Cisco ASA Series Command Reference, A - H Commands
clear local-host -- clear xlate
Downloads: This chapterpdf (PDF - 540.0KB) The complete bookPDF (PDF - 9.37MB) | The complete bookePub (ePub - 770.0KB) | The complete bookMobi (Mobi - 818.0KB) | Feedback

Table of Contents

clear configure flow-export through clear configure zonelabs-integrity Commands

clear configure flow-export

c lear configure icmp

c lear configure imap4s

c lear configure interface

clear configure interface bvi

c lear configure ip

c lear configure ip audit

c lear configure ip local pool

clear configure ipv6 dhcprelay

clear configure ipv6 router

c lear configure ip verify reverse-path

c lear configure ipv6

c lear configure isakmp

c lear configure isakmp policy

c lear configure ldap attribute-map

c lear configure logging

c lear configure logging rate-limit

c lear configure mac-address-table

c lear configure mac-learn

c lear configure mac-list

c lear configure management-access

clear configure media-termination

c lear configure monitor-interface

c lear configure mroute

c lear configure mtu

c lear configure multicast-routing

c lear configure nac-policy

c lear configure name

c lear configure nat

c lear configure ntp

c lear configure object

c lear configure object-group

clear configure object-group-search

clear configure pager

c lear configure passwd

c lear configure password-policy

clear configure phone-proxy

c lear configure pim

c lear configure policy-map

c lear configure pop3s

c lear configure prefix-list

c lear configure priority-queue

c lear configure privilege

c lear configure regex

c lear configure route

c lear configure route-map

clear configure router

c lear configure same-security-traffic

c lear configure service-policy

c lear configure sla monitor

c lear configure smtps

c lear configure smtp-server

c lear configure snmp-map

c lear configure snmp-server

c lear configure ssh

c lear configure ssl

c lear configure static

c lear configure sunrpc-server

c lear configure sysopt

c lear configure tcp-map

c lear configure telnet

c lear configure terminal

c lear configure threat-detection

c lear configure timeout

c lear configure time-range

c lear configure tls-proxy

c lear configure tunnel-group

c lear configure tunnel-group-map

clear configure uc-ime

c lear configure url-block

c lear configure url-cache

c lear configure url-list

c lear configure url-server

clear configure user-identity

c lear configure username

c lear configure virtual

c lear configure vpdn group

c lear configure vpdn username

c lear configure vpn-load-balancing

c lear configure wccp

clear configure xlate

c lear configure zonelabs-integrity

clear configure flow-export through clear configure zonelabs-integrity Commands

clear configure flow-export

To clear flow-export configurations that are associated with NetFlow data, use the clear configure flow-export command in global configuration mode.

clear configure flow-export [ destination ]

 
Syntax Description

destination

Clears only the destination-related flow-export configuration.

 
Defaults

No default behavior or values.

 
Command Modes

The following table shows the modes in which you can enter the command:

 

Command Mode
Firewall Mode
Security Context
Routed
Transparent
Single
Multiple
Context
System

Global configuration

 
Command History

Release
Modification

8.1(1)

This command was introduced.

9.1(2)

An error message was added for a specific use case.

 
Usage Guidelines

The destination keyword clears only the destination-related flow-export configuration; the other flow-export configurations still remain.

In clustering, when you remove the destination flow-export configuration from the master unit, this configuration is also removed from the slave units.

As long as at least one flow-export destination is being referenced in the flow-export event-type command, entering the clear configure flow-export [ destination ] command fails and none of the flow-export configurations are changed or removed.

The following error message appears in this case:

ERROR: “Some destinations may be in use. Remove references before attempting to clear flow-export configuration”
 

Examples

The following example show how to clear all flow-export configurations, including destinations:

ciscoasa(config)# clear configure flow-export
 

The following example shows how to clear only the destination-related flow-export configuration:

ciscoasa(config)# clear configure flow-export destination
 

 
Related Commands

Commands
Description

flow-export destination

Specifies the IP address or hostname of the NetFlow collector, and the UDP port on which the NetFlow collector is listening.

flow-export template timeout-rate

Controls the interval at which the template information is sent to the NetFlow collector.

logging flow-export-syslogs enable

Enables syslog messages after you have entered the logging flow-export-syslogs disable command, and the syslog messages that are associated with NetFlow data.

show flow-export counters

Displays all runtime counters in NetFlow.

clear configure icmp

To clear the configured access rules for ICMP traffic, use the clear configure icmp command in global configuration mode.

clear configure icmp

 
Defaults

No default behavior or values.

 
Command Modes

The following table shows the modes in which you can enter the command:

 

Command Mode
Firewall Mode
Security Context
Routed
Transparent
Single
Multiple
Context
System

Global configuration

 
Command History

Release
Modification

7.0(1)

This command was introduced.

 
Usage Guidelines

The clear configure icmp command clears the configured access rules for ICMP traffic.

Examples

The following example clears the clear configured access rules for ICMP traffic:

ciscoasa# clear configure icmp
 

 
Related Commands

Commands
Description

clear configure icmp

Clears the ICMP configuration.

debug icmp

Enables the display of debug information for ICMP.

show icmp

Displays ICMP configuration.

timeout icmp

Configures the idle timeout for ICMP.

clear configure imap4s

To remove all IMAP4S commands from the configuration and revert to default values, use the clear configure imap4s command in global configuration mode.

clear configure imap4s

 
Syntax Description

This command has no arguments or keywords.

 
Defaults

No default behavior or values.

 
Command Modes

The following table shows the modes in which you can enter the command:

 

Command Mode
Firewall Mode
Security Context
Routed
Transparent
Single
Multiple
Context
System

Global configuration

 
Command History

Release
Modification

7.0(1)

This command was introduced.

