Cisco ASA Series Command Reference, A - H Commands
clear local-host -- clear xlate
Downloads: This chapterpdf (PDF - 540.0KB) The complete bookPDF (PDF - 9.37MB) | The complete bookePub (ePub - 770.0KB) | The complete bookMobi (Mobi - 818.0KB) | Feedback

Table of Contents

clear local-host through clear xlate Commands

clear local-host

clear logging asdm

clear logging buffer

clear logging queue bufferwrap

clear mac-address-table

clear mdm-proxy statistics

clear memory delayed-free-poisoner

clear memory profile

clear mfib counters

clear module

clear nac-policy

clear nat counters

clear object-group

clear ospf

clear pclu

clear phone-proxy secure-phones

clear pim counters

clear pim reset

clear pim topology

clear priority-queue statistics

clear process

clear resource usage

clear route all

clear local-host through clear xlate Commands

clear local-host

To reinitalize per-client run-time states such as connection limits and embryonic limits, use the clear local-host command in privileged EXEC mode. t

clear local-host [ ip_address ] [ all ]

 
Syntax Description

all

(Optional) Clears all connections, including to-the-box traffic. Without the all keyword, only through-the-box traffic is cleared.

ip_address

(Optional) Specifies the local host IP address.

 
Defaults

Clears all through-the-box run-time states.

 
Command Modes

The following table shows the modes in which you can enter the command:

 

Command Mode
Firewall Mode
Security Context
Routed
Transparent
Single
Multiple
Context
System

Privileged EXEC

  • Yes
  • Yes
  • Yes
  • Yes

 
Command History

Release
Modification

7.0(1)

This command was introduced.

 
Usage Guidelines

When you make security policy changes to the configuration, all new connections use the new security policy. Existing connections continue to use the policy that was configured at the time of the connection establishment. To ensure that all connections use the new policy, you need to disconnect the current connections so they can reconnect using the new policy using the clear local-host command. You can alternatively use the clear conn command for more granular connection clearing, or the clear xlate command for connections that use dynamic NAT.

The clear local-host command releases the hosts from the host license limit. You can see the number of hosts that are counted toward the license limit by entering the show local-host command.

Examples

The following example clears the run-time state and assocaited connections for the host 10.1.1.15:

ciscoasa# clear local-host 10.1.1.15
 

 
Related Commands

Command
Description

clear conn

Terminates connections in any state.

clear xlate

Clears a dynamic NAT session, and any connections using NAT.

show local-host

Displays the network states of local hosts.

clear logging asdm

To clear the ASDM logging buffer, use the clear logging asdm command in privileged EXEC mode.

clear logging asdm

 
Syntax Description

This command has no arguments or keywords.

 
Defaults

No default behavior or values.

 
Command Modes

The following table shows the modes in which you can enter the command:

 

Command Mode
Firewall Mode
Security Context
Routed
Transparent
Single
Multiple
Context
System

Privileged EXEC

  • Yes
  • Yes
  • Yes
  • Yes
  • Yes

 
Command History

Release
Modification

7.0(1)

This command was changed from the clear pdm logging command to the clear asdm log command.

 
Usage Guidelines

ASDM system log messages are stored in a separate buffer from the ASA system log messages. Clearing the ASDM logging buffer only clears the ASDM system log messages; it does not clear the ASA system log messages. To view the ASDM system log messages, use the show asdm log command.

Examples

The following example clears the ASDM logging buffer:

ciscoasa(config)# clear logging asdm
ciscoasa(config)#
 

 
Related Commands

Command
Description

show asdm log_sessions

Displays the contents of the ASDM logging buffer.

clear logging buffer

To clear the log buffer, use the clear logging buffer command in privileged EXEC mode.

clear logging buffer

 
Syntax Description

This command has no arguments or keywords.

 
Defaults

No default behavior or values.

 
Command Modes

The following table shows the modes in which you can enter the command:

 

Command Mode
Firewall Mode
Security Context
Routed
Transparent
Single
Multiple
Context
System

Privileged EXEC

  • Yes
  • Yes
  • Yes
  • Yes

 
Command History

Release
Modification

7.0(1)

This command was introduced.

Examples

This example shows how to clear the contents of the log buffer:

ciscoasa# clear logging buffer
 

 
Related Commands

Command
Description

logging buffered

Configures the log buffer.

show logging

Displays logging information.

clear logging queue bufferwrap

To clear the saved log buffers (ASDM, internal, FTP, and flash), use the clear logging queue bufferwrap command in privileged EXEC mode.

clear logging queue bufferwrap

 
Syntax Description

This command has no arguments or keywords.

 
Defaults

No default behavior or values.

 
Command Modes

The following table shows the modes in which you can enter the command:

 

Command Mode
Firewall Mode
Security Context
Routed
Transparent
Single
Multiple
Context
System

Privileged EXEC

  • Yes
  • Yes
  • Yes
  • Yes

 
Command History

Release
Modification

8.2(1)

This command was introduced.

Examples

The following example shows how to clear the contents of the saved log buffers:

ciscoasa# clear logging queue bufferwrap
 

 
Related Commands

Command
Description

logging buffered

Configures the log buffer.

show logging

Displays logging information.

clear mac-address-table

To clear dynamic MAC address table entries, use the clear mac-address-table command in privileged EXEC mode.

clear mac-address-table [ interface_name ]

 
Syntax Description

interface_name

(Optional) Clears the MAC address table entries for the selected interface.

 
Defaults

No default behavior or values.

 
Command Modes

The following table shows the modes in which you can enter the command:

 

Command Mode
Firewall Mode
Security Context
Routed
Transparent
Single
Multiple
Context
System

Privileged EXEC

  • Yes
  • Yes
  • Yes

 
Command History

Release
Modification

7.0(1)

This command was introduced.

Examples

The following example clears the dynamic MAC address table entries:

ciscoasa# clear mac-address-table
 

 
Related Commands

Command
Description

arp

Adds a static ARP entry.

firewall transparent

Sets the firewall mode to transparent.

mac-address-table aging-time

Sets the timeout for dynamic MAC address entries.

mac-learn

Disables MAC address learning.

show mac-address-table

Shows MAC address table entries.

clear mdm-proxy statistics

To clear MDM Proxy service counters, setting them to zero.

clear mdm-proxy statistics

 
Syntax Description

This command has no arguments or keywords.

 
Defaults

No default behavior or values.

 
Command Modes

The following table shows the modes in which you can enter the command:

 

Command Mode
Firewall Mode
Security Context
Routed
Transparent
Single
Multiple
Context
System

Privileged EXEC

  • Yes
  • Yes
  • Yes
  • Yes
  • Yes

 
Command History

Release
Modification

9.3(1)

This command was introduced.

Examples

ciscoasa (config)# clear mdm-proxy statistics<cr>

 
Related Commands

Command
Description

show mdm-proxy statistics

Display the MDM proxy service statistics.

mdm-proxy

Enter config-mdm-proxy mode to configure the MDM proxy service.

clear memory delayed-free-poisoner

To clear the delayed free-memory poisoner tool queue and statistics, use the clear memory delayed-free-poisoner command in privileged EXEC mode.

clear memory delayed-free-poisoner

 
Syntax Description

This command has no arguments or keywords.

 
Defaults

No default behaviors or values.

 
Command Modes

The following table shows the modes in which you can enter the command:

 

Command Mode
Firewall Mode
Security Context
Routed
Transparent
Single
Multiple
Context
System

Privileged EXEC

  • Yes
  • Yes
  • Yes

  • Yes

 
Command History

Release
Modification

7.0(1)

This command was introduced.

 
Usage Guidelines

The clear memory delayed-free-poisoner command returns all memory held in the delayed free-memory poisoner tool queue to the system without validation and clears the related statistical counters.

Examples

The following example clears the delayed free-memory poisoner tool queue and statistics:

ciscoasa# clear memory delayed-free-poisoner
 

 
Related Commands

Command
Description

memory delayed-free-poisoner enable

Enables the delayed free-memory poisoner tool.

memory delayed-free-poisoner validate

Forces validation of the delayed free-memory poisoner tool queue.

show memory delayed-free-poisoner

Displays a summary of the delayed free-memory poisoner tool queue usage.

clear memory profile

To clear the memory buffers held by the memory profiling function, use the clear memory profile command in privileged EXEC mode.

clear memory profile [peak]

 
Syntax Description

peak

(Optional) Clears the contents of the peak memory buffer.

 
Defaults

Clears the current “in use” profile buffer by default.

 
Command Modes

The following table shows the modes in which you can enter the command:

 

Command Mode
Firewall Mode
Security Context
Routed
Transparent
Single
Multiple
Context
System

Privileged EXEC

  • Yes
  • Yes

  • Yes
  • Yes

 
Command History

Release
Modification

7.0(1)

This command was introduced.

 
Usage Guidelines

The clear memory profile command releases the memory buffers held by the profiling function, and therefore requires that profiling stop before it is cleared.

