Table Of Contents

clear configure through clear configure http Commands

clear configure

clear configure aaa

clear configure aaa-server

clear configure access-group

clear configure access-list

clear configure alias

clear configure arp

clear configure arp-inspection

clear configure asdm

clear configure auth-prompt

clear configure banner

clear configure boot

clear configure ca certificate map

clear configure class

clear configure class-map

clear configure client-update

clear configure clock

clear configure cluster

clear configure command-alias

clear configure compression

clear configure console

clear configure context

clear configure coredump

clear configure crypto

clear configure crypto ca trustpoint

clear configure crypto ca trustpool

clear configure crypto dynamic-map

clear configure crypto engine

clear configure crypto ikev1

clear configure crypto ikev2

clear configure crypto ipsec

clear configure crypto isakmp

clear configure crypto map

clear configure ctl-file

clear configure ctl-provider

clear configure cts

clear configure ddns

clear configure dhcpd

clear configure dhcprelay

clear configure dns

clear configure dynamic-access-policy-config

clear config dynamic-access-policy-record

clear configure dynamic-filter

clear configure established

clear configure failover

clear configure filter

clear configure fips

clear configure firewall

clear configure fixup

clear configure flow-export

clear configure fragment

clear configure ftp

clear configure global

clear configure group-delimiter

clear configure group-policy

clear configure hostname

clear configure hpm

clear configure http

clear configure through clear configure http Commands

---

clear configure

To clear the running configuration, use the clear configure command in global configuration mode.

clear configure {primary | secondary | all | command}

Syntax Description

all	Clears the entire running configuration.
command	Clears the configuration for a specified command. For more information, see individual entries in this guide for each clear configure command command.
primary	Clears commands related to connectivity, including the following commands: •tftp-server •shun •route •ip address •mtu •failover •monitor-interface •boot
secondary	Clears commands not related to connectivity (that are cleared using the primary keyword).

Defaults

No default behavior or values.

Command Modes

The following table shows the modes in which you can enter the command:

Command Mode	Firewall Mode		Security Context
	Routed	Transparent	Single	Multiple
				Context	System
Global configuration	•	•	•	•	•

Command History

Release	Modification
7.0(1)	This command was introduced.
8.2(2)	Support for password encryption has been added.

Usage Guidelines

When you enter this command in a security context, you clear only the context configuration. If you enter this command in the system execution space, you clear the system running configuration as well as all context running configurations. Because you cleared all context entries in the system configuration (see the context command), the contexts are no longer running, and you cannot change to a context execution space.

Before clearing the configuration, make sure you save any changes to the boot config command (which specifies the startup configuration location) to the startup configuration; if you changed the startup configuration location only in the running configuration, then when you restart, the configuration loads from the default location.

---

Note When you enter the clear configure all command, the master pass phrase used in password encryption is not removed. For more information about the master pass phrase, see the config key password-encryption command.

---

Examples

The following example clears the entire running configuration:

hostname(config)# clear configure all

Related Commands

Command	Description
configure http	Merges a configuration file from the specified HTTP(S) URL with the running configuration.
configure memory	Merges the startup configuration with the running configuration.
configure net	Merges a configuration file from the specified TFTP URL with the running configuration.
configure factory-default	Adds commands you enter at the CLI to the running configuration.
show running-config	Shows the running configuration.

clear configure aaa

To clear the AAA configuration, use the clear configure aaa command in global configuration mode.

clear configure aaa

Syntax Description

This command has no arguments or keywords.

Defaults

No default behavior or values.

Command Modes

The following table shows the modes in which you can enter the command:

Command Mode	Firewall Mode		Security Context
	Routed	Transparent	Single	Multiple
				Context	System
Global configuration	•	•	•	•	—

Command History

Release	Modification
7.0(1)	This command was modified for consistency within the CLI.

Usage Guidelines

The clear configure aaa command removes the AAA command statements from the configuration. This command also resets the AAA parameters to their default values, if any.

There is no undo.

Examples

The following example clears the AAA configuration:

hostname(config)# clear configure aaa

Related Commands

Command	Description
aaa accounting	Enables, disables, or views recordkeeping of which network services a user has accessed.
aaa authentication	Enables or views LOCAL, TACACS+, or RADIUS user authentication, on a server designated by the aaa-server command, or for ASDM user authentication.
aaa authorization	Enables or disables user authorization for a LOCAL or a TACACS+ server designated by the aaa-server command, or for ASDM user authentication.
show running-config aaa	Displays the AAA configuration.

clear configure aaa-server

To remove all AAA server groups or to clear the specified group, use the clear configure aaa-server command in global configuration mode.

clear configure aaa-server [server-tag]

clear configure aaa-server [server-tag] host server-ip

Syntax Description

server-ip	The IP address of the AAA server.
server-tag	(Optional) Symbolic name of the server group to be cleared.

Defaults

Remove all AAA server groups.

Command Modes

The following table shows the modes in which you can enter the command:

Command Mode	Firewall Mode		Security Context
	Routed	Transparent	Single	Multiple
				Context	System
Global configuration	•	•	—	—	•

Command History

Release	Modification
7.0(1)	This command was introduced.

Usage Guidelines

You can specify a particular AAA server group or, by default, all AAA server groups.

Use the host keyword to specify a particular server within a server group.

This command also resets the AAA server parameters to their default values, if any.

Examples

The following example removes AAA server group svrgrp1:

hostname(config)# aaa-server svrgrp1 protocol sdi

hostname(config)# aaa-server svrgrp1 host 10.2.3.4

hostname(config-aaa-server)# timeout 9

hostname(config-aaa-server)# retry 7

hostname(config-aaa-server)# sdi-version sdi-5

hostname(config-aaa-server)# exit

Given the preceding configuration, the following example shows how to remove a specific server from a group:

hostname(config)# clear config aaa-server svrgrp1 host 1.2.3.4

The following example shows how to remove a server group:

hostname(config)# clear config aaa-server svrgrp1

The following example shows how to remove all server groups:

hostname(config)# clear config aaa-server

Related Commands

Command	Description
aaa-server host	Specifies and manages host-specific AAA server connection data.
aaa-server protocol	Allows you to configure AAA server parameters that are group-specific and common to all hosts.
show running-config aaa	Displasy the current maximum number of concurrent proxy connections allowed per user, along with other AAA configuration values.

clear configure access-group

To remove access groups from all the interfaces, use the clear configure access-group command in global configuration mode.

clear configure access-group

Syntax Description

This command has no arguments or keywords.

Defaults

No default behavior or values.

Command Modes

The following table shows the modes in which you can enter the command:

Command Mode	Firewall Mode		Security Context
	Routed	Transparent	Single	Multiple
				Context	System
Global configuration	•	•	•	•	—

Command History

Release	Modification
7.0(1)	Added the configure keyword.

Examples

The following example shows how to remove all access groups:

hostname(config)# clear configure access-group

Related Commands

Command	Description
access-group	Binds an access list to an interface.
show running-config access-group	Displays the current access group configuration.

clear configure access-list

To clear an access list from the running configuration, use the clear configure access list command in global configuration mode.

clear configure access-list [id]

Syntax Description

id	(Optional) Name or number of an access list.

Defaults

All the access lists are cleared from the running configuration.

Command Modes

The following table shows the modes in which you can enter the command:

Command Mode	Firewall Mode		Security Context
	Routed	Transparent	Single	Multiple
				Context	System
Global configuration	•	•	•	•	—

Command History

Release	Modification
7.0(1)	This command was introduced.

Usage Guidelines

The clear configure access-list command automatically unbinds an access list from a crypto map command or interface. The unbinding of an access list from a crypto map command can lead to a condition that discards all packets because the crypto map commands referencing the access list are incomplete. To correct the condition, either define other access-list commands to complete the crypto map commands or remove the crypto map commands that pertain to the access-list command. See the crypto map client command for more information.

