-
Catalyst 6500 Series Switch and Cisco 7600 Series Router Firewall Services Module Command Reference, 4.0
-
About This Guide
-
Using the Command Line Interface
- A through B Commands
- C Commands
- D through F Commands
- G through I Commands
- J through L Commands
- M through O Commands
- P though R Commands
-
S Commands
-
same-security-traffic -- show asdm sessions
-
show asp drop -- show curpriv
-
show debug -- show ipv6 traffic
-
show isakmp sa -- show route
-
show running-config -- show running-config isakmp
-
show running-config logging -- show running-config vpn-sessiondb
-
show service-policy -- show xlate
-
shun -- sysopt uauth allow-http-cache
-
- T through Z Commands
-
Feedback
Table Of Contents
clear conn through clear xlate Commands
clear crypto accelerator statistics
clear crypto protocol statistics
clear ipv6 access-list counters
clear memory delayed-free-poisoner
clear service-policy inspect gtp
clear url-block block statistics
clear conn through clear xlate Commands
clear conn
To clear through-the-box connections based on the IP address, use the clear conn command in privileged EXEC mode.
Note
We recommend that you use the clear xlate command instead of clear conn; clear xlate has finer control of the connections cleared (including port specification), and is more reliable. The clear xlate command clears all connections, not just those with active translation sessions.
clear conn [{local | foreign} ip_address [netmask mask]]
Syntax Description
Defaults
Without any arguments, all through-the-box connections are cleared.
Command Modes
The following table shows the modes in which you can enter the command:
Privileged EXEC
•
•
•
•
—
Command History
Usage Guidelines
You cannot clear management (to-the-box) connections with this command.
When you make security policy changes to the configuration, do not use the clear conn command to ensure that all connections use the new security policy. The clear conn command causes the teardown of all connections established in the network processors (NPs); it does not affect the xlates and it does not clean up the connection database in the control plane. As a result, it may cause the NPs and PC to get out of sync. When you make a security policy change, all existing connections continue to use the policy that was configured at the time of the connection establishment. To ensure that all connections use the new policy, you need to disconnect the current connections so they can reconnect using the new policy. Use the clear xlate command to clear all connections (clear xlate clears all connections, not just those with translation sessions). clear xlate also enforces the PC side to flush its databases allowing the system to remain in sync. You can alternatively use the clear local-host command to clear connections per host.
Examples
The following example shows all connections, and then clears the connections where 10.61.98.215 is the foreign address:
hostname# show conn0 in use, 0 most usedNetwork Processor 1 connectionsTCP out 10.61.98.215:1935 in 172.23.204.14:443 idle 0:00:00 Bytes 60536 FLAGS - UBOITCP out 10.61.98.215:1938 in 172.23.204.14:443 idle 0:00:05 Bytes 61240 FLAGS - UBOITCP out 10.61.98.215:1961 in 172.23.204.14:443 idle 0:00:00 Bytes 3058 FLAGS - UBOINetwork Processor 2 connectionsMulticast sessions:Network Processor 1 connectionsNetwork Processor 2 connectionsIPv6 connectionshostname# clear conn foreign 10.61.98.215Related Commands
s
clear console-output
To remove the currently captured console output, use the clear console-output command in privileged EXEC mode.
clear console-output
Syntax Description
This command has no arguments or keywords.
Defaults
No default behavior or values.
Command Modes
The following table shows the modes in which you can enter the command:
Privileged EXEC
•
•
•
•
•
Command History
Usage Guidelines
The FWSM automatically captures output destined for the internal console port. Do not use the internal console port unless you are advised to do so by Cisco TAC.
Examples
The following example shows how to remove the currently captured console output:
hostname# clear console-outputRelated Commands
clear counters
To clear the protocol stack counters, use the clear counters command in global configuration mode.
clear counters [all | context context-name | summary | top n ] [detail] [protocol protocol_name[:counter_name]] [threshold n]
Syntax Description
Defaults
By default, the FWSM clears all counters.
Command Modes
The following table shows the modes in which you can enter the command:
Global configuration
•
•
•
—
•
Command History
Examples
The following example shows how to clear the protocol stack counters:
hostname(config)# clear countersRelated Commands
show counters
Displays the protocol stack counters.
show counters description
Shows a list of protocol counters.
clear crashinfo
To delete the contents of the crash file in Flash memory, enter the clear crashinfo command in privileged EXEC mode.
clear crashinfo
Syntax Description
This command has no arguments or keywords.
Defaults
No default behaviors or values.
Command Modes
The following table shows the modes in which you can enter the command:
Privileged EXEC
•
•
•
—
•
Command History
Examples
The following example shows how to delete the crash file:
hostname# clear crashinfoRelated Commands
clear crypto accelerator statistics
To clear the global and accelerator-specific statistics from the crypto accelerator MIB, use the clear crypto accelerator statistics command in privileged EXEC mode.
clear crypto accelerator statistics
Syntax Description
This command has no arguments or keywords.