Examples

The following example clears the memory buffers held by the profiling function:

ciscoasa# clear memory profile

 
Related Commands

Command
Description

memory profile enable

Enables the monitoring of memory usage (memory profiling).

memory profile text

Configures a text range of memory to profile.

show memory profile

Displays information about the memory usage (profiling) of the ASA.

clear mfib counters

To clear MFIB router packet counters, use the clear mfib counters command in privileged EXEC mode.

clear mfib counters [ group [ source ]]

 
Syntax Description

group

(Optional) IP address of the multicast group.

source

(Optional) IP address of the multicast route source. This is a unicast IP address in four-part dotted-decimal notation.

 
Defaults

When this command is used with no arguments, route counters for all routes are cleared.

 
Command Modes

The following table shows the modes in which you can enter the command:

 

Command Mode
Firewall Mode
Security Context
Routed
Transparent
Single
Multiple
Context
System

Privileged EXEC

  • Yes

  • Yes

 
Command History

Release
Modification

7.0(1)

This command was introduced.

Examples

The following example clears all MFIB router packet counters:

ciscoasa# clear mfib counters
 

 
Related Commands

Command
Description

show mfib count

Displays MFIB route and packet count data.

clear module

To clear information about the SSM on the ASAs, information about the SSC on the ASA 5505, information about the SSP installed on the ASA 5585-X, information about the IPS SSP installed on the ASA 5585-X, information about the ASA Services Module, and system information, use the clear module command in privileged EXEC mode.

clear module [ mod_id | slot ] [ all | [ details | recover | log [ console ]]]

 
Syntax Description

all

(Default) Clears all SSM information.

console

(Optional) Clears console log information for the module.

details

(Optional) Clears additional information, including remote management configuration for SSMs (for example, ASA-SSM- x 0).

log

(Optional) Clears log information for the module.

mod_id

Clears the module name used for software modules, such as IPS.

recover

(Optional) For SSMs, clears the settings for the hw-module module recover command.

Note The recover keyword is valid only when you have created a recovery configuration for the SSM by using the configure keyword with the hw-module module recover command.

(Optional) For an IPS module installed on the ASA 5512-X, 5515-X, 5525-X, 5545-X, or 5555-X, clears the settings for the sw-module module mod_id recover configure image image_location command.

slot

Clears the module slot number, which can be 0 or 1.

 
Defaults

No default behavior or values.

 
Command Modes

The following table shows the modes in which you can enter the command:

 

Command Mode
Firewall Mode
Security Context
Routed
Transparent
Single
Multiple
Context
System

Privileged EXEC

  • Yes
  • Yes
  • Yes

  • Yes

 
Command History

Release
Modification

7.0(1)

This command was introduced.

8.2(1)

Supports the SSC.

8.2(5)

Supports the ASA 5585-X and the IPS SSP on the ASA 5585-X.

8.4(2)

Supports a dual SSP installation.

8.5(1)

Supports the ASASM.

8.6(1)

Supports the ASA 5512-X, 5515-X, 5525-X, 5545-X, and 5555-X.

 
Usage Guidelines

This command clears information about the SSC, SSM, ASASM, IPS SSP, and device and built-in interfaces.

Examples

The following example clears the recovery settings for an SSM:

ciscoasa# clear module 1 recover
 

 
Related Commands

Command
Description

hw-module module recover

Recovers an SSM by loading a recovery image from a TFTP server.

hw-module module reset

Shuts down an SSM and performs a hardware reset.

hw-module module reload

Reloads the SSM software.

hw-module module shutdown

Shuts down the SSM software in preparation for being powered off without losing configuration data.

show module

Shows SSM information.

clear nac-policy

To reset NAC policy usage statistics, use the clear nac-policy command in global configuration mode.

clear nac-policy [ nac-policy-name ]

 
Syntax Description

nac-policy-name

(Optional) Name of the NAC policy for which to reset usage statistics.

 
Defaults

If you do not specify a name, the CLI resets the usage statistics for all NAC policies.

 
Command Modes

The following table shows the modes in which you can enter the command:

 

Command Mode
Firewall Mode
Security Context
Routed
Transparent
Single
Multiple
Context
System

Global configuration

  • Yes
  • Yes

  • Yes

 
Command History

Release
Modification

8.0(2)

This command was introduced.

Examples

The following example resets the usage statistics for the NAC policy named framework1:

ciscoasa(config)# clear nac-policy framework1
 

The following example resets all NAC policy usage statistics:

ciscoasa(config)# clear nac-policy
 

 
Related Commands

Command
Description

show nac-policy

Displays NAC policy usage statistics on the ASA.

show vpn-session_summary.db

Displays the number of IPsec, WebVPN, and NAC sessions.

show vpn-session.db

Displays information about VPN sessions, including NAC results.

clear nat counters

To clear NAT policy counters, use the clear nat counters command in global configuration mode.

clear nat counters [ src_ifc [ src_ip [ src_mask ]] [ dst_ifc [ dst_ip [ dst_mask ]]]]

 
Syntax Description

dst_ifc

(Optional) Specifies destination interface to filter.

dst_ip

(Optional) Specifies destination IP address to filter.

dst_mask

(Optional) Specifies mask for destination IP address.

src_ifc

(Optional) Specifies source interface to filter.

src_ip

(Optional) Specifies source IP address to filter.

src_mask

(Optional) Specifies mask for source IP address.

 
Defaults

This command has no default settings.

 
Command Modes

The following table shows the modes in which you can enter the command:

 

Command Mode
Firewall Mode
Security Context
Routed
Transparent
Single
Multiple
Context
System

Global configuration

  • Yes
  • Yes
  • Yes
  • Yes
  • Yes

 
Command History

Release
Modification

7.0 (4)

This command was introduced.

Examples

This example shows how to clear the NAT policy counters:

ciscoasa(config)# clear nat counters

 
Related Commands

Command
Description

nat

Identifies addresses on one interface that are translated to mapped addresses on another interface.

nat-control

Enables or disables NAT configuration requirements.

show nat counters

Displays the protocol stack counters.

clear object-group

To clear the hit counts of objects in a network object group, use the show object-group command in privileged EXEC mode.

clear object-group obj-name counters

 
Syntax Description

counters

Identifies the counters in the network object group.

obj-name

Identifies the existing network object group.

 
Defaults

No default behavior or values.

 
Command Modes

The following table shows the modes in which you can enter the command:

 

Command Mode
Firewall Mode
Security Context
Routed
Transparent
Single
Multiple
Context
System

Privileged EXEC

  • Yes
  • Yes
  • Yes
  • Yes

 
Command History

Release
Modification

8.3(1)

This command was introduced.

 
Usage Guidelines

Use this command to clear hit counts of objects in a network object group only.

Examples

The following example shows how to clear the network object hit count for the network object group named “Anet”:

ciscoasa# clear object-group Anet counters
 

 
Related Commands

Command
Description

show object-group

Shows object group information and shows hit counts if the specified object group is of the network object-group type.

clear ospf

To clear OSPF process information, use the clear ospf command in privileged EXEC mode.

clear ospf [ pid ] { process | counters }

 
Syntax Description

counters

Clears the OSPF counters.

pid

(Optional) Internally used identification parameter for an OSPF routing process; valid values are from 1 to 65535.

process

Restarts the OSPF routing process.

 
Defaults

No default behavior or values.

 
Command Modes

The following table shows the modes in which you can enter the command:

 

Command Mode
Firewall Mode
Security Context
Routed
Transparent
Single
Multiple
Context
System

Privileged EXEC

  • Yes

  • Yes
  • Yes

 
Command History

Release
Modification

7.0(1)

This command was introduced.

9.0(1)

Multiple context mode is supported.

 
Usage Guidelines

This command does not remove any part of the configuration. Use the no form of the configuration commands to clear specific commands from the configuration or use the clear configure router ospf command to remove all global OSPF commands from the configuration.


NoteThe The clear configure router ospf command does not clear OSPF commands entered in interface configuration mode.


Examples

The following example shows how to clear the OSPF neighbor counters:

ciscoasa# clear ospf counters
 

 
Related Commands

Command
Description

clear configure router

Clears all global router commands from the running configuration.

clear pclu

To clear PC logical update statistics, use the clear pclu command in privileged EXEC mode.

clear pclu

 
Syntax Description

This command has no arguments or keywords.

 
Defaults

No default behavior or values.

 
Command Modes

The following table shows the modes in which you can enter the command:

 

Command Mode
Firewall Mode
Security Context
Routed
Transparent
Single
Multiple
Context
System

Privileged EXEC

  • Yes
  • Yes
  • Yes
  • Yes

 
Command History

Release
Modification

7.0(1)

This command was introduced.

Examples

The following example clears PC information:

ciscoasa# clear pclu
 

clear phone-proxy secure-phones

To clear the secure phone entries in the phone proxy database, use the clear phone-proxy secure-phones command in privileged EXEC mode.

clear phone-proxy secure-phones [ mac_address | noconfirm]

 
Syntax Description

mac_address

Removes the IP phone from the phone proxy database with the specified MAC address.

noconfirm

Removes all the secure phone entries in the phone proxy database without prompting for confirmation. If you do not specify the noconfirm keyword, you are prompted to confirm whether to remove all the secure phone entries.

 
Defaults

No default behavior or values.

 
Command Modes

The following table shows the modes in which you can enter the command:

 

Command Mode
Firewall Mode
Security Context
Routed
Transparent
Single
Multiple
Context
System

Privileged EXEC

  • Yes

  • Yes

 
Command History

Release
Modification

8.2(1)

This command was introduced.

