Hello All. I have the below ACL applied inbound on a vlan interface, int vlan 808. I would like to match against this ACL in a class-map and then apply it to a policy-map that'll set the dscp 10 for ssh and tacacs traffic. All other traffic I do not want to change. The service policy will then be applied to int vlan 808 as "service-policy input MGMT-TRAFFIC-POLICY". And then I'd like to remove the "ip access-group MGMT_TRAFFIC in" from the int vlan 808.
Is it possible to do so without creating two separate ACLs...if so how? If I did have to use two separate ACLs how would I configure the class-map and/or policy-map to not change the other traffic. Thanks.
ip access-list extended MGMT_TRAFFIC
permit udp any eq snmp any
permit icmp any any
permit udp any gt 0 any eq 1645 1646 log
permit udp any gt 0 any eq 1812 1813
permit udp any eq tftp any
permit udp any eq ntp any
permit udp any gt 0 any eq syslog
permit udp any eq snmptrap any
permit tcp any eq 443 any
permit udp any gt 0 any lt 65534
permit igmp any any
permit tcp any gt 0 any eq tacacs log
permit tcp any eq 22 any gt 0 log
deny ip any any log