Reset Search



What does the log "<Noti:ACL.Policy.hardRefresh>: Policy:hard refresh:<policy name>" mean?

« Go Back


TitleWhat does the log "<Noti:ACL.Policy.hardRefresh>: Policy:hard refresh:<policy name>" mean?
What does the log "<Noti:ACL.Policy.hardRefresh>: Policy:hard refresh:<policy name>" mean?
  • Summit All
  • EXOS All
  • Blackdiamond All
Normally, when changes are made to a policy and a policy is refreshed, the switch uses what is called a “smart refresh”. This basically means when a change in the policy is detected, only the ACL changes needed to modify the ACLs are sent to the hardware, and the unchanged entries remain

Smart Refresh works well up for up to 200 changes. If the number of changes exceeds 200, you will see this message: "Policy file has more than 200 new rules. Smart refresh cannot be carried out" and you will get the following prompt - "Note, the current setting for Access-list Refresh Blackhole is Enabled. Would you like to perform a full refresh?"

In this situation, the switch carries out a “hard refresh”; All ACLs previously defined in the policy are to be removed in the hardware, and the new refreshed ACL entries are to be installed. In such a scenario, when a "refresh policy" command is used, the aforementioned message will be logged.

"Hard refresh" is also carried out when the number of entries in the policy changes i.e., when a rule is added or deleted in the policy.
Additional notes
Excerpt from the User Guide: For ACL policies only, during the time that an ACL policy is refreshed, packets on the interface are blackholed, by default. This is to protect the switch during the short time that the policy is being applied to the hardware.

Based on this, if "blackhole" is disabled, it is conceivable that unwanted packets that were supposed to be subjected to the ACL (specifically "deny" policies) will be forwarded until the policy has been applied/refreshed.



Was this article helpful?



Please tell us how we can make this article more useful.

Characters Remaining: 255