Examples

The following example shows how to remove the IMAP4S configuration:

ciscoasa(config)# clear configure imap4s
ciscoasa(config)#

 
Related Commands

Command
Description

show running-configuration imap4s

Displays the running configuration for IMAP4S.

imap4s

Creates or edits an IMAP4S e-mail proxy configuration.

clear configure interface

To clear the interface configuration, use the clear configure interface command in global configuration mode.

clear configure interface [ physical_interface [ . subinterface ] | mapped_name | interface_name ]

 
Syntax Description

interface_name

(Optional) Identifies the interface name set with the nameif command.

mapped_name

(Optional) In multiple context mode, identifies the mapped name if it was assigned using the allocate-interface command.

physical_interface

(Optional) Identifies the interface ID, such as gigabit ethernet0/1 . See the interface command for accepted values.

subinterface

(Optional) Identifies an integer between 1 and 4294967293 designating a logical subinterface.

 
Defaults

If you do not specify an interface, the ASA clears all interface configuration.

 
Command Modes

The following table shows the modes in which you can enter the command:

 

Command Mode
Firewall Mode
Security Context
Routed
Transparent
Single
Multiple
Context
System

Global configuration

 
Command History

Release
Modification

7.0(1)

This command was changed from clear interface . This command was also modified to include the new interface numbering scheme.

 
Usage Guidelines

When you clear the interface configuration for main physical interfaces, the ASA uses the default settings.

You cannot use the interface name in the system execution space, because the nameif command is only available within a context. Similarly, if you mapped the interface ID to a mapped name using the allocate-interface command, you can only use the mapped name in a context.

Examples

The following example clears the GigabitEthernet0/1 configuration:

ciscoasa(config)# clear configure interface gigabitethernet0/1
 

The following example clears the inside interface configuration:

ciscoasa(config)# clear configure interface inside
 

The following example clears the int1 interface configuration in a context. “int1” is a mapped name:

ciscoasa/contexta(config)# clear configure interface int1
 

The following example clears all interface configuration:

ciscoasa(config)# clear configure interface
 

 
Related Commands

Command
Description

allocate-interface

Assigns interfaces and subinterfaces to a security context.

clear interface

Clears counters for the show interface command.

interface

Configures an interface and enters interface configuration mode.

show interface

Displays the runtime status and statistics of interfaces.

clear configure interface bvi

To clear the bridge virtual interface configuration, use the clear configure interface bvi command in global configuration mode.

clear configure interface bvi bridge_group_number

 
Syntax Description

bridge_group_number

Specifies the bridge group number as an integer between 1 and 100.

 
Command Default

No default behavior or values.

 
Command Modes

The following table shows the modes in which you can enter the command:

 

Command Mode
Firewall Mode
Security Context
Routed
Transparent
Single
Multiple
Context
System

Global configuration

 
Command History

Release
Modification

8.4(1)

We introduced this command.

Examples

The following example clears the interface configuration for bridge group 1:

hostname(config)# clear configure interface bvi 1
 

 
Related Commands

Command
Description

bridge-group

Groups transparent firewall interfaces into a bridge group.

interface

Configures an interface.

interface bvi

Creates a bridge virtual interface.

ip address

Sets the management IP address for a bridge group.

show bridge-group

Shows bridge group information, including member interfaces and IP addresses.

show running-config interface bvi

Shows the bridge group interface configuration.

clear configure ip

To clear all IP addresses set by the ip address command, use the clear configure ip command in global configuration mode.

clear configure ip

 
Syntax Description

This command has no arguments or keywords.

 
Defaults

No default behavior or values.

 
Command Modes

The following table shows the modes in which you can enter the command:

 

Command Mode
Firewall Mode
Security Context
Routed
Transparent
Single
Multiple
Context
System

Global configuration

 
Command History

Release
Modification

7.0(1)

This command was introduced.

 
Usage Guidelines

In transparent firewall mode, this command clears the management IP address and the management 0/0 IP address, if configured.

If you want to stop all current connections that use the old IP addresses, enter the clear xlate command. Otherwise, the connections time out as usual.

Examples

The following example clears all IP addresses:

ciscoasa(config)# clear configure ip
 

 
Related Commands

Command
Description

allocate-interface

Assigns interfaces and subinterfaces to a security context.

clear configure interface

Clears all configuration for an interface.

interface

Configures an interface and enters interface configuration mode.

ip address

Sets the IP address for the interface.

show running-config interface

Displays the interface configuration.

clear configure ip audit

To clear the entire audit policy configuration, use the clear configure ip audit command in global configuration mode.

clear configure ip audit [ configuration ]

 
Syntax Description

configuration

(Optional) You can enter this keyword, but the effect is the same without it.

 
Defaults

No default behavior or values.

 
Command Modes

The following table shows the modes in which you can enter the command:

 

Command Mode
Firewall Mode
Security Context
Routed
Transparent
Single
Multiple
Context
System

Global configuration

 
Command History

Release
Modification

7.0(1)

This command was changed from clear ip audit .

Examples

The following example clears all ip audit commands:

ciscoasa# clear configure ip audit
 

 
Related Commands

Command
Description

ip audit attack

Sets the default actions for packets that match an attack signature.

ip audit info

Sets the default actions for packets that match an informational signature.

ip audit interface

Assigns an audit policy to an interface.

ip audit name

Creates a named audit policy that identifies the actions to take when a packet matches an attack signature or an informational signature.

ip audit signature

Disables a signature.

clear configure ip local pool

To remove IP address pools, use the clear configure ip local pool command in global configuration mode.

clear ip local pool [ poolname ]

 
Syntax Description

poolname

(Optional) Specifies the name of the IP address pool.

 
Defaults

No default behavior or values.

 
Command Modes

The following table shows the modes in which you can enter the command:

 

Command Mode
Firewall Mode
Security Context
Routed
Transparent
Single
Multiple
Context
System

Global configuration

 
Command History

Release
Modification

7.0(1)

This command was introduced.

Examples

The following example removes all IP address pools from the running configuration:

ciscoasa(config)# clear config ip local pool
ciscoasa(config)#
 

 
Related Commands

Command
Description

clear configure ip local pool

Removes all ip local pools.

ip local pool

Configures an IP address pool.

clear configure ipv6 dhcprelay

To clear the IPv6 DHCP relay configuration, use the clear configure ipv6 dhcprelay command in global configuration mode.

clear configure ipv6 dhcprelay

 
Defaults

No default behavior or values.

