Table Of Contents

clear local-host through clear xlate Commands

clear local-host

clear logging asdm

clear logging buffer

clear logging queue bufferwrap

clear mac-address-table

clear memory delayed-free-poisoner

clear memory profile

clear mfib counters

clear module

clear nac-policy

clear nat counters

clear object-group

clear ospf

clear pclu

clear phone-proxy secure-phones

clear pim counters

clear pim reset

clear pim topology

clear priority-queue statistics

clear process

clear resource usage

clear route

clear service-policy

clear service-policy inspect gtp

clear service-policy inspect radius-accounting

clear shared license

clear shun

clear snmp-server statistics

clear ssl

clear startup-config errors

clear sunrpc-server active

clear threat-detection rate

clear threat-detection scanning-threat

clear threat-detection shun

clear threat-detection statistics

clear traffic

clear uauth

clear uc-ime

clear url-block block statistics

clear url-cache statistics

clear url-server

clear user-identity active-user-database

clear user-identity ad-agent statistics

clear user-identity statistics

clear user-identity user-not-found

clear user-identity user no-policy-activated

clear vpn-sessiondb statistics

clear wccp

clear webvpn sso-server statistics

clear xlate

clear local-host through clear xlate Commands

---

clear local-host

To reinitalize per-client run-time states such as connection limits and embryonic limits, use the clear local-host command in privileged EXEC mode. t

clear local-host [ip_address] [all]

Syntax Description

all	(Optional) Clears all connections, including to-the-box traffic. Without the all keyword, only through-the-box traffic is cleared.
ip_address	(Optional) Specifies the local host IP address.

Defaults

Clears all through-the-box run-time states.

Command Modes

The following table shows the modes in which you can enter the command:

Command Mode	Firewall Mode		Security Context
	Routed	Transparent	Single	Multiple
				Context	System
Privileged EXEC	•	•	•	•	—

Command History

Release	Modification
7.0(1)	This command was introduced.

Usage Guidelines

When you make security policy changes to the configuration, all new connections use the new security policy. Existing connections continue to use the policy that was configured at the time of the connection establishment. To ensure that all connections use the new policy, you need to disconnect the current connections so they can reconnect using the new policy using the clear local-host command. You can alternatively use the clear conn command for more granular connection clearing, or the clear xlate command for connections that use dynamic NAT.

The clear local-host command releases the hosts from the host license limit. You can see the number of hosts that are counted toward the license limit by entering the show local-host command.

Examples

The following example clears the run-time state and assocaited connections for the host 10.1.1.15:

hostname# clear local-host 10.1.1.15

Related Commands

Command	Description
clear conn	Terminates connections in any state.
clear xlate	Clears a dynamic NAT session, and any connections using NAT.
show local-host	Displays the network states of local hosts.

clear logging asdm

To clear the ASDM logging buffer, use the clear logging asdm command in privileged EXEC mode.

clear logging asdm

Syntax Description

This command has no arguments or keywords.

Defaults

No default behavior or values.

Command Modes

The following table shows the modes in which you can enter the command:

Command Mode	Firewall Mode		Security Context
	Routed	Transparent	Single	Multiple
				Context	System
Privileged EXEC	•	•	•	•	•

Command History

Release	Modification
7.0(1)	This command was changed from the clear pdm logging command to the clear asdm log command.

Usage Guidelines

ASDM system log messages are stored in a separate buffer from the ASA system log messages. Clearing the ASDM logging buffer only clears the ASDM system log messages; it does not clear the ASA system log messages. To view the ASDM system log messages, use the show asdm log command.

Examples

The following example clears the ASDM logging buffer:

hostname(config)# clear logging asdm 

hostname(config)#

Related Commands

Command	Description
show asdm log_sessions	Displays the contents of the ASDM logging buffer.

clear logging buffer

To clear the log buffer, use the clear logging buffer command in privileged EXEC mode.

clear logging buffer

Syntax Description

This command has no arguments or keywords.

Defaults

No default behavior or values.

Command Modes

The following table shows the modes in which you can enter the command:

Command Mode	Firewall Mode		Security Context
	Routed	Transparent	Single	Multiple
				Context	System
Privileged EXEC	•	•	•	•	—

Command History

Release	Modification
7.0(1)	This command was introduced.

Examples

This example shows how to clear the contents of the log buffer:

hostname# clear logging buffer

Related Commands

Command	Description
logging buffered	Configures the log buffer.
show logging	Displays logging information.

clear logging queue bufferwrap

To clear the saved log buffers (ASDM, internal, FTP, and flash), use the clear logging queue bufferwrap command in privileged EXEC mode.

clear logging queue bufferwrap

Syntax Description

This command has no arguments or keywords.

Defaults

No default behavior or values.

Command Modes

The following table shows the modes in which you can enter the command:

Command Mode	Firewall Mode		Security Context
	Routed	Transparent	Single	Multiple
				Context	System
Privileged EXEC	•	•	•	•	—

Command History

Release	Modification
8.2(1)	This command was introduced.

Examples

The following example shows how to clear the contents of the saved log buffers:

hostname# clear logging queue bufferwrap

Related Commands

Command	Description
logging buffered	Configures the log buffer.
show logging	Displays logging information.

clear mac-address-table

To clear dynamic MAC address table entries, use the clear mac-address-table command in privileged EXEC mode.

clear mac-address-table [interface_name]

Syntax Description

interface_name

(Optional) Clears the MAC address table entries for the selected interface.

Defaults

No default behavior or values.

Command Modes

The following table shows the modes in which you can enter the command:

Command Mode	Firewall Mode		Security Context
	Routed	Transparent	Single	Multiple
				Context	System
Privileged EXEC	—	•	•	•	—

Command History

Release	Modification
7.0(1)	This command was introduced.

Examples

The following example clears the dynamic MAC address table entries:

hostname# clear mac-address-table

Related Commands

Command	Description
arp	Adds a static ARP entry.
firewall transparent	Sets the firewall mode to transparent.
mac-address-table aging-time	Sets the timeout for dynamic MAC address entries.
mac-learn	Disables MAC address learning.
show mac-address-table	Shows MAC address table entries.

clear memory delayed-free-poisoner

To clear the delayed free-memory poisoner tool queue and statistics, use the clear memory delayed-free-poisoner command in privileged EXEC mode.

clear memory delayed-free-poisoner

Syntax Description

This command has no arguments or keywords.

Defaults

No default behaviors or values.

Command Modes

The following table shows the modes in which you can enter the command:

Command Mode	Firewall Mode		Security Context
	Routed	Transparent	Single	Multiple
				Context	System
Privileged EXEC	•	•	•	—	•

Command History

Release	Modification
7.0(1)	This command was introduced.

Usage Guidelines

The clear memory delayed-free-poisoner command returns all memory held in the delayed free-memory poisoner tool queue to the system without validation and clears the related statistical counters.

Examples

The following example clears the delayed free-memory poisoner tool queue and statistics:

hostname# clear memory delayed-free-poisoner

Related Commands

Command	Description
memory delayed-free-poisoner enable	Enables the delayed free-memory poisoner tool.
memory delayed-free-poisoner validate	Forces validation of the delayed free-memory poisoner tool queue.
show memory delayed-free-poisoner	Displays a summary of the delayed free-memory poisoner tool queue usage.

clear memory profile

To clear the memory buffers held by the memory profiling function, use the clear memory profile command in privileged EXEC mode.

clear memory profile [peak]

Syntax Description

peak	(Optional) Clears the contents of the peak memory buffer.

Defaults

Clears the current "in use" profile buffer by default.

Command Modes

The following table shows the modes in which you can enter the command:

Command Mode	Firewall Mode		Security Context
	Routed	Transparent	Single	Multiple
				Context	System
Privileged EXEC	•	•	—	•	•

Command History

Release	Modification
7.0(1)	This command was introduced.

Usage Guidelines

The clear memory profile command releases the memory buffers held by the profiling function, and therefore requires that profiling stop before it is cleared.

Examples

The following example clears the memory buffers held by the profiling function:

hostname# clear memory profile

Related Commands

Command	Description
memory profile enable	Enables the monitoring of memory usage (memory profiling).
memory profile text	Configures a text range of memory to profile.
show memory profile	Displays information about the memory usage (profiling) of the ASA.

clear mfib counters

To clear MFIB router packet counters, use the clear mfib counters command in privileged EXEC mode.

clear mfib counters [group [source]]

Syntax Description

group	(Optional) IP address of the multicast group.
source	(Optional) IP address of the multicast route source. This is a unicast IP address in four-part dotted-decimal notation.