Examples

The following example shows how to clear the access lists from the running configuration:

hostname(config)# clear configure access-list

Related Commands

Command	Description
access-list extended	Adds an access list to the configuration and configures policy for IP traffic through the firewall.
access-list standard	Adds an access list to identify the destination IP addresses of OSPF routes, which can be used in a route map for OSPF redistribution.
clear access-list	Clears access list counters.
show access-list	Displays counters for an access list.
show running-config access-list	Displays the access list configuration running on the ASA.

clear configure alias

To remove all alias commands from the configuration, use the clear configure alias command in global configuration mode.

clear configure alias

Syntax Description

This command has no arguments or keywords.

Defaults

No default behavior or values.

Command Modes

The following table shows the modes in which you can enter the command:

Command Mode	Firewall Mode		Security Context
	Routed	Transparent	Single	Multiple
				Context	System
Global configuration	•	—	•	•	•

Command History

Release	Modification
7.0(1)	This command was introduced.

Examples

The following example shows how to remove all alias commands from the configuration:

hostname(config)# clear configure alias

Related Commands

Command	Description
alias	Translates one address into another.
show running-config alias	Displays the overlapping addresses with dual NAT commands in the configuration.

clear configure arp

To clear static ARP entries added by the arp command, use the clear configure arp command in global configuration mode.

clear configure arp

Syntax Description

This command has no arguments or keywords.

Defaults

No default behavior or values.

Command Modes

The following table shows the modes in which you can enter the command:

Command Mode	Firewall Mode		Security Context
	Routed	Transparent	Single	Multiple
				Context	System
Global configuration	—	•	•	•	—

Command History

Release	Modification
7.0(1)	This command was introduced.

Examples

The following example clears static ARP entries from the configuration:

hostname(config)# clear configure arp

Related Commands

Command	Description
arp	Adds a static ARP entry.
arp-inspection	For transparent firewall mode, inspects ARP packets to prevent ARP spoofing.
firewall transparent	Sets the firewall mode to transparent.
show arp statistics	Shows ARP statistics.
show running-config arp	Shows the current configuration of the ARP timeout.

clear configure arp-inspection

To clear the ARP inspection configuration, use the clear configure arp-inspection command in global configuration mode.

clear configure arp-inspection

Syntax Description

This command has no arguments or keywords.

Defaults

No default behavior or values.

Command Modes

The following table shows the modes in which you can enter the command:

Command Mode	Firewall Mode		Security Context
	Routed	Transparent	Single	Multiple
				Context	System
Global configuration	—	•	•	•	—

Command History

Release	Modification
7.0(1)	This command was introduced.

Examples

The following example clears the ARP inspection configuration:

hostname(config)# clear configure arp-inspection

Related Commands

Command	Description
arp	Adds a static ARP entry.
arp-inspection	For transparent firewall mode, inspects ARP packets to prevent ARP spoofing.
firewall transparent	Sets the firewall mode to transparent.
show arp statistics	Shows ARP statistics.
show running-config arp	Shows the current configuration of the ARP timeout.

clear configure asdm

To remove all asdm commands from the running configuration, use the clear configure asdm command in global configuration mode.

clear configure asdm [location | group | image]

Syntax Description

group	(Optional) Clears only the asdm group commands from the running configuration.
image	(Optional) Clears only the asdm image command from the running configuration.
location	(Optional) Clears only the asdm location commands from the running configuration.

Defaults

No default behavior or values.

Command Modes

The following table shows the modes in which you can enter the command:

Command Mode	Firewall Mode		Security Context
	Routed	Transparent	Single	Multiple
				Context	System
Global configuration	•	•	•	•	•

Command History

Release	Modification
7.0(1)	This command was changed from the clear pdm command to the clear configure asdm command.

Usage Guidelines

To view the asdm commands in the running configuration, use the show running-config asdm command.

Clearing the asdm image command from the configuration disables ASDM access. Clearing the asdm location and asdm group commands from the configuration causes ASDM to regenerate those commands the next time ASDM is accessed, but may disrupt active ASDM sessions.

---

Note On ASAs running in multiple context mode, the clear configure asdm image command is only available in the system execution space, while the clear configure asdm group and clear configure asdm location commands are only available in the user contexts.

---

Examples

The following example clears the asdm group commands from the running configuration:

hostname(config)# clear configure asdm group

hostname(config)#

Related Commands

Command	Description
asdm group	Used by ASDM to associate object group names with interfaces.
asdm image	Specifies the ASDM image file.
asdm location	Used by ASDM to record IP address to interface associations.
show running-config asdm	Displays the asdm commands in the running configuration.

clear configure auth-prompt

To remove the previously specified authentication prompt challenge text and revert to the default value, if any, use the clear configure auth-prompt command in global configuration mode.

clear configure auth-prompt

Syntax Description

This command has no arguments or keywords.

Defaults

No default behavior or values.

Command Modes

The following table shows the modes in which you can enter the command:

Command Mode	Firewall Mode		Security Context
	Routed	Transparent	Single	Multiple
				Context	System
Global configuration	•	•	—	—	•

Command History

Release	Modification
7.0(1)	This command was modified to conform with CLI standards.

Usage Guidelines

After you clear the authentication prompt, the prompt users see when they log in depends on the protocol they use:

•Users who log in using HTTP see hostname(config)# .

•Users who log in using FTP seehostname(config)# .

•Users who log in using Telnet see no prompt.

Examples

The following example shows how to clear the auth-prompt:

hostname(config)# clear configure auth-prompt

Related Commands

auth-prompt	Sets the user authorization prompts.
show running-config auth-prompt	Displays the user authorization prompts.

clear configure banner

To remove all the banners, use the clear configure banner command in global configuration mode.

clear configure banner

Syntax Description

This command has no arguments or keywords.

Defaults

No default behavior or values.

Command Modes

The following table shows the modes in which you can enter the command:

Command Mode	Firewall Mode		Security Context
	Routed	Transparent	Single	Multiple
				Context	System
Global configuration	•	•	•	•	•

Command History

Release	Modification
7.0(1)	This command was introduced.

Examples

The following example shows how to clear banners:

hostname(config)# clear configure banner

Related Commands

Command	Description
banner	Configures the session, login, or message-of-the-day banner.
show running-config banner	Displays all banners.

clear configure boot

To restore the default boot file and configuration file that the system uses at startup, use the clear configure boot command in global configuration mode.

clear configure boot

Syntax Description

This command has no arguments or keywords.

Defaults

No default behavior or values.

Command Modes

The following table shows the modes in which you can enter the command:

Command Mode	Firewall Mode		Security Context
	Routed	Transparent	Single	Multiple
				Context	System
Global configuration	•	•	•	•	•

Command History

Release	Modification
7.0(1)	This command was introduced.

Examples

This example shows how to restore the default configuration file:

hostname(config)# clear configure boot

Related Commands

Command	Description
boot	Configures the session, login, or message-of-the-day banner.
show bootvar	Displays boot file and configuration environment variables.

clear configure ca certificate map

To remove all certificate map entries or to remove a specified certificate map entry, use the clear configure ca configurate map command in global configuration mode.

clear configure ca certificate map [sequence-number]

Syntax Description

sequence-number

(Optional) Specifies a number for the certificate map rule that you are removing. The range is 1 through 65535.

Defaults

No default behavior or values.

Command Modes

The following table shows the modes in which you can enter the command

Command Mode	Firewall Mode		Security Context
	Routed	Transparent	Single	Multiple
				Context	System
Global configuration	•	•	•	•

:

Command History

Release	Modification
7.0(1)	This command was introduced.

Examples

The following example removes all certificate map entries.

hostname(config)# clear configure ca certificate map

hostname(config)#

Related Commands

Command	Description
crypto ca certificate map	Enters ca certificate map configuration mode.

+

clear configure class

To clear the resource class configuration, use the clear configure class command in global configuration mode.

clear configure class

Syntax Description

This command has no arguments or keywords.

Defaults

No default behavior or values.

Command Modes

The following table shows the modes in which you can enter the command:

Command Mode	Firewall Mode		Security Context
	Routed	Transparent	Single	Multiple
				Context	System
Global configuration	•	•	—	—	•

Command History

Release	Modification
7.2(1)	This command was introduced.