 
Command Modes

The following table shows the modes in which you can enter the command:

 

Command Mode
Firewall Mode
Security Context
Routed
Transparent
Single
Multiple
Context
System

Global configuration

 
Command History

Release
Modification

9.0(1)

This command was introduced.

 
Usage Guidelines

The clear configure ipv6 dhcprelay command clears the IPv6 DHCP relay configuration.

Examples

The following example clears the IPv6 DHCP relay configuration:

ciscoasa# clear configure ipv6 dhcprelay
 

 
Related Commands

Commands
Description

clear ipv6 dhcprelay binding

Clears IPv6 DHCP relay binding entries.

debug ipv6 dhcprelay

Enables the display of debugging information for IPv6 DHCP relay.

show ipv6 dhcprelay binding

Shows IPv6 DHCP relay binding entries.

clear configure ipv6 router

To clear OSPFv3 routing processes, use the clear configure ipv6 router command in privileged EXEC mode.

clear configure ipv6 router ospf

 
Syntax Description

ospf

Clears the OSPFv3 routing processes.

 
Defaults

By default, this command clears all OSPFv3 routing parameters.

 
Command Modes

The following table shows the modes in which you can enter the command:

 

Command Mode
Firewall Mode
Security Context
Routed
Transparent
Single
Multiple
Context
System

Privileged EXEC

 
Command History

Release
Modification

9.0(1)

This command was introduced.

 
Usage Guidelines

Use the clear configure ipv6 router command to clear OSPFv3 processes.

Examples

The following example clears the OSPFv3 processes:

ciscoasa# clear configure ipv6 router
 

 
Related Commands

Command
Description

clear ipv6 ospf

Deletes all IPv6 settings in the OSPFv3 routing process.

debug ospfv3

Provides debugging information for troubleshooting OSPFv3 routing processes.

clear configure ip verify reverse-path

To clear the ip verify reverse-path configuration, use the clear configure ip verify reverse-path command in global configuration mode.

clear configure ip verify reverse-path

 
Syntax Description

This command has no arguments or keywords.

 
Defaults

No default behavior or values.

 
Command Modes

The following table shows the modes in which you can enter the command:

 

Command Mode
Firewall Mode
Security Context
Routed
Transparent
Single
Multiple
Context
System

Global configuration

 
Command History

Release
Modification

7.0(1)

This command was changed from clear ip verify reverse-path .

Examples

The following example clears the ip verify reverse-path configuration for all interfaces:

ciscoasa(config)# clear configure ip verify reverse-path
 

 
Related Commands

Command
Description

clear ip verify statistics

Clears the unicast RPF statistics.

ip verify reverse-path

Enables the unicast RPF feature to prevent IP spoofing.

show ip verify statistics

Shows the unicast RPF statistics.

show running-config ip verify reverse-path

Shows the ip verify reverse-path configuration.

clear configure ipv6

To clear the global IPv6 commands from the running configuration, use the clear configure ipv6 command in global configuration mode.

clear configure ipv6 [ route | access-list ]

 
Syntax Description

access-list

(Optional) Clears the IPv6 access list commands from the running configuration.

route

(Optional) Clears the commands that statically define routes in the IPv6 routing table from the running configuration.

 
Defaults

Without keywords, this command clears all IPv6 commands from the running configuration.

 
Command Modes

The following table shows the modes in which you can enter the command:

 

Command Mode
Firewall Mode
Security Context
Routed
Transparent
Single
Multiple
Context
System

Global configuration

 
Command History

Release
Modification

7.0(1)

This command was introduced.

 
Usage Guidelines

This command only clears the global IPv6 commands from the running configuration; it does not clear the IPv6 commands entered in interface configuration mode.

Examples

The following example shows how to clear statically defined IPv6 routes from the IPv6 routing table:

ciscoasa(config)# clear configure ipv6 route
ciscoasa(config)#

 
Related Commands

Command
Description

ipv6 route

Defines a static route in the IPv6 routing table.

show ipv6 route

Displays the contents of the IPv6 routing table.

show running-config ipv6

Displays the IPv6 commands in the running configuration.

clear configure isakmp

To remove all of the ISAKMP configuration, use the clear configure isakmp command in global configuration mode.

clear configure isakmp

 
Syntax Description

This command has no arguments or keywords.

 
Defaults

No default behavior or values.

 
Command Modes

The following table shows the modes in which you can enter the command:

 

Command Mode
Firewall Mode
Security Context
Routed
Transparent
Single
Multiple
Context
System

Global configuration

 
Command History

Release
Modification

7.0(1)

The clear configure isakmp command was introduced.

7.2(1)

This command was deprecated. The clear configure crypto isakmp command replaced it.

9.0(1)

Support for multiple context mode was added.

Examples

The following example issued in global configuration mode, removes all of the ISAKMP configuration from the ASA:

ciscoasa(config)# clear configure isakmp
ciscoasa(config)#

 
Related Commands

Command
Description

clear configure isakmp policy

Clears all ISAKMP policy configuration.

isakmp enable

Enables ISAKMP negotiation on the interface on which the IPsec peer communicates with the ASA.

show isakmp stats

Displays runtime statistics.

show isakmp sa

Displays IKE runtime SA database with additional information.

show running-config isakmp

Displays the active configuration.

clear configure isakmp policy

To remove all of the ISAKMP policy configuration, use the clear configure isakmp policy command in global configuration mode.

clear configure isakmp policy priority

 
Syntax Description

priority

Specifies the priority of the ISAKMP priority to be cleared.

 
Defaults

No default behavior or values.

 
Command Modes

The following table shows the modes in which you can enter the command:

 

Command Mode
Firewall Mode
Security Context
Routed
Transparent
Single
Multiple
Context
System

Global configuration

 
Command History

Release
Modification

7.0(1)

The clear configure isakmp policy command was introduced.