 
Usage Guidelines

Because secure phones always request a CTL file upon bootup, the phone proxy creates a database that marks the phone as secure. The entries in the secure phone database are removed after a specified configured timeout (via the timeout secure-phones command). Alternatively, you can use the clear phone-proxy secure-phones command to clear the phone proxy database without waiting for the configured timeout.

Examples

The following example clears secure entries in the phone proxy database:

ciscoasa# clear phone-proxy secure-phones 001c.587a.4000

 
Related Commands

Command
Description

timeout secure-phones

Configures the idle timeout after which the secure phone entry is removed from the phone proxy database.

clear pim counters

To clear the PIM traffic counters, use the clear pim counters command in privileged EXEC mode.

clear pim counters

 
Syntax Description

This command has no arguments or keywords.

 
Defaults

No default behavior or values.

 
Command Modes

The following table shows the modes in which you can enter the command:

 

Command Mode
Firewall Mode
Security Context
Routed
Transparent
Single
Multiple
Context
System

Privileged EXEC

  • Yes

  • Yes

 

 
Command History

Release
Modification

7.0(1)

This command was introduced.

 
Usage Guidelines

This command only clears the traffic counters. To clear the PIM topology table, use the clear pim topology command.

Examples

The following example clears the PIM traffic counters:

ciscoasa# clear pim counters
 

 
Related Commands

Command
Description

clear pim reset

Forces MRIB synchronization through reset.

clear pim topology

Clears the PIM topology table.

show pim traffic

Displays the PIM traffic counters.

clear pim reset

To force MRIB synchronization through reset, use the clear pim reset command in privileged EXEC mode.

clear pim reset

 
Syntax Description

This command has no arguments or keywords.

 
Defaults

No default behavior or values.

 
Command Modes

The following table shows the modes in which you can enter the command:

 

Command Mode
Firewall Mode
Security Context
Routed
Transparent
Single
Multiple
Context
System

Privileged EXEC

  • Yes

  • Yes

 
Command History

Release
Modification

7.0(1)

This command was introduced.

 
Usage Guidelines

All information from the topology table is cleared, and the MRIB connection is reset. This command can be used to synchronize states between the PIM topology table and the MRIB database.

Examples

The following example clears the topology table and resets the MRIB connection:

ciscoasa# clear pim reset
 

 
Related Commands

Command
Description

clear pim counters

Clears PIM counters and statistics.

clear pim topology

Clears the PIM topology table.

clear pim counters

Clears PIM traffic counters.

clear pim topology

To clear the PIM topology table, use the clear pim topology command in privileged EXEC mode.

clear pim topology [ group ]

 
Syntax Description

group

(Optional) Specifies the multicast group address or name to be deleted from the topology table.

 
Defaults

Without the optional group argument, all entries are cleared from the topology table.

 
Command Modes

The following table shows the modes in which you can enter the command:

 

Command Mode
Firewall Mode
Security Context
Routed
Transparent
Single
Multiple
Context
System

Privileged EXEC

  • Yes

  • Yes

 
Command History

Release
Modification

7.0(1)

This command was introduced.

 
Usage Guidelines

This command clears existing PIM routes from the PIM topology table. Information obtained from the MRIB table, such as IGMP local membership, is retained. If a multicast group is specified, only those group entries are cleared.

Examples

The following example clears the PIM topology table:

ciscoasa# clear pim topology
 

 
Related Commands

Command
Description

clear pim counters

Clears PIM counters and statistics.

clear pim reset

Forces MRIB synchronization through reset.

clear pim counters

Clears PIM traffic counters.

clear priority-queue statistics

To clear the priority-queue statistics counters for an interface or for all configured interfaces, use the clear priority-queue statistics command in either global configuration or privileged EXEC mode.

clear priority-queue statistics [ interface-name ]

 
Syntax Description

interface-name

(Optional) Specifies the name of the interface for which you want to show the best-effort and low-latency queue details.

 
Defaults

If you omit the interface name, this command clears the priority-queue statistics for all configured interfaces.

 
Command Modes

The following table shows the modes in which you can enter the command:

 

Command Mode
Firewall Mode
Security Context
Routed
Transparent
Single
Multiple
Context
System

Privileged EXEC

  • Yes
  • Yes
  • Yes
  • Yes

Global configuration

  • Yes
  • Yes
  • Yes
  • Yes

 
Command History

Release
Modification

7.0(1)

This command was introduced.

Examples

The following example shows the use of the clear priority-queue statistics command in privileged EXEC mode to remove the priority queue statistics for the interface named “test”:

ciscoasa# clear priority-queue statistics test
ciscoasa#
 

 
Related Commands

Command
Description

clear configure priority queue

Removes the priority-queue configuration from the named interface.

priority-queue

Configures priority queueing on an interface.

show priority-queue statistics

Shows the priority queue statistics for a specified interface or for all interfaces.

show running-config priority-queue

Shows the current priority-queue configuration on the named interface.

clear process

To clear statistics for specified processes running on the ASA, use the clear process command in privileged EXEC mode.

clear process [ cpu-hog | internals ]

 
Syntax Description

cpu-hog

Clears CPU hogging statistics.

internals

Clears process internal statistics.

 
Defaults

No default behavior or values.

 
Command Modes

The following table shows the modes in which you can enter the command:

 

Command Mode
Firewall Mode
Security Context
Routed
Transparent
Single
Multiple
Context
System

Privileged EXEC

  • Yes
  • Yes
  • Yes
  • Yes

 
Command History

Release
Modification

7.0(1)

This command was introduced.

Examples

The following example shows how to clear CPU hogging statistics:

ciscoasa# clear process cpu-hog
ciscoasa#
 

 
Related Commands

Command
Description

cpu hog granular-detection

Triggers real-time CPU hog detection information.

show processes

Displays a list of the processes that are running on the ASA.

clear resource usage

To clear resource usage statistics, use the clear resource usage command in privileged EXEC mode.

clear resource usage [ context context_name | all | summary | system ] [ resource {[ rate ] resource_name | all }]

 
Syntax Description

context context_name

(Multiple mode only) Specifies the context name for which you want to clear statistics. Specify all (the default) for all contexts.

resource [ rate ] resource_name

Clears the usage of a specific resource. Specify all (the default) for all resources. Specify rate to clear the rate of usage of a resource. Resources that are measured by rate include conns , inspects , and syslogs . You must specify the rate keyword with these resource types. The conns resource is also measured as concurrent connections; only use the rate keyword to view the connections per second.

Resources include the following types:

  • asdm —ASDM management sessions.
  • conns —TCP or UDP connections between any two hosts, including connections between one host and multiple other hosts.
  • inspects —Application inspections.
  • hosts —Hosts that can connect through the ASA.
  • mac-addresses —For transparent firewall mode, the number of MAC addresses allowed in the MAC address table.
  • ssh —SSH sessions.
  • syslogs —Syslog messages.
  • telnet —Telnet sessions.
  • (Multiple mode only) VPN Other —Site-to-site VPN sessions.
  • (Multiple mode only) VPN Burst Other —Site-to-site VPN burst sessions.
  • xlates —NAT translations.

summary

(Multiple mode only) Clears the combined context statistics.

system

(Multiple mode only) Clears the system-wide (global) usage statistics.

 
Defaults

For multiple context mode, the default context is all , which clears resource usage for every context. For single mode, the context name is ignored and all resource statistics are cleared.

The default resource name is all , which clears all resource types.

 
Command Modes

The following table shows the modes in which you can enter the command:

 

Command Mode
Firewall Mode
Security Context
Routed
Transparent
Single
Multiple
Context
System

Privileged EXEC

  • Yes
  • Yes
  • Yes

  • Yes

 
Command History

Release
Modification

7.2(1)

This command was introduced.

Examples

The following example clears all resource usage statistics for all contexts, but not the system-wide usage statistics:

ciscoasa# clear resource usage
 

The following example clears the system-wide usage statistics:

ciscoasa# clear resource usage system
 

 
Related Commands

Command
Description

context

Adds a security context.

show resource types

Shows a list of resource types.

show resource usage

Shows the resource usage of the ASA.

clear route all

To remove dynamically learned routes from the configuration, use the clear route all command in privileged EXEC mode.

clear route all

 
Defaults

No default behavior or values.

 
Command Modes

The following table shows the modes in which you can enter the command:

 

Command Mode
Firewall Mode
Security Context
Routed
Transparent
Single
Multiple
Context
System

Privileged EXEC

  • Yes
  • Yes
  • Yes
  • Yes

 
Command History

Release
Modification

9.2(1)

This command was introduced.

Examples

The following example shows how to remove dynamically learned routes:

ciscoasa# clear route all
 

 
Related Commands

Command
Description

clear route network <mask>

Removes a specified destination route.

show route

Displays route information.

show running-config route

Displays configured routes.

clear route network<mask>

To remove a specified destination route, use the clear route network <mask> command in privileged EXEC mode.

clear route [ ip_address ip_mask ]

 
Syntax Description

ip_address
ip_mask

Specifies the destination IP address and subnet mask, to be removed.