Defaults

When this command is used with no arguments, route counters for all routes are cleared.

Command Modes

The following table shows the modes in which you can enter the command:

Command Mode	Firewall Mode		Security Context
	Routed	Transparent	Single	Multiple
				Context	System
Privileged EXEC	•	—	•	—	—

Command History

Release	Modification
7.0(1)	This command was introduced.

Examples

The following example clears all MFIB router packet counters:

hostname# clear mfib counters

Related Commands

Command	Description
show mfib count	Displays MFIB route and packet count data.

clear module

To clear information about the SSM on the ASAs, information about the SSC on the ASA 5505, information about the SSP installed on the ASA 5585-X, information about the IPS SSP installed on the ASA 5585-X, information about the ASA Services Module, and system information, use the clear module command in privileged EXEC mode.

clear module [mod_id | slot] [all | [details | recover | log [console]]]

Syntax Description

all	(Default) Clears all SSM information.
console	(Optional) Clears console log information for the module.
details	(Optional) Clears additional information, including remote management configuration for SSMs (for example, ASA-SSM-x0).
log	(Optional) Clears log information for the module.
mod_id	Clears the module name used for software modules, such as IPS.
recover	(Optional) For SSMs, clears the settings for the hw-module module recover command. Note The recover keyword is valid only when you have created a recovery configuration for the SSM by using the configure keyword with the hw-module module recover command. (Optional) For an IPS module installed on the ASA 5512-X, 5515-X, 5525-X, 5545-X, or 5555-X, clears the settings for the sw-module module mod_id recover configure image image_location command.
slot	Clears the module slot number, which can be 0 or 1.

Defaults

No default behavior or values.

Command Modes

The following table shows the modes in which you can enter the command:

Command Mode	Firewall Mode		Security Context
	Routed	Transparent	Single	Multiple
				Context	System
Privileged EXEC	•	•	•	—	•

Command History

Release	Modification
7.0(1)	This command was introduced.
8.2(1)	Supports the SSC.
8.2(5)	Supports the ASA 5585-X and the IPS SSP on the ASA 5585-X.
8.4(2)	Supports a dual SSP installation.
8.5(1)	Supports the ASASM.
8.6(1)	Supports the ASA 5512-X, 5515-X, 5525-X, 5545-X, and 5555-X.

Usage Guidelines

This command clears information about the SSC, SSM, ASASM, IPS SSP, and device and built-in interfaces.

Examples

The following example clears the recovery settings for an SSM:

hostname# clear module 1 recover

Related Commands

Command	Description
hw-module module recover	Recovers an SSM by loading a recovery image from a TFTP server.
hw-module module reset	Shuts down an SSM and performs a hardware reset.
hw-module module reload	Reloads the SSM software.
hw-module module shutdown	Shuts down the SSM software in preparation for being powered off without losing configuration data.
show module	Shows SSM information.

clear nac-policy

To reset NAC policy usage statistics, use the clear nac-policy command in global configuration mode.

clear nac-policy [nac-policy-name]

Syntax Description

nac-policy-name

(Optional) Name of the NAC policy for which to reset usage statistics.

Defaults

If you do not specify a name, the CLI resets the usage statistics for all NAC policies.

Command Modes

The following table shows the modes in which you can enter the command:

Command Mode	Firewall Mode		Security Context
	Routed	Transparent	Single	Multiple
				Context	System
Global configuration	•	•	—	—	•

Command History

Release	Modification
8.0(2)	This command was introduced.

Examples

The following example resets the usage statistics for the NAC policy named framework1:

hostname(config)# clear nac-policy framework1

The following example resets all NAC policy usage statistics:

hostname(config)# clear nac-policy

Related Commands

Command	Description
show nac-policy	Displays NAC policy usage statistics on the ASA.
show vpn-session_summary.db	Displays the number of IPsec, WebVPN, and NAC sessions.
show vpn-session.db	Displays information about VPN sessions, including NAC results.

clear nat counters

To clear NAT policy counters, use the clear nat counters command in global configuration mode.

clear nat counters [src_ifc [src_ip [src_mask]] [dst_ifc [dst_ip [dst_mask]]]]

Syntax Description

dst_ifc	(Optional) Specifies destination interface to filter.
dst_ip	(Optional) Specifies destination IP address to filter.
dst_mask	(Optional) Specifies mask for destination IP address.
src_ifc	(Optional) Specifies source interface to filter.
src_ip	(Optional) Specifies source IP address to filter.
src_mask	(Optional) Specifies mask for source IP address.

Defaults

This command has no default settings.

Command Modes

The following table shows the modes in which you can enter the command:

Command Mode	Firewall Mode		Security Context
	Routed	Transparent	Single	Multiple
				Context	System
Global configuration	•	•	•	•	•

Command History

Release	Modification
7.0 (4)	This command was introduced.

Examples

This example shows how to clear the NAT policy counters:

hostname(config)# clear nat counters

Related Commands

Command	Description
nat	Identifies addresses on one interface that are translated to mapped addresses on another interface.
nat-control	Enables or disables NAT configuration requirements.
show nat counters	Displays the protocol stack counters.

clear object-group

To clear the hit counts of objects in a network object group, use the show object-group command in privileged EXEC mode.

clear object-group obj-name counters

Syntax Description

counters	Identifies the counters in the network object group.
obj-name	Identifies the existing network object group.

Defaults

No default behavior or values.

Command Modes

The following table shows the modes in which you can enter the command:

Command Mode	Firewall Mode		Security Context
	Routed	Transparent	Single	Multiple
				Context	System
Privileged EXEC	•	•	•	•	—

Command History

Release	Modification
8.3(1)	This command was introduced.

Usage Guidelines

Use this command to clear hit counts of objects in a network object group only.

Examples

The following example shows how to clear the network object hit count for the network object group named "Anet":

hostname# clear object-group Anet counters

Related Commands

Command	Description
show object-group	Shows object group information and shows hit counts if the specified object group is of the network object-group type.

clear ospf

To clear OSPF process information, use the clear ospf command in privileged EXEC mode.

clear ospf [pid] {process | counters}

Syntax Description

counters	Clears the OSPF counters.
pid	(Optional) Internally used identification parameter for an OSPF routing process; valid values are from 1 to 65535.
process	Restarts the OSPF routing process.

Defaults

No default behavior or values.

Command Modes

The following table shows the modes in which you can enter the command:

Command Mode	Firewall Mode		Security Context
	Routed	Transparent	Single	Multiple
				Context	System
Privileged EXEC	•	—	•	•	—

Command History

Release	Modification
7.0(1)	This command was introduced.
9.0(1)	Multiple context mode is supported.

Usage Guidelines

This command does not remove any part of the configuration. Use the no form of the configuration commands to clear specific commands from the configuration or use the clear configure router ospf command to remove all global OSPF commands from the configuration.

---

Note The clear configure router ospf command does not clear OSPF commands entered in interface configuration mode.

---

Examples

The following example shows how to clear the OSPF neighbor counters:

hostname# clear ospf counters 

Related Commands

Command	Description
clear configure router	Clears all global router commands from the running configuration.

clear pclu

To clear PC logical update statistics, use the clear pclu command in privileged EXEC mode.

clear pclu

Syntax Description

This command has no arguments or keywords.

Defaults

No default behavior or values.

Command Modes

The following table shows the modes in which you can enter the command:

Command Mode	Firewall Mode		Security Context
	Routed	Transparent	Single	Multiple
				Context	System
Privileged EXEC	•	•	•	•	—

Command History

Release	Modification
7.0(1)	This command was introduced.

Examples

The following example clears PC information:

hostname# clear pclu

clear phone-proxy secure-phones

To clear the secure phone entries in the phone proxy database, use the clear phone-proxy secure-phones command in privileged EXEC mode.

clear phone-proxy secure-phones [mac_address | noconfirm]

Syntax Description

mac_address	Removes the IP phone from the phone proxy database with the specified MAC address.
noconfirm	Removes all the secure phone entries in the phone proxy database without prompting for confirmation. If you do not specify the noconfirm keyword, you are prompted to confirm whether to remove all the secure phone entries.

Defaults

No default behavior or values.

Command Modes

The following table shows the modes in which you can enter the command:

Command Mode	Firewall Mode		Security Context
	Routed	Transparent	Single	Multiple
				Context	System
Privileged EXEC	•	—	•	—	—

Command History

Release	Modification
8.2(1)	This command was introduced.