7.2(1)

This command was deprecated. The clear configure crypto isakmp policy command replaced it.

Examples

The following example removes the ISAKMP policy with priority 3 from the configuration:

ciscoasa(config)# clear configure isakmp policy 3
ciscoasa(config)#

 
Related Commands

Command
Description

isakmp enable

Enables ISAKMP negotiation on the interface on which the IPsec peer communicates with the ASA.

show isakmp stats

Displays runtime statistics.

show isakmp sa

Displays IKE runtime SA database with additional information.

show running-config isakmp

Displays the active configuration.

clear configure ldap attribute-map

To remove all the LDAP attribute maps from the running configuration of the ASA, use the clear configure ldap attribute-map command in global configuration mode.

clear configure ldap attribute-map

 
Syntax Description

This command has no arguments or keywords.

 
Defaults

No default behavior or values.

 
Command Modes

The following table shows the modes in which you can enter the command:

 

Command Mode
Firewall Mode
Security Context
Routed
Transparent
Single
Multiple
Context
System

Global configuration

 
Command History

Release
Modification

7.1(1)

This command was introduced.

 
Usage Guidelines

Use this command to remove the LDAP attribute maps from the running configuration of the ASA.

Examples

The following example, entered in global configuration mode, removes all LDAP attributes map from the running configuration and then confirms the removal by using the show running-config ldap attribute-map command:

ciscoasa(config)# clear configuration ldap attribute-map
ciscoasa(config)# show running-config ldap attribute-map
ciscoasa(config)#

 
Related Commands

Command
Description

ldap attribute-map (global config mode)

Creates and names an LDAP attribute map for mapping user-defined attribute names to Cisco LDAP attribute names.

ldap-attribute-map (aaa-server host mode)

Binds an LDAP attribute map to an LDAP server.

map-name

Maps a user-defined LDAP attribute name with a Cisco LDAP attribute name.

map-value

Maps a user-defined attribute value to a Cisco attribute.

show running-config ldap attribute-map

Displays a specific running LDAP attribute map or all running attribute maps.

clear configure logging

To clear logging configuration, use the clear configure logging command in global configuration mode.

clear configure logging [ disabled | level ]

 
Syntax Description

disabled

(Optional) Indicates that all disabled syslog messages should be re-enabled. When you use this option, no other logging configuration is cleared.

level

(Optional) Indicates that the severity level assignments for syslog messages should be reset to their default values. When you use this option, no other logging configuration is cleared.

 
Defaults

With no keywords specified, this command returns all configuration settings to their default values.

 
Command Modes

The following table shows the modes in which you can enter the command:

 

Command Mode
Firewall Mode
Security Context
Routed
Transparent
Single
Multiple
Context
System

Global configuration

 
Command History

Release
Modification

7.0(1)

This command was introduced.

 
Usage Guidelines

You can use the show running-config logging command to view all logging configuration settings. If you use the clear configure logging command without either the disabled or level keyword, all logging configuration settings are cleared and returned to their default values.

Examples

The following example shows how to clear logging configuration settings. The output of the show logging command indicates that all logging features have been disabled.

ciscoasa(config)# clear configure logging
ciscoasa(config)# show logging
Syslog logging: disabled
Facility: 20
Timestamp logging: disabled
Standby logging: disabled
Deny Conn when Queue Full: disabled
Console logging: disabled
Monitor logging: disabled
Buffer logging: disabled
Trap logging: disabled
History logging: disabled
Device ID: disabled
Mail logging: disabled
ASDM logging: disabled
 

 
Related Commands

Command
Description

show logging

Displays the enabled logging options.

show running-config logging

Displays the logging-related portion of the running configuration.

clear configure logging rate-limit

To reset the logging rate limit, use the clear configure logging rate-limit command in global configuration mode.

clear configure logging rate-limit

 
Syntax DescriptionThis command has no arguments or keywords.

This command has no arguments or keywords.

 
Defaults

No default behavior or values.

 
Command Modes

The following table shows the modes in which you can enter the command:

 

Command Mode
Firewall Mode
Security Context
Routed
Transparent
Single
Multiple
Context
System

Global configuration

 
Command History

Release
Modification

7.0(4)

This command was introduced.

Examples

The following example shows how to reset the logging rate limit:

ciscoasa(config)# clear configure logging rate-limit
 

After the information is cleared, nothing more displays until the hosts reestablish their connections.

 
Related Commands

Command
Description

logging rate limit

Limits the rate at which syslog messages are generated.

show running config logging rate-limit

Shows the current logging rate limit setting.

clear configure mac-address-table

To clear the mac-address-table static and mac-address-table aging-time configuration, use the clear configure mac-address-table command in global configuration mode.

clear configure mac-address-table

 
Syntax Description

This command has no arguments or keywords.

 
Defaults

No default behavior or values.

 
Command Modes

The following table shows the modes in which you can enter the command:

 

Command Mode
Firewall Mode
Security Context
Routed
Transparent
Single
Multiple
Context
System

Global configuration

 
Command History

Release
Modification

7.0(1)

This command was introduced.

Examples

The following example clears the mac-address-table static and mac-address-table aging-time configuration:

ciscoasa# clear configure mac-address-table
 

 
Related Commands

Command
Description

firewall transparent

Sets the firewall mode to transparent.

mac-address-table aging-time

Sets the timeout for dynamic MAC address entries.

mac-address-table static

Adds static MAC address entries to the MAC address table.

mac-learn

Disables MAC address learning for an interface.

show mac-address-table

Shows the MAC address table, including dynamic and static entries.

clear configure mac-learn

To clear the mac-learn configuration, use the clear configure mac-learn command in global configuration mode.

clear configure mac-learn

 
Syntax Description

This command has no arguments or keywords.

 
Defaults

No default behavior or values.

 
Command Modes

The following table shows the modes in which you can enter the command:

 

Command Mode
Firewall Mode
Security Context
Routed
Transparent
Single
Multiple
Context
System

Global configuration

 
Command History

Release
Modification

7.0(1)

This command was introduced.