 
Defaults

No default behavior or values.

 
Command Modes

The following table shows the modes in which you can enter the command:

 

Command Mode
Firewall Mode
Security Context
Routed
Transparent
Single
Multiple
Context
System

Privileged EXEC

  • Yes
  • Yes
  • Yes
  • Yes

 
Command History

Release
Modification

9.2(1)

This command was introduced.

Examples

The following example shows how to remove dynamically learned routes:

ciscoasa# clear route 10.118.86.3
 

 
Related Commands

Command
Description

clear route all

Removes and refreshes all routes.

show route

Displays route information.

show running-config route

Displays configured routes.

clear service-policy

To clear operational data or statistics (if any) for enabled policies, use the clear service-policy command in privileged EXEC mode.

clear service-policy [ global | interface intf ] [ user-statistics ]

 
Syntax Description

global

(Optional) Clears the statistics of the global service policy.

interface intf

(Optional) Clears the service policy statistics of a specific interface.

user-statistics

(Optional) Clears the global counters for user statistics but does not clear the per-user statistics. Per-user or per-user-group statistics can still be seen using show user-identity statistics command.

When the accounting keyword for the user-statistics command is specified, all global counters for sent packets, received packets, and sent dropped packets are cleared. When the scanning keyword user-statistics command is specified, the global counter for sent dropped packets is cleared.

For the ASA to collect these user statistics, you must configure a policy map to collect user statistics. See the user-statistics command in this guide.

 
Defaults

By default, this command clears all the statistics for all enabled service policies.

 
Command Modes

The following table shows the modes in which you can enter the command:

 

Command Mode
Firewall Mode
Security Context
Routed
Transparent
Single
Multiple
Context
System

Privileged EXEC

  • Yes
  • Yes
  • Yes
  • Yes

 
Command History

Release
Modification

7.0(1)

This command was introduced.

 
Usage Guidelines

To clear service policy startistics for inspection engines, see the clear service-policy inspect commands.

Examples

The following example shows the syntax of the clear service-policy command:

ciscoasa# clear service-policy outside_security_map interface outside
 

 
Related Commands

Command
Description

clear service-policy inspect gtp

Clears service policy statistics for the GTP inspection engine.

clear service-policy inspect radius-accounting

Clears service policy statistics for the RADIUS accounting inspection engine.

show service-policy

Displays the service policy.

show running-config service-policy

Displays the service policies configured in the running configuration.

clear configure service-policy

Clears service policy configurations.

service-policy

Configures service policies.

clear service-policy inspect gtp

To clear global GTP statistics, use the clear service-policy inspect gtp command in privileged EXEC mode.

clear service-policy inspect gtp { pdp-context [ all | apn ap_name | imsi IMSI_value | ms-addr IP_address | tid tunnel_ID | version version_num ] | requests | statistics [ gsn IP_address ] }

 
Syntax Description.

all

Clears all GTP PDP contexts.

apn

(Optional) Clears the PDP contexts based on the APN specified.

ap_name

Identifies the specific access point name.

gsn

(Optional) Identifies the GPRS support node, which is the interface between the GPRS wireless data network and other networks.

gtp

(Optional) Clears the service policy for GTP.

imsi

(Optional) Clears the PDP contexts based on the IMSI specified.

IMSI_value

Hexadecimal value that identifies the specific IMSI.

interface

(Optional) Identifies a specific interface.

int

Identifies the interface for which information will be cleared.

IP_address

IP address for which statistics will be cleared.

ms-addr

(Optional) Clears PDP contexts based on the MS Address specified.

pdp-context

(Optional) Identifies the Packet Data Protocol context.

requests

(Optional) Clears GTP requests.

statistics

(Optional) Clears GTP statistics for the inspect gtp command.

tid

(Optional) Clears the PDP contexts based on the TID specified.

tunnel_ID

Hexadecimal value that identifies the specific tunnel.

version

(Optional) Clears the PDP contexts based on the GTP version.

version_num

Specifies the version of the PDP context. The valid range is 0 to 255.

 
Defaults

No default behavior or values.

 
Command Modes

The following table shows the modes in which you can enter the command:

 

Command Mode
Firewall Mode
Security Context
Routed
Transparent
Single
Multiple
Context
System

Privileged EXEC

  • Yes
  • Yes
  • Yes
  • Yes

 
Command History

Release
Modification

7.0(1)

This command was introduced.

 
Usage Guidelines

The Packet Data Protocol context is identified by the tunnel ID, which is a combination of IMSI and NSAPI. A GTP tunnel is defined by two associated PDP contexts in different GSN nodes and is identified with a tunnel ID. A GTP tunnel is necessary to forward packets between an external packet data network and a mobile station (MS) user.

Examples

The following example clears GTP statistics:

ciscoasa# clear service-policy inspect gtp statistics
 

 
Related Commands

Commands
Description

debug gtp

Displays detailed information about GTP inspection.

gtp-map

Defines a GTP map and enables GTP map configuration mode.

inspect gtp

Applies a GTP map to use for application inspection.

show service-policy inspect gtp

Displays the GTP configuration.

show running-config gtp-map

Shows the GTP maps that have been configured.

clear service-policy inspect radius-accounting

To clear RADIUS accounting users, use the clear service-policy inspect radius-accounting command in privileged EXEC mode.

clear service-policy inspect radius-accounting users { all | ip_address | policy_map }

 
Syntax Description.

all

Clears all users.

ip_address

Clears a user with this IP address.

policy_map

Clears users associated with this policy map.

 
Defaults

No default behavior or values.

 
Command Modes

The following table shows the modes in which you can enter the command:

 

Command Mode
Firewall Mode
Security Context
Routed
Transparent
Single
Multiple
Context
System

Privileged EXEC

  • Yes
  • Yes
  • Yes
  • Yes

 
Command History

Release
Modification

7.2(1)

This command was introduced.

Examples

The following example clears all RADIUS accounting users:

ciscoasa# clear service-policy inspect radius-accounting users all
 

clear shared license

To reset shared license statistics, shared license client statistics, and shared license backup server statistics to zero, use the clear shared license command in privileged EXEC mode.

clear shared license [ all | backup | client [ hostname ]]

 
Syntax Description

all

(Optional) Clears all statistics. This is the default setting.

backup

(Optional) Clears statistics for the backup server.

client

(Optional) Clears statistics for all participants.

hostname

(Optional) Clears statistics for a particular participant.

 
Defaults

No default behavior or values.

 
Command Modes

The following table shows the modes in which you can enter the command:

 

Command Mode
Firewall Mode
Security Context
Routed
Transparent
Single
Multiple
Context
System

Privileged EXEC

  • Yes

  • Yes

 
Command History

Release
Modification

8.2(1)

This command was introduced.

 
Usage Guidelines

The shared license counters include statistical data as well as error data.

Examples

The following example shows how to reset all shared license counters:

ciscoasa# clear shared license all
 

 
Related Commands

Command
Description

activation-key

Enters a license activation key.

clear configure license-server

Clears the shared licensing server configuration.

license-server address

Identifies the shared licensing server IP address and shared secret for a participant.

license-server backup address

Identifies the shared licensing backup server for a participant.

license-server backup backup-id

Identifies the backup server IP address and serial number for the main shared licensing server.

license-server backup enable

Enables a unit to be the shared licensing backup server.

license-server enable

Enables a unit to be the shared licensing server.

license-server port

Sets the port on which the server listens for SSL connections from participants.

license-server refresh-interval

Sets the refresh interval provided to participants to set how often they should communicate with the server.

license-server secret

Sets the shared secret on the shared licensing server.

show activation-key

Shows the current licenses installed.

show running-config license-server

Shows the shared licensing server configuration.

show shared license

Shows shared license statistics.

show vpn-sessiondb

Shows license information about VPN sessions.

clear shun

To disable all the shuns that are currently enabled and clear the shun statistics, use the clear shun command in privileged EXEC mode.

clear shun [ statistics ]

 
Syntax Description

statistics

(Optional) Clears the interface counters only.

 
Defaults

No default behavior or values.

 
Command Modes

The following table shows the modes in which you can enter the command:

 

Command Mode
Firewall Mode
Security Context
Routed
Transparent
Single
Multiple
Context
System

Privileged EXEC

  • Yes
  • Yes
  • Yes
  • Yes

 
Command History

Release
Modification

7.0(1)

This command was introduced.

Examples

The following example shows how to disable all the shuns that are currently enabled and clear the shun statistics:

ciscoasa(config)# clear shun
 

 
Related Commands

Command
Description

shun

Enables a dynamic response to an attacking host by preventing new connections and disallowing packets from any existing connection.

show shun

Displays the shun information.

clear snmp-server statistics

To clear SNMP server statistics (SNMP packet input and output counters), use the clear snmp-server statistics command in privileged EXEC mode.

clear snmp-server statistics

 
Syntax Description

This command has no arguments or keywords.

 
Defaults

No default behavior or values.

 
Command Modes

The following table shows the modes in which you can enter the command:

 

Command Mode
Firewall Mode
Security Context
Routed
Transparent
Single
Multiple
Context
System

Privileged EXEC

  • Yes
  • Yes
  • Yes
  • Yes

 
Command History

Release
Modification

7.0(1)

This command was introduced.

