cancel
Showing results for 
Search instead for 
Did you mean: 

Modify Traffic Policy

eu_scada
New Contributor II
Hi all,

This may be a silly question, but I can't seem to find the answer for it.

How does one modify a traffic policy?

I understand I would use the no command to remove a setting.

I want to adjust the rate limiting and enable counting, but it keeps stating can't modify while in use.

I removed the traffic policy from all the ACLs, although it still bawks at me.

Do I have to reload the switch after removing the traffic policy from the ACLs?

Any input helps and thanks
8 REPLIES 8

jijo_panangat
RUCKUS Team Member
Hello,

You need to first unbind the ACL that references the traffic policy to modify or delete it.


Thanks
Jijo

eu_scada
New Contributor II
Hello,

I did remove all ACLs

Does one need to “reload” the switch after removing the ACLs to unbind the traffic policy?

Thanks much for the reply

jijo_panangat
RUCKUS Team Member
Hello,

Reload isn't necessary, Could you share 'show run' and error log you see while modifying ?


Thanks
Jijo 

eu_scada
New Contributor II
Hello, below is the current running config and at the bottom is the error I see when attempting to modify the traffic policy

Thanks for the help

=~=~=~=~=~=~=~=~=~=~=~= PuTTY log 2019.12.17 05:56:57 =~=~=~=~=~=~=~=~=~=~=~=
login as: cor-admin
Keyboard-interactive authentication prompts from server:
| Password:
End of keyboard-interactive prompts from server
SSH@brwtp-6610-stack>show run
Current configuration:
!
ver 08.0.30aT7f3
!
stack unit 1
  module 1 icx6610-48-port-management-module
  module 2 icx6610-qsfp-10-port-160g-module
  module 3 icx6610-8-port-10g-dual-mode-module
  priority 240
  stack-trunk 1/2/1 to 1/2/2
  stack-trunk 1/2/6 to 1/2/7
  stack-port 1/2/1 1/2/6
stack unit 2
  module 1 icx6610-48-port-management-module
  module 2 icx6610-qsfp-10-port-160g-module
  module 3 icx6610-8-port-10g-dual-mode-module
  priority 240
  stack-trunk 2/2/1 to 2/2/2
  stack-trunk 2/2/6 to 2/2/7
  stack-port 2/2/1 2/2/6
stack unit 3
  module 1 icx6610-24f-sf-port-management-module
  module 2 icx6610-qsfp-10-port-160g-module
  module 3 icx6610-8-port-10g-dual-mode-module
  stack-trunk 3/2/1 to 3/2/2
  stack-trunk 3/2/6 to 3/2/7
  stack-port 3/2/1 3/2/6
stack enable
stack mac cc4e.24b5.d5d0
!
global-stp
!
!
lag NAS dynamic id 2047
 ports ethernet 1/1/9 to 1/1/10 
 primary-port 1/1/9
 lacp-timeout long 
 deploy
 port-name "NAS LAG 1" ethernet 1/1/10
!
!
vlan 1 name Plant-Existing by port
 tagged ethe 1/1/21 ethe 2/1/47 ethe 3/1/1 to 3/1/7 ethe 3/1/9 to 3/1/12 
 untagged ethe 1/1/1 ethe 1/1/3 to 1/1/6 ethe 1/1/19 ethe 1/1/23 to 1/1/24 ethe 1/1/42 to 1/1/43 ethe 2/1/1 to 2/1/4 ethe 2/1/9 to 2/1/16 ethe 2/1/19 to 2/1/20 ethe 2/1/42 to 2/1/43 
 monitor ethe 1/1/13
 router-interface ve 1
 spanning-tree 802-1w