Examples

The following example clears the class configuration:

hostname(config)# clear configure class

Related Commands

Command	Description
class	Configures a resource class.
context	Configures a security context.
limit-resource	Sets the resource limit for a class.
member	Assigns a context to a resource class.
show class	Shows the contexts assigned to a class.

clear configure class-map

To remove all class maps, use the clear configure class-map command in global configuration mode.

clear configure class-map [type {management | regex | inspect [protocol]}

Syntax Description

inspect	(Optional) Clears inspection class maps.
management	(Optional) Clears management class maps.
protocol	(Optional) Specifies the type of application map you want to clear. Available types include: •dns •ftp •h323 •http •im •p2p-donkey •sip
regex	(Optional) Clears regular expression class maps.
type	(Optional) Specifies the type of class map you want to clear. To clear Layer 3/4 class maps, do not specify the type.

Defaults

No default behavior or values.

Command Modes

The following table shows the modes in which you can enter the command:

Command Mode	Firewall Mode		Security Context
	Routed	Transparent	Single	Multiple
				Context	System
Global configuration	•	•	•	•	—

Command History

Release	Modification
7.0(1)	This command was introduced.

Usage Guidelines

To clear the class map for a specific class map name, use the no form of the class-map command.

Examples

The following example shows how to clear all configured class maps:

hostname(config)# clear configure class-map

Related Commands

Command	Description
class-map	Applies a traffic class to an interface.
show running-config class-map	Displays the information about the class map configuration.

clear configure client-update

To remove from the configuration the ability to force a client update, use the clear configure client-update command in global configuration mode or tunnel-group ipsec-attributes configuration mode.

clear configure client-update

Defaults

No default behavior or values.

Command Modes

The following table shows the modes in which you can enter the command:

Command Mode	Firewall Mode		Security Context
	Routed	Transparent	Single	Multiple
				Context	System
Global configuration	•	—	•	•	—
Tunnel-group ipsec-attributes configuration	•	—	•	•	—

Command History

Release	Modification
7.0(1)	This command was introduced.
7.1(1)	Added tunnel-group ipsec-attributes configuration mode.
9.0(1)	Support for multiple context mode was added.

Examples

The following example entered in global configuration mode, removes the client-update capability from the configuration:

hostname(config)# clear configure client-update

hostname(config)# 

The following example entered in tunnel-group ipsec-attributes configuration mode, removes the client-update capability from the configuration of the tunnel group named test:

hostname(config)# tunnel-group test ipsec-attributes

hostname(config-tunnel-ipsec)# clear configure client-update

hostname(config-tunnel-ipsec)# 

Related Commands

Command	Description
client-update	Configures client update.
show running-config client-update	Shows the current client-update configuration.

clear configure clock

To clear the clock configuration, use the clear configure clock command in global configuration mode.

clear configure clock

Syntax Description

This command has no arguments or keywords.

Defaults

No default behavior or values.

Command Modes

The following table shows the modes in which you can enter the command:

Command Mode	Firewall Mode		Security Context
	Routed	Transparent	Single	Multiple
				Context	System
Global configuration	•	•	•	—	•

Command History

Release	Modification
7.0(1)	This command was changed from clear clock.

Usage Guidelines

This command clears all clock configuration commands. The clock set command is not a configuration command, so this command does not reset the clock. To reset the clock, you need to set a new time for the clock set command.

Examples

The following example clears all clock commands:

hostname# clear configure clock

Related Commands

Command	Description
clock set	Manually sets the time.
clock summer-time	Sets the date range to show daylight saving time.
clock timezone	Sets the time zone.

clear configure cluster

To clear the cluster configuration, and leave the cluster, use the clear configure cluster command in global configuration mod.

clear configure cluster

Syntax Description

This command has no arguments or keywords.

Command Default

No default behavior or values.

Command Modes

The following table shows the modes in which you can enter the command:

Command Mode	Firewall Mode		Security Context
	Routed	Transparent	Single	Multiple
				Context	System
Global configuration	•	•	•	—	•

Command History

Release	Modification
9.0(1)	We introduced this command.

Usage Guidelines

If you want to leave a cluster (clustering was enabled on this unit), in practice, you need to clear or replace your entire configuration, not just remove the cluster configuration. If you do not clear your configuration, you will have overlapping interface configurations with existing cluster members.

You cannot make configuration changes while clustering is enabled on a slave unit. First disable clustering by entering no enable in cluster group configuration mode.

You must use the console port or ASDM to enable or disable clustering. You cannot use Telnet or SSH.

Examples

The following example removes the cluster configuration:

hostname(config)# clear configuration cluster

Related Commands

Command	Description
cluster group	Enters cluster configuration mode.
show running-config cluster	Shows the cluster configuration.

clear configure command-alias

To remove all non-default command aliases, use the clear configure command-alias command in global configuration mode.

clear configure command-alias

Syntax Description

This command has no arguments or keywords.

Defaults

No default behavior or values.

Command Modes

The following table shows the modes in which you can enter the command:

Command Mode	Firewall Mode		Security Context
	Routed	Transparent	Single	Multiple
				Context	System
Global configuration	•	•	•	•	•

Command History

Release	Modification
7.0(1)	This command was introduced.

Examples

The following example shows how to remove all non-default command aliases:

hostname(config)# clear configure command-alias

Related Commands

Command	Description
command-alias	Creates a command alias.
show running-config command-alias	Displays all nondefault command aliases.

clear configure compression

To reset the global compression configuration to the default (all compression techniques enabled), use the clear configure compression command in global configuration mode.

clear configure compression

Syntax Description

This command has no arguments or keywords.

Command Modes

The following table shows the modes in which you can enter the command:

Command Mode	Firewall Mode		Security Context
	Routed	Transparent	Single	Multiple
				Context	System
Global configuration	•	—	•		—

Command History

Release	Modification
7.1(1)	This command was introduced.

Examples

The following example clear the compression configuration:

hostname(config)# clear configure compression

Related Commands

Command	Description
compression	Enables compression for all SVC, WebVPN, and port forwarding connections.
svc compression	Enables compression of HTTP data over an SVC connection for a specific group or user.

clear configure console

To reset the console connection settings to defaults, use the clear configure console command in global configuration mode.

clear configure console

Syntax Description

This command has no arguments or keywords.

Defaults

No default behavior or values.

Command Modes

The following table shows the modes in which you can enter the command:

Command Mode	Firewall Mode		Security Context
	Routed	Transparent	Single	Multiple
				Context	System
Global configuration	•	•	•	•	•

Command History

Release	Modification
7.0(1)	This command was introduced.

Examples

The following example shows how to reset the console connection settings to defaults:

hostname(config)# clear configure console

Related Commands

Command	Description
console timeout	Sets the idle timeout for a console connection to the ASA.
show running-config console timeout	Displays the idle timeout for a console connection to the ASA.

clear configure context

To clear all context configurations in the system configuration, use the clear configure context command in global configuration mode.

clear configure context [noconfirm]

Syntax Description

noconfirm

(Optional) Removes all contexts without prompting you for confirmation. This option is useful for automated scripts.

Defaults

No default behavior or values.

Command Modes

The following table shows the modes in which you can enter the command:

Command Mode	Firewall Mode		Security Context
	Routed	Transparent	Single	Multiple
				Context	System
Global configuration	•	•	—	—	•

Command History

Release	Modification
7.0(1)	This command was introduced.

Usage Guidelines

This command lets you remove all contexts, including the admin context. The admin context cannot be removed using the no context command, but can be removed using the clear configure context command.

Examples

The following example removes all contexts from the system configuration, and does not confirm the deletion:

hostname(config)# clear configure context noconfirm

Related Commands

Command	Description
admin-context	Sets the admin context.
changeto	Changes between contexts or the system execution space.
context	Creates a security context in the system configuration and enters context configuration mode.
mode	Sets the context mode to single or multiple.
show context	Shows a list of contexts (system execution space) or information about the current context.

clear configure coredump

To remove the coredump filesystem and its contents from your system, enter the clear configure coredump command in global configuration mode.

clear configure coredump

Syntax Description

This command has no arguments or keywords.

