I am using Clearpass to push downloadable session ACLs to interface-groups on a mobility access switch. Clearpass is on 6.4.7. MAS is on 7.4.0.2. The ACL is complex but it does get successfully installed on the switch ports so I know my config and syntax is correct. However, it may fail randomly on another switch port on the same switch. I can't find a patter. I did notice that if I do a show ip access-list brief, I'll see several ACLs still on the switch associated with older versions of that downloadable ACL. I wonder if that's the source of the problem. Is there a way to clear these out without rebooting the switch?
#show ip access-list brief | include Printer
Printer-4692c694 session (not editable) 1 AF_OKN__Aruba_DLRole_Printer-3076-72
Printer-9bb8d9de session (not editable) 1 AF_OKW__Aruba_DLRole_Printer-3119-3
dhcp-acl-0e55d3e1 session (not editable) 1 AF_OKN__Aruba_DLRole_Printer2-3129-30
dns-acl-0e55d3e1 session (not editable) 1 AF_OKN__Aruba_DLRole_Printer2-3129-30
icmp-acl-0e55d3e1 session (not editable) 1 AF_OKN__Aruba_DLRole_Printer2-3129-30
ntp-acl-0e55d3e1 session (not editable) 1 AF_OKN__Aruba_DLRole_Printer2-3129-30
web-gui-acl-0e55d3e1 session (not editable) 1 AF_OKN__Aruba_DLRole_Printer2-3129-30