cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1927
Views
7
Helpful
3
Replies

Error when trying to apply a policer policy through vmanage

Tim_J_RC
Level 1
Level 1

I am trying to apply an ingress policer policy on one of my vEdge interface, when try pushing the configurations from vManage, I get the following


com.tailf.maapi.MaapiException: illegal reference /ncs:devices/device{vedge-11OG641180001}/config/vpn/vpn-instance{101}/interface{ge0/0.48}/policer{POLICY-LOCAL-VHUB-NYC in}/policer-name

 

I am trying to apply this ACL/Policy

 

access-list POLICY-ACL-VHUB-NYC
sequence 1
match
source-data-prefix-list LIST-VM251-NYC
destination-data-prefix-list LIST-VM251-ANP
!
action accept
policer POLICY-POLICE-10M
!
!
default-action accept

 

 

I am using vManage 19.2.2

 

Thanks,

 

1 Accepted Solution

Accepted Solutions

Thanks Bradley.   I did have my localized policy applied properly.   What I didn't realize is that when using the ingress policer option in vmanage, I can only apply a standard policer policy, not what I was trying to do.   I'm used to nested policies in routers, and i was trying to apply the ACL  with a policer applied to a sequence as a the ingress policing entry.   I read a little more, and saw that when I police specific flows, it needs to be done on an ACL entry and applied as an ingress ACL, not a ingress police policy.

 

Tim

 

View solution in original post

3 Replies 3

brselzer
Cisco Employee
Cisco Employee

Hello Tim,

 

When you configure a local policy, it has to be in the policy you attached to the device or it won't know how to reference it. 

 

If you go to your device template, there is a field for policy. See attachment "device_template_policy.jpg"

 

You must make sure your policer is under that policy. You can check by going to config->policies->Localized Policy and clicking on the policy that you attached to the template.

 

Make sure the policer you are trying to configure is listed under the "Access Control Lists" section of that local policy.

 

The way it works is you create a local policy profile then attach it to the device template. This downloads all the ACLs and other objects. From everywhere else in your template it references that policy. If it is missing from the policy, it will not have a reference for it and you will get the error you see. 

 

Hope that helps!

-Bradley Selzer
CCIE# 60833

Thanks Bradley.   I did have my localized policy applied properly.   What I didn't realize is that when using the ingress policer option in vmanage, I can only apply a standard policer policy, not what I was trying to do.   I'm used to nested policies in routers, and i was trying to apply the ACL  with a policer applied to a sequence as a the ingress policing entry.   I read a little more, and saw that when I police specific flows, it needs to be done on an ACL entry and applied as an ingress ACL, not a ingress police policy.

 

Tim

 

pgasparovic
Level 1
Level 1

Very useful,

now I was crazy about my vSmart CLI policy being edited, I updated freely my policy name, but forgot to do so under "apply-policy" section tool...

Review Cisco Networking for a $25 gift card