Defaults

By default, coredumps are not enabled.

Command Modes

The following table shows the modes in which you can enter the command:

Command Mode	Firewall Mode		Security Context
	Routed	Transparent	Single	Multiple
				Context	System
Global configuration	•	•	•	•

Command History

Release	Modification
8.2(1)	This command was introduced.

Usage Guidelines

This command removes the coredump file system and its contents from your system. It also clears the coredump log. This command disables coredump and changes the configuration. You must save the configuration after performing this operation. Archive any coredump files that you have collected on your ASA that you would like to analyze, before issuing this command.

This command specifically deletes the following from the configured coredump media (disk0:, disk1:, flash:)

•contents of the coredumpfsys directory

•coredumpfsys directory

•coredumpfsysimage.bin file

•coredump.log file from the coredumpinfo directory

Examples

The following example removes the coredump file system and its contents from the system:

hostname(config)# clear configure coredump

Related Commands

Command	Description
coredump enable	Enables the coredump feature.
clear coredump	Removes any coredumps currently stored on the coredump file system and clears the coredump log. Does not touch the coredump file system itself and does not change or affect the coredump configuration.
show coredump filesystem	Displays files on the coredump file system, and indicates how full it might be.
show coredump log	Shows the coredump log.

clear configure crypto

To remove the entire crypto configuration, including IPsec, crypto maps, dynamic crypto maps, CA trustpoints, all certificates, certificate map configurations, and ISAKMP, use the clear configure crypto command in global configuration mode. To remove specific configurations, use this command with keywords as shown in the syntax. Take caution when using this command.

clear configure crypto [ca | dynamic-map | engine | ikev1 | ikev2 | ipsec-client | iskmp | map]

Syntax Description

ca	Removes certification authority policy.
dynamic-map	Removes dynamic crypto map configuration.
engine	Removes crypto engine configuration.
ikev1	Removes the IPsec IKEv1 configuration.
ikev2	Removes the IPsec IKEv2 configuration.
ipsec-client	Removes IPsec configuration.
isakmp	Removes ISAKMP configuration.
map	Removes crypto map configuration.

Defaults

No default behavior or values.

Command Modes

The following table shows the modes in which you can enter the command:

Command Mode	Firewall Mode		Security Context
	Routed	Transparent	Single	Multiple
				Context	System
Global configuration	•	—	•	•	—

Command History

Release	Modification
7.0(1)	This command was introduced.
8.4(1)	The ikev1 and ikev2 keywords were added.
9.0(1)	Support for multiple context mode was added.

Examples

The following example issued in global configuration mode, removes all of the crypto configuration from the ASA:

hostname(config)# clear configure crypto

hostname(config)# 

Related Commands

Command	Description
clear configure crypto dynamic-map	Clears all or specified crypto dynamic maps from the configuration.
clear configure crypto map	Clears all or specified crypto maps from the configuration.
clear configure isakmp policy	Clears all ISAKMP policy configuration.
show running-config crypto	Displays the entire crypto configuration, including IPsec, crypto maps, dynamic crypto maps, and ISAKMP.

clear configure crypto ca trustpoint

To remove all trustpoints from the configuration, use the clear configure crypto ca trustpoint command in global configuration mode.

clear configure crypto ca trustpoint

Syntax Description

This command has no arguments or keywords.

Defaults

No default behavior or values.

Command Modes

The following table shows the modes in which you can enter the command:

Command Mode	Firewall Mode		Security Context
	Routed	Transparent	Single	Multiple
				Context	System
Global configuration	•	—	•	—	—

Command History

Release	Modification
7.0(1)	This command was introduced.

Examples

The following example entered in global configuration mode, removes all trustpoints from the configuration:

hostname(config)# clear configure crypto ca trustpoint

hostname(config)# 

Related Commands

Command	Description
crypto ca trustpoint	Enters the trustpoint configuration level for the indicated trustpoint.

clear configure crypto ca trustpool

To reset the trustpool policy to its default values, use the clear configure crypto ca trustpool command in global configuration mode.

clear configure crypto ca trustpool

Syntax Description

This command has no arguments or keywords.

Defaults

No default behavior or values.

Command Modes

The following table shows the modes in which you can enter the command:

Command Mode	Firewall Mode		Security Context
	Routed	Transparent	Single	Multiple
				Context	System
Global configuration	•	—	•	—	—

Command History

Release	Modification
9.0(1)	This command was introduced.

Usage Guidelines

The trustpool is returned to its default policy values, but the certificate content of the trustpool is not changed.

clear configure crypto dynamic-map

To remove all or specified crypto dynamic maps from the configuration, use the clear configure crypto dynamic-map command in global configuration.

clear configure crypto dynamic-map dynamic-map-name dynamic-seq-num

Syntax Description

dynamic-map-name	Specifies the name of a specific crypto dynamic map.
dynamic-seq-num	Specifies the sequence number of the crypto dynamic map.

Defaults

No default behavior or values.

Command Modes

The following table shows the modes in which you can enter the command:

Command Mode	Firewall Mode		Security Context
	Routed	Transparent	Single	Multiple
				Context	System
Global configuration	•	—	•	•	—

Command History

Release	Modification
7.0(1)	This command was introduced.
9.0(1)	Support for multiple context mode was added.

Examples

The following example entered in global configuration mode, removes the crypto dynamic map mymaps with sequence number 3 from the configuration:

hostname(config)# clear configure crypto dynamic-map mymaps 3

hostname(config)# 

Related Commands

Command	Description
clear configure crypto map	Clears the configuration of all or specified crypto maps.
show running-config crypto dynamic-map	Displays all the active configuration for all dynamic crypto maps.
show running-config crypto map	Displays all the active configuration for all crypto maps.

clear configure crypto engine

To switch large modulus operations from hardware to software, use the clear configure crypto engine command in global configuration mode.

clear configure crypto engine

Syntax Description

This command has no arguments or keywords.

Defaults

By default, the ASA performs large modulus operations in the software.

Command Modes

The following table shows the modes in which you can enter the command:

Command Mode	Firewall Mode		Security Context
	Routed	Transparent	Single	Multiple
				Context	System
Global configuration	•	•	•	•	—

Command History

Release	Modification
8.2(3)	This command was introduced.
9.0(1)	Support for multiple context mode was added.

Usage Guidelines

This command is available only with ASA models 5510, 5520, 5540, and 5550. It switches large modulus operations to software and removes the crypto engine large-mod-accel command from the running configuration.

This command is equivalent to the no crypto engine large-mod-accel command. It applies only if the configuration contains a crypto engine large-mod-accel command. To determine whether the configuration contains this command, enter the show running-config crypto engine command.

We recommend that you use the clear configure crypto engine command during a low-use or maintenance period to minimize a temporary packet loss that can occur during the transition of processing from hardware to software.

Examples

The following example removes the crypto engine large-mod-accel command from the running configuration and switches large modulus operations from hardware to sofware:

hostname(config)# clear configure crypto engine

Related Commands

Command	Description
show running-config crypto engine	Shows if large modulus operations have been switched to hardware.
crypto engine large-mod-accel	Switches large modulus operations from software to hardware.

clear configure crypto ikev1

To remove all of the IKEv1 configuration, use the clear configure crypto ikev1 command in global configuration mode.

clear configure crypto ikev1 policy priority

Syntax Description

priority

Specifies the priority number of the IKEv1 policy to clear.

Defaults

No default behavior or values.

Command Modes

The following table shows the modes in which you can enter the command:

Command Mode	Firewall Mode		Security Context
	Routed	Transparent	Single	Multiple
				Context	System
Global configuration	•	—	•	•	—

Command History

Release	Modification
8.4(1)	This command was introduced.
9.0(1)	Support for multiple context mode was added.

