all AF13-marked packets, and PBRs them to a different next hop. On ingress, QoS marking is performed before PBR.

It is admittedly a hack...

Best regards,

Peter

Hi Peter,

You are right, I mistook the policy-list for a policy-map.

R2(config-route-map)#match policy-list ?

  WORD  IP Policy map name

Seems like yours is the only way to configure it. Thanks for clearing that.

-Vishesh