Examples

The following example shows how to clear SNMP server statistics:

ciscoasa# clear snmp-server statistics
 

 
Related Commands

Command
Description

clear configure snmp-server

Clears the SNMP server configuration.

show snmp-server statistics

Displays SNMP server configuration information.

clear ssl

To clear SSL information for debugging purposes, use the clear ssl command in privileged EXEC mode.

clear ssl {cache [ all ] | errors | mib | objects}

 
Syntax Description

all

Clears all sessions and statistics in SSL session cache.

cache

Clears expired sessions in SSL session cache.

errors

Clears ssl errors.

mib

Clears SSL MIB statistics.

objects

Clears SSL object statistics.

 
Defaults

No default behavior or values.

 
Command Modes

The following table shows the modes in which you can enter the command:

 

Command Mode
Firewall Mode
Security Context
Routed
Transparent
Single
Multiple
Context
System

Privileged EXEC

  • Yes
  • Yes
  • Yes

 
Command History

Release
Modification

8.4(1)

This command was introduced.

 
Usage Guidelines

DTLS cache is never cleared because it would impact AnyConnect functionality.

Examples

The following example shows clearing ssl cache and clearing all sessions and statistics in SSL session cache.

ciscoasa# clear ssl cache
SSL session cache cleared: 2
No SSL VPNLB session cache
No SSLDEV session cache
DLTS caches are not cleared
 
ciscoasa# clear ssl cache all
Clearing all sessions and statistics
SSL session cache cleared: 5
No SSL VPNLB session cache
No SSLDEV session cache
DLTS caches are not cleared

clear startup-config errors

To clear configuration error messages from memory, use the clear startup-config errors command in privileged EXEC mode.

clear startup-config errors

 
Syntax Description

This command has no arguments or keywords.

 
Defaults

No default behavior or values.

 
Command Modes

The following table shows the modes in which you can enter the command:

 

Command Mode
Firewall Mode
Security Context
Routed
Transparent
Single
Multiple
Context
System

Privileged EXEC

  • Yes
  • Yes
  • Yes

  • Yes

 
Command History

Release
Modification

7.0(1)

This command was introduced.

 
Usage Guidelines

To view configuration errors generated when the ASA loaded the startup configuration, use the show startup-config errors command.

Examples

The following example clears all configuration errors from memory:

ciscoasa# clear startup-config errors
 

 
Related Commands

Command
Description

show startup-config errors

Shows configuration errors generated when the ASA loaded the startup configuration.

clear sunrpc-server active

To clear the pinholes opened by Sun RPC application inspection, use the clear sunrpc-server active command in privileged EXEC mode.

clear sunrpc-server active

 
Defaults

No default behavior or values.

 
Command Modes

The following table shows the modes in which you can enter the command:

 

Command Mode
Firewall Mode
Security Context
Routed
Transparent
Single
Multiple
Context
System

Privileged EXEC

  • Yes
  • Yes
  • Yes
  • Yes

 
Command History

Release
Modification

7.0(1)

This command was introduced.

 
Usage Guidelines

Use the clear sunrpc-server active command to clear the pinholes opened by Sun RPC application inspection that allow service traffic, such as NFS or NIS, to pass through the ASA.

Examples

The following example shows how to clear the SunRPC services table:

ciscoasa# clear sunrpc-server

 

 
Related Commands

Command
Description

clear configure sunrpc-server

Clears the Sun remote processor call services from the ASA.

inspect sunrpc

Enables or disables Sun RPC application inspection and configures the port used.

show running-config sunrpc-server

Displays information about the SunRPC services configuration.

show sunrpc-server active

Displays information about active Sun RPC services.

clear threat-detection rate

To clear statistics when you enable basic threat detection using the threat-detection basic-threat command, use the clear threat detection rate command in privileged EXEC mode.

clear threat-detection rate

 
Syntax Description

This command has no arguments or keywords.

 
Defaults

No default behavior or values.

 
Command Modes

The following table shows the modes in which you can enter the command:

 

Command Mode
Firewall Mode
Security Context
Routed
Transparent
Single
Multiple
Context
System

Privileged EXEC

  • Yes
  • Yes
  • Yes

 
Command History

Release
Modification

8.0(2)

This command was introduced.

Examples

The following example clears the rate statistics:

ciscoasa# clear threat-detection rate
 

 
Related Commands

Command
Description

show running-config all threat-detection

Shows the threat detection configuration, including the default rate settings if you did not configure them individually.

show threat-detection rate

Shows basic threat detection statistics.

threat-detection basic-threat

Enables basic threat detection.

threat-detection rate

Sets the threat detection rate limits per event type.

threat-detection scanning-threat

Enables scanning threat detection.

clear threat-detection scanning-threat

To clear the attackers and targets after you enable scanning threat detection with the threat-detection scanning-threat command, use the clear threat-detection scanning-threat command in privileged EXEC mode.

clear threat-detection scanning-threat [attacker [ ip_address [ mask ]] | target [ ip_address [ mask ]]

 
Syntax Description

attacker

(Optional) Clears only attackers.

ip_address

(Optional) Clears a specific IP address.

mask

(Optional) Sets the subnet mask.

target

(Optional) Clears only targets.

 
Defaults

If you do not specify an IP address, all hosts are released.

 
Command Modes

The following table shows the modes in which you can enter the command:

 

Command Mode
Firewall Mode
Security Context
Routed
Transparent
Single
Multiple
Context
System

Privileged EXEC

  • Yes
  • Yes
  • Yes

 
Command History

Release
Modification

8.0(2)

This command was introduced.

 
Usage Guidelines

To view current attackers and targets, use the show threat-detection scanning-threat command.

Examples

The following example shows targets and attackers with the show threat-detection scanning-threat command, and then clears all targets:

ciscoasa# show threat-detection scanning-threat
Latest Target Host & Subnet List:
192.168.1.0
192.168.1.249
Latest Attacker Host & Subnet List:
192.168.10.234
192.168.10.0
192.168.10.2
192.168.10.3
192.168.10.4
192.168.10.5
192.168.10.6
192.168.10.7
192.168.10.8
192.168.10.9
ciscoasa# clear threat-detection scanning-threat target
 

 
Related Commands

Command
Description

show threat-detection shun

Shows currently shunned hosts.

show threat-detection statistics host

Shows the host statistics.

show threat-detection statistics protocol

Shows the protocol statistics.

show threat-detection statistics top

Shows the top 10 statistics.

threat-detection scanning-threat

Enables scanning threat detection.

clear threat-detection shun

To release the currently shunned hosts after you enable scanning threat detection with the threat-detection scanning-threat command and automatically shunning attacking hosts, use the clear threat-detection shun command in privileged EXEC mode.

clear threat-detection shun [ ip_address [ mask ]]

 
Syntax Description

ip_address

(Optional) Releases a specific IP address from being shunned.

mask

(Optional) Sets the subnet mask for the shunned host IP address.

 
Defaults

If you do not specify an IP address, all hosts are released.

 
Command Modes

The following table shows the modes in which you can enter the command:

 

Command Mode
Firewall Mode
Security Context
Routed
Transparent
Single
Multiple
Context
System

Privileged EXEC

  • Yes
  • Yes
  • Yes

 
Command History

Release
Modification

8.0(2)

This command was introduced.

 
Usage Guidelines

To view currently shunned hosts, use the show threat-detection shun command.

Examples

The following example views currently shunned hosts with the show threat-detection shun command, and then releases host 10.1.1.6 from being shunned:

ciscoasa# show threat-detection shun
Shunned Host List:
10.1.1.6
198.1.6.7
ciscoasa# clear threat-detection shun 10.1.1.6 255.255.255.255
 

 
Related Commands

Command
Description

show threat-detection shun

Shows currently shunned hosts.

show threat-detection statistics host

Shows the host statistics.

show threat-detection statistics protocol

Shows the protocol statistics.

show threat-detection statistics top

Shows the top 10 statistics.

threat-detection scanning-threat

Enables scanning threat detection.

clear threat-detection statistics

To clear the statistics after you enable TCP Intercept statistics with the threat-detection statistics tcp-intercept command, use the clear threat-detection scanning-threat command in privileged EXEC mode.

clear threat-detection statistics [tcp-intercept ]

 
Syntax Description

tcp-intercept

(Optional) Clears TCP Intercept statistics.

 
Defaults

Clears TCP Intercept statistics.

 
Command Modes

The following table shows the modes in which you can enter the command:

 

Command Mode
Firewall Mode
Security Context
Routed
Transparent
Single
Multiple
Context
System

Privileged EXEC

  • Yes
  • Yes
  • Yes

 
Command History

Release
Modification

8.0(4)

This command was introduced.

 
Usage Guidelines

To view TCP Intercept statistics, enter the show threat-detection statistics top command.