Examples

The following example clears the mac-learn configuration:

ciscoasa# clear configure mac-learn
 

 
Related Commands

Command
Description

firewall transparent

Sets the firewall mode to transparent.

mac-address-table static

Adds static MAC address entries to the MAC address table.

mac-learn

Disables MAC address learning for an interface.

show mac-address-table

Shows the MAC address table, including dynamic and static entries.

clear configure mac-list

To remove the indicated list of MAC addresses, previously specified in the mac-list command, use the clear configure mac-list command in global configuration mode:

clear configure mac-list id

 
Syntax Description

id

A MAC address list name.

 
Defaults

No default behaviors or values.

 
Command Modes

The following table shows the modes in which you can enter the command:

 

Command Mode
Firewall Mode
Security Context
Routed
Transparent
Single
Multiple
Context
System

Global configuration

 
Command History

Release
Modification

7.0(1)

This command was modified to conform to CLI standards.

 
Usage Guidelines

To remove a list of MAC addresses, use the clear mac-list command.

Examples

The following example shows how to clear a MAC address list:

ciscoasa(config)# clear configure mac-list firstmaclist
 

 
Related Commands

Command
Description

mac-list

Adds a list of MAC addresses using a first-match search.

show running-config mac-list

Displays the MAC addresses in the MAC address list indicated by the id value.

clear configure management-access

To remove the configuration of an internal interface for management access of the ASA, use the clear configure management-access command in global configuration mode.

clear configure management-access

 
Syntax Description

This command has no arguments or keywords.

 
Defaults

No default behavior or values.

 
Command Modes

The following table shows the modes in which you can enter the command:

 

Command Mode
Firewall Mode
Security Context
Routed
Transparent
Single
Multiple
Context
System

Global configuration

 
Command History

Release
Modification

7.0(1)

The keyword configure was added.

9.0(1)

Support for multiple context mode was added.

 
Usage Guidelines

The management-access command lets you define an internal management interface using the IP address of the firewall interface specified in the mgmt_if argument. (The interface names are defined by the nameif command and displayed in quotes, “ ”, in the output of the show interface command.) The clear configure management-access command removes the configuration of the internal management interface specified with the management-access command.

Examples

The following example removes the configuration of an internal interface for management access of the ASA:

ciscoasa(config)# clear configure management-access
 

 
Related Commands

Command
Description

management-access

Configures an internal interface for management access.

show running-config management-access

Displays the name of the internal interface configured for management access.

clear configure media-termination

To clear the configured media-termination instances from a phone proxy, use the clear configure media-termination command in privileged EXEC mode.

clear configure media-termination

 
Syntax Description

This command has no arguments or keywords.

 
Defaults

No default behavior or values.

 
Command Modes

The following table shows the modes in which you can enter the command:

 

Command Mode
Firewall Mode
Security Context
Routed
Transparent
Single
Multiple
Context
System

Privileged EXEC

 
Command History

Release
Modification

8.2(1)

This command was introduced.

Examples

The following example clears the configured media-termination instances from a phone proxy:

ciscoasa# clear configure media-termination
 

 
Related Commands

Command
Description

media-termination address

Configures the media-termination address for a phone proxy instance.

clear configure monitor-interface

To remove all monitor-interface commands from the running configuration and restore the default interface health monitoring, use the clear configure monitor-interface command in global configuration mode.

clear configure monitor-interface

 
Syntax Description

This command has no arguments or keywords.

 
Defaults

No default behavior or values.

 
Command Modes

The following table shows the modes in which you can enter the command:

 

Command Mode
Firewall Mode
Security Context
Routed
Transparent
Single
Multiple
Context
System

Global configuration

 
Command History

Release
Modification

7.0(1)

This command was introduced.

 
Usage Guidelines

By default, physical interfaces are monitored for failover. Using the clear monitor-interface command clears the no monitor-interface commands from the running configuration and restores default interface health monitoring. To view the monitor-interface commands in the running configuration, use the show running-config all monitor-interface command.

Examples

The following example clears the monitor-interface commands from the running configuration:

ciscoasa(config)# clear configure monitor-interface
ciscoasa(config)#
 

 
Related Commands

Command
Description

monitor-interface

Enables health monitoring of a designated interface for failover purposes.

show running-config monitor-interface

Displays the monitor-interface commands in the running configuration.

clear configure mroute

To remove the mroute commands from the running configuration, use the clear configure mroute command in global configuration mode.

clear configure mroute

 
Syntax Description

This command has no arguments or keywords.

 
Defaults

No default behavior or values.

 
Command Modes

The following table shows the modes in which you can enter the command:

 

Command Mode
Firewall Mode
Security Context
Routed
Transparent
Single
Multiple
Context
System

Global configuration

 
Command History

Release
Modification

7.0(1)

This command was introduced.

Examples

The following example shows how to remove the mroute commands from the configuration:

ciscoasa(config)# clear configure mroute
ciscoasa(config)#
 

 
Related Commands

Command
Description

mroute

Configures a static multicast route.

show mroute

Displays IPv4 multicast routing table.

show running-config mroute

Displays the mroute commands in the running configuration.

clear configure mtu

To clear the configured maximum transmission unit values on all interfaces, use the clear configure mtu command in global configuration mode.

clear configure mtu

 
Syntax Description

This command has no arguments or keywords.

 
Defaults

Using the clear configure mtu command sets the maximum transmission unit to the default of 1500 for all Ethernet interfaces.

 
Command Modes

The following table shows the modes in which you can enter the command:

 

Command Mode
Firewall Mode
Security Context
Routed
Transparent
Single
Multiple
Context
System

Global configuration

 
Command History

Release
Modification

7.0(1)

This command was introduced.

Examples

The following example clears the current maximum transmission unit values on all interfaces:

ciscoasa(config)# clear configure mtu
 

 
Related Commands

Command
Description

mtu

Specifies the maximum transmission unit for an interface.

show running-config mtu

Displays the current maximum transmission unit block size.

clear configure multicast-routing

To remove the multicast-routing command from the running configuration, use the clear configure multicast-routing command in global configuration mode.

clear configure multicast-routing

 
Syntax Description

This command has no arguments or keywords.