Defaults
No default behavior or values.
Command Modes
The following table shows the mode in which you can enter the command:
Privileged EXEC
•
•
•
•
—
Command History
Examples
The following example entered in global configuration mode, displays crypto accelerator statistics:
hostname(config)# clear crypto accelerator statisticshostname(config)#Related Commands
clear crypto ca crls
To remove the CRL cache of all CRLs associated with a specified trustpoint or to remove the CRL cache of all CRLs, use the clear crypto ca crls command in global configuration mode.
clear crypto ca crls [trustpointname]
Syntax Description
trustpointname
(Optional) The name of a trustpoint. If you do not specify a name, this command clears all CRLs cached on the system.
Defaults
No default behavior or values.
Command Modes
The following table shows the modes in which you can enter the command:
Global configuration
•
•
•
•
—
Command History
Examples
The following example issued in global configuration mode, removes all of the CRL cache from all CRLs from the FWSM:
hostname(config)# clear crypto ca crlshostname(config)#Related Commands
crypto ca crl request
Downloads the CRL based on the CRL configuration of the trustpoint.
show crypto ca crls
Displays all cached CRLs or CRLs cached for a specified trustpoint.
clear crypto protocol statistics
To clear the protocol-specific statistics in the crypto accelerator MIB, use the clear crypto protocol statistics command in privileged EXEC mode.
clear crypto protocol statistics protocol
Syntax Description
Defaults
No default behavior or values.
Command Modes
The following table shows the mode in which you can enter the command:
Privileged EXEC
•
•
•
•
—
Command History
Examples
The following example entered in global configuration mode, clears all crypto accelerator statistics:
hostname(config)# clear crypto protocol statistics allhostname(config)#Related Commands
clear dhcprelay statistics
To clear the DHCP relay statistic counters, use the clear dhcprelay statistics command in privileged EXEC mode.
clear dhcprelay statistics
Syntax Description
This command has no arguments or keywords.
Defaults
No default behavior or values.
Command Modes
The following table shows the modes in which you can enter the command:
Privileged EXEC
•
—
•
•
—
Command History
Usage Guidelines
The clear dhcprelay statistics command only clears the DHCP relay statistic counters. To clear the entire DHCP relay configuration, use the clear configure dhcprelay command.
Examples
The following example shows how to clear the DHCP relay statistics:
hostname# clear dhcprelay statisticshostname#Related Commands
clear dns-hosts cache
To clear the DNS cache, use the clear dns-hosts cache command in privileged EXEC mode. This command does not clear static entries you added with the name command.
clear dns-hosts cache
Syntax Description
This command has no arguments or keywords.
Defaults
No default behavior or values.
Command Modes
The following table shows the modes in which you can enter the command:
Privileged EXEC
•
•
•
•
—
Command History
Examples
The following example clears the DNS cache:
hostname# clear dns-hosts cacheRelated Commands
clear eigrp events
To clear the EIGRP event log, use the clear eigrp events command in privileged EXEC mode.
clear eigrp [as-number] events
Syntax Description
Defaults
No default behaviors or values.
Command Modes
The following table shows the modes in which you can enter the command:
Privileged EXEC
•
—
•
—
—
Command History
Usage Guidelines
You can use the show eigrp events command to view the EIGRP event log.
Examples
The following example clears the EIGRP event log:
hostname# clear eigrp eventsRelated Commands
clear eigrp neighbors
To delete entries from the EIGRP neighbor table, use the clear eigrp neighbors command in privileged EXEC mode.
clear eigrp [as-number] neighbors [ip-addr | if-name] [soft]
Syntax Description
Defaults
If you do not specify a neighbor IP address or an interface name, all dynamic entries are removed from the neighbor table.
Command Modes
The following table shows the modes in which you can enter the command:
Privileged EXEC
•
—
•
—
—
Command History
Usage Guidelines
The clear eigrp neighbors command does not remove neighbors defined using the neighbor command from the neighbor table. Only dynamically-discovered neighbors are removed.
You can use the show eigrp neighbors command to view the EIGRP neighbor table.
Examples
The following example removes all entries from the EIGRP neighbor table:
hostname# clear eigrp neighborsThe following example removes all entries learned through the interface named "outside" from the EIGRP neighbor table:
hostname# clear eigrp neighbors outsideRelated Commands
clear eigrp topology
To delete entries from the EIGRP topology table, use the clear eigrp topology command in privileged EXEC mode.
clear eigrp [as-number] topology ip-addr [mask]
Syntax Description
Defaults
No default behaviors or values.