Usage Guidelines

Because secure phones always request a CTL file upon bootup, the phone proxy creates a database that marks the phone as secure. The entries in the secure phone database are removed after a specified configured timeout (via the timeout secure-phones command). Alternatively, you can use the clear phone-proxy secure-phones command to clear the phone proxy database without waiting for the configured timeout.

Examples

The following example clears secure entries in the phone proxy database:

hostname# clear phone-proxy secure-phones 001c.587a.4000

Related Commands

Command	Description
timeout secure-phones	Configures the idle timeout after which the secure phone entry is removed from the phone proxy database.

clear pim counters

To clear the PIM traffic counters, use the clear pim counters command in privileged EXEC mode.

clear pim counters

Syntax Description

This command has no arguments or keywords.

Defaults

No default behavior or values.

Command Modes

The following table shows the modes in which you can enter the command:

Command Mode	Firewall Mode		Security Context
	Routed	Transparent	Single	Multiple
				Context	System
Privileged EXEC	•	—	•	—	—

Command History

Release	Modification
7.0(1)	This command was introduced.

Usage Guidelines

This command only clears the traffic counters. To clear the PIM topology table, use the clear pim topology command.

Examples

The following example clears the PIM traffic counters:

hostname# clear pim counters

Related Commands

Command	Description
clear pim reset	Forces MRIB synchronization through reset.
clear pim topology	Clears the PIM topology table.
show pim traffic	Displays the PIM traffic counters.

clear pim reset

To force MRIB synchronization through reset, use the clear pim reset command in privileged EXEC mode.

clear pim reset

Syntax Description

This command has no arguments or keywords.

Defaults

No default behavior or values.

Command Modes

The following table shows the modes in which you can enter the command:

Command Mode	Firewall Mode		Security Context
	Routed	Transparent	Single	Multiple
				Context	System
Privileged EXEC	•	—	•	—	—

Command History

Release	Modification
7.0(1)	This command was introduced.

Usage Guidelines

All information from the topology table is cleared, and the MRIB connection is reset. This command can be used to synchronize states between the PIM topology table and the MRIB database.

Examples

The following example clears the topology table and resets the MRIB connection:

hostname# clear pim reset

Related Commands

Command	Description
clear pim counters	Clears PIM counters and statistics.
clear pim topology	Clears the PIM topology table.
clear pim counters	Clears PIM traffic counters.

clear pim topology

To clear the PIM topology table, use the clear pim topology command in privileged EXEC mode.

clear pim topology [group]

Syntax Description

group

(Optional) Specifies the multicast group address or name to be deleted from the topology table.

Defaults

Without the optional group argument, all entries are cleared from the topology table.

Command Modes

The following table shows the modes in which you can enter the command:

Command Mode	Firewall Mode		Security Context
	Routed	Transparent	Single	Multiple
				Context	System
Privileged EXEC	•	—	•	—	—

Command History

Release	Modification
7.0(1)	This command was introduced.

Usage Guidelines

This command clears existing PIM routes from the PIM topology table. Information obtained from the MRIB table, such as IGMP local membership, is retained. If a multicast group is specified, only those group entries are cleared.

Examples

The following example clears the PIM topology table:

hostname# clear pim topology

Related Commands

Command	Description
clear pim counters	Clears PIM counters and statistics.
clear pim reset	Forces MRIB synchronization through reset.
clear pim counters	Clears PIM traffic counters.

clear priority-queue statistics

To clear the priority-queue statistics counters for an interface or for all configured interfaces, use the clear priority-queue statistics command in either global configuration or privileged EXEC mode.

clear priority-queue statistics [interface-name]

Syntax Description

interface-name

(Optional) Specifies the name of the interface for which you want to show the best-effort and low-latency queue details.

Defaults

If you omit the interface name, this command clears the priority-queue statistics for all configured interfaces.

Command Modes

The following table shows the modes in which you can enter the command:

Command Mode	Firewall Mode		Security Context
	Routed	Transparent	Single	Multiple
				Context	System
Privileged EXEC	•	•	•	•	—
Global configuration	•	•	•	•	—

Command History

Release	Modification
7.0(1)	This command was introduced.

Examples

The following example shows the use of the clear priority-queue statistics command in privileged EXEC mode to remove the priority queue statistics for the interface named "test":

hostname# clear priority-queue statistics test

hostname# 

Related Commands

Command	Description
clear configure priority queue	Removes the priority-queue configuration from the named interface.
priority-queue	Configures priority queueing on an interface.
show priority-queue statistics	Shows the priority queue statistics for a specified interface or for all interfaces.
show running-config priority-queue	Shows the current priority-queue configuration on the named interface.

clear process

To clear statistics for specified processes running on the ASA, use the clear process command in privileged EXEC mode.

clear process [cpu-hog | internals]

Syntax Description

cpu-hog	Clears CPU hogging statistics.
internals	Clears process internal statistics.

Defaults

No default behavior or values.

Command Modes

The following table shows the modes in which you can enter the command:

Command Mode	Firewall Mode		Security Context
	Routed	Transparent	Single	Multiple
				Context	System
Privileged EXEC	•	•	•	•	—

Command History

Release	Modification
7.0(1)	This command was introduced.

Examples

The following example shows how to clear CPU hogging statistics:

hostname# clear process cpu-hog

hostname# 

Related Commands

Command	Description
show processes	Displays a list of the processes that are running on the ASA.

clear resource usage

To clear resource usage statistics, use the clear resource usage command in privileged EXEC mode.

clear resource usage [context context_name | all | summary | system] [resource {[rate] resource_name | all}]

Syntax Description

context context_name	(Multiple mode only) Specifies the context name for which you want to clear statistics. Specify all (the default) for all contexts.
resource [rate] resource_name	Clears the usage of a specific resource. Specify all (the default) for all resources. Specify rate to clear the rate of usage of a resource. Resources that are measured by rate include conns, inspects, and syslogs. You must specify the rate keyword with these resource types. The conns resource is also measured as concurrent connections; only use the rate keyword to view the connections per second. Resources include the following types: •asdm—ASDM management sessions. •conns—TCP or UDP connections between any two hosts, including connections between one host and multiple other hosts. •inspects—Application inspections. •hosts—Hosts that can connect through the ASA. •mac-addresses—For transparent firewall mode, the number of MAC addresses allowed in the MAC address table. •ssh—SSH sessions. •syslogs—Syslog messages. •telnet—Telnet sessions. •(Multiple mode only) VPN Other—Site-to-site VPN sessions. •(Multiple mode only) VPN Burst Other—Site-to-site VPN burst sessions. •xlates—NAT translations.
summary	(Multiple mode only) Clears the combined context statistics.
system	(Multiple mode only) Clears the system-wide (global) usage statistics.

Defaults

For multiple context mode, the default context is all, which clears resource usage for every context. For single mode, the context name is ignored and all resource statistics are cleared.

The default resource name is all, which clears all resource types.

Command Modes

The following table shows the modes in which you can enter the command:

Command Mode	Firewall Mode		Security Context
	Routed	Transparent	Single	Multiple
				Context	System
Privileged EXEC	•	•	•	—	•

Command History

Release	Modification
7.2(1)	This command was introduced.

Examples

The following example clears all resource usage statistics for all contexts, but not the system-wide usage statistics:

hostname# clear resource usage

The following example clears the system-wide usage statistics:

hostname# clear resource usage system

Related Commands

Command	Description
context	Adds a security context.
show resource types	Shows a list of resource types.
show resource usage	Shows the resource usage of the ASA.

clear route

To remove dynamically learned routes from the configuration, use the clear route command in privileged EXEC mode.

clear route [interface_name]

Syntax Description

interface_name

(Optional) Internal or external network interface name.

Defaults

No default behavior or values.

Command Modes

The following table shows the modes in which you can enter the command:

Command Mode	Firewall Mode		Security Context
	Routed	Transparent	Single	Multiple
				Context	System
Privileged EXEC	•	•	•	•	—

Command History

Release	Modification
7.0(1)	This command was introduced.

Examples

The following example shows how to remove dynamically learned routes:

hostname# clear route

Related Commands

Command	Description
route	Specifies a static or default route for the an interface.
show route	Displays route information.
show running-config route	Displays configured routes.

clear service-policy

To clear operational data or statistics (if any) for enabled policies, use the clear service-policy command in privileged EXEC mode.

clear service-policy [global | interface intf ] [user-statistics]

Syntax Description

global	(Optional) Clears the statistics of the global service policy.
interface intf	(Optional) Clears the service policy statistics of a specific interface.
user-statistics	(Optional) Clears the global counters for user statistics but does not clear the per-user statistics. Per-user or per-user-group statistics can still be seen using show user-identity statistics command. When the accounting keyword for the user-statistics command is specified, all global counters for sent packets, received packets, and sent dropped packets are cleared. When the scanning keyword user-statistics command is specified, the global counter for sent dropped packets is cleared. For the ASA to collect these user statistics, you must configure a policy map to collect user statistics. See the user-statistics command in this guide.