Examples

The following example shows TCP Intercept statistics with the show threat-detection statistics top tcp-intercept command, and then clears all statistics:

ciscoasa# show threat-detection statistics top tcp-intercept
 
Top 10 Protected Servers under Attack (sorted by average rate)
Monitoring Window Size: 30 mins Sampling Interval: 30 secs
<Rank> <Server IP:Port> <Interface> <Ave Rate> <Cur Rate> <Total> <Source IP (Last Attack Time)>
----------------------------------------------------------------------------------
1 192.168.1.2:5000 inside 1249 9503 2249245 <various> Last: 10.0.0.3 (0 secs ago)
2 192.168.1.3:5000 inside 10 10 6080 10.0.0.200 (0 secs ago)
3 192.168.1.4:5000 inside 2 6 560 10.0.0.200 (59 secs ago)
4 192.168.1.5:5000 inside 1 5 560 10.0.0.200 (59 secs ago)
5 192.168.1.6:5000 inside 1 4 560 10.0.0.200 (59 secs ago)
6 192.168.1.7:5000 inside 0 3 560 10.0.0.200 (59 secs ago)
7 192.168.1.8:5000 inside 0 2 560 10.0.0.200 (59 secs ago)
8 192.168.1.9:5000 inside 0 1 560 10.0.0.200 (59 secs ago)
9 192.168.1.10:5000 inside 0 0 550 10.0.0.200 (2 mins ago)
10 192.168.1.11:5000 inside 0 0 550 10.0.0.200 (5 mins ago)
 
ciscoasa# clear threat-detection statistics
 

 
Related Commands

Command
Description

show threat-detection statistics top

Shows the top 10 statistics.

threat-detection statistics

Enables threat detection statistics.

clear traffic

To reset the counters for transmit and receive activity, use the clear traffic command in privileged EXEC mode.

clear traffic

 
Syntax Description

This command has no arguments or keywords.

 
Defaults

No default behavior or values.

 
Command Modes

The following table shows the modes in which you can enter the command:

 

Command Mode
Firewall Mode
Security Context
Routed
Transparent
Single
Multiple
Context
System

Privileged EXEC

  • Yes
  • Yes
  • Yes
  • Yes

 
Command History

Release
Modification

7.0(1)

This command was introduced.

 
Usage Guidelines

The clear traffic command resets the counters for transmit and receive activity that is displayed with the show traffic command. The counters indicate the number of packets and bytes moving through each interface since the last clear traffic command was entered or since the ASA came online. And the number of seconds indicate the duration the ASA has been online since the last reboot.

Examples

The following example shows the clear traffic command:

ciscoasa# clear traffic
 

 
Related Commands

Command
Description

show traffic

Displays the counters for transmit and receive activity.

clear uauth

To delete all the cached authentication and authorization information for a user or for all users, use the clear uauth command in privileged EXEC mode.

clear uauth [ username ]

 
Syntax Description

username

(Optional) Specifies the user authentication information to remove by username.

 
Defaults

Omitting the username argument deletes the authentication and authorization information for all users.

 
Command Modes

The following table shows the modes in which you can enter the command:

 

Command Mode
Firewall Mode
Security Context
Routed
Transparent
Single
Multiple
Context
System

Privileged EXEC

  • Yes
  • Yes

  • Yes

 
Command History

Release
Modification

7.0(1)

This command was introduced.

 
Usage Guidelines

The clear uauth command deletes the AAA authorization and authentication caches for one user or for all users, which forces the user or users to reauthenticate the next time that they create a connection.

This command is used with the timeout command.

Each user host IP address has an authorization cache attached to it. If the user attempts to access a service that has been cached from the correct host, the ASA considers it preauthorized and immediately proxies the connection. Once you are authorized to access a website, for example, the authorization server is not contacted for each image as it is loaded (assuming the images come from the same IP address). This process significantly increases performance and reduces the load on the authorization server.

The cache allows up to 16 address and service pairs for each user host.


NoteWhen you enable Xauth, an entry is added to the uauth table (as shown by the When you enable Xauth, an entry is added to the uauth table (as shown by the show uauth command) for the IP address that is assigned to the client. However, when using Xauth with the Easy VPN Remote feature in Network Extension Mode, the IPsec tunnel is created from network to network, so that the users behind the firewall cannot be associated with a single IP address. For this reason, a uauth entry cannot be created upon completion of Xauth. If AAA authorization or accounting services are required, you can enable the AAA authentication proxy to authenticate users behind the firewall. For more information on AAA authentication proxies, see the AAA commands.


Use the timeout uauth command to specify how long the cache should be kept after the user connections become idle. Use the clear uauth command to delete all the authorization caches for all the users, which will cause them to have to reauthenticate the next time that they create a connection.

Examples

The following example shows how to cause the user to reauthenticate:

ciscoasa(config)# clear uauth user
 

 
Related Commands

Command
Description

aaa authentication

Enables, disables, or views LOCAL, TACACS+ or RADIUS user authentication (on a server designated by the aaa-server command).

aaa authorization

Enablse, disables, or views TACACS+ or RADIUS user authorization (on a server designated by the aaa-server command).

show uauth

Displays current user authentication and authorization information.

timeout

Sets the maximum idle time duration.

clear uc-ime

To clear the counters used to display statistics about the Cisco Intercompany Media Engine proxy, use the clear uc-ime command in privileged EXEC mode.

clear uc-ime [[ mapping-service-sessions | signaling-sessions | fallback-notification ] statistics ]

 
Syntax Description

fallback-notification

(Optional) Clears the counters for fallback notification statistics.

mapping-service-sessions

(Optional) Clears the counters for mapping-service-session statistics.

signaling-sessions

(Optional) Clears the counters for signaling-session statistics.

statistics

(Optional) The keyword to configure which counters to clear for the Cisco Intercompany Media Engine proxy.

 
Defaults

No default behavior or values.

 
Command Modes

The following table shows the modes in which you can enter the command:

 

Command Mode
Firewall Mode
Security Context
Routed
Transparent
Single
Multiple
Context
System

Privileged EXEC

  • Yes

  • Yes

 
Command History

Release
Modification

8.3(1)

This command was introduced.

Examples

The following example clears the counters which are used to display signaling-sessions statistics:

ciscoasa# clear configure signaling-sessions statistics
 

 
Related Commands

Command
Description

clear configure uc-ime

Clears the running configuration for the Cisco Intercompany Media Engine proxy on the ASA.

show running-config uc-ime

Shows the running configuration of the Cisco Intercompany Media Engine proxy.

show uc-ime

Displays statistical or detailed information about fallback notifications, mapping-service sessions, and signaling sessions.

uc-imc

Creates the Cisco Intercompany Media Engine proxy instance on the ASA.

clear url-block block statistics

To clear the block buffer usage counters, use the clear url-block block statistics command in privileged EXEC mode.

clear url-block block statistics

 
Syntax Description

This command has no arguments or keywords.

 
Defaults

No default behavior or values.

 
Command Modes

The following table shows the modes in which you can enter the command:

 

Command Mode
Firewall Mode
Security Context
Routed
Transparent
Single
Multiple
Context
System

Privileged EXEC

  • Yes
  • Yes
  • Yes
  • Yes

 
Command History

Release
Modification

7.0(1)

This command was introduced.

 
Usage Guidelines

The clear url-block block statistics command clears the block buffer usage counters, except for the Current number of packets held (global) counter.

Examples

The following example clears the URL block statistics and displays the status of the counters after they have been cleared:

ciscoasa# clear url-block block statistics
ciscoasa# show url-block block statistics
 
URL Pending Packet Buffer Stats with max block 0
-----------------------------------------------------
Cumulative number of packets held: | 0
Maximum number of packets held (per URL): | 0
Current number of packets held (global): | 38
Packets dropped due to
| exceeding url-block buffer limit: | 0
| HTTP server retransmission: | 0
Number of packets released back to client: | 0
 

 
Related Commands

Commands
Description

filter url

Directs traffic to a URL filtering server.

show url-block

Displays information about the URL cache, which is used for buffering URLs while waiting for responses from an N2H2 or Websense filtering server.

url-block

Manages the URL buffers used for web server responses.

url-cache

Enables URL caching while pending responses from an N2H2 or Websense server and sets the size of the cache.

url-server

Identifies an N2H2 or Websense server for use with the filter command.

clear url-cache statistics

To remove url-cache command statements from the configuration, use the clear url-cache command in privileged EXEC mode.

clear url-cache statistics

 
Syntax Description

This command has no arguments or keywords.

 
Defaults

No default behavior or values.

 
Command Modes

The following table shows the modes in which you can enter the command:

 

Command Mode
Firewall Mode
Security Context
Routed
Transparent
Single
Multiple
Context
System

Privileged EXEC

  • Yes
  • Yes
  • Yes
  • Yes

 
Command History

Release
Modification

7.0(1)

This command was introduced.

 
Usage Guidelines

The clear url-cache command removes URL cache statistics from the configuration.

Using the URL cache does not update the Websense accounting logs for Websense protocol Version 1. If you are using Websense protocol Version 1, let Websense run to accumulate logs so you can view the Websense accounting information. After you get a usage profile that meets your security needs, enter the url-cache command to increase throughput. Accounting logs are updated for Websense protocol Version 4 and for N2H2 URL filtering while using the url-cache command.