Command Modes
The following table shows the modes in which you can enter the command:
Privileged EXEC
•
—
•
—
—
Command History
Usage Guidelines
This command clears existing EIGRP entries from the EIGRP topology table. You can use the show eigrp topology command to view the topology table entries.
Examples
The following example removes entries in the 192.168.1.0 network from EIGRP topology table:
hostname# clear eigrp topology 192.168.1.0 255.255.255.0Related Commands
clear failover statistics
To clear the failover statistic counters, use the clear failover statistics command in privileged EXEC mode.
clear failover statistics
Syntax Description
This command has no arguments or keywords.
Defaults
No default behavior or values.
Command Modes
The following table shows the modes in which you can enter the command:
Privileged EXEC
•
•
•
•
•
Command History
Usage Guidelines
This command clears the statistics displayed with the show failover statistics command and the counters in the Stateful Failover Logical Update Statistics section of the show failover command output. To remove the failover configuration, use the clear configure failover command.
Examples
The following example shows how to clear the failover statistic counters:
hostname# clear failover statisticshostname#Related Commands
debug fover
Displays failover debug information.
show failover
Displays information about the failover configuration and operational statistics.
clear fragment
To clear the operational data of the IP fragment reassembly module, enter the clear fragment command in privileged EXEC mode.
clear fragment {queue | statistics} [interface]
Syntax Description
interface
(Optional) Specifies the FWSM interface.
queue
Clears the IP fragment reassembly queue.
statistics
Clears the IP fragment reassembly statistics.
Defaults
If an interface is not specified, the command applies to all interfaces.
Command Modes
The following table shows the modes in which you can enter the command:
Privileged EXEC
•
•
•
•
—
Command History
Usage Guidelines
This command clears either the currently queued fragments that are waiting for reassembly (if the queue keyword is entered) or clears all IP fragment reassembly statistics (if the statistics keyword is entered). The statistics are the counters, which tell how many fragments chains were successfully reassembled, how many chains failed to be reassembled, and how many times the maximum size was crossed resulting in overflow of the buffer.
Examples
The following example shows how to clear the operational data of the IP fragment reassembly module:
hostname# clear fragment queueRelated Commands
clear gc
To remove the garbage collection process statistics, use the clear gc command in privileged EXEC mode.
clear gc
Syntax Description
This command has no arguments or keywords.
Defaults
No default behaviors or values.
Command Modes
The following table shows the modes in which you can enter the command:
Privileged EXEC
•
•
•
—
•
Command History
Examples
The following example shows how to remove the garbage collection process statistics:
hostname# clear gcRelated Commands
clear igmp counters
To clear all IGMP counters, use the clear igmp counters command in privileged EXEC mode.
clear igmp counters [if_name]
Syntax Description
if_name
The interface name, as specified by the nameif command. Including an interface name with this command causes only the counters for the specified interface to be cleared.
Defaults
No default behavior or values.
Command Modes
The following table shows the modes in which you can enter the command:
Privileged EXEC
•
—
•
—
—
Command History
Examples
The following example clears the IGMP statistical counters:
hostname# clear igmp countersRelated Commands
clear igmp group
Clears discovered groups from the IGMP group cache.
clear igmp traffic
Clears the IGMP traffic counters.
clear igmp group
To clear discovered groups from the IGMP group cache, use the clear igmp command in privileged EXEC mode.
clear igmp group [group | interface name]
Syntax Description
Defaults
No default behavior or values.
Command Modes
The following table shows the modes in which you can enter the command:
Privileged EXEC
•
—
•
—
—
Command History
Usage Guidelines
If you do not specify a group or an interface, all groups are cleared from all interfaces. If you specify a group, only the entries for that group are cleared. If you specify an interface, then all groups on that interface are cleared. If you specify both a group and an interface, only the specified groups on the specified interface are cleared.
This command does not clear statically configured groups.
Examples
The following example shows how to clear all discovered IGMP groups from the IGMP group cache:
hostname# clear igmpRelated Commands
clear igmp counters
Clears all IGMP counters.
clear igmp traffic
Clears the IGMP traffic counters.
clear igmp traffic
To clear the IGMP traffic counters, use the clear igmp traffic command in privileged EXEC mode.
clear igmp traffic
Syntax Description
This command has no arguments or keywords.
Defaults
No default behavior or values.
Command Modes
The following table shows the modes in which you can enter the command:
Privileged EXEC
•
—
•
—
—
Command History
Examples
The following example clears the IGMP statistical traffic counters:
hostname# clear igmp trafficRelated Commands
clear igmp group
Clears discovered groups from the IGMP group cache.
clear igmp counters
Clears all IGMP counters.
clear interface
To clear interface statistics, use the clear interface command in privileged EXEC mode.
clear interface [mapped_name | interface_name]
Syntax Description
Defaults
By default, this command clears all interface statistics.
