Clearing Existing Policy Sessions
Whenever you change your ACP configurations, you are prompted to clear the
existing sessions. This enables you to apply your new configurations. Other-
wise, an existing session may violate an ACP that you just configured.
To clear all of the policy sessions on the router, move to the enable mode
context and enter:
ProCurve# clear ip policy-sessions
You can also clear a particular policy session. For example, if you enter the
show ip policy-sessions command and determine that an existing session
should be terminated, you can use one of the following commands to do so:
Syntax: clear ip policy-sessions <policyname> [ahp | esp | gre | icmp | tcp | udp |
<protocol number>] <source A.B.C.D> <source port> <destination A.B.C.D>
<destination port>
or
Syntax: clear ip policy-sessions <policyname> [ahp | esp | gre | icmp | tcp | udp |
<protocol number>] <source A.B.C.D> <source port> <destination A.B.C.D> <desti-
nation port> [destination | source] <nat A.B.C.D> <nat port>
Enter the command as follows:
Replace <policyname> with the name of the policy class (or ACP)
associated with that IP policy session.
Specify the protocol: ahp, esp, gre, icmp, tcp, udp, or a protocol number
between 0 and 255.
Replace <source A.B.C.D> with the source IP address.
Replace <source port> with the port specified by the source. Use hexa-
decimal format for AHP, ESP, and GRE; use the decimal for all other
protocols.
Replace <destination A.B.C.D> with the destination IP address.
Replace <destination port> with the destination port. Use hexadecimal
format for AHP, ESP, and GRE; use decimal format for all other protocols.
The remaining options apply only to NAT:
Include the destination option to select a session that uses one-to-one
NAT (NAT based on the destination address). Include the source option
to select a session that uses many-to-one NAT (NAT based on the source
IP address).
Configuring Network Address Translation
Troubleshooting
6-21