 spanning-tree 802-1w priority 8192
!
vlan 99 name DEFAULT-VLAN by port
 spanning-tree 802-1w
 spanning-tree 802-1w priority 8192
!
vlan 210 name Switch-Mgmt by port
 tagged ethe 1/1/21 ethe 2/1/47 ethe 3/1/1 to 3/1/7 ethe 3/1/9 to 3/1/12 
 router-interface ve 210
 spanning-tree 802-1w
 spanning-tree 802-1w priority 8192
!
vlan 240 name HMI-Server by port
 tagged ethe 1/1/21 ethe 1/1/29 to 1/1/31 ethe 1/3/1 to 1/3/3 ethe 2/1/29 to 2/1/31 ethe 2/3/1 to 2/3/3 ethe 3/1/4 ethe 3/1/9 
 untagged ethe 1/1/9 to 1/1/10 ethe 1/1/17 ethe 1/1/28 ethe 1/1/32 ethe 1/1/46 ethe 2/1/17 to 2/1/18 ethe 2/1/25 ethe 2/1/28 ethe 2/1/32 ethe 2/1/46 
 monitor ethe 1/1/13
 router-interface ve 240
 spanning-tree 802-1w
 spanning-tree 802-1w priority 8192
!
vlan 250 name Server-Mgmt by port
 tagged ethe 1/1/29 to 1/1/31 ethe 1/3/1 to 1/3/3 ethe 2/1/29 to 2/1/31 ethe 2/3/1 to 2/3/3 
 untagged ethe 1/1/36 to 1/1/38 ethe 2/1/36 to 2/1/38 
 monitor ethe 1/1/13
 router-interface ve 250
 spanning-tree 802-1w
 spanning-tree 802-1w priority 8192
!
vlan 270 name SUPPORT by port
 untagged ethe 1/1/11 
 router-interface ve 270
 spanning-tree 802-1w
 spanning-tree 802-1w priority 8192
!
vlan 280 name MAINT by port
 tagged ethe 2/1/47 ethe 3/1/1 to 3/1/7 ethe 3/1/9 to 3/1/12 
 untagged ethe 1/1/33 to 1/1/35 ethe 2/1/33 to 2/1/35 
 router-interface ve 280
 spanning-tree 802-1w
 spanning-tree 802-1w priority 8192
!
vlan 290 name FIELD-DEVICE by port
 untagged ethe 1/1/39 to 1/1/41 ethe 2/1/39 to 2/1/41 
 router-interface ve 290
 spanning-tree 802-1w
 spanning-tree 802-1w priority 8192
!
vlan 300 name ZERO-CLIENT by port
 tagged ethe 1/1/21 ethe 3/1/1 ethe 3/1/4 ethe 3/1/9 
 untagged ethe 1/1/25 to 1/1/27 ethe 1/1/48 ethe 2/1/26 to 2/1/27 
 router-interface ve 300
 spanning-tree 802-1w
 spanning-tree 802-1w priority 8192
!
vlan 350 name NTP-MGMT by port
 untagged ethe 1/1/47 
 router-interface ve 350
 spanning-tree 802-1w
 spanning-tree 802-1w priority 8192
!
vlan 360 name FIREWALL by port
 untagged ethe 1/1/45 ethe 2/1/45 ethe 2/1/48 
 router-interface ve 360
 spanning-tree 802-1w
 spanning-tree 802-1w priority 8192
!
vlan 410 name HMI-SYNC by port
 tagged ethe 1/1/29 to 1/1/31 ethe 1/3/1 to 1/3/3 ethe 2/1/29 to 2/1/31 ethe 2/3/1 to 2/3/3 
 spanning-tree 802-1w
 spanning-tree 802-1w priority 8192
!
vlan 430 name RF1-RMT by port
 untagged ethe 1/1/44 ethe 2/1/44 
 router-interface ve 430
 spanning-tree 802-1w
 spanning-tree 802-1w priority 8192
!
vlan 440 name RF2-RMT by port
!
!
!
!
!
system-max ip-filter-sys 8192
!
traffic-policy TP-ACLD1 rate-limit fixed 100 exceed-action Drop
aaa authentication web-server default local
aaa authentication enable default local
aaa authentication login default local
boot sys fl sec
jumbo
default-vlan-id 99
enable super-user-password .....
hostname brwtp-6610-stack
ip route 10.4.61.0/24 172.17.31.1
