just a thought ... assuming port 8:3 is your router port :
1 - from the userguide, the qosprofile modifier does not work with an egress ACL
## quote ###
qosprofile qosprofilename—Forwards the packet to the specified QoS profile.
• ingress—all platforms
• egress—does not forward the packets to the specified qosprofile. If the action modifier “replacedot1p”
is present in the ACL rule, the dot1p field in the packet is replaced with the value from
qosprofile. Summit X460-G2, X670-G2, and X770 series switches only).
# end of quote ###
2 - what you may consider is to apply your ACL at ingress
on the "non router" ports ... then traffic hitting those rules should be sent to QP2 on port 8:3 -> so shaping does occur at egress on prot 8:3
to check : show port 8:3 qosmonitor [or use a counter for troubleshooting]
3 - an ACL should work on L2 or L3 traffic ... it is applied on a port [list of ports] or a VLAN [which means it is applied on the ports that are part of the vlan ... and it applies to the traffic of that vlan on these ports] or wildcard ... there is precedence involved.
-> the ACL chapter in the userguide is quite good -> http://documentation.extremenetworks.com/exos_22.1/EXOS_21_1/ACL/acls.shtml
hoping that helps ... JS