Defaults

By default, this command clears all the statistics for all enabled service policies.

Command Modes

The following table shows the modes in which you can enter the command:

Command Mode	Firewall Mode		Security Context
	Routed	Transparent	Single	Multiple
				Context	System
Privileged EXEC	•	•	•	•	—

Command History

Release	Modification
7.0(1)	This command was introduced.

Usage Guidelines

To clear service policy startistics for inspection engines, see the clear service-policy inspect commands.

Examples

The following example shows the syntax of the clear service-policy command:

hostname# clear service-policy outside_security_map interface outside

Related Commands

Command	Description
clear service-policy inspect gtp	Clears service policy statistics for the GTP inspection engine.
clear service-policy inspect radius-accounting	Clears service policy statistics for the RADIUS accounting inspection engine.
show service-policy	Displays the service policy.
show running-config service-policy	Displays the service policies configured in the running configuration.
clear configure service-policy	Clears service policy configurations.
service-policy	Configures service policies.

clear service-policy inspect gtp

To clear global GTP statistics, use the clear service-policy inspect gtp command in privileged EXEC mode.

clear service-policy inspect gtp {pdp-context [all | apn ap_name | imsi IMSI_value | ms-addr IP_address | tid tunnel_ID | version version_num ] | requests | statistics [gsn IP_address] }

Syntax Description

all	Clears all GTP PDP contexts.
apn	(Optional) Clears the PDP contexts based on the APN specified.
ap_name	Identifies the specific access point name.
gsn	(Optional) Identifies the GPRS support node, which is the interface between the GPRS wireless data network and other networks.
gtp	(Optional) Clears the service policy for GTP.
imsi	(Optional) Clears the PDP contexts based on the IMSI specified.
IMSI_value	Hexadecimal value that identifies the specific IMSI.
interface	(Optional) Identifies a specific interface.
int	Identifies the interface for which information will be cleared.
IP_address	IP address for which statistics will be cleared.
ms-addr	(Optional) Clears PDP contexts based on the MS Address specified.
pdp-context	(Optional) Identifies the Packet Data Protocol context.
requests	(Optional) Clears GTP requests.
statistics	(Optional) Clears GTP statistics for the inspect gtp command.
tid	(Optional) Clears the PDP contexts based on the TID specified.
tunnel_ID	Hexadecimal value that identifies the specific tunnel.
version	(Optional) Clears the PDP contexts based on the GTP version.
version_num	Specifies the version of the PDP context. The valid range is 0 to 255.

.

Defaults

No default behavior or values.

Command Modes

The following table shows the modes in which you can enter the command:

Command Mode	Firewall Mode		Security Context
	Routed	Transparent	Single	Multiple
				Context	System
Privileged EXEC	•	•	•	•	—

Command History

Release	Modification
7.0(1)	This command was introduced.

Usage Guidelines

The Packet Data Protocol context is identified by the tunnel ID, which is a combination of IMSI and NSAPI. A GTP tunnel is defined by two associated PDP contexts in different GSN nodes and is identified with a tunnel ID. A GTP tunnel is necessary to forward packets between an external packet data network and a mobile station (MS) user.

Examples

The following example clears GTP statistics:

hostname# clear service-policy inspect gtp statistics

Related Commands

Commands	Description
debug gtp	Displays detailed information about GTP inspection.
gtp-map	Defines a GTP map and enables GTP map configuration mode.
inspect gtp	Applies a GTP map to use for application inspection.
show service-policy inspect gtp	Displays the GTP configuration.
show running-config gtp-map	Shows the GTP maps that have been configured.

clear service-policy inspect radius-accounting

To clear RADIUS accounting users, use the clear service-policy inspect radius-accounting command in privileged EXEC mode.

clear service-policy inspect radius-accounting users {all | ip_address | policy_map}

Syntax Description

all	Clears all users.
ip_address	Clears a user with this IP address.
policy_map	Clears users associated with this policy map.

.

Defaults

No default behavior or values.

Command Modes

The following table shows the modes in which you can enter the command:

Command Mode	Firewall Mode		Security Context
	Routed	Transparent	Single	Multiple
				Context	System
Privileged EXEC	•	•	•	•	—

Command History

Release	Modification
7.2(1)	This command was introduced.

Examples

The following example clears all RADIUS accounting users:

hostname# clear service-policy inspect radius-accounting users all

clear shared license

To reset shared license statistics, shared license client statistics, and shared license backup server statistics to zero, use the clear shared license command in privileged EXEC mode.

clear shared license [all | backup | client [hostname]]

Syntax Description

all	(Optional) Clears all statistics. This is the default setting.
backup	(Optional) Clears statistics for the backup server.
client	(Optional) Clears statistics for all participants.
hostname	(Optional) Clears statistics for a particular participant.

Defaults

No default behavior or values.

Command Modes

The following table shows the modes in which you can enter the command:

Command Mode	Firewall Mode		Security Context
	Routed	Transparent	Single	Multiple
				Context	System
Privileged EXEC	•	—	•		—

Command History

Release	Modification
8.2(1)	This command was introduced.

Usage Guidelines

The shared license counters include statistical data as well as error data.

Examples

The following example shows how to reset all shared license counters:

hostname# clear shared license all

Related Commands

Command	Description
activation-key	Enters a license activation key.
clear configure license-server	Clears the shared licensing server configuration.
license-server address	Identifies the shared licensing server IP address and shared secret for a participant.
license-server backup address	Identifies the shared licensing backup server for a participant.
license-server backup backup-id	Identifies the backup server IP address and serial number for the main shared licensing server.
license-server backup enable	Enables a unit to be the shared licensing backup server.
license-server enable	Enables a unit to be the shared licensing server.
license-server port	Sets the port on which the server listens for SSL connections from participants.
license-server refresh-interval	Sets the refresh interval provided to participants to set how often they should communicate with the server.
license-server secret	Sets the shared secret on the shared licensing server.
show activation-key	Shows the current licenses installed.
show running-config license-server	Shows the shared licensing server configuration.
show shared license	Shows shared license statistics.
show vpn-sessiondb	Shows license information about VPN sessions.

clear shun

To disable all the shuns that are currently enabled and clear the shun statistics, use the clear shun command in privileged EXEC mode.

clear shun [statistics]

Syntax Description

statistics

(Optional) Clears the interface counters only.

Defaults

No default behavior or values.

Command Modes

The following table shows the modes in which you can enter the command:

Command Mode	Firewall Mode		Security Context
	Routed	Transparent	Single	Multiple
				Context	System
Privileged EXEC	•	•	•	•	—

Command History

Release	Modification
7.0(1)	This command was introduced.

Examples

The following example shows how to disable all the shuns that are currently enabled and clear the shun statistics:

hostname(config)# clear shun

Related Commands

Command	Description
shun	Enables a dynamic response to an attacking host by preventing new connections and disallowing packets from any existing connection.
show shun	Displays the shun information.

clear snmp-server statistics

To clear SNMP server statistics (SNMP packet input and output counters), use the clear snmp-server statistics command in privileged EXEC mode.

clear snmp-server statistics

Syntax Description

This command has no arguments or keywords.

Defaults

No default behavior or values.

Command Modes

The following table shows the modes in which you can enter the command:

Command Mode	Firewall Mode		Security Context
	Routed	Transparent	Single	Multiple
				Context	System
Privileged EXEC	•	•	•	•	—

Command History

Release	Modification
7.0(1)	This command was introduced.

Examples

The following example shows how to clear SNMP server statistics:

hostname# clear snmp-server statistics

Related Commands

Command	Description
clear configure snmp-server	Clears the SNMP server configuration.
show snmp-server statistics	Displays SNMP server configuration information.

clear ssl

To clear SSL information for debugging purposes, use the clear ssl command in privileged EXEC mode.

clear ssl {cache [all] | errors | mib | objects}

Syntax Description

all	Clears all sessions and statistics in SSL session cache.
cache	Clears expired sessions in SSL session cache.
errors	Clears ssl errors.
mib	Clears SSL MIB statistics.
objects	Clears SSL object statistics.

Defaults

No default behavior or values.

Command Modes

The following table shows the modes in which you can enter the command:

Command Mode	Firewall Mode		Security Context
	Routed	Transparent	Single	Multiple
				Context	System
Privileged EXEC	•	•	•	—	—

Command History

Release	Modification
8.4(1)	This command was introduced.