 
Defaults

No default behavior or values.

 
Command Modes

The following table shows the modes in which you can enter the command:

 

Command Mode
Firewall Mode
Security Context
Routed
Transparent
Single
Multiple
Context
System

Global configuration

 
Command History

Release
Modification

7.0(1)

This command was introduced.

 
Usage Guidelines

The clear configure multicast-routing command removes the multicast routing from the running configuration.

Examples

The following example shows how to remove the multicast-routing command from the running configuration:

ciscoasa(config)# clear configure multicast-routing
 

 
Related Commands

Command
Description

multicast-routing

Enables multicast routing on the ASA.

clear configure nac-policy

To remove all NAC policies from the running configuration, except for those that are assigned to group policies, use the clear configure nac-policy command in global configuration mode.

clear configure nac-policy

 
Syntax Description

This command has no arguments or keywords.

 
Defaults

No default behavior or values.

 
Command Modes

The following table shows the modes in which you can enter the command:

 

Command Mode
Firewall Mode
Security Context
Routed
Transparent
Single
Multiple
Context
System

Global configuration

 
Command History

Release
Modification

8.0(2)

This command was introduced.

 
Usage Guidelines

Use this command only if you want to remove all NAC policies. Use the no form of the nac-policy command to remove a single NAC policy from the configuration.

Examples

The following example shows how to remove all NAC policies:

ciscoasa(config)# clear config nac-policy
 

 
Related Commands

Command
Description

nac-policy

Creates and accesses a Cisco NAC policy, and specifies its type.

show nac-policy

Displays NAC policy usage statistics on the ASA.

show running-config nac-policy

Displays the configuration of each NAC policy on the ASA.

show vpn-session_summary.db

Displays the number of IPsec, WebVPN, and NAC sessions.

show vpn-session.db

Displays information about VPN sessions, including NAC results.

clear configure name

To clear the list of names from the configuration, use the clear configure name command in global configuration mode.

clear configure name

 
Syntax Description

This command has no arguments or keywords.

 
Defaults

No default behavior or values.

 
Command Modes

The following table shows the modes in which you can enter the command:

 

Command Mode
Firewall Mode
Security Context
Routed
Transparent
Single
Multiple
Context
System

Global configuration

 
Command History

Release
Modification

7.0(1)

The configure keyword was added.

 
Usage Guidelines

Use this command to clear the list of names in a configuration.

Examples

The following example shows how to clear the list of names in a configuration:

ciscoasa(config)# clear configure name
 

 
Related Commands

Command
Description

name

Associates a name with an IP address.

show running-config name

Displays the list of names associated with IP addresses.

clear configure nat

To remove the NAT configuration, use the clear configure nat command in global configuration mode.

clear configure nat

 
Syntax Description

This command has no arguments or keywords.

 
Defaults

No default behavior or values.

 
Command Modes

The following table shows the modes in which you can enter the command:

 

Command Mode
Firewall Mode
Security Context
Routed
Transparent
Single
Multiple
Context
System

Global configuration

 
Command History

Release
Modification

7.0(1)

Added the keyword configure .

8.0(2)

We introduced support for NAT in transparent mode.

8.3(1)

The NAT configuration was migrated to a new set of commands. This command clears the new NAT configuration.

 
Usage Guidelines

This command clears both network object NAT nat commands and twice NAT nat commands.

Examples

The following example shows how to remove the NAT configuration:

ciscoasa(config)# show running-config nat
nat (any,any) source static any any
!
object network test
nat (any,any) static 10.2.2.2
ciscoasa(config)# clear configure nat
ciscoasa(config)# show running-config nat
ciscoasa(config)#
 

 
Related Commands

Command
Description

nat (object network)

Configures network object NAT.

nat (global)

Configures twice NAT.

show running-config nat

Displays the NAT configuration.

clear configure ntp

To clear the NTP configuration, use the clear configure ntp command in global configuration mode.

clear configure ntp

 
Syntax Description

This command has no arguments or keywords.

 
Defaults

No default behavior or values.

 
Command Modes

The following table shows the modes in which you can enter the command:

 

Command Mode
Firewall Mode
Security Context
Routed
Transparent
Single
Multiple
Context
System

Global configuration

 
Command History

Release
Modification

7.0(1)

This command was changed from clear ntp .

Examples

The following example clears all ntp commands:

ciscoasa# clear configure ntp
 

 
Related Commands

Command
Description

ntp authenticate

Enables NTP authentication.

ntp authentication-key

Sets the NTP authentication key.

ntp server

Identifies an NTP server to set the time on the ASA.

ntp trusted-key

Specifies the NTP trusted key.

show running-config ntp

Shows the NTP configuration.

clear configure object

To clear all unused network objects and service objects from the configuration, including any NAT objects within these objects, use the clear configure object command in global configuration mode.

clear configure object

 
Syntax Description

This command has no arguments or keywords.

 
Defaults

No default behavior or values.

 
Command Modes

The following table shows the modes in which you can enter the command:

 

Command Mode
Firewall Mode
Security Context
Routed
Transparent
Single
Multiple
Context
System

Global configuration

 
Command History

Release
Modification

8.3(1)

This command was introduced.

Examples

The following example shows how to remove all network objects and service objects from the configuration:

ciscoasa(config)# clear configure object
 

 
Related Commands

Command
Description

object-network

Defines a named network object that is reflected in all configurations in which the object is used.

object-service

Defines a service object that is reflected in all configurations in which the object is used.

show running-config object

Displays the objects in the configuration.

clear configure object-group

To remove all the object group commands from the configuration, use the clear configure object-group command in global configuration mode.

clear configure object-group [ protocol | service | icmp-type | network | security-group ]

 
Syntax Description

icmp-type

(Optional) Clears all ICMP groups.

network

(Optional) Clears all network groups.

protocol

(Optional) Clears all protocol groups.

security-group

(Optional) Clears all security groups.

service

(Optional) Clears all service groups.