Command Modes
The following table shows the modes in which you can enter the command:
Privileged EXEC
•
•
•
•
•
Command History
Usage Guidelines
The clear interface command clears all interface statistics except the number of input bytes. See the show interface command for detail about interface statistics.
If an interface is shared among contexts, and you enter this command within a context, the FWSM clears only statistics for the current context. If you enter this command in the system execution space, the FWSM clears the combined statistics.
You cannot use the interface name in the system execution space, because the nameif command is only available within a context. Similarly, if you mapped the interface ID to a mapped name using the allocate-interface command, you can only use the mapped name in a context.
Examples
The following example clears all interface statistics:
hostname# clear interfaceRelated Commands
clear ip bgp
To reset BGP connections to the neighbor and reset connection counters, use the clear ip bgp command in privileged EXEC mode.
clear ip bgp neighbor-addr
Syntax Description
Defaults
No default behavior or values.
Command Modes
The following table shows the modes in which you can enter the command:
Privileged EXEC
•
—
•
•
—
1 This command is only available in the admin context.
Command History
Usage Guidelines
In multiple context mode, this command is only available in the admin context. The admin context must be in routed mode. The BGP stub routing configuration entered in the admin context applies to all contexts configured on the device; you cannot configure BGP stub routing on a per-context basis.
Examples
The following example resets the connection to the BGP neighbor with the address 10.1.1.1 and clears the associated statistical counters:
hostname# clear ip bgp 10.1.1.1Related Commands
clear configure router
Clears the router commands from the running configuration.
show ip bgp summary
Displays general information about the BGP routing process.
clear ip verify statistics
To clear the Unicast RPF statistics, use the clear ip verify statistics command in privileged EXEC mode. See the ip verify reverse-path command to enable Unicast RPF.
clear ip verify statistics [interface interface_name]
Syntax Description
Defaults
No default behavior or values.
Command Modes
The following table shows the modes in which you can enter the command:
Privileged EXEC
•
—
•
•
—
Command History
Examples
The following example clears the Unicast RPF statistics:
hostname# clear ip verify statisticsRelated Commands
clear ipsec sa
To clear IPSec SAs entirely or based on specified parameters, use the clear ipsec sa command in privileged EXEC mode. You can also use an alternate form, clear crypto ipsec sa.
clear ipsec sa [counters | entry peer-addr protocol spi | peer peer-addr | map map-name]
Syntax Description
Defaults
No default behavior or values.
Command Modes
The following table shows the modes in which you can enter the command:
Privileged EXEC
•
•
•
•
—
Command History
Examples
The following example clears all IPSec SA counters:
hostname# clear ipsec sa countershostname#Related Commands
show ipsec sa
Displays IPSec SAs based on specified parameters.
show ipsec stats
Displays global IPSec statistics from the IPSec flow MIB.
clear ipv6 access-list counters
To clear the IPv6 access list statistical counters, use the clear ipv6 access-list counters command in privileged EXEC mode.
clear ipv6 access-list id counters
Syntax Description
Defaults
No default behavior or values.
Command Modes
The following table shows the modes in which you can enter the command:
Privileged EXEC
•
—
•
•
—
Command History
Examples
The following example shows how to clear the statistical data for the IPv6 access list 2:
hostname# clear ipv6 access-list 2 countershostname#Related Commands
clear ipv6 neighbors
To clear the IPv6 neighbor discovery cache, use the clear ipv6 neighbors command in privileged EXEC mode.
clear ipv6 neighbors
Syntax Description
This command has no arguments or keywords.
Defaults
No default behavior or values.
Command Modes
The following table shows the modes in which you can enter the command:
Privileged EXEC
•
—
•
•
—
Command History
Usage Guidelines
This command deletes all discovered IPv6 neighbor from the cache; it does not remove static entries.
Examples
The following example deletes all entries, except static entries, in the IPv6 neighbor discovery cache:
hostname# clear ipv6 neighborshostname#Related Commands
ipv6 neighbor
Configures a static entry in the IPv6 discovery cache.
show ipv6 neighbor
Displays IPv6 neighbor cache information.
clear ipv6 traffic
To reset the IPv6 traffic counters, use the clear ipv6 traffic command in privileged EXEC mode.
clear ipv6 traffic
Syntax Description
This command has no arguments or keywords.
Defaults
No default behavior or values.
Command Modes
The following table shows the modes in which you can enter the command:
Privileged EXEC
•
—
•
•
—
Command History
Usage Guidelines
This command resets the counters in the output from the show ipv6 traffic command.