ip route 10.4.62.0/24 172.17.31.1
ip route 10.4.63.0/24 172.17.31.1
ip route 136.0.0.0/8 172.17.31.1
ip route 172.17.0.0/24 172.17.31.1
ip route 172.17.64.0/18 172.17.31.1
ip route 172.17.64.0/21 172.17.31.1
ip route 172.17.128.0/24 172.17.31.1
ip route 172.18.16.0/20 172.17.31.1
ip route 172.19.16.0/20 172.17.31.1
ip multicast active
!
logging host 10.4.62.24 
logging host 10.4.62.24  udp-port 1514
logging host 10.4.62.24  udp-port 5544
logging facility syslog
logging buffered 1000
logging console
mirror-port ethernet 1/1/13
!
no telnet server
username architect password .....
username tesco privilege 4 password .....
username cor-admin password .....
username support privilege 5 password .....
username nms-user privilege 5 password .....
snmp-server community ..... ro
snmp-server contact TCI
snmp-server location BRWTP
snmp-server host 172.17.20.205 version v2c .....
snmp-server host 172.18.19.40 version v2c .....
snmp-server host 192.168.19.213 version v2c .....
snmp-server host 192.168.19.11 version v2c .....
snmp-server host 192.168.19.10 version v2c .....
snmp-server host 192.168.19.90 version v2c .....
!
!
clock summer-time
clock timezone us Pacific
!
!
ntp
 master
 source-interface ve 350
 server 10.4.62.19
 server 172.17.30.97
 server 172.18.30.97
 server 172.19.30.97
!
!
ssh access-group 
hitless-failover enable
!
!
!
!
!
!
!
interface ethernet 1/1/1
 port-name Connection to City Fiber (Dynac)
!
interface ethernet 1/1/11
 port-name NAS LAG 2
!
interface ethernet 1/1/29
 disable
!
interface ethernet 1/1/30
 disable
!
interface ethernet 1/1/31
 disable
!
interface ethernet 1/1/36
 port-name WTVH01-IPMI
!
interface ethernet 1/1/37
 port-name WTVH02-IPMI
!
interface ethernet 1/1/38
 port-name WTVH03-IPMI
!
interface ethernet 1/3/1
 port-name WTVH01-ETH2
 speed-duplex 10G-full
 stp-protect
!
interface ethernet 1/3/2
 port-name WTVH02-ETH2
 speed-duplex 10G-full
 stp-protect
!
interface ethernet 1/3/3
 port-name WTVH03-ETH2
 speed-duplex 10G-full
 stp-protect
!
interface ethernet 1/3/4
 spanning-tree 802-1w admin-edge-port
 stp-protect
!
interface ethernet 1/3/5
 spanning-tree 802-1w admin-edge-port
 stp-protect
!
interface ethernet 1/3/6
 spanning-tree 802-1w admin-edge-port
 stp-protect
!
interface ethernet 1/3/7
 spanning-tree 802-1w admin-edge-port
 stp-protect
!
interface ethernet 1/3/8
 spanning-tree 802-1w admin-edge-port
 stp-protect
!
interface ethernet 2/1/17
 port-name Cell Modem 1
!
interface ethernet 2/1/18
 port-name Cell Modem 2
!
interface ethernet 2/1/29
 disable
!
interface ethernet 2/1/30
 disable
!
interface ethernet 2/1/31
 disable
!
interface ethernet 2/1/47
 port-name Trunk to Lime System
!
interface ethernet 2/3/1
 port-name WTVH01-ETH3
 speed-duplex 10G-full
 stp-protect
!
interface ethernet 2/3/2
 port-name WTVH02-ETH3
 speed-duplex 10G-full
 stp-protect
!