Usage Guidelines

DTLS cache is never cleared because it would impact AnyConnect functionality.

Examples

The following example shows clearing ssl cache and clearing all sessions and statistics in SSL session cache.

hostname# clear ssl cache

SSL session cache cleared: 2

No SSL VPNLB session cache

No SSLDEV session cache

DLTS caches are not cleared

hostname# clear ssl cache all

Clearing all sessions and statistics

SSL session cache cleared: 5

No SSL VPNLB session cache

No SSLDEV session cache

DLTS caches are not cleared

clear startup-config errors

To clear configuration error messages from memory, use the clear startup-config errors command in privileged EXEC mode.

clear startup-config errors

Syntax Description

This command has no arguments or keywords.

Defaults

No default behavior or values.

Command Modes

The following table shows the modes in which you can enter the command:

Command Mode	Firewall Mode		Security Context
	Routed	Transparent	Single	Multiple
				Context	System
Privileged EXEC	•	•	•	—	•

Command History

Release	Modification
7.0(1)	This command was introduced.

Usage Guidelines

To view configuration errors generated when the ASA loaded the startup configuration, use the show startup-config errors command.

Examples

The following example clears all configuration errors from memory:

hostname# clear startup-config errors

Related Commands

Command	Description
show startup-config errors	Shows configuration errors generated when the ASA loaded the startup configuration.

clear sunrpc-server active

To clear the pinholes opened by Sun RPC application inspection, use the clear sunrpc-server active command in privileged EXEC mode.

clear sunrpc-server active

Defaults

No default behavior or values.

Command Modes

The following table shows the modes in which you can enter the command:

Command Mode	Firewall Mode		Security Context
	Routed	Transparent	Single	Multiple
				Context	System
Privileged EXEC	•	•	•	•	—

Command History

Release	Modification
7.0(1)	This command was introduced.

Usage Guidelines

Use the clear sunrpc-server active command to clear the pinholes opened by Sun RPC application inspection that allow service traffic, such as NFS or NIS, to pass through the ASA.

Examples

The following example shows how to clear the SunRPC services table:

hostname# clear sunrpc-server

Related Commands

Command	Description
clear configure sunrpc-server	Clears the Sun remote processor call services from the ASA.
inspect sunrpc	Enables or disables Sun RPC application inspection and configures the port used.
show running-config sunrpc-server	Displays information about the SunRPC services configuration.
show sunrpc-server active	Displays information about active Sun RPC services.

clear threat-detection rate

To clear statistics when you enable basic threat detection using the threat-detection basic-threat command, use the clear threat detection rate command in privileged EXEC mode.

clear threat-detection rate

Syntax Description

This command has no arguments or keywords.

Defaults

No default behavior or values.

Command Modes

The following table shows the modes in which you can enter the command:

Command Mode	Firewall Mode		Security Context
	Routed	Transparent	Single	Multiple
				Context	System
Privileged EXEC	•	•	•	—	—

Command History

Release	Modification
8.0(2)	This command was introduced.

Examples

The following example clears the rate statistics:

hostname# clear threat-detection rate

Related Commands

Command	Description
show running-config all threat-detection	Shows the threat detection configuration, including the default rate settings if you did not configure them individually.
show threat-detection rate	Shows basic threat detection statistics.
threat-detection basic-threat	Enables basic threat detection.
threat-detection rate	Sets the threat detection rate limits per event type.
threat-detection scanning-threat	Enables scanning threat detection.

clear threat-detection scanning-threat

To clear the attackers and targets after you enable scanning threat detection with the threat-detection scanning-threat command, use the clear threat-detection scanning-threat command in privileged EXEC mode.

clear threat-detection scanning-threat [attacker [ip_address [mask]] | target [ip_address [mask]]

Syntax Description

attacker	(Optional) Clears only attackers.
ip_address	(Optional) Clears a specific IP address.
mask	(Optional) Sets the subnet mask.
target	(Optional) Clears only targets.

Defaults

If you do not specify an IP address, all hosts are released.

Command Modes

The following table shows the modes in which you can enter the command:

Command Mode	Firewall Mode		Security Context
	Routed	Transparent	Single	Multiple
				Context	System
Privileged EXEC	•	•	•	—	—

Command History

Release	Modification
8.0(2)	This command was introduced.

Usage Guidelines

To view current attackers and targets, use the show threat-detection scanning-threat command.

Examples

The following example shows targets and attackers with the show threat-detection scanning-threat command, and then clears all targets:

hostname# show threat-detection scanning-threat

Latest Target Host & Subnet List:

    192.168.1.0

    192.168.1.249

   Latest Attacker Host & Subnet List:

    192.168.10.234

    192.168.10.0

    192.168.10.2

    192.168.10.3

    192.168.10.4

    192.168.10.5

    192.168.10.6

    192.168.10.7

    192.168.10.8

    192.168.10.9

hostname# clear threat-detection scanning-threat target

Related Commands

Command	Description
show threat-detection shun	Shows currently shunned hosts.
show threat-detection statistics host	Shows the host statistics.
show threat-detection statistics protocol	Shows the protocol statistics.
show threat-detection statistics top	Shows the top 10 statistics.
threat-detection scanning-threat	Enables scanning threat detection.

clear threat-detection shun

To release the currently shunned hosts after you enable scanning threat detection with the threat-detection scanning-threat command and automatically shunning attacking hosts, use the clear threat-detection shun command in privileged EXEC mode.

clear threat-detection shun [ip_address [mask]]

Syntax Description

ip_address	(Optional) Releases a specific IP address from being shunned.
mask	(Optional) Sets the subnet mask for the shunned host IP address.

Defaults

If you do not specify an IP address, all hosts are released.

Command Modes

The following table shows the modes in which you can enter the command:

Command Mode	Firewall Mode		Security Context
	Routed	Transparent	Single	Multiple
				Context	System
Privileged EXEC	•	•	•	—	—

Command History

Release	Modification
8.0(2)	This command was introduced.

Usage Guidelines

To view currently shunned hosts, use the show threat-detection shun command.

Examples

The following example views currently shunned hosts with the show threat-detection shun command, and then releases host 10.1.1.6 from being shunned:

hostname# show threat-detection shun

Shunned Host List:

10.1.1.6

198.1.6.7

hostname# clear threat-detection shun 10.1.1.6 255.255.255.255

Related Commands

Command	Description
show threat-detection shun	Shows currently shunned hosts.
show threat-detection statistics host	Shows the host statistics.
show threat-detection statistics protocol	Shows the protocol statistics.
show threat-detection statistics top	Shows the top 10 statistics.
threat-detection scanning-threat	Enables scanning threat detection.

clear threat-detection statistics

To clear the statistics after you enable TCP Intercept statistics with the threat-detection statistics tcp-intercept command, use the clear threat-detection scanning-threat command in privileged EXEC mode.

clear threat-detection statistics [tcp-intercept]

Syntax Description

tcp-intercept

(Optional) Clears TCP Intercept statistics.

Defaults

Clears TCP Intercept statistics.

Command Modes

The following table shows the modes in which you can enter the command:

Command Mode	Firewall Mode		Security Context
	Routed	Transparent	Single	Multiple
				Context	System
Privileged EXEC	•	•	•	—	—

Command History

Release	Modification
8.0(4)	This command was introduced.

Usage Guidelines

To view TCP Intercept statistics, enter the show threat-detection statistics top command.

Examples

The following example shows TCP Intercept statistics with the show threat-detection statistics top tcp-intercept command, and then clears all statistics:

hostname# show threat-detection statistics top tcp-intercept

Top 10 Protected Servers under Attack (sorted by average rate)

Monitoring Window Size: 30 mins    Sampling Interval: 30 secs

<Rank> <Server IP:Port> <Interface> <Ave Rate> <Cur Rate> <Total> <Source IP (Last Attack 
Time)>

----------------------------------------------------------------------------------

1    192.168.1.2:5000 inside 1249 9503 2249245 <various> Last: 10.0.0.3 (0 secs ago)

2    192.168.1.3:5000 inside 10 10 6080 10.0.0.200 (0 secs ago)

3    192.168.1.4:5000 inside 2 6 560 10.0.0.200 (59 secs ago)

4    192.168.1.5:5000 inside 1 5 560 10.0.0.200 (59 secs ago)

5    192.168.1.6:5000 inside 1 4 560 10.0.0.200 (59 secs ago)

6    192.168.1.7:5000 inside 0 3 560 10.0.0.200 (59 secs ago)

7    192.168.1.8:5000 inside 0 2 560 10.0.0.200 (59 secs ago)

8    192.168.1.9:5000 inside 0 1 560 10.0.0.200 (59 secs ago)

9    192.168.1.10:5000 inside 0 0 550 10.0.0.200 (2 mins ago)

10   192.168.1.11:5000 inside 0 0 550 10.0.0.200 (5 mins ago)

hostname# clear threat-detection statistics

Related Commands

Command	Description
show threat-detection statistics top	Shows the top 10 statistics.
threat-detection statistics	Enables threat detection statistics.

clear traffic

To reset the counters for transmit and receive activity, use the clear traffic command in privileged EXEC mode.

clear traffic

Syntax Description

This command has no arguments or keywords.