Examples
The following example resets the IPv6 traffic counters. The output from the ipv6 traffic command shows that the counters are reset.
hostname# clear ipv6 traffichostname# show ipv6 trafficIPv6 statistics:Rcvd: 1 total, 1 local destination0 source-routed, 0 truncated0 format errors, 0 hop count exceeded0 bad header, 0 unknown option, 0 bad source0 unknown protocol, 0 not a router0 fragments, 0 total reassembled0 reassembly timeouts, 0 reassembly failuresSent: 1 generated, 0 forwarded0 fragmented into 0 fragments, 0 failed0 encapsulation failed, 0 no route, 0 too bigMcast: 0 received, 0 sentICMP statistics:Rcvd: 1 input, 0 checksum errors, 0 too short0 unknown info type, 0 unknown error typeunreach: 0 routing, 0 admin, 0 neighbor, 0 address, 0 portparameter: 0 error, 0 header, 0 option0 hopcount expired, 0 reassembly timeout,0 too big0 echo request, 0 echo reply0 group query, 0 group report, 0 group reduce0 router solicit, 0 router advert, 0 redirects0 neighbor solicit, 1 neighbor advertSent: 1 outputunreach: 0 routing, 0 admin, 0 neighbor, 0 address, 0 portparameter: 0 error, 0 header, 0 option0 hopcount expired, 0 reassembly timeout,0 too big0 echo request, 0 echo reply0 group query, 0 group report, 0 group reduce0 router solicit, 0 router advert, 0 redirects0 neighbor solicit, 1 neighbor advertUDP statistics:Rcvd: 0 input, 0 checksum errors, 0 length errors0 no port, 0 droppedSent: 0 outputTCP statistics:Rcvd: 0 input, 0 checksum errorsSent: 0 output, 0 retransmittedRelated Commands
clear isakmp sa
To remove all of the IKE runtime SA database, use the clear isakmp sa command in privileged EXEC mode.
clear isakmp sa
Syntax Description
This command has no keywords or arguments.
Defaults
No default behavior or values.
Command Modes
The following table shows the modes in which you can enter the command:
Privileged EXEC
•
•
•
•
—
Command History
Examples
The following example removes the IKE runtime SA database from the configuration:
hostname(config)# clear isakmp sahostname(config)#Related Commands
clear local-host
To remove network connections, use the clear local-host command in privileged EXEC mode.
clear local-host [ip_address] [all]
Note
Syntax Description
all
(Optional) Clears all connections, except for those directly to the FWSM and from the FWSM.
ip_address
(Optional) Specifies the host IP address for which you want to clear connections.
Defaults
No default behaviors or values.
Command Modes
The following table shows the modes in which you can enter the command:
Privileged EXEC
•
•
•
•
—
Command History
Examples
The following example clears all connections from 10.1.1.15:
hostname# clear local-host 10.1.1.15Related Commands
clear logging asdm
To clear the ASDM logging buffer, use the clear logging asdm command in privileged EXEC mode.
clear logging asdm
Syntax Description
This command has no arguments or keywords.
Defaults
No default behavior or values.
Command Modes
The following table shows the modes in which you can enter the command:
Privileged EXEC
•
•
•
•
•
Command History
3.1(1)
This command was changed from the show pdm logging command to the show asdm log command.
Usage Guidelines
ASDM syslog messages are stored in a separate buffer from the FWSM syslog messages. Clearing the ASDM logging buffer only clears the ASDM syslog messages, it does not clear the FWSM system messages. To view the ASDM system log messages, use the show asdm log command.
Examples
The following example clears the ASDM logging buffer:
hostname(config)# clear logging asdmhostname(config)#Related Commands
clear logging buffer
To clear the logging buffer, use the clear logging buffer command in global configuration mode.
clear logging buffer
Syntax Description
This command has no arguments or keywords.
Defaults
No default behavior or values.
Command Modes
The following table shows the modes in which you can enter the command:
Global configuration
·
·
·
·
·
Command History
Examples
The following example shows how to remove all syslog messages from the internal log buffer:
hostname #clear logging bufferRelated Commands
clear mac-address-table
To clear dynamic MAC address table entries, use the clear mac-address-table command in privileged EXEC mode.
clear mac-address-table [interface_name]
Syntax Description
Defaults
No default behavior or values.
Command Modes
The following table shows the modes in which you can enter the command:
Privileged EXEC
—
•
•
•
—
Command History
Examples
The following example clears the dynamic MAC address table entries:
hostname# clear mac-address-tableRelated Commands
clear memory delayed-free-poisoner
To clear the delayed free-memory poisoner tool queue and statistics, use the clear memory delayed-free-poisoner command in privileged EXEC mode.
clear memory delayed-free-poisoner
Syntax Description
This command has no arguments or keywords.
Defaults
No default behaviors or values.
Command Modes
The following table shows the modes in which you can enter the command:
Privileged EXEC
•
•
•
—
•
Command History
Usage Guidelines
The clear memory delayed-free-poisoner command returns all memory held in the delayed free-memory poisoner tool queue to the system without validation and clears the related statistical counters.
