How To Configure a Route-map to Re-direct Traffic marked with a ToS Value
The route-map re-directs any web traffic marked with a ToS of cs2 to the NAC.
Configure the following route-map on the router and apply it to the interface the client is using as a gateway.
ip access-list extended NAC-Redirect
permit tcp any any eq 80 dscp cs2
permit tcp any any eq 443 dscp cs2
route-map policy NAC permit 10
match ip address NAC-Redirect
set next-hop 18.104.22.168
ip address 10.10.10.1 255.255.255.0
ip policy route-map nAC
no shut down
The next hop in the route-map does not have to be on a subnet local to the router but if the packet is crossing multiple routers those routers may require a route-map if that router's routing table does not have a desired route to the NAC. For instance, if the next router does not have a route for the NAC then it will forward the packet to the default gateway, rather than redirecting the packet as desired.