Defaults

No default behavior or values.

Command Modes

The following table shows the modes in which you can enter the command:

Command Mode	Firewall Mode		Security Context
	Routed	Transparent	Single	Multiple
				Context	System
Privileged EXEC	•	•	•	•	—

Command History

Release	Modification
7.0(1)	This command was introduced.

Usage Guidelines

The clear traffic command resets the counters for transmit and receive activity that is displayed with the show traffic command. The counters indicate the number of packets and bytes moving through each interface since the last clear traffic command was entered or since the ASA came online. And the number of seconds indicate the duration the ASA has been online since the last reboot.

Examples

The following example shows the clear traffic command:

hostname# clear traffic

Related Commands

Command	Description
show traffic	Displays the counters for transmit and receive activity.

clear uauth

To delete all the cached authentication and authorization information for a user or for all users, use the clear uauth command in privileged EXEC mode.

clear uauth [username]

Syntax Description

username

(Optional) Specifies the user authentication information to remove by username.

Defaults

Omitting the username argument deletes the authentication and authorization information for all users.

Command Modes

The following table shows the modes in which you can enter the command:

Command Mode	Firewall Mode		Security Context
	Routed	Transparent	Single	Multiple
				Context	System
Privileged EXEC	•	•	—	—	•

Command History

Release	Modification
7.0(1)	This command was introduced.

Usage Guidelines

The clear uauth command deletes the AAA authorization and authentication caches for one user or for all users, which forces the user or users to reauthenticate the next time that they create a connection.

This command is used with the timeout command.

Each user host IP address has an authorization cache attached to it. If the user attempts to access a service that has been cached from the correct host, the ASA considers it preauthorized and immediately proxies the connection. Once you are authorized to access a website, for example, the authorization server is not contacted for each image as it is loaded (assuming the images come from the same IP address). This process significantly increases performance and reduces the load on the authorization server.

The cache allows up to 16 address and service pairs for each user host.

---

Note When you enable Xauth, an entry is added to the uauth table (as shown by the show uauth command) for the IP address that is assigned to the client. However, when using Xauth with the Easy VPN Remote feature in Network Extension Mode, the IPsec tunnel is created from network to network, so that the users behind the firewall cannot be associated with a single IP address. For this reason, a uauth entry cannot be created upon completion of Xauth. If AAA authorization or accounting services are required, you can enable the AAA authentication proxy to authenticate users behind the firewall. For more information on AAA authentication proxies, see the AAA commands.

---

Use the timeout uauth command to specify how long the cache should be kept after the user connections become idle. Use the clear uauth command to delete all the authorization caches for all the users, which will cause them to have to reauthenticate the next time that they create a connection.

Examples

The following example shows how to cause the user to reauthenticate:

hostname(config)# clear uauth user

Related Commands

Command	Description
aaa authentication	Enables, disables, or views LOCAL, TACACS+ or RADIUS user authentication (on a server designated by the aaa-server command).
aaa authorization	Enablse, disables, or views TACACS+ or RADIUS user authorization (on a server designated by the aaa-server command).
show uauth	Displays current user authentication and authorization information.
timeout	Sets the maximum idle time duration.

clear uc-ime

To clear the counters used to display statistics about the Cisco Intercompany Media Engine proxy, use the clear uc-ime command in privileged EXEC mode.

clear uc-ime [[mapping-service-sessions | signaling-sessions | fallback-notification] statistics]

Syntax Description

fallback-notification	(Optional) Clears the counters for fallback notification statistics.
mapping-service-sessions	(Optional) Clears the counters for mapping-service-session statistics.
signaling-sessions	(Optional) Clears the counters for signaling-session statistics.
statistics	(Optional) The keyword to configure which counters to clear for the Cisco Intercompany Media Engine proxy.

Defaults

No default behavior or values.

Command Modes

The following table shows the modes in which you can enter the command:

Command Mode	Firewall Mode		Security Context
	Routed	Transparent	Single	Multiple
				Context	System
Privileged EXEC	•	—	•	—	—

Command History

Release	Modification
8.3(1)	This command was introduced.

Examples

The following example clears the counters which are used to display signaling-sessions statistics:

hostname# clear configure signaling-sessions statistics

Related Commands

Command	Description
clear configure uc-ime	Clears the running configuration for the Cisco Intercompany Media Engine proxy on the ASA.
show running-config uc-ime	Shows the running configuration of the Cisco Intercompany Media Engine proxy.
show uc-ime	Displays statistical or detailed information about fallback notifications, mapping-service sessions, and signaling sessions.
uc-imc	Creates the Cisco Intercompany Media Engine proxy instance on the ASA.

clear url-block block statistics

To clear the block buffer usage counters, use the clear url-block block statistics command in privileged EXEC mode.

clear url-block block statistics

Syntax Description

This command has no arguments or keywords.

Defaults

No default behavior or values.

Command Modes

The following table shows the modes in which you can enter the command:

Command Mode	Firewall Mode		Security Context
	Routed	Transparent	Single	Multiple
				Context	System
Privileged EXEC	•	•	•	•	—

Command History

Release	Modification
7.0(1)	This command was introducded.

Usage Guidelines

The clear url-block block statistics command clears the block buffer usage counters, except for the Current number of packets held (global) counter.

Examples

The following example clears the URL block statistics and displays the status of the counters after they have been cleared:

hostname# clear url-block block statistics

hostname# show url-block block statistics

URL Pending Packet Buffer Stats with max block  0

-----------------------------------------------------

Cumulative number of packets held: | 0

Maximum number of packets held (per URL): | 0

Current number of packets held (global): | 38

Packets dropped due to

 | exceeding url-block buffer limit: | 0

 | HTTP server retransmission: | 0

Number of packets released back to client: | 0

Related Commands

Commands	Description
filter url	Directs traffic to a URL filtering server.
show url-block	Displays information about the URL cache, which is used for buffering URLs while waiting for responses from an N2H2 or Websense filtering server.
url-block	Manages the URL buffers used for web server responses.
url-cache	Enables URL caching while pending responses from an N2H2 or Websense server and sets the size of the cache.
url-server	Identifies an N2H2 or Websense server for use with the filter command.

clear url-cache statistics

To remove url-cache command statements from the configuration, use the clear url-cache command in privileged EXEC mode.

clear url-cache statistics

Syntax Description

This command has no arguments or keywords.

Defaults

No default behavior or values.

Command Modes

The following table shows the modes in which you can enter the command:

Command Mode	Firewall Mode		Security Context
	Routed	Transparent	Single	Multiple
				Context	System
Privileged EXEC	•	•	•	•	—

Command History

Release	Modification
7.0(1)	This command was introduced.

Usage Guidelines

The clear url-cache command removes URL cache statistics from the configuration.

Using the URL cache does not update the Websense accounting logs for Websense protocol Version 1. If you are using Websense protocol Version 1, let Websense run to accumulate logs so you can view the Websense accounting information. After you get a usage profile that meets your security needs, enter the url-cache command to increase throughput. Accounting logs are updated for Websense protocol Version 4 and for N2H2 URL filtering while using the url-cache command.

Examples

The following example clears the URL cache statistics:

hostname# clear url-cache statistics

Related Commands

Commands	Description
filter url	Directs traffic to a URL filtering server.
show url-cache statistics	Displays information about the URL cache, which is used for buffering URLs while waiting for responses from an N2H2 or Websense filtering server.
url-block	Manages the URL buffers used for web server responses while waiting for a filtering decision from the filtering server.
url-cache	Enables URL caching while pending responses from an N2H2 or Websense server and sets the size of the cache.
url-server	Identifies an N2H2 or Websense server for use with the filter command.

clear url-server

To clear URL filtering server statistics, use the clear url-server command in privileged EXEC mode.

clear url-server statistics

Syntax Description

This command has no arguments or keywords.

Defaults

No default behavior or values.

