its L2 port ,, just like any port from 132.1.0.0/16 LAN

check your 101 ACL statistics, if it hits the packets or not?

There are some things about this environment that we do not know and which could impact the ability to use PBR. The policy is applied to vlan 1. But we do not know whether vlan 1 is the only vlan configured and therefore can not be sure that PBR is applied on the correct interface. We also do not know where the clients are trying to send their Email packets. PBR can only work on packets that clients send to eh 6506 to be forwarded somewhere. So trying to do PBR where everything is in the same vlan will only catch traffic with a destination address that is external. If the client is sending Email to an address that is in the 132.1 network then the Email is sent directly to the server and the 6506 would never see that traffic and PBR would not work.

HTH

Rick

thank you for your reply .

there are other vlans in the c6506 switch , but they are not related and routing between vlans is working fine ,

clients are trying to send pop3 + smtp traffic to an external email server on the internet .

Thank you for the additional information. If the clients are connected in vlan 1 and have their default gateway configured with the IP address of the 6506 interface, and if the clients are sending Email to external mail servers then I would expect the PBR that you configured to work. Can you post the output of show route-map?

HTH

Rick

I made some changes to the access list
Core-Switch-A#sho access-lists cyber
Extended IP access list cyber
    20 permit tcp any any eq pop3
    21 permit udp any any eq domain (244 matches)
    23 permit tcp any any eq domain
    30 permit tcp any any eq 993
    31 permit tcp any any eq 995
    32 permit tcp any any eq 465
    40 permit tcp any any eq smtp (4 matches)

Core-Switch-A#show route-map cyber
route-map cyber, permit, sequence 10
  Match clauses:
    ip address (access-lists): cyber
  Set clauses:
    ip next-hop 132.1.1.214
  Policy routing matches: 1175 packets, 93858 bytes
Core-Switch-A#

Clients can access SMTP , but the problem now is with pop3 traffic

I simulated your situation in GNS0.1 beta3. I created vlan 2 on core switch and put link between core SW and cybroam on vlan 2. 

after this change PBR became fully operational with your initial ACL.

#show access-list

Extended IP access list 101
    10 permit tcp any any eq pop3 (1 match)
    20 permit tcp any any eq smtp (2 matches)

#show route-map

route-map pol, permit, sequence 8
  Match clauses:
    ip address (access-lists): 101
  Set clauses:
    ip next-hop 192.168.2.1
Nexthop tracking current: 0.0.0.0
192.168.2.1, fib_nh:0,oce:0,status:0

  Policy routing matches: 3 packets, 180 bytes

I suspect that there are other protocols need to be included in the access list ,

Now I need to know a way to monitor all traffic from a specific  IP .
there must be a debug command to show me all traffic forwarded to the 132.1.1.214 from a x.x.x.x IP .

I expect the output would be something like
132.1.x.x src port 5445 des port 110 --> external ip

could you help me with that ?

You can use following script:

(config)#access-list 199 permit ip any host <a.b.c.d>

(config)#access-list 199 permit ip host <a.b.c.d> any

#debug ip packet 199 detail

don't forget to use "no ip route-cache" on interfaces.

use carefully, might cause crash in congested devices

no hits when i issue " show route-map cyber "