interface ethernet 2/3/3
 port-name WTVH03-ETH3
 speed-duplex 10G-full
 stp-protect
!
interface ethernet 2/3/4
 spanning-tree 802-1w admin-edge-port
 stp-protect
!
interface ethernet 2/3/5
 spanning-tree 802-1w admin-edge-port
 stp-protect
!
interface ethernet 2/3/6
 spanning-tree 802-1w admin-edge-port
 stp-protect
!
interface ethernet 2/3/7
 spanning-tree 802-1w admin-edge-port
 stp-protect
!
interface ethernet 2/3/8
 spanning-tree 802-1w admin-edge-port
 stp-protect
!
interface ethernet 3/1/1
 port-name Trunk to MCC Room
!
interface ethernet 3/1/2
 port-name Trunk to East Clearwell
!
interface ethernet 3/1/3
 port-name Trunk to Utility Room
!
interface ethernet 3/1/4
 port-name Trunk to WT71-00101
!
interface ethernet 3/1/5
 port-name Trunk to Reclamation
!
interface ethernet 3/1/6
 port-name Trunk to Centrifuge
!
interface ethernet 3/1/7
 port-name Trunk to Filters 7,8
!
interface ethernet 3/1/9
 port-name Trunk to Chemical Bldg
!
interface ethernet 3/1/10
 port-name Trunk to Filters 9,10
!
interface ethernet 3/1/11
 port-name Trunk to Filters 11,12
!
interface ethernet 3/1/12
 port-name Trunk to Intake Structure
!
interface ve 1
 acl-logging
 ip address 192.168.34.1 255.255.255.0
!
interface ve 210
 port-name switch-net
 acl-logging
 ip address 172.17.16.1 255.255.255.0
!
interface ve 240
 acl-logging
 ip address 172.17.19.1 255.255.255.0
!
interface ve 250
 port-name scada-mgmt
 acl-logging
 ip address 172.17.20.1 255.255.255.0
!
interface ve 270
 acl-logging
 ip address 172.17.22.1 255.255.255.0
!
interface ve 280
 port-name maint-net
 acl-logging
 ip address 172.17.23.1 255.255.255.0
!
interface ve 290
 acl-logging
 ip address 172.17.24.1 255.255.255.0
!
interface ve 300
 acl-logging
 ip access-group SCADA-ZC-Net-Inbound in 
 ip address 172.17.25.1 255.255.255.0
!
interface ve 350
 ip address 172.17.30.1 255.255.255.0
!
interface ve 360
 port-name enterprise-net
 acl-logging
 ip address 172.17.31.2 255.255.255.0
!
interface ve 430
 ip address 192.168.35.1 255.255.255.0
!
!
!
ip access-list standard VTY-Access-update
 permit 172.17.16.0 0.0.0.255 
 permit 172.17.19.0 0.0.0.255 
 permit 172.17.20.0 0.0.0.255 
 permit 172.17.23.0 0.0.0.255 
 deny any 
!
!
!
!
!
ip ssh  authentication-retries 5
ip ssh  timeout 30
ip ssh  idle-time 30
!
!
end

SSH@brwtp-6610-stack>                        
SSH@brwtp-6610-stack>en
User Name:cor-admin
Password:
SSH@brwtp-6610-stack#con t
SSH@brwtp-6610-stack(config)#traffic-policy TP-ACLD1 count
ERROR: Traffic Policy TP-ACLD1 cannot be modified when in use. #ref is 22.
SSH@brwtp-6610-stack(config)#
SSH@brwtp-6610-stack(config)#show traffic-policy TP-ACLD1
Traffic Policy - TP-ACLD1:

Metering Enabled, Parameters:
Mode: Fixed Rate-Limiting
cir: 100 kbps
Exceed Action: Drop
Counting Not Enabled
Number of References/Bindings: 22
SSH@brwtp-6610-stack(config)#