Command Modes

The following table shows the modes in which you can enter the command:

Command Mode	Firewall Mode		Security Context
	Routed	Transparent	Single	Multiple
				Context	System
Privileged EXEC	•	•	•	•	—

Command History

Release	Modification
7.0(1)	This command was introduced.

Usage Guidelines

The clear url-server command removes URL filtering server statistics from the configuration.

Examples

The following example clears the URL server statistics:

hostname# clear url-server statistics

Related Commands

Commands	Description
filter url	Directs traffic to a URL filtering server.
show url-server	Displays information about the URL cache, which is used for buffering URLs while waiting for responses from an N2H2 or Websense filtering server.
url-block	Manages the URL buffers used for web server responses while waiting for a filtering decision from the filtering server.
url-cache	Enables URL caching while pending responses from an N2H2 or Websense server and sets the size of the cache.
url-server	Identifies an N2H2 or Websense server for use with the filter command.

clear user-identity active-user-database

To set the status of specified users to logged out for the Identity Firewall, use the clear user-identity active-user-database command in privileged EXEC mode.

clear user-identity active-user-database [user [domain_nickname\]use_rname] | user-group [domain_nickname\\]user_group_name]

Syntax Description

domain_nickname\\user_group_name	Specifies a user group for which to clear statistics. The group_name can contain any character including [a-z], [A-Z], [0-9], [!@#$%^&()-_{}. ]. If domain_NetBIOS_name\group_name contains a space, you must enclose the domain name and user name in quotation marks.
domain_nickname\use_rname	Specifies a user for which to clear statistics. The user_name can contain any character including [a-z], [A-Z], [0-9], [!@#$%^&()-_{}. ]. If domain_NetBIOS_name\user_name contains a space, you must enclose the domain name and user name in quotation marks.
user	Specifies to clear statistics for users.
user-group	Specifies to clear statistics for user groups.

Defaults

No default behavior or values.

Command Modes

The following table shows the modes in which you can enter the command:

Command Mode	Firewall Mode		Security Context
	Routed	Transparent	Single	Multiple
				Context	System
Privileged EXEC	•	—	•	—	—

Command History

Release	Modification
8.4(2)	This command was introduced.

Usage Guidelines

This command sets the status of the specified user, all users belong to the specified user group, or all users to logged out.

When you specify the user-group keyword, the status of all users belong to the specified user group are set to logged out. When you do not specify the domain_nickname argument with the user-group keyword, users in the groups with user_group_name in default domain are given the logged out status.

When you specify the user keyword, the status of the specified user is set to logged out. When you do not specify the domain_nickname argument with the user keyword, the user with user_name in default domain receives a logged out status.

When you do not specify either the user or user-group keywords, all users have their status set to logged out.

Examples

The following example sets the status of all users in user group users1 in the SAMPLE domain to logged out:

hostname# clear user-identity active-user-database user-group SAMPLE\users1

Related Commands

Command	Description
clear configure user-identity	Clears the configuration for the Identity Firewall feature.
show user-identity user active	Displays the active users for the Identify Firewall.

clear user-identity ad-agent statistics

To clear the AD Agent statistics for the Identity Firewall, use the clear user-identity ad-agent statistics command in privileged EXEC mode.

clear user-identity ad-agent statistics

Syntax Description

This command has no arguments or keywords.

Defaults

No default behavior or values.

Command Modes

The following table shows the modes in which you can enter the command:

Command Mode	Firewall Mode		Security Context
	Routed	Transparent	Single	Multiple
				Context	System
Privileged EXEC	•	—	•	—	—

Command History

Release	Modification
8.4(2)	This command was introduced.

Usage Guidelines

The ASA maintains the following information about the primary and secondary AD Agents:

•Status of the AD Agents

•Status of the domains

•Statistics for the AD Agents

Use the clear user-identity ad-agent statistics command to clear the statistics data of AD Agents.

Examples

The following example clears the AD Agent statistics for the Identity Firewall:

hostname# clear user-identity ad-agent statistics

hostname# show user-identity ad-agent statistics

	Primary AD Agent                Total  Last Activity

	-------------------------  ----------  ------------------------

	Input packets:                      0  N/A

	Output packets:                     0  N/A

	Send updates:                       0  N/A

	Recv updates:                       0  N/A

	Keepalive failed:                   0  N/A

	Send update failed:                 0  N/A

	Query failed:                       0  N/A

	Secondary AD Agent              Total  Last Activity

	-------------------------  ----------  ------------------------

	Input packets:                      0  N/A

	Output packets:                     0  N/A

	Send updates:                       0  N/A

	Recv updates:                       0  N/A

	Keepalive failed:                   0  N/A

	Send update failed:                 0  N/A

	Query failed:                       0  N/A

Related Commands

Command	Description
clear configure user-identity	Clears the configuration for the Identity Firewall feature.
show user-identity ad-agent [statistics]	Displays statistical information about the AD Agent for the Identity Firewall.

clear user-identity statistics

To clear the counters used to display statistics about the Identity Firewall, use the clear user-identity statistics command in privileged EXEC mode.

clear user-identity statistics [user [domain_nickname\]use_rname] | user-group [domain_nickname\\]user_group_name]

Syntax Description

domain_nickname\\user_group_name	Specifies a user group for which to clear statistics. The group_name can contain any character including [a-z], [A-Z], [0-9], [!@#$%^&()-_{}. ]. If domain_NetBIOS_name\group_name contains a space, you must enclose the domain name and user name in quotation marks.
domain_nickname\use_rname	Specifies a user for which to clear statistics. The user_name can contain any character including [a-z], [A-Z], [0-9], [!@#$%^&()-_{}. ]. If domain_NetBIOS_name\user_name contains a space, you must enclose the domain name and user name in quotation marks.
user	Specifies to clear statistics for users.
user-group	Specifies to clear statistics for user groups.

Defaults

No default behavior or values.

Command Modes

The following table shows the modes in which you can enter the command:

Command Mode	Firewall Mode		Security Context
	Routed	Transparent	Single	Multiple
				Context	System
Privileged EXEC	•	—	•	—	—

Command History

Release	Modification
8.4(2)	This command was introduced.

Usage Guidelines

When domain_nickname is not specified before user_group_name, the ASA removes the Identity Firewall statistics for the group with user_group_name in the default domain.

When domain_nickname is not specified before user_name, the ASA removes the Identity Firewall statistics for the user with user_name in the default domain.

Examples

The following example clears the counters which are used to display statistics for a user group:

hostname# clear user-identity statistics user-group SAMPLE\users1

Related Commands

Command	Description
clear configure user-identity	Clears the configuration for the Identity Firewall feature.
show user-identity statistics	Displays statistics for a user or user group for the Identify Firewall.

clear user-identity user-not-found

To clear the ASA local user-not-found database for the Identity Firewall, use the clear user-identity user-not-found command in privileged EXEC mode.

clear user-identity user-not-found

Syntax Description

This command has no arguments or keywords.

Defaults

No default behavior or values.

Command Modes

The following table shows the modes in which you can enter the command:

Command Mode	Firewall Mode		Security Context
	Routed	Transparent	Single	Multiple
				Context	System
Privileged EXEC	•	—	•	—	—

Command History

Release	Modification
8.4(2)	This command was introduced.

Usage Guidelines

The ASA maintains a local user-not-found database of the IP addresses not found in Microsoft Active Directory. The ASA keeps only the last 1024 packets (contiguous packets from the same source IP address are treated as one packet) of the user-not-found list and not the entire list in the database.

User the clear user-identity user-not-found command to clear the local database on the ASA.

---

Tip Use the show user-identity user-not-found command to display the IP addresses of the users who are not found in Microsoft Active Directory.

---

Examples

The following example clears the local user-not-found database for the Identity Firewall:

hostname# show user-identity user-not-found

172.13.1.2

171.1.45.5

169.1.1.2

172.13.12

hostname# clear user-identity user-not-found

Related Commands

Command	Description
clear configure user-identity	Clears the configuration for the Identity Firewall feature.
show user-identity user-not-found	Displays the IP addresses of the Active Directory users not found in the ASA user-not-found database.

clear user-identity user no-policy-activated

To clear the local records on the ASA of users who are not activated for the Identity Firewall, use the clear user-identity user no-policy-activated command in privileged EXEC mode.

clear user-identity user no-policy-activated

Syntax Description

This command has no arguments or keywords.

Defaults

No default behavior or values.

Command Modes

The following table shows the modes in which you can enter the command:

Command Mode	Firewall Mode		Security Context
	Routed	Transparent	Single	Multiple
				Context	System
Privileged EXEC	•	—	•	—	—

Command History

Release	Modification
8.4(2)	This command was introduced.