Examples
The following example clears the delayed free-memory poisoner tool queue and statistics:
hostname# clear memory delayed-free-poisonerRelated Commands
clear memory profile
To clear the memory buffers held by the memory profiling function, use the clear memory profile command in privileged EXEC mode.
clear memory profile [peak]
Syntax Description
Defaults
Clears the current "in use" profile buffer by default.
Command Modes
The following table shows the modes in which you can enter the command:
Privileged EXEC
•
•
—
•
•
Command History
Usage Guidelines
The clear memory profile command releases the memory buffers held by the profiling function and therefore requires that profiling stop before it is cleared.
Examples
The following example clears the memory buffers held by the profiling function:
hostname# clear memory profileRelated Commands
clear mfib counters
To clear MFIB router packet counters, use the clear mfib counters command in privileged EXEC mode.
clear mfib counters [group [source]]
Syntax Description
group
(Optional) IP address of the multicast group.
source
(Optional) IP address of the multicast route source. This is a unicast IP address in four-part dotted-decimal notation.
Defaults
When this command is used with no arguments, route counters for all routes are cleared.
Command Modes
The following table shows the modes in which you can enter the command:
Privileged EXEC
•
—
•
—
—
Command History
Examples
The following example clears all MFIB route counters:
hostname# clear mfib route countersRelated Commands
clear ospf
To clear OSPF process information, use the clear ospf command in privileged EXEC mode.
clear ospf [pid] {process | counters [neighbor [neighbor-intf] [neighbr-id]]}
Syntax Description
Defaults
No default behavior or values.
Command Modes
The following table shows the modes in which you can enter the command:
Privileged EXEC
•
—
•
—
—
Command History
Usage Guidelines
This command does not remove any part of the configuration. Use the no form of the configuration commands to clear specific commands from the configuration or use the clear configure router ospf command to remove all global OSPF commands from the configuration.
Note
Examples
The following example shows how to clear the OSPF process counters:
hostname# clear ospf processRelated Commands
clear configure router
Clears all global router commands from the running configuration.
clear pim counters
To clear the PIM traffic counters, use the clear pim counters command in privileged EXEC mode.
clear pim counters
Syntax Description
This command has no arguments or keywords.
Defaults
No default behavior or values.
Command Modes
The following table shows the modes in which you can enter the command:
Privileged EXEC
•
—
•
—
—
Command History
Usage Guidelines
This command only clears the traffic counters. To clear the PIM topology table, use the clear pim topology command.
Examples
The following example clears the PIM traffic counters:
hostname# clear pim countersRelated Commands
clear pim reset
Forces MRIB synchronization through reset.
clear pim topology
Clears the PIM topology table.
show pim traffic
Displays the PIM traffic counters.
clear pim reset
To force MRIB synchronization through reset, use the clear pim reset command in privileged EXEC mode.
clear pim reset
Syntax Description
This command has no arguments or keywords.
Defaults
No default behavior or values.
Command Modes
The following table shows the modes in which you can enter the command:
Privileged EXEC
•
—
•
—
—
Command History
Usage Guidelines
All information from the topology table is cleared and the MRIB connection is reset. This command can be used to synchronize state between the PIM topology table and the MRIB database.
Examples
The following example clears the topology table and resets the MRIB connection:
hostname# clear pim resetRelated Commands
clear pim counters
Clears PIM counters and statistics.
clear pim topology
Clears the PIM topology table.
clear pim counters
Clears PIM traffic counters.
clear pim topology
To clear the PIM topology table, use the clear pim topology command in privileged EXEC mode.
clear pim topology [group]
Syntax Description
group
(Optional) Specifies the multicast group address or name to be deleted from the topology table.
Defaults
Without the optional group argument, all entries are cleared from the topology table.
Command Modes
The following table shows the modes in which you can enter the command:
Privileged EXEC
•
—
•
—
—
Command History
Usage Guidelines
This command clears existing PIM routes from the PIM topology table. Information obtained from the MRIB table, such as IGMP local membership, is retained. If a multicast group is specified, only those group entries are cleared.
Examples
The following example clears the PIM topology table:
hostname# clear pim topologyRelated Commands
clear pim counters
Clears PIM counters and statistics.
clear pim reset
Forces MRIB synchronization through reset.
clear pim counters
Clears PIM traffic counters.
clear resource usage
To clear resource usage statistics, use the clear resource usage command in privileged EXEC mode.
clear resource usage [context context_name | all | summary] [resource {resource_name | all}]
Syntax Description
Defaults
For multiple context mode, the default context is all, which clears resource usage for every context. For single mode, the context name is ignored and all resource statistics are cleared.
The default resource name is all, which clears all resource types.
