Reset Search



Policy is not taking effect after changes have been made to the existing policy file

« Go Back


TitlePolicy is not taking effect after changes have been made to the existing policy file
Changes have been made to an existing policy though the changes are not taking immediate effect. This is seen when editing the existing policy file using the edit policy <policy_name> command, or replacing the policy file on the switch.
When a change such as adding, deleting, an entry, or adding/deleting/modifying a statement within a policy, the information in the policy does not change until the policy has been refreshed.

The user must refresh the policy so that the latest copy of policy is used. When the policy is refreshed, the new policy file is read, processed, and stored in the policy database.

To refresh the policy, enter the command:

refresh policy policy_name

The following example shows an applied policy, which has been changed, and then refreshed:
  • The denyroute policy is applied as an access list.
X480-48t.19 # sh access-list
Vlan Name    Port   Policy Name          Dir      Rules  Dyn Rules
*            6      denyroute            ingress  1      0
  • The source address is modified in the denyroute policy file.

X480-48t.17 # edit policy denyroute
entry deny-subnet {
if match any {
then {
  • Once saved, the policy is refreshed.
X480-48t.21 # refresh policy denyroute
Policy denyroute refresh done!

Additional notes
Performing a refresh on multiple ports requires the original and modified policy to coexist at the same time in the intermittent state. If this is not possible due to slice limitations, the refresh will fail with "ACL slice full" error. The policy does have to be applied to a VLAN or port in order for the policy file to be refreshed.



Was this article helpful?



Please tell us how we can make this article more useful.

Characters Remaining: 255