Examples

The following command, issued in global configuration mode, removes all of the IKEv1 configuration for priority 1 from the ASA:

hostname(config)# clear configure crypto ikev1 policy priority 1

hostname(config)# 

Related Commands

Command	Description
clear configure crypto isakmp policy	Clears all ISAKMP policy configuration.
crypto isakmp enable	Enables ISAKMP negotiation on the interface on which the IPsec peer communicates with the ASA.
show crypto isakmp stats	Displays runtime statistics.
show crypto isakmp sa	Displays IKE runtime SA database with additional information.
show running-config crypto isakmp	Displays all the active configuration.

clear configure crypto ikev2

To remove all of the IKEv2 configuration, use the clear configure crypto ikev2 command in global configuration mode.

clear configure crypto ikev2 policy priority

Syntax Description

priority

Specifies the IKEv2 priority to clear.

Defaults

No default behavior or values.

Command Modes

The following table shows the modes in which you can enter the command:

Command Mode	Firewall Mode		Security Context
	Routed	Transparent	Single	Multiple
				Context	System
Global configuration	•	—	•	•	—

Command History

Release	Modification
8.4(1)	This command was introduced.
9.0(1)	Support for multiple context mode was added.

Examples

The following command, issued in global configuration mode, removes all of the IKEv2 policy configuration for priority 1 from the ASA:

hostname(config)# clear configure crypto ikev2 policy priority 1

hostname(config)# 

Related Commands

Command	Description
clear configure crypto isakmp policy	Clears all ISAKMP policy configuration.
crypto isakmp enable	Enables ISAKMP negotiation on the interface on which the IPsec peer communicates with the ASA.
show crypto isakmp stats	Displays runtime statistics.
show crypto isakmp sa	Displays IKE runtime SA database with additional information.
show running-config crypto isakmp	Displays all the active configuration.

clear configure crypto ipsec

To remove all of the IPsec configuration, use the clear configure crypto isakmp command in global configuration mode.

clear configure crypto ipsec ikev1 transform-set transform

Syntax Description

ikev1	Specifies you are clearing IKEv1 configuration.
transform-set	Specifies you are clearing a transform set configured for IKEv1.
transform	Specifies the transform to clear.

Defaults

No default behavior or values.

Command Modes

The following table shows the modes in which you can enter the command:

Command Mode	Firewall Mode		Security Context
	Routed	Transparent	Single	Multiple
				Context	System
Global configuration	•	—	•	•	—

Command History

Release	Modification
7.0(1)	The command was introduced.
8.4(1)	The ikev1 keyword was introduced.
9.0(1)	Support for multiple context mode was added.

Examples

The following command, issued in global configuration mode, removes the IKEv1 transform secure_VPN from the ASA:

hostname(config)# clear configure crypto ipsec ikev1 transform-set secure_VPN

hostname(config)# 

Related Commands

Command	Description
crypto isakmp enable	Enables ISAKMP negotiation on the interface on which the IPsec peer communicates with the ASA.
show crypto isakmp stats	Displays runtime statistics.
show crypto isakmp sa	Displays IKE runtime SA database with additional information.
show running-config crypto isakmp	Displays all the active configuration.

clear configure crypto isakmp

To remove all of the ISAKMP configuration, use the clear configure crypto isakmp command in global configuration mode.

clear configure crypto isakmp

Syntax Description

This command has no arguments or keywords.

Defaults

No default behavior or values.

Command Modes

The following table shows the modes in which you can enter the command:

Command Mode	Firewall Mode		Security Context
	Routed	Transparent	Single	Multiple
				Context	System
Global configuration	•	—	•	•	—

Command History

Release	Modification
7.0(1)	The clear configure isakmp command was introduced.
7.2(1)	The clear configure isakmp command was deprecated. The clear configure crypto isakmp command replaced it.
9.0(1)	Support for multiple context mode was added.

Examples

The following command, issued in global configuration mode, removes all of the ISAKMP configuration from the ASA:

hostname(config)# clear configure crypto isakmp

hostname(config)# 

Related Commands

Command	Description
crypto isakmp enable	Enables ISAKMP negotiation on the interface on which the IPsec peer communicates with the ASA.
show crypto isakmp stats	Displays runtime statistics.
show crypto isakmp sa	Displays IKE runtime SA database with additional information.
show running-config crypto isakmp	Displays all the active configuration.

clear configure crypto map

To remove all or specified crypto maps from the configuration, use the clear configure crypto map command in global configuration.

clear configure crypto map map-name seq-num

Syntax Description

map-name	Specifies the name of a specific crypto map.
seq-num	Specifies the sequence number of the crypto map.

Defaults

No default behavior or values.

Command Modes

The following table shows the modes in which you can enter the command:

Command Mode	Firewall Mode		Security Context
	Routed	Transparent	Single	Multiple
				Context	System
Global configuration	•	—	•	•	—

Command History

Release	Modification
7.0(1)	This command was introduced.
9.0(1)	Support for multiple context mode was added.

Examples

The following example entered in global configuration mode, removes the crypto map mymaps with sequence number 3 from the configuration:

hostname(config)# clear configure crypto map mymaps 3

hostname(config)# 

Related Commands

Command	Description
clear configure crypto dynamic-map	Clears the configuration of all or specified crypto dynamic maps.
crypto map interface	Applies a crypto map to an interface.
show running-config crypto map	Displays the active configuration for all crypto maps.
show running-config crypto dynamic-map	Displays the active configuration for all dynamic crypto maps.

clear configure ctl-file

To clear configured CTL file instances, use the clear configure ctl-file command in global configuration mode.

clear configure ctl [ctl_name]

Syntax Description 

ctl_name

(Optional) Specifies the name of the CTL instance.

Command Default

No default behavior or values.

Command Modes

The following table shows the modes in which you can enter the command:

Command Mode	Firewall Mode		Security Context
	Routed	Transparent	Single	Multiple
				Context	System
Global configuration	•	—	•	—	—

Command History 

Release	Modification
8.0(4)	The command was introduced.

Examples

The following example shows the use of the clear configure ctl-file command to clear configured CTL file instances:

hostname# clear configure ctl asa_phone_proxy asa_ctl

Related Commands 

Command	Description
ctl-file (global)	Specifies the CTL file to create for phone proxy configuration or the CTL file to parse from flash memory.
ctl-file (phone-proxy)	Specifies the CTL file to use for phone proxy configuration.
phone-proxy	Configures the phone proxy instance.

clear configure ctl-provider

To remove all configured Certificate Trust List (CTL) provider instances, use the clear configure ctl-provider command in global configuration mode.

clear configure ctl-provider

Syntax Description

This command has no arguments or keywords.

Defaults

No default behavior or values.

Command Modes

The following table shows the modes in which you can enter the command:

Command Mode	Firewall Mode		Security Context
	Routed	Transparent	Single	Multiple
				Context	System
Global configuration	•	•	•	•	—

Command History

Release	Modification
8.0(2)	This command was introduced.

Examples

The following example removes all configured Certificate Trust List (CTL) provider instances:

hostname# clear configure ctl-provider

Related Commands

Command	Description
ctl	Parses the CTL file from the CTL client and installs trustpoints.
ctl-provider	Configures a CTL provider instance in CTL provider mode.
export	Specifies the certificate to be exported to the client.
service	Specifies the port to which the CTL provider listens.

clear configure cts

To clear the configuration for integrating the ASA with Cisco TrustSec, use the clear configure cts command in global configuration mode. The command removes the cts command statements from the ASA configuration.

clear configure cts

Syntax Description

This command has no arguments or keywords.

Defaults

No default behavior or values.

Command Modes

The following table shows the modes in which you can enter the command:

Command Mode	Firewall Mode		Security Context
	Routed	Transparent	Single	Multiple
				Context	System
Global configuration	•	•	•	•	—

Command History

Release	Modification
9.0(1)	This command was introduced.

Usage Guidelines

There is no undo.

Examples

The following example shows how to clear the configuration to integrate the ASA with Cisco TrustSec:

hostname(config)# clear configure cts

Related Commands

Command	Description
clear configure all	Clears the entire running configuration on the ASA.
clear cts	Clears data used by the ASA when integrated with Cisco TrustSec.
cts sxp enable	Enables the SXP protocol on the ASA.

clear configure ddns

To clear all DDNS commands, use the clear configure ddns command in global configuration mode.

clear configure ddns

Syntax Description

This command has no arguments or keywords.