Usage Guidelines

Use the clear user-identity user no-policy-activated to clear the local records of users not activated by any security policy, meaning the user is not part of an activated user group or not referenced in an access list or service policy configuration.

The clear user-identity user no-policy-activated command also clears the IP addresses of users who are active but not activated.

When you create a user group for the Identity Firewall, it must be activated, meaning the group is an import user group (defined as a user group in an access list or service policy configuration) or a local user group (defined in an object-group user).

Examples

The following example clears the local records on the ASA for users who are not activated:

hostname# clear user-identity user no-policy-activated

Related Commands

Command	Description
clear configure user-identity	Clears the configuration for the Identity Firewall feature.
show user-identity group	Displays the list of activated user groups for the Identity Firewall.

clear vpn-sessiondb statistics

To clear information about VPN sessions, including all statistics or specific sessions or protocols, use the clear vpn-sessiondb statistics command in privileged EXEC mode.

clear vpn-sessiondb {all | anyconnect | email-proxy | global | index index_number | ipaddress IPaddr | l2l | name username | protocol protocol | ra-ikev1-ipsec | tunnel-group name | vpn-lb | webvpn}

Syntax Description

all	Clears statistics for all sessions.
anyconnect	Clears statistics for AnyConnect VPN client sessions.
email-proxy	Clears statistics for e-mail proxy sessions.
global	Clears statistics for global session data.
index indexnumber	Clears statistics of a single session by index number. The output of the show vpn-sessiondb detail command displays index numbers for each session.
ipaddress IPaddr	Clears statistics for sessions of the IP address that you specify.
l2l	Clears stastistics for VPN LAN-to-LAN sessions.
protocol protocol	Clears statistics for the following protocols: •ikev1—Sessions using the IKEv1 protocol. •ikev2—Sessions using theIKEv2 protocol. •ipsec—IPsec sessions using either IKEv1 or IKEv2. •ipseclan2lan—IPsec LAN-to-LAN sessions. •ipseclan2lanovernatt—IPsec LAN-to-LAN over NAT-T sessions. •ipsecovernatt—IPsec over NAT-T sessions. •ipsecovertcp—IPsec over TCP sessions. •ipsecoverudp—IPsec over UDP sessions. •l2tpOverIpSec—L2TP over IPsec sessions. •l2tpOverIpsecOverNatT—L2TP over IPsec over NAT-T sessions. •ospfv3—OSPFv3 over IPsec sessions. •webvpn—Clientless SSL VPN sessions. •imap4s—IMAP4 sessions. •pop3s—POP3 sessions. •smtps—SMTP sessions. •anyconnectParent—AnyConnect client sessions, regardless of the protocol used for the session (terminates AnyConnect IPsec IKEv2 and SSL sessions). •ssltunnel—SSL VPN sessions, including AnyConnect sessions using SSL and clientless SSL VPN sessions. •dtlstunnel—AnyConnect client sessions with DTLS enabled.
ra-ikev1-ipsec	Clears statistics for IPsec IKEv1 sessions.
tunnel-group groupname	Clears statistics for sessions for the tunnel group (connection profile) that you specify.
vpn-lb	Clears statistics for VPN load balancing management sessions.
webvpn	Clears statistics for clientless SSL VPN sessions.

s

Defaults

There is no default behavior or values.

Command Modes

The following table shows the modes in which you can enter the command:

Command Mode	Firewall Mode		Security Context
	Routed	Transparent	Single	Multiple
				Context	System
Privileged EXEC	•	—	•		—

Command History

Release	Modification
8.4(1)	This command was introduced.

clear wccp

To reset WCCP information, use the clear wccp command in privileged EXEC mode.

clear wccp [web-cache | service_number]

Syntax Description

web-cache	Specifies the web-cache service.
service-number	A dynamic service identifier, which means the service definition is dictated by the cache. The dynamic service number can be from 0 to 255. There is a maximum allowable number of 256 that includes the web-cache service specified with the web-cache keyword.

Defaults

No default behavior or values.

Command Modes

The following table shows the modes in which you can enter the command:

Command Mode	Firewall Mode		Security Context
	Routed	Transparent	Single	Multiple
				Context	System
Privileged EXEC	•	•	•	•	—

Command History

Release	Modification
7.2(1)	This command was introduced.

Examples

The following example shows how to reset the WCCP information for the web-cache service:

hostname# clear wccp web-cache

Related Commands

Command	Description
show wccp	Displays the WCCP configuration.
wccp redirect	Enables support of WCCP redirection.

clear webvpn sso-server statistics

To reset the statistics from the WebVPN Single Sign-On (SSO) server, use the clear webvpn sso-server statistics command in privileged EXEC mode.

clear webvpn sso-server statistics servername

Syntax Description

servername

Specifies the name of the SSO server to be reset.

Defaults

No default behavior or values.

Command Modes

The following table shows the mode in which you can enter the command:

Command Mode	Firewall Mode		Security Context
	Routed	Transparent	Single	Multiple
				Context	System
Privileged EXEC	•	•	•		—

Command History

Release	Modification
8.0(2)	This command was introduced.

Usage Guidelines

This command does not reset the "pending requests" statistic.

Examples

The following example displays crypto accelerator statistics:

hostname # clear webvpn sso-server statistics

hostname # 

Related Commands

Command	Description
clear crypto accelerator statistics	Clears the global and accelerator-specific statistics in the crypto accelerator MIB.
clear crypto protocol statistics	Clears the protocol-specific statistics in the crypto accelerator MIB.
show crypto accelerator statistics	Displays the global and accelerator-specific statistics in the crypto accelerator MIB.
show crypto protocol statistics	Displays the protocol-specific statistics from the crypto accelerator MIB.

clear xlate

To clear current dynamic translation and connection information, use the clear xlate command in privileged EXEC mode.

clear xlate [global ip1[-ip2] [netmask mask]] [local ip1[-ip2] [netmask mask]]
[gport port1[-port2]] [lport port1[-port2]] [interface if_name] [state state]

Syntax Description

global ip1[-ip2]	(Optional) Clears the active translations by global IP address or range of addresses.
gport port1[-port2]	(Optional) Clears the active translations by the global port or range of ports.
interface if_name	(Optional) Displays the active translations by interface.
local ip1[-ip2]	(Optional) Clears the active translations by local IP address or range of addresses.
lport port1[-port2]	(Optional) Clears the active translations by local port or range of ports.
netmask mask	(Optional) Specifies the network mask to qualify the global or local IP addresses.
state state	(Optional) Clears the active translations by state. You can enter one or more of the following states: •static—Specifies static translations. •portmap—Specifies PAT global translations. •norandomseq—Specifies a nat or static translation with the norondomseq setting. •identity—Specifies nat 0 identity address translations. When specifying more than one state, separate the states with a space.

Defaults

No default behavior or values.

Command Modes

The following table shows the modes in which you can enter the command:

Command Mode	Firewall Mode		Security Context
	Routed	Transparent	Single	Multiple
				Context	System
Privileged EXEC	•	•	•	•	•

Command History

Release	Modification
7.0(1)	This command was introduced.

Usage Guidelines

The clear xlate command clears the contents of the translation slots ("xlate" refers to the translation slot). Translation slots can persist after key changes have been made. Always use the clear xlate command after adding, changing, or removing the global or nat commands in your configuration.

An xlate describes a NAT or PAT session. These sessions can be viewed with the show xlate command with the detail option. There are two types of xlates: static and dynamic.

A static xlate is a persistent xlate that is created using the static command. The clear xlate command does not clear for a host in a static entry. Static xlates can only be removed by removing the static command from the configuration; the clear xlate command does not remove the static translation rule. If you remove a static command from the configuration, preexisting connections that use the static rule can still forward traffic. Use the clear local-host or clear conn command to deactivate these connections.

A dynamic xlate is an xlate that is created on demand with traffic processing (through the nat or global command). The clear xlate command removes dynamic xlates and their associated connections. You can also use the clear local-host or clear conn command to clear the xlate and associated connections. If you remove a nat or a global command from the configuration, the dynamic xlate and associated connections may remain active. Use the clear xlate command to remove these connections.

Examples

The following example shows how to clear the current translation and connection slot information:

hostname# clear xlate global

Related Commands

Command	Description
clear local-host	Clears local host network information.
clear uauth	Clears cached user authentication and authorization information.
show conn	Displays all active connections.
show local-host	Displays the local host network information.
show xlate	Displays the current translation information.