Examples

The following example clears the URL cache statistics:

ciscoasa# clear url-cache statistics
 

 
Related Commands

Commands
Description

filter url

Directs traffic to a URL filtering server.

show url-cache statistics

Displays information about the URL cache, which is used for buffering URLs while waiting for responses from an N2H2 or Websense filtering server.

url-block

Manages the URL buffers used for web server responses while waiting for a filtering decision from the filtering server.

url-cache

Enables URL caching while pending responses from an N2H2 or Websense server and sets the size of the cache.

url-server

Identifies an N2H2 or Websense server for use with the filter command.

clear url-server

To clear URL filtering server statistics, use the clear url-server command in privileged EXEC mode.

clear url-server statistics

 
Syntax Description

This command has no arguments or keywords.

 
Defaults

No default behavior or values.

 
Command Modes

The following table shows the modes in which you can enter the command:

 

Command Mode
Firewall Mode
Security Context
Routed
Transparent
Single
Multiple
Context
System

Privileged EXEC

  • Yes
  • Yes
  • Yes
  • Yes

 
Command History

Release
Modification

7.0(1)

This command was introduced.

 
Usage Guidelines

The clear url-server command removes URL filtering server statistics from the configuration.

Examples

The following example clears the URL server statistics:

ciscoasa# clear url-server statistics
 

 
Related Commands

Commands
Description

filter url

Directs traffic to a URL filtering server.

show url-server

Displays information about the URL cache, which is used for buffering URLs while waiting for responses from an N2H2 or Websense filtering server.

url-block

Manages the URL buffers used for web server responses while waiting for a filtering decision from the filtering server.

url-cache

Enables URL caching while pending responses from an N2H2 or Websense server and sets the size of the cache.

url-server

Identifies an N2H2 or Websense server for use with the filter command.

clear user-identity active-user-database

To set the status of specified users to logged out for the Identity Firewall, use the clear user-identity active-user-database command in privileged EXEC mode.

clear user-identity active-user-database [ user [ domain_nickname \] use_rname ] | user-group [ domain_nickname \\] user_group_name ]

 
Syntax Description

domain_nickname \\ user_group_name

Specifies a user group for which to clear statistics.

The group_name can contain any character including [a-z], [A-Z], [0-9], [!@#$%^&()-_{}. ]. If domain _ NetBIOS_name \ group _ name contains a space, you must enclose the domain name and user name in quotation marks.

domain_nickname \ use_rname

Specifies a user for which to clear statistics.

The user_name can contain any character including [a-z], [A-Z], [0-9], [!@#$%^&()-_{}. ]. If domain_NetBIOS_name \ user _ name contains a space, you must enclose the domain name and user name in quotation marks.

user

Specifies to clear statistics for users.

user-group

Specifies to clear statistics for user groups.

 
Defaults

No default behavior or values.

 
Command Modes

The following table shows the modes in which you can enter the command:

 

Command Mode
Firewall Mode
Security Context
Routed
Transparent
Single
Multiple
Context
System

Privileged EXEC

  • Yes

  • Yes

 
Command History

Release
Modification

8.4(2)

This command was introduced.

 
Usage Guidelines

This command sets the status of the specified user, all users belong to the specified user group, or all users to logged out.

When you specify the user-group keyword, the status of all users belong to the specified user group are set to logged out. When you do not specify the domain_nickname argument with the user-group keyword, users in the groups with user_group_name in default domain are given the logged out status.

When you specify the user keyword, the status of the specified user is set to logged out. When you do not specify the domain_nickname argument with the user keyword, the user with user_name in default domain receives a logged out status.

When you do not specify either the user or user-group keywords, all users have their status set to logged out.

Examples

The following example sets the status of all users in user group users1 in the SAMPLE domain to logged out:

ciscoasa# clear user-identity active-user-database user-group SAMPLE\users1

 
Related Commands

Command
Description

clear configure user-identity

Clears the configuration for the Identity Firewall feature.

show user-identity user active

Displays the active users for the Identify Firewall.

clear user-identity ad-agent statistics

To clear the AD Agent statistics for the Identity Firewall, use the clear user-identity ad-agent statistics command in privileged EXEC mode.

clear user-identity ad-agent statistics

 
Syntax Description

This command has no arguments or keywords.

 
Defaults

No default behavior or values.

 
Command Modes

The following table shows the modes in which you can enter the command:

 

Command Mode
Firewall Mode
Security Context
Routed
Transparent
Single
Multiple
Context
System

Privileged EXEC

  • Yes

  • Yes

 
Command History

Release
Modification

8.4(2)

This command was introduced.

 
Usage Guidelines

The ASA maintains the following information about the primary and secondary AD Agents:

  • Status of the AD Agents
  • Status of the domains
  • Statistics for the AD Agents

Use the clear user-identity ad-agent statistics command to clear the statistics data of AD Agents.

Examples

The following example clears the AD Agent statistics for the Identity Firewall:

ciscoasa# clear user-identity ad-agent statistics
ciscoasa# show user-identity ad-agent statistics
 
Primary AD Agent Total Last Activity
------------------------- ---------- ------------------------
Input packets: 0 N/A
Output packets: 0 N/A
Send updates: 0 N/A
Recv updates: 0 N/A
Keepalive failed: 0 N/A
Send update failed: 0 N/A
Query failed: 0 N/A
 
Secondary AD Agent Total Last Activity
------------------------- ---------- ------------------------
Input packets: 0 N/A
Output packets: 0 N/A
Send updates: 0 N/A
Recv updates: 0 N/A
Keepalive failed: 0 N/A
Send update failed: 0 N/A
Query failed: 0 N/A
 

 
Related Commands

Command
Description

clear configure user-identity

Clears the configuration for the Identity Firewall feature.

show user-identity ad-agent [ statistics ]

Displays statistical information about the AD Agent for the Identity Firewall.

clear user-identity statistics

To clear the counters used to display statistics about the Identity Firewall, use the clear user-identity statistics command in privileged EXEC mode.

clear user-identity statistics [ user [ domain_nickname \] use_rname ] | user-group [ domain_nickname \\] user_group_name ]

 
Syntax Description

domain_nickname \\ user_group_name

Specifies a user group for which to clear statistics.

The group_name can contain any character including [a-z], [A-Z], [0-9], [!@#$%^&()-_{}. ]. If domain _ NetBIOS_name \ group _ name contains a space, you must enclose the domain name and user name in quotation marks.

domain_nickname \ use_rname

Specifies a user for which to clear statistics.

The user_name can contain any character including [a-z], [A-Z], [0-9], [!@#$%^&()-_{}. ]. If domain_NetBIOS_name \ user _ name contains a space, you must enclose the domain name and user name in quotation marks.

user

Specifies to clear statistics for users.

user-group

Specifies to clear statistics for user groups.

 
Defaults

No default behavior or values.

 
Command Modes

The following table shows the modes in which you can enter the command:

 

Command Mode
Firewall Mode
Security Context
Routed
Transparent
Single
Multiple
Context
System

Privileged EXEC

  • Yes

  • Yes

 
Command History

Release
Modification

8.4(2)

This command was introduced.

 
Usage Guidelines

When domain_nickname is not specified before user_group_name , the ASA removes the Identity Firewall statistics for the group with user_group_name in the default domain.

When domain_nickname is not specified before user_name , the ASA removes the Identity Firewall statistics for the user with user_name in the default domain.

Examples

The following example clears the counters which are used to display statistics for a user group:

ciscoasa# clear user-identity statistics user-group SAMPLE\users1
 

 
Related Commands

Command
Description

clear configure user-identity

Clears the configuration for the Identity Firewall feature.

show user-identity statistics

Displays statistics for a user or user group for the Identify Firewall.

clear user-identity user-not-found

To clear the ASA local user-not-found database for the Identity Firewall, use the clear user-identity user-not-found command in privileged EXEC mode.

clear user-identity user-not-found

 
Syntax Description

This command has no arguments or keywords.

 
Defaults

No default behavior or values.

 
Command Modes

The following table shows the modes in which you can enter the command:

 

Command Mode
Firewall Mode
Security Context
Routed
Transparent
Single
Multiple
Context
System

Privileged EXEC

  • Yes

  • Yes

 
Command History

Release
Modification

8.4(2)

This command was introduced.

 
Usage Guidelines

The ASA maintains a local user-not-found database of the IP addresses not found in Microsoft Active Directory. The ASA keeps only the last 1024 packets (contiguous packets from the same source IP address are treated as one packet) of the user-not-found list and not the entire list in the database.

User the clear user-identity user-not-found command to clear the local database on the ASA.


Tip Use the show user-identity user-not-found command to display the IP addresses of the users who are not found in Microsoft Active Directory.


Examples

The following example clears the local user-not-found database for the Identity Firewall:

ciscoasa# show user-identity user-not-found
172.13.1.2
171.1.45.5
169.1.1.2
172.13.12
ciscoasa# clear user-identity user-not-found
 

 
Related Commands

Command
Description

clear configure user-identity

Clears the configuration for the Identity Firewall feature.

show user-identity user-not-found

Displays the IP addresses of the Active Directory users not found in the ASA user-not-found database.

clear user-identity user no-policy-activated

To clear the local records on the ASA of users who are not activated for the Identity Firewall, use the clear user-identity user no-policy-activated command in privileged EXEC mode.

clear user-identity user no-policy-activated

 
Syntax Description

This command has no arguments or keywords.

 
Defaults

No default behavior or values.