Command Modes
The following table shows the modes in which you can enter the command:
Privileged EXEC
•
•
•
—
•
Command History
Examples
The following example clears all resource usage statistics:
hostname# clear resource usageRelated Commands
context
Adds a security context.
show resource types
Shows a list of resource types.
show resource usage
Shows the resource usage of the FWSM.
clear route
To remove dynamically learned routes from the routing table, use the clear route command in privileged EXEC mode.
clear route [statistics]
Syntax Description
Defaults
No default behavior or values.
Command Modes
The following table shows the modes in which you can enter the command:
Privileged EXEC
•
•
•
•
—
Command History
Examples
The following example shows how to remove dynamically learned routes:
hostname# clear routeRelated Commands
route
Specifies a static or default route for the an interface.
show route
Displays route information.
show running-config route
Displays configured routes.
clear service-policy
To clear operational data or statistics (if any) for enabled policies, use the clear service-policy command in privileged EXEC mode. To clear service policy startistics for inspection engines, see the clear service-policy inspect commands.
clear service-policy [global | interface intf ]
Syntax Description
global
(Optional) Clears the statistics of the global service policy.
interface intf
(Optional) Clears the service policy statistics of a specific interface.
Defaults
By default, this command clears all the statistics for all enabled service policies.
Command Modes
The following table shows the modes in which you can enter the command:
Privileged EXEC
•
•
•
•
—
Command History
Examples
The following example shows the syntax of the clear service-policy command:
hostname# clear service-policy outside_security_map interface outsideRelated Commands
clear service-policy inspect gtp
To clear global GTP statistics, use the clear service-policy inspect gtp command in privileged EXEC mode.
clear service-policy inspect gtp {pdp-context [all | apn ap_name | imsi IMSI_value | ms-addr IP_address | tid tunnel_ID | version version_num] | requests | statistics [gsn IP_address] }
Syntax Description
.
Defaults
No default behavior or values.
Command Modes
The following table shows the modes in which you can enter the command:
Privileged EXEC
•
•
•
•
•
Command History
Usage Guidelines
The Packet Data Protocol context is identified by the tunnel ID, which is a combination of IMSI and NSAPI. A GTP tunnel is defined by two associated PDP Contexts in different GSN nodes and is identified with a tunnel ID. A GTP tunnel is necessary to forward packets between an external packet data network and a mobile station (MS) user.
Examples
The following example clears GTP statistics:
hostname# clear service-policy inspect gtp statisticsRelated Commands
clear shun
To disable all the shuns that are currently enabled and clear the shun statistics, use the clear shun command in privileged EXEC mode.
clear shun [statistics]
Syntax Description
Defaults
No default behavior or values.
Command Modes
The following table shows the modes in which you can enter the command:
Privileged EXEC
•
•
•
•
—
Command History
Examples
The following example shows how to disable all the shuns that are currently enabled and clear the shun statistics:
hostname(config)# clear shunRelated Commands
shun
Enables a dynamic response to an attacking host by preventing new connections and disallowing packets from any existing connection.
show shun
Displays the shun information.
clear sunrpc-server active
To clear the pinholes opened by Sun RPC application inspection, use the clear sunrpc-server active command in global configuration mode.
clear sunrpc-server active
Defaults
No default behavior or values.
Command Modes
The following table shows the modes in which you can enter the command:
Global configuration
•
•
•
•
—
Command History
2.2(1)
Support for this command was introduced.
3.1(1)
This command was changed from clear rpc-server.
Usage Guidelines
Use the clear sunrpc-server active command to clear the pinholes opened by Sun RPC application inspection that allow service traffic, such as NFS or NIS, to pass through the FWSM.
Examples
The following example shows how to clear the SunRPC services table:
hostname(config)# clear sunrpc-serverRelated Commands
clear traffic
To reset the counters for transmit and receive activity, use the clear traffic command in privileged EXEC mode.
clear traffic
Syntax Description
This command has no arguments or keywords.
Defaults
No default behavior or values.
Command Modes
The following table shows the modes in which you can enter the command:
Privileged EXEC
•
•
•
•
—
Command History
Usage Guidelines
The clear traffic command resets the counters for transmit and receive activity that is displayed with the show traffic command.
Examples
The following example shows the clear traffic command:
hostname# clear trafficRelated Commands
clear uauth
To delete all the cached authentication and authorization information for a user or for all users, use the clear uauth command in privileged EXEC mode.
clear uauth [username]
Syntax Description
Defaults
Omitting username deletes the authentication and authorization information for all users.
Command Modes
The following table shows the modes in which you can enter the command:
Privileged EXEC
•
•
—
—
•
Command History
Usage Guidelines
The clear uauth command deletes the AAA authorization and authentication caches for one user or for all users, which forces the user or users to reauthenticate the next time that they create a connection.
This command is used with the timeout command.
Each user host IP address has an authorization cache attached to it. If the user attempts to access a service that has been cached from the correct host, the FWSM considers it preauthorized and immediately proxies the connection. Once you are authorized to access a website, for example, the authorization server is not contacted for each image as it is loaded (assuming the images come from the same IP address). This process significantly increases performance and reduces the load on the authorization server.