 
Defaults

No default behavior or values.

 
Command Modes

The following table shows the modes in which you can enter the command:

 

Command Mode
Firewall Mode
Security Context
Routed
Transparent
Single
Multiple
Context
System

Global configuration

 
Command History

Release
Modification

7.0(1)

This command was introduced.

9.0(1)

The security-group keyword was added.

Examples

The following example shows how to remove all the object-group commands from the configuration:

ciscoasa(config)# clear configure object-group
 

 
Related Commands

Command
Description

group-object

Adds network object groups.

network-object

Adds a network object to a network object group.

object-group

Defines object groups to optimize your configuration.

port-object

Adds a port object to a service object group.

show running-config object-group

Displays the current object groups.

clear configure object-group-search

To clear the object-group-search configuration, use the clear config object-group-search command in global configuration mode.

clear config object-group-search

 
Syntax Description

This command has no arguments or keywords.

 
Command Default

No default behavior or values.

 
Command Modes

The following table shows the modes in which you can enter the command:

 

Command Mode
Firewall Mode
Security Context
Routed
Transparent
Single
Multiple
Context
System

Global configuration

 
Command History

Release
Modification

8.3(1)

This command was introduced.

Examples

The following example shows how to clear the object-group-search configuration:

ciscoasa# clear config object-group-search
 

 
Related Commands

Command
Description

show object-group

Shows the hit count if the object group is of the network object-group type.

show running-config object-group

Displays the current object groups.

show running-config object-group-search

Shows the object-group-search configuration in the running configuration.

clear configure pager

To remove the number of lines set to display in a Telnet session before the “---More---” prompt appears from the running configuration, use the clear configure pager command in global configuration mode.

clear configure pager

 
Syntax Description

This command has no arguments or keywords.

 
Defaults

No default behavior or values.

 
Command Modes

The following table shows the modes in which you can enter the command:

 

Command Mode
Firewall Mode
Security Context
Routed
Transparent
Single
Multiple
Context
System

Global configuration

 
Command History

Release
Modification

4.0(1)

This command was introduced.

Examples

The following example shows how to remove the number of lines set to display in a Telnet session before the “---More---” prompt appears from the running configuration:

ciscoasa(config)# clear configure pager
ciscoasa(config)#
 

 
Related Commands

Command
Description

show pager

Displays the default number of lines set to display in a Telnet session before the “---More---” prompt appears.

show running-config pager

Displays the number of lines set to display in a Telnet session before the “---More---” prompt appears in the running configuration.

terminal pager

Sets the number of lines to display in a Telnet session before the “---More---” prompt appears. This command is not saved to the running configuration.

clear configure passwd

To clear the login password configuration and reset the remote password, use the clear configure passwd command in global configuration mode.

clear configure { passwd | password }

 
Syntax Description

passwd | password

You can enter either command; they are aliased to each other.

 
Defaults

No default behavior or values.

 
Command Modes

The following table shows the modes in which you can enter the command:

 

Command Mode
Firewall Mode
Security Context
Routed
Transparent
Single
Multiple
Context
System

Global configuration

 
Command History

Release
Modification

7.0(1)

This command was changed from clear passwd .

9.1(2)

Resets the remote password and removes the default password “cisco.”

Examples

The following example resets the remote password and removes the default password “cisco”:

ciscoasa(config)# clear configure passwd
 

 
Related Commands

Command
Description

enable

Enters privileged EXEC mode.

enable password

Sets the enable password.

passwd

Sets the login password.

show curpriv

Shows the currently logged in username and the user privilege level.

show running-config passwd

Shows the login password in encrypted form.

clear configure password-policy

To reset password policy for the current context to the default value, use the clear configure password-policy command in global configuration mode.

clear configure password-policy

 
Syntax Description

This command has no arguments or keywords.

 
Defaults

No default behavior or values.

 
Command Modes

The following table shows the modes in which you can enter the command:

 

Command Mode
Firewall Mode
Security Context
Routed
Transparent
Single
Multiple
Context
System

Global configuration

 
Command History

Release
Modification

9.1(2)

This command was introduced.

Examples

The following example clears the password policy and restores it to the default value:

ciscoasa(config)# clear configure password-policy
 

 
Related Commands

Command
Description

show run password-policy

Shows the password policy for the current context.

password-policy authenticate-enable

Determines whether users are allowed to modify their own user account without authenticating.

clear configure phone-proxy

To clear the Phone Proxy configuration, use the clear configure phone-proxy command in global configuration mode.

clear configure phone-proxy [ phone_proxy_name ]

 
Syntax Description

phone_proxy_name

Specifies the name of the Phone Proxy instance.

 
Command Default

No default behavior or values.

 
Command Modes

The following table shows the modes in which you can enter the command:

 

Command Mode
Firewall Mode
Security Context
Routed
Transparent
Single
Multiple
Context
System

Global configuration

 
Command History

Release
Modification

8.0(4)

The command was introduced.

Examples

The following example clears the Phone Proxy configuration:

ciscoasa# clear configure phone-proxy asa_phone_proxy
 

 
Related Commands

Command
Description

phone-proxy

Configures the Phone Proxy instance.

clear configure pim

To clear all of the global pim commands from the running configuration, use the clear configure pim command in global configuration mode.

clear configure pim

 
Syntax Description

This command has no arguments or keywords.

 
Defaults

No default behavior or values.

 
Command Modes

The following table shows the modes in which you can enter the command:

 

Command Mode
Firewall Mode
Security Context
Routed
Transparent
Single
Multiple
Context
System

Global configuration

 
Command History

Release
Modification

7.0(1)

This command was introduced.

 
Usage Guidelines

The clear configure pim command clears all of the pim commands from the running configuration. To clear PIM traffic counters and topology information, use the clear pim counters and the clear pim topology commands.

The clear configure pim command only clears the pim commands entered in global configuration mode; it does not clear the interface-specific pim commands.