 
Command Modes

The following table shows the modes in which you can enter the command:

 

Command Mode
Firewall Mode
Security Context
Routed
Transparent
Single
Multiple
Context
System

Privileged EXEC

  • Yes

  • Yes

 
Command History

Release
Modification

8.4(2)

This command was introduced.

 
Usage Guidelines

Use the clear user-identity user no-policy-activated to clear the local records of users not activated by any security policy, meaning the user is not part of an activated user group or not referenced in an access list or service policy configuration.

The clear user-identity user no-policy-activated command also clears the IP addresses of users who are active but not activated.

When you create a user group for the Identity Firewall, it must be activated, meaning the group is an import user group (defined as a user group in an access list or service policy configuration) or a local user group (defined in an object-group user).

Examples

The following example clears the local records on the ASA for users who are not activated:

ciscoasa# clear user-identity user no-policy-activated
 

 
Related Commands

Command
Description

clear configure user-identity

Clears the configuration for the Identity Firewall feature.

show user-identity group

Displays the list of activated user groups for the Identity Firewall.

clear vpn-sessiondb statistics

To clear information about VPN sessions, including all statistics or specific sessions or protocols, use the clear vpn-sessiondb statistics command in privileged EXEC mode.

clear vpn-sessiondb {all | anyconnect | email-proxy | global | index index_number | ipaddress IPaddr | l2l | name username | protocol protocol | ra-ikev1-ipsec | tunnel-group name | vpn-lb | webvpn}

 
Syntax Descriptions

all

Clears statistics for all sessions.

anyconnect

Clears statistics for AnyConnect VPN client sessions.

email-proxy

Clears statistics for e-mail proxy sessions.

global

Clears statistics for global session data.

index indexnumber

Clears statistics of a single session by index number. The output of the show vpn-sessiondb detail command displays index numbers for each session.

ipaddress IPaddr

Clears statistics for sessions of the IP address that you specify.

l2l

Clears stastistics for VPN LAN-to-LAN sessions.

protocol protocol

Clears statistics for the following protocols:

  • ikev1—Sessions using the IKEv1 protocol.
  • ikev2—Sessions using theIKEv2 protocol.
  • ipsec—IPsec sessions using either IKEv1 or IKEv2.
  • ipseclan2lan—IPsec LAN-to-LAN sessions.
  • ipseclan2lanovernatt—IPsec LAN-to-LAN over NAT-T sessions.
  • ipsecovernatt—IPsec over NAT-T sessions.
  • ipsecovertcp—IPsec over TCP sessions.
  • ipsecoverudp—IPsec over UDP sessions.
  • l2tpOverIpSec—L2TP over IPsec sessions.
  • l2tpOverIpsecOverNatT—L2TP over IPsec over NAT-T sessions.
  • ospfv3—OSPFv3 over IPsec sessions.
  • webvpn—Clientless SSL VPN sessions.
  • imap4s—IMAP4 sessions.
  • pop3s—POP3 sessions.
  • smtps—SMTP sessions.
  • anyconnectParent—AnyConnect client sessions, regardless of the protocol used for the session (terminates AnyConnect IPsec IKEv2 and SSL sessions).
  • ssltunnel—SSL VPN sessions, including AnyConnect sessions using SSL and clientless SSL VPN sessions.
  • dtlstunnel—AnyConnect client sessions with DTLS enabled.

ra-ikev1-ipsec

Clears statistics for IPsec IKEv1 and L2TP sessions.

tunnel-group groupname

Clears statistics for sessions for the tunnel group (connection profile) that you specify.

vpn-lb

Clears statistics for VPN load balancing management sessions.

webvpn

Clears statistics for clientless SSL VPN sessions.

 
Defaults

There is no default behavior or values.

 
Command Modes

The following table shows the modes in which you can enter the command:

 

Command Mode
Firewall Mode
Security Context
Routed
Transparent
Single
Multiple
Context
System

Privileged EXEC

  • Yes

  • Yes

 

 
Command History

Release
Modification

8.4(1)

This command was introduced.

clear wccp

To reset WCCP information, use the clear wccp command in privileged EXEC mode.

clear wccp [ web-cache | service_number ]

 
Syntax Description

web-cache

Specifies the web-cache service.

service-number

A dynamic service identifier, which means the service definition is dictated by the cache. The dynamic service number can be from 0 to 255. There is a maximum allowable number of 256 that includes the web-cache service specified with the web-cache keyword.

 
Defaults

No default behavior or values.

 
Command Modes

The following table shows the modes in which you can enter the command:

 

Command Mode
Firewall Mode
Security Context
Routed
Transparent
Single
Multiple
Context
System

Privileged EXEC

  • Yes
  • Yes
  • Yes
  • Yes

 
Command History

Release
Modification

7.2(1)

This command was introduced.

Examples

The following example shows how to reset the WCCP information for the web-cache service:

ciscoasa# clear wccp web-cache
 

 
Related Commands

Command
Description

show wccp

Displays the WCCP configuration.

wccp redirect

Enables support of WCCP redirection.

clear webvpn sso-server statistics

To reset the statistics from the WebVPN Single Sign-On (SSO) server, use the clear webvpn sso-server statistics command in privileged EXEC mode.

clear webvpn sso-server statistics servername

 
Syntax Description

servername

Specifies the name of the SSO server to be reset.

 
Defaults

No default behavior or values.

 
Command Modes

The following table shows the mode in which you can enter the command:

Command Mode
Firewall Mode
Security Context
Routed
Transparent
Single
Multiple
Context
System

Privileged EXEC

  • Yes
  • Yes
  • Yes

 
Command History

Release
Modification

8.0(2)

This command was introduced.

 
Usage Guidelines

This command does not reset the "pending requests" statistic.

Examples

The following example displays crypto accelerator statistics:

ciscoasa # clear webvpn sso-server statistics
ciscoasa #

 
Related Commands

Command
Description

clear crypto accelerator statistics

Clears the global and accelerator-specific statistics in the crypto accelerator MIB.

clear crypto protocol statistics

Clears the protocol-specific statistics in the crypto accelerator MIB.

show crypto accelerator statistics

Displays the global and accelerator-specific statistics in the crypto accelerator MIB.

show crypto protocol statistics

Displays the protocol-specific statistics from the crypto accelerator MIB.

clear xlate

To clear current dynamic translation and connection information, use the clear xlate command in privileged EXEC mode.

clear xlate [ global ip1 [ - ip2 ] [ netmask mask ]] [ local ip1 [ - ip2 ] [ netmask mask ]]
[
gport port1 [ - port2 ]] [ lport port1 [ - port2 ]] [ interface if_name ] [ state state ]

 
Syntax Description

global ip1 [ - ip2 ]

(Optional) Clears the active translations by global IP address or range of addresses.

gport port1 [ -port2 ]

(Optional) Clears the active translations by the global port or range of ports.

interface if_name

(Optional) Displays the active translations by interface.

local ip1 [ - ip2 ]

(Optional) Clears the active translations by local IP address or range of addresses.

lport port1 [ -port2 ]

(Optional) Clears the active translations by local port or range of ports.

netmask mask

(Optional) Specifies the network mask to qualify the global or local IP addresses.

state state

(Optional) Clears the active translations by state. You can enter one or more of the following states:

  • static —Specifies static translations.
  • portmap —Specifies PAT global translations.
  • norandomseq —Specifies a nat or static translation with the norondomseq setting.
  • identity —Specifies nat 0 identity address translations.

When specifying more than one state, separate the states with a space.

 
Defaults

No default behavior or values.

 
Command Modes

The following table shows the modes in which you can enter the command:

 

Command Mode
Firewall Mode
Security Context
Routed
Transparent
Single
Multiple
Context
System

Privileged EXEC

  • Yes
  • Yes
  • Yes
  • Yes
  • Yes

 
Command History

Release
Modification

7.0(1)

This command was introduced.

 
Usage Guidelines

The clear xlate command clears the contents of the translation slots (“xlate” refers to the translation slot). Translation slots can persist after key changes have been made. Always use the clear xlate command after adding, changing, or removing the global or nat commands in your configuration.

An xlate describes a NAT or PAT session. These sessions can be viewed with the show xlate command with the detail option. There are two types of xlates: static and dynamic.

A static xlate is a persistent xlate that is created using the static command. The clear xlate command does not clear for a host in a static entry. Static xlates can only be removed by removing the static command from the configuration; the clear xlate command does not remove the static translation rule. If you remove a static command from the configuration, preexisting connections that use the static rule can still forward traffic. Use the clear local-host or clear conn command to deactivate these connections.

A dynamic xlate is an xlate that is created on demand with traffic processing (through the nat or global command). The clear xlate command removes dynamic xlates and their associated connections. You can also use the clear local-host or clear conn command to clear the xlate and associated connections. If you remove a nat or a global command from the configuration, the dynamic xlate and associated connections may remain active. Use the clear xlate command to remove these connections.

Examples

The following example shows how to clear the current translation and connection slot information:

ciscoasa# clear xlate global
 

 
Related Commands

Command
Description

clear local-host

Clears local host network information.

clear uauth

Clears cached user authentication and authorization information.

show conn

Displays all active connections.

show local-host

Displays the local host network information.

show xlate

Displays the current translation information.