Defaults

No default behavior or values.

Command Modes

The following table shows the modes in which you can enter the command:

Command Mode	Firewall Mode		Security Context
	Routed	Transparent	Single	Multiple
				Context	System
Global configuration	•	—	•	•	—

Command History

Release	Modification
7.2(1)	This command was introduced.

Examples

The following example clears all DDNS commands:

hostname(config)# clear configure ddns

Related Commands

Command	Description
ddns (DDNS-update- method mode)	Specifies a DDNS update method type for a created DDNS method.
ddns update (interface config mode)	Associates a ASA interface with a DDNS update method or a DDNS update hostname.
ddns update method (global config mode)	Creates a method for dynamically updating DNS resource records.
show ddns update interface	Displays the interfaces associated with each configured DDNS method.
show ddns update method	Displays the type and interval for each configured DDNS method.
show running-config ddns	Displays the type and interval of all configured DDNS methods in the running configuration.

clear configure dhcpd

To clear all of the DHCP server commands, binding, and statistics, use the clear configure dhcpd command in global configuration mode.

clear configure dhcpd

Syntax Description

This command has no arguments or keywords.

Defaults

No default behavior or values.

Command Modes

The following table shows the modes in which you can enter the command:

Command Mode	Firewall Mode		Security Context
	Routed	Transparent	Single	Multiple
				Context	System
Global configuration	•	•	•	•	—

Command History

Release	Modification
7.0(1)	This command was changed from clear dhcpd to clear configure dhcpd.

Usage Guidelines

The clear configure dhcpd command clears all of the dhcpd commands, bindings, and statistical information. To clear only the statistical counters or binding information, use the clear dhcpd command.

Examples

The following example shows how to clear all dhcpd commands:

hostname(config)# clear configure dhcpd

Related Commands

Command	Description
clear dhcpd	Clears the DHCP server bindings and statistical counters.
show running-config dhcpd	Displays the current DHCP server configuration.

clear configure dhcprelay

To clear the entire DHCP relay configuration, use the clear configure dhcprelay command in global configuration mode.

clear configure dhcprelay [global | interface [ifc]]

Syntax Description

global	Clears the global DHCP relay agent configuration.
ifc	Clears the DHCP relay configuration on a specified interface.
interface	Clears the DHCP relay agent configuration on all interfaces.

Defaults

No default behavior or values.

Command Modes

The following table shows the modes in which you can enter the command:

Command Mode	Firewall Mode		Security Context
	Routed	Transparent	Single	Multiple
				Context	System
Global configuration	•	—	•	•	—

Command History

Release	Modification
7.0(1)	This command was changed from clear dhcprelay to clear configure dhcprelay.
9.1(2)	The global, interface, and ifc options were added.

Usage Guidelines

The clear configure dhcprelay command clears the DHCP relay configuration. To clear only the DHCP statistical counters, use the clear dhcprelay statistics command.

The vlan option for Catalyst 6500 VLANs is available when you clear the DHCP relay configuration on a per-interface basis. You can clear the DHCP relay configuration on a per-interface basis by including the interface name (ifc option).

Examples

The following example shows how to clear the DHCP relay configuration:

hostname(config)# clear configure dhcprelay

The following example shows how to clear the global DHCP relay configuration:

hostname(config)# clear configure dhcprelay global

The following example shows how to clear the DHCP relay configuration on a per-interface basis:

hostname(config)# clear configure dhcprelay interface

Related Commands

Command	Description
clear dhcprelay statistics	Clears the DHCP relay agent statistic counters.
debug dhcprelay	Displays debugging information for the DHCP relay agent.
show dhcprelay statistics	Displays DHCP relay agent statistics.
show running-config dhcprelay	Displays the current DHCP relay agent configuration.

clear configure dns

To clear all DNS commands, use the clear configure dns command in global configuration mode.

clear configure dns

Syntax Description

This command has no arguments or keywords.

Defaults

No default behavior or values.

Command Modes

The following table shows the modes in which you can enter the command:

Command Mode	Firewall Mode		Security Context
	Routed	Transparent	Single	Multiple
				Context	System
Global configuration	•	•	•	•	—

Command History

Release	Modification
7.0(1)	This command was introduced.

Examples

The following example clears all DNS commands:

hostname(config)# clear configure dns

Related Commands

Command	Description
dns domain-lookup	Enables the ASA to perform a name lookup.
dns name-server	Configures a DNS server address.
dns retries	Specifies the number of times to retry the list of DNS servers when the ASA does not receive a response.
dns timeout	Specifies the amount of time to wait before trying the next DNS server.
show dns-hosts	Shows the DNS cache.

clear configure dynamic-access-policy-config

To clear the DAP configuration, use the clear configure dynamic-access-policy-config command in dynamic-access-policy-record configuration mode.

clear config dynamic-access-policy-config name

Syntax Description

name	A string that specifies the name of the DAP configuration file.

Defaults

No default behavior or values.

Command Modes

The following table shows the modes in which you can enter the command:

Command Mode	Firewall Mode		Security Context
	Routed	Transparent	Single	Multiple
				Context	System
Dynamic-access-policy-record configuration	•	•	•	—	—

Command History

Release	Modification
8.0(2)	This command was introduced.

Examples

The following example shows how to set a priority of 15 for the DAP record called Finance.

hostname (config) config-dynamic-access-policy-record Finance

hostname(config-dynamic-access-policy-record)# priority 15

hostname(config-dynamic-access-policy-record)# 

Related Commands

Command	Description
dynamic-access-policy-record	Creates a DAP record.
show running-config dynamic-access-policy-record [name]	Displays the running configuration for all DAP records, or for the named DAP record.

clear config dynamic-access-policy-record

To clear a DAP record, use the clear config dynamic-access-policy-record command in global configuration mode with the name of the record. To clear all DAP records, use the no form of this command.

clear config dynamic-access-policy-record name

Syntax Description

name	Specifies the name of the DAP record. The name can be up to 64 characters long and cannot contain spaces.

Defaults

No default behavior or values.

Command Modes

The following table shows the modes in which you can enter the command:

Command Mode	Firewall Mode		Security Context
	Routed	Transparent	Single	Multiple
				Context	System
Global configuration	•	•	•	•	—

Command History

Release	Modification
8.0(2)	This command was introduced.
9.0(1)	Support for multiple context mode was added.

Examples

The following example shows how to clear a DAP record named Finance.

hostname(config)# clear configure dynamic-access-policy-record Finance

hostname(config-dynamic-access-policy-record)# 

Related Commands

Command	Description
dynamic-access-policy-record [name]	Creates a named DAP record.
dynamic-access-policy-config url	Configures the DAP selection configuration file.
show running-config dynamic-access-policy-record [name]	Displays the running configuration for all DAP records, or for the named DAP record.

clear configure dynamic-filter

To remove the all dynamic-filter commands, use the clear configure dynamic-filter command in global configuration mode.

clear configure dynamic-filter

Syntax Description

This command has no arguments or keywords.

Command Default

No default behavior or values.

Command Modes

The following table shows the modes in which you can enter the command:

Command Mode	Firewall Mode		Security Context
	Routed	Transparent	Single	Multiple
				Context	System
Global configuration	•	•	•	•	•

Command History

Release	Modification
8.2(1)	This command was introduced.