The cache allows up to 16 address and service pairs for each user host.
Note
Use the timeout uauth command to specify how long the cache should be kept after the user connections become idle. Use the clear uauth command to delete all the authorization caches for all the users, which will cause them to have to reauthenticate the next time that they create a connection.
Examples
The following example shows how to cause the user user1 to reauthenticate:
hostname(config)# clear uauth user1Related Commands
clear url-block block statistics
To clear the block buffer usage counters, use the clear url-block block statistics command in privileged EXEC mode.
clear url-block block statistics
Syntax Description
This command has no arguments or keywords.
Defaults
No default behavior or values.
Command Modes
The following table shows the modes in which you can enter the command:
Privileged EXEC
•
•
•
•
•
Command History
1.1(1)
The clear url-block command was introduced.
3.1(1)
This command was changed from clear url-block.
Usage Guidelines
The clear url-block block statistics command clears the block buffer usage counters, except for the
hostname #counter.Examples
The following example clears the URL block statistics and displays the status of the counters after clearing:
hostname# clear url-block block statisticshostname# show url-block block statisticsURL Pending Packet Buffer Stats with max block 0-----------------------------------------------------Cumulative number of packets held: 0Maximum number of packets held (per URL): 0Current number of packets held (global): 38Packets dropped due to| exceeding url-block buffer limit: 0| HTTP server retransmission: 0Number of packets released back to client: 0Related Commands
clear url-cache statistics
To remove url-cache command statements from the configuration, use the clear url-cache command in privileged EXEC mode.
clear url-cache statistics
Syntax Description
This command has no arguments or keywords.
Defaults
No default behavior or values.
Command Modes
The following table shows the modes in which you can enter the command:
Privileged EXEC
•
•
•
•
•
Command History
1.1(1)
The clear url-cache command was introduced.
3.1(1)
This command was changed from clear url-cache.
Usage Guidelines
The clear url-cache command removes url-cache statistics from the configuration.
Using the URL cache does not update the Websense accounting logs for Websense protocol Version 1. If you are using Websense protocol Version 1, let Websense run to accumulate logs so that you can view the Websense accounting information. After you get a usage profile that meets your security needs, enter the url-cache command to increase throughput. Accounting logs are updated for Websense protocol Version 4 and for N2H2 URL filtering while using the url-cache command.
Examples
The following example clears the URL cache statistics:
hostname# clear url-cache statisticsRelated Commands
clear url-server
To clear URL filtering server statistics, use the clear url-server command in privileged EXEC mode.
clear url-server statistics
Syntax Description
This command has no arguments or keywords.
Defaults
No default behavior or values.
Command Modes
The following table shows the modes in which you can enter the command:
Privileged EXEC
•
•
•
•
•
Command History
1.1(1)
The clear url-server command was introduced.
3.1(1)
This command was changed from clear url-server.
Usage Guidelines
The clear url-server command removes URL filtering server statistics from the configuration.
Examples
The following example clears the URL server statistics:
hostname# clear url-server statisticsRelated Commands
clear xlate
To clear current translation and connection information, and to clear all connections, not just those that have active xlates, use the clear xlate command in privileged EXEC mode.
clear xlate [global ip1[-ip2] [netmask mask]] [local ip1[-ip2] [netmask mask]]
[gport port1[-port2]] [lport port1[-port2]] [interface if_name] [state state]Syntax Description
Defaults
No default behavior or values.
Command Modes
The following table shows the modes in which you can enter the command:
Privileged EXEC
•
•
•
•
—
Command History
Usage Guidelines
The clear xlate command clears the contents of the translation slots ("xlate" refers to the translation slot). Translation slots can persist after key changes have been made.
The clear xlate command clears all connections, even when xlate-bypass is enabled and when a connection does not have an xlate.
When you make security policy changes to the configuration, use the clear xlate command to ensure that all connections use the new security policy. When you make a security policy change, all existing connections continue to use the policy that was configured at the time of the connection establishment. To ensure that all connections use the new policy, you need to disconnect the current connections so they can reconnect using the new policy. clear xlate also enforces the PC side to flush its databases allowing the system to remain in sync. You can alternatively use the clear local-host command to clear connections per host. Do not use the clear conn command to clear all connections; it can cause the network processors (NPs) to get out of sync with with the PC.
An xlate describes a NAT or PAT session. These sessions can be viewed with the show xlate command with the detail option. There are two types of xlates: static and dynamic.
A static xlate is a persistent xlate that is created using the static command. A dynamic xlate is an xlate that is created on demand with traffic processing (through the nat or global command).
Examples
The following example shows how to clear the current translation and connection slot information:
hostname# clear xlate globalRelated Commands