Examples

The following example shows how to clear all pim commands from the running configuration:

ciscoasa(config)# clear configure pim
 

 
Related Commands

Command
Description

clear pim topology

Clears the PIM topology table.

clear pim counters

Clears the PIM traffic counters.

show running-config pim

Displays the pim commands in the running configuration.

clear configure policy-map

To remove the all policy-map commands, use the clear configure policy-map command in global configuration mode.

clear configure policy-map [ type inspect [ protocol ]}

 
Syntax Description

protocol

(Optional) Specifies the type of inspection policy map that you want to clear. Available types include:

  • dcerpc
  • dns
  • esmtp
  • ftp
  • gtp
  • h323
  • http
  • im
  • mgcp
  • netbios
  • p2p
  • radius-accounting
  • sip
  • skinny
  • snmp

type inspect

(Optional) Clears inspection policy maps.

 
Defaults

No default behavior or values.

 
Command Modes

The following table shows the modes in which you can enter the command:

 

Command Mode
Firewall Mode
Security Context
Routed
Transparent
Single
Multiple
Context
System

Global configuration

 
Command History

Release
Modification

7.0(1)

This command was introduced.

 
Usage Guidelines

To clear the policy map for a specific policy map name, use the no form of the policy-map command.

Examples

The following example shows the clear configure policy-map command:

ciscoasa(config)# clear configure policy-map
 

 
Related Commands

Command
Description

policy-map

Configures a policy; that is, an association of a traffic class and one or more actions.

show running-config policy-map

Displays the entire policy configuration.

clear configure pop3s

To remove all POP3S commands from the configuration, reverting to default values, use the clear configure pop3s command in global configuration mode.

clear configure pop3s

 
Syntax Description

This command has no arguments or keywords.

 
Defaults

No default behavior or values.

 
Command Modes

The following table shows the modes in which you can enter the command:

 

Command Mode
Firewall Mode
Security Context
Routed
Transparent
Single
Multiple
Context
System

Global configuration

 
Command History

Release
Modification

7.0(1)

This command was introduced.

Examples

The following example shows how to remove the POP3S configuration:

ciscoasa(config)# clear configure pop3s
ciscoasa(config)#

 
Related Commands

Command
Description

show running-configuration pop3s

Displays the running configuration for POP3S.

pop3s

Creates or edits a POP3S e-mail proxy configuration.

clear configure prefix-list

To remove the prefix-list commands from the running configuration, use the clear configure prefix-list command in global configuration mode.

clear configure prefix-list [ prefix_list_name ]

 
Syntax Description

prefix_list_name

(Optional) The name of a prefix list. When a prefix list name is specified, only the commands for that prefix list are removed from the configuration.

 
Defaults

No default behavior or values.

 
Command Modes

The following table shows the modes in which you can enter the command:

 

Command Mode
Firewall Mode
Security Context
Routed
Transparent
Single
Multiple
Context
System

Global configuration

 
Command History

Release
Modification

7.0(1)

This command was changed from clear prefix-list to clear configure prefix-list .

9.0(1)

Multiple context mode is supported.

 
Usage Guidelines

The clear configure prefix-list command removes the prefix-list commands and the prefix-list description commands from the running configuration. If a prefix list name is specified, then the prefix-list command and prefix-list description command, if present, for that prefix list only are removed from the running configuration.

This command does not remove the no prefix-list sequence command from the running configuration.

Examples

The following example removes all prefix-list commands from the running configuration for a prefix list named MyPrefixList:

ciscoasa# clear configure prefix-list MyPrefixList
 

 
Related Commands

Command
Description

show running-config prefix-list

Displays the prefix-list commands in the running configuration.

clear configure priority-queue

To remove the priority queue specification from the configuration, use the clear configure priority-queue command in global configuration mode.

clear configure priority queue interface-name

 
Syntax Description

interface-name

Specifies the name of the interface for which you want to show the priority queue details

 
Defaults

No default behavior or values.

 
Command Modes

The following table shows the modes in which you can enter the command:

 

Command Mode
Firewall Mode
Security Context
Routed
Transparent
Single
Multiple
Context
System

Global configuration

 
Command History

Release
Modification

7.0(1)

This command was introduced.

Examples

This example removes the priority-queue configuration on the interface named test:

ciscoasa(config)# clear configure priority-queue test
 

 
Related Commands

Command
Description

priority-queue

Configures priority queueing on an interface.

show running-config priority-queue

Displays the current priority-queue configuration for the named interface.

clear configure privilege

To remove the configured privilege levels for commands, use the clear configure privilege command in global configuration mode.

clear configure privilege

 
Syntax Description

This command has no arguments or keywords.

 
Defaults

No default behavior or values.

 
Command Modes

The following table shows the modes in which you can enter the command:

 

Command Mode
Firewall Mode
Security Context
Routed
Transparent
Single
Multiple
Context
System

Global configuration

 
Command History

Release
Modification

7.0(1)

This command was modified to conform to CLI guidelines.

 
Usage Guidelines

There is no undo.

Examples

This example shows how to reset the configured privilege levels for the commands:

ciscoasa(config)# clear configure privilege
 

 
Related Commands

Command
Description

privilege

Configures the command privilege levels.

show curpriv

Displays current privilege level

show running-config privilege

Displays privilege levels for commands.

clear configure regex

To remove all regular expressions, use the clear configure regex command in global configuration mode.

clear configure regex

 
Syntax Description

This command has no arguments or keywords.

 
Defaults

No default behavior or values.

 
Command Modes

The following table shows the modes in which you can enter the command:

 

Command Mode
Firewall Mode
Security Context
Routed
Transparent
Single
Multiple
Context
System

Global configuration

 
Command History

Release
Modification

7.0(1)

This command was introduced.

 
Usage Guidelines

To clear the regular expression for a specific regular expression name, use the no form of the regex command.

Examples

The following example shows how to clear all configured regular expressions:

ciscoasa(config)# clear configure regex
 

 
Related Commands

Command
Description

class-