Examples

The following example clears the dynamic-filter configuration:

hostname(config)# clear configure dynamic-filter

Related Commands

Command	Description
address	Adds an IP address to the blacklist or whitelist.
clear dynamic-filter dns-snoop	Clears Botnet Traffic Filter DNS snooping data.
clear dynamic-filter reports	Clears Botnet Traffic filter report data.
clear dynamic-filter statistics	Clears Botnet Traffic filter statistics.
dns domain-lookup	Enables the ASA to send DNS requests to a DNS server to perform a name lookup for supported commands.
dns server-group	Identifies a DNS server for the ASA.
dynamic-filter ambiguous-is-black	Treats greylisted traffic as blacklisted traffic for action purposes.
dynamic-filter blacklist	Edits the Botnet Traffic Filter blacklist.
dynamic-filter database fetch	Manually retrieves the Botnet Traffic Filter dynamic database.
dynamic-filter database find	Searches the dynamic database for a domain name or IP address.
dynamic-filter database purge	Manually deletes the Botnet Traffic Filter dynamic database.
dynamic-filter drop blacklist	Automatically drops blacklisted traffic.
dynamic-filter enable	Enables the Botnet Traffic Filter for a class of traffic or for all traffic if you do not specify an access list.
dynamic-filter updater-client enable	Enables downloading of the dynamic database.
dynamic-filter use-database	Enables use of the dynamic database.
dynamic-filter whitelist	Edits the Botnet Traffic Filter whitelist.
inspect dns dynamic-filter-snoop	Enables DNS inspection with Botnet Traffic Filter snooping.
name	Adds a name to the blacklist or whitelist.
show asp table dynamic-filter	Shows the Botnet Traffic Filter rules that are installed in the accelerated security path.
show dynamic-filter data	Shows information about the dynamic database, including when the dynamic database was last downloaded, the version of the database, how many entries the database contains, and 10 sample entries.
show dynamic-filter dns-snoop	Shows the Botnet Traffic Filter DNS snooping summary, or with the detail keyword, the actual IP addresses and names.
show dynamic-filter reports	Generates reports of the top 10 botnet sites, ports, and infected hosts.
show dynamic-filter statistics	Shows how many connections were monitored with the Botnet Traffic Filter, and how many of those connections match the whitelist, blacklist, and greylist.
show dynamic-filter updater-client	Shows information about the updater server, including the server IP address, the next time the ASA will connect with the server, and the database version last installed.
show running-config dynamic-filter	Shows the Botnet Traffic Filter running configuration.

clear configure established

To remove all established commands, use the clear configure established command in global configuration mode.

clear configure established

Syntax Description

This command has no arguments or keywords.

Defaults

No default behavior or values.

Command Modes

The following table shows the modes in which you can enter the command:

Command Mode	Firewall Mode		Security Context
	Routed	Transparent	Single	Multiple
				Context	System
Global configuration	•	•	•	•	•

Command History

Release	Modification
7.0(1)	The configure keyword was added.

Usage Guidelines

To remove an established connection created by the established command, enter the clear xlate command.

Examples

This example shows how to remove established commands:

hostname(config)# clear configure established

Related Commands

Command	Description
established	Permits return connections on ports that are based on an established connection.
show running-config established	Displays the allowed inbound connections that are based on established connections.
clear xlate	Clears the current translation and connection slot information.

clear configure failover

To remove failover commands from the configuration and restore the defaults, use the clear configure failover command in global configuration mode.

clear configure failover

Syntax Description

This command has no arguments or keywords.

Defaults

No default behavior or values.

Command Modes

The following table shows the modes in which you can enter the command:

Command Mode	Firewall Mode		Security Context
	Routed	Transparent	Single	Multiple
				Context	System
Global configuration	•	•	•	•	•

Command History

Release	Modification
7.0(1)	This command was changed from clear failover to clear configure failover.

Usage Guidelines

This command clears all failover commands from the running configuration and restores the defaults. If you use the all keyword with the show running-config failover command, you will see the default failover configuration.

The clear configure failover command is not available in a security context in multiple context mode; you must enter the command in the system execution space.

Examples

The following example clears all failover commands from the configuration:

hostname(config)# clear configure failover

hostname(config)# show running-configuration failover

no failover

Related Commands

Command	Description
show running-config failover	Displays the failover commands in the running configuration.

clear configure filter

To clear the URL, FTP, and HTTPS filtering configuration, use the clear configure filter command in global configuration mode.

clear configure filter

Defaults

No default behavior or values.

Command Modes

The following table shows the modes in which you can enter the command:

Command Mode	Firewall Mode		Security Context
	Routed	Transparent	Single	Multiple
				Context	System
Global configuration	•	•	•	•	•

Command History

Release	Modification
7.0(1)	This command was introduced.

Usage Guidelines

The clear configure filter command clears the URL, FTP, and HTTPS filtering configuration.

Examples

The following example clears the URL, FTP, and HTTPS filtering configuration:

hostname(config)# clear configure filter

Related Commands

Commands	Description
filter ftp	Identifies the FTP traffic to be filtered by a URL filtering server.
filter https	Identifies the HTTPS traffic to be filtered by a Websense server.
filter url	Directs traffic to a URL filtering server.
show running-config filter	Displays the filtering configuration.
url-server	Identifies an N2H2 or Websense server for use with the filter command.

clear configure fips

To clear the system or module FIPS configuration information stored in NVRAM, use the clear configure fips command in global configuration mode.

clear configure fips

Syntax Description

This command has no arguments or keywords.

Defaults

No default behavior or values.

Command Modes

The following table shows the modes in which you can enter the command:

Command Mode	Firewall Mode		Security Context
	Routed	Transparent	Single	Multiple
				Context	System
Global configuration	•	•	•	—	•

Command History

Release	Modification
7.0(4)	This command was introduced.

Examples

hostname(config)# clear configure fips

Related Commands

Command	Description
crashinfo console disable	Disables the reading, writing and configuration of crash write information to flash.
fips enable	Enables or disables policy checking to enforce FIPS compliance on the system or module.
fips self-test poweron	Executes power-on self-tests.
show crashinfo console	Reads, writes, and configures crash write to flash.
show running-config fips	Displays the FIPS configuration that is running on the ASA.

clear configure firewall

To set the firewall mode to the default routed mode, use the clear configure firewall command in global configuration mode.

clear configure firewall

Syntax Description

This command has no arguments or keywords.

Defaults

No default behavior or values.

Command Modes

The following table shows the modes in which you can enter the command:

Command Mode	Firewall Mode		Security Context
	Routed	Transparent	Single	Multiple
				Context	System
Global configuration	•	•	•	—	•

Command History

Release	Modification
7.0(1)	This command was introduced.

Examples

The following example sets the firewall mode to the default:

hostname(config)# clear configure firewall

Related Commands

Command	Description
arp	Adds a static ARP entry.
firewall transparent	Sets the firewall mode to transparent.
show arp statistics	Shows ARP statistics.
show running-config arp	Shows the current configuration of the ARP timeout.

clear configure fixup

To clear the fixup configuration, use the clear configure fixup command in global configuration mode.

clear configure fixup

Defaults

No default behavior or values.

Command Modes

The following table shows the modes in which you can enter the command:

Command Mode	Firewall Mode		Security Context
	Routed	Transparent	Single	Multiple
				Context	System
Global configuration	•	•	•	•	•

Command History

Release	Modification
7.0(1)	This command was introduced.

Usage Guidelines

The clear configure fixup command removes the fixup configuration.

Examples

The following example clears the fixup configuration:

hostname# clear configure fixup

Related Commands

Commands	Description
class-map	Defines the traffic class to which to apply security actions.
policy-map	Associates a class map with specific security actions.

clear configure flow-export

To clear flow-export configurations that are associated with NetFlow data, use the clear configure flow-export command in global configuration mode.

clear configure flow-export [destination]

Syntax Description

destination

Clears only the destination-related flow-export configuration.

Defaults

No default behavior or values.

Command Modes

The following table shows the modes in which you can enter the command:

Command Mode	Firewall Mode		Security Context
	Routed	Transparent	Single	Multiple
				Context	System
Global configuration	•	•	•	•	—

Command History

Release	Modification
8.1(1)	This command was introduced.

Usage Guidelines

The destination keyword clears only the destination-related flow-export configuration; the other flow-export configurations still remain.

