refresh policy

refresh policy policy-name

Description

Refreshes the specified policy.

Syntax Description

policy-name Specifies the policy to refresh.

Default

N/A.

Usage Guidelines

Use this command when a new policy file for a currently active policy has been downloaded to the switch, or when the policy file for an active policy has been edited. This command reprocesses the text file and updates the policy database.

Before 12.6.1 there was no support to refresh the policies that are associated to the local VPP. For network VPP, you can achieve policy refresh by changing the policy timestamp file. Beginning in release 11.4, the policy manager uses Smart Refresh to update the ACLs. When a change is detected, only the ACL changes needed to modify the ACLs are sent to the hardware, and the unchanged entries remain. This behavior avoids having to blackhole packets because the ACLs have been momentarily cleared. Smart Refresh works well for minor changes, however, if the changes are too great, the refresh reverts to the earlier behavior. To take advantage of Smart Refresh, disable access-list refresh blackholing by using the command:

disable access-list refresh blackhole

If you attempt to refresh a policy that cannot take advantage of Smart Refresh while blackholing is enabled, you will receive a message similar to the following:

Incremental refresh is not possible given the configuration of policy <name>. Note, the current setting for Access-list Refresh Blackhole is Enabled. Would you like to perform a full refresh? (Yes/No) [No]:

If blackholing is not enabled, you will receive a message similiar to the following:

Incremental refresh is not possible given the configuration of policy <name>. Note, the current setting for Access-list Refresh Blackhole is Disabled. WARNING: If a full refresh is performed, it is possible packets that should be denied may be forwarded through the switch during the time the access list is being installed. Would you like to perform a full refresh? (Yes/No) [No]:

If you attempt to refresh a policy that is not currently active, you will receive an error message.

For an ACL policy, the command is rejected if there is a configuration error or hardware resources are not available.

Example

The following example refreshes the policy zone5:

refresh policy zone5

History

This command was first available in ExtremeXOS 11.0.

Smart Refresh was added in ExtremeXOS 11.4.

Platform Availability

This command is available on all platforms.