Examples

The following example show how to clear all flow-export configurations, including destinations:

hostname(config)# clear configure flow-export 

The following example shows how to clear only the destination-related flow-export configuration:

hostname(config)# clear configure flow-export destination

Related Commands

Commands	Description
flow-export destination interface-name ipv4-address | hostname udp-port	Specifies the IP address or hostname of the NetFlow collector, and the UDP port on which the NetFlow collector is listening.
flow-export template timeout-rate minutes	Controls the interval at which the template information is sent to the NetFlow collector.
logging flow-export-syslogs enable	Enables syslog messages after you have entered the logging flow-export-syslogs disable command, and the syslog messages that are associated with NetFlow data.
show flow-export counters	Displays all runtime counters in NetFlow.

clear configure fragment

To reset all the IP fragment reassembly configurations to defaults, use the clear configure fragment command in global configuration mode.

clear configure fragment [interface]

Syntax Description

interface

(Optional) Specifies the ASA interface.

Defaults

If an interface is not specified, the command applies to all interfaces.

Command Modes

The following table shows the modes in which you can enter the command:

Command Mode	Firewall Mode		Security Context
	Routed	Transparent	Single	Multiple
				Context	System
Global configuration	•	•	•	•	—

Command History

Release	Modification
7.0(1)	The configure keyword and optional interface argument were added. The command was also separated into two commands, clear fragment and clear configure fragment, to separate clearing of the configuration data from the operational data.

Usage Guidelines

The clear configure fragment command resets all the IP fragment reassembly configurations to defaults. In addition, the the chain, size, and timeout keywords are reset to their default values, which are as follows:

•chain is 24 packets

•size is 200

•timeout is 5 seconds

Examples

This example shows how to reset all the IP fragment reassembly configurations to their defaults:

hostname(config)# clear configure fragment

Related Commands

Command	Description
clear fragment	Clears the operational data of the IP fragment reassembly module.
fragment	Provides additional management of packet fragmentation and improves compatibility with the NFS.
show fragment	Displays the operational data of the IP fragment reassembly module.
show running-config fragment	Displays the IP fragment reassembly configuration.

clear configure ftp

To clear the FTP configuration, use the clear configure ftp command in global configuration mode.

clear configure ftp

Defaults

No default behavior or values.

Command Modes

The following table shows the modes in which you can enter the command:

Command Mode	Firewall Mode		Security Context
	Routed	Transparent	Single	Multiple
				Context	System
Global configuration	•	•	•	•	•

Command History

Release	Modification
7.0(1)	This command was introduced.

Usage Guidelines

The clear configure ftp command clears the FTP configuration.

Examples

The following example clears the FTP configuration:

hostname# clear configure ftp

Related Commands

Commands	Description
filter ftp	Identifies the FTP traffic to be filtered by a URL filtering server.
filter https	Identifies the HTTPS traffic to be filtered by a Websense server.
filter url	Directs traffic to a URL filtering server.
show running-config filter	Displays the filtering configuration.
url-server	Identifies an N2H2 or Websense server for use with the filter command.

clear configure global

To remove the global commands from the configuration, use the clear configure global command in global configuration mode.

clear configure global

Syntax Description

This command has no arguments or keywords.

Defaults

No default behavior or values.

Command Modes

The following table shows the modes in which you can enter the command:

Command Mode	Firewall Mode		Security Context
	Routed	Transparent	Single	Multiple
				Context	System
Global configuration	•	—	•	•	—

Command History

Release	Modification
7.0(1)	Added keyword configure.

Examples

The following example shows how to remove the global commands from the configuration:

hostname(config)# clear configure global

Related Commands

Command	Description
global	Creates entries from a pool of global addresses.
show running-config global	Displays the global commands in the configuration.

clear configure group-delimiter

To disable group-name parsing for tunnel group names from the user names that are received when tunnels are being negotiated, use the clear configure group-delimiter command in global configuration mode.

clear config group-delimiter

Defaults

No default behavior or values.

Command Modes

The following table shows the modes in which you can enter the command:

Command Mode	Firewall Mode		Security Context
	Routed	Transparent	Single	Multiple
				Context	System
Global configuration	•	—	•	—	—

Command History

Release	Modification
7.0(1)	This command was introduced.

Usage Guidelines

The delimiter is used to parse tunnel group names from usernames when tunnels are negotiated. If no delimiter is specified, group-name parsing is disabled.

Examples

The following example entered in global configuration mode, removes the group delimiter from the configuration:

hostname(config)# clear config group-delimiter

hostname(config)# 

Related Commands

Command	Description
group-delimiter	Enables group-name parsing and specifies the group delimiter for an IPsec remote access tunnel group.
show running-config group-delimiter	Shows the current configured group delimiter.

clear configure group-policy

To remove the configuration for a particular group policy, use the clear configure group-policy command in global configuration mode, and append the name of the group policy. To remove all group-policy commands from the configuration except the default group policy, use this command without arguments.

clear configure group-policy [name]

Syntax Description

name	(Optional) Specifies the name of the group policy.

Defaults

Removes all group-policy commands from the configuration, except the default group policy.

Command Modes

The following table shows the modes in which you can enter the command:

Command Mode	Firewall Mode		Security Context
	Routed	Transparent	Single	Multiple
				Context	System
Global configuration	•	—	•	•	—

Command History

Release	Modification
7.0(1)	This command was introduced.
9.0(1)	Support for multiple context mode was added.

Examples

The following example shows how to clear the configuration for the group policy named FirstGroup.

hostname(config)# clear configure group-policy FirstGroup

Related Commands

Command	Description
group-policy	Creates, edits, or removes a group policy.
group-policy attributes	Enters group-policy attributes configuration mode, which lets you configure AVPs for a specified group policy.
show running-config group-policy	Displays the running configuration for a particular group policy or for all group policies.

clear configure hostname

To reset the hostname to the default, use the clear configure hostname command in global configuration mode.

clear configure hostname

Syntax Description

This command has no arguments or keywords.

Defaults

The default value depends on your platform.

Command Modes

The following table shows the modes in which you can enter the command:

Command Mode	Firewall Mode		Security Context
	Routed	Transparent	Single	Multiple
				Context	System
Global configuration	•	•	•	•	—

Command History

Release	Modification
7.0(1)	This command was introduced.

Examples

The following example clears the hostname:

hostname(config)# clear configure hostname

Related Commands

Command	Description
banner	Sets a login, message of the day, or enable banner.
domain-name	Sets the default domain name.
hostname	Sets the hostname for the ASA.

clear configure hpm

To clear the HPM configuration, use the clear configure hpm command in global configuration mode.

clear configure hpm

Syntax Description

This command has no arguments or keywords.

Command Default

No default behavior or values.

Command Modes

The following table shows the modes in which you can enter the command:

Command Mode	Firewall Mode		Security Context
	Routed	Transparent	Single	Multiple
				Context	System
Global configuration	•	•	•	•	—

Command History

Release	Modification
8.3(1)	This command was introduced.

Examples

The following example clears the HPM configuration, and restores the default:

hostname(config)# clear configure hpm

Related Commands

Command	Description
hpm topn enable	Enables top hosts reporting in ASDM.
show running-config hpm	Shows the HPM configuration.

clear configure http

To disable the HTTP server and to remove configured hosts that can access the HTTP server, use the clear configure http command in global configuration mode.

clear configure http

Defaults

No default behavior or values.

Command Modes

The following table shows the modes in which you can enter the command:

Command Mode	Firewall Mode		Security Context
	Routed	Transparent	Single	Multiple
				Context	System
Global configuration	•	—	•	—	—

Command History

Release	Modification
7.0(1)	This command was introduced.

Examples

The following example shows how to clear the HTTP configuration:

hostname(config)# clear configure http

Related Commands

Command	Description
http	Specifies hosts that can access the HTTP server by IP address and subnet mask. Specifies the ASA interface through which the host accesses the HTTP server.
http authentication-certificate	Requires authentication via certificate from users who are establishing HTTPS connections to the ASA.
http redirect	Specifies that the ASA redirect HTTP connections to HTTPS.
http server enable	Enables the HTTP server.
show running-config http	Displays the hosts that can access the HTTP server, and whether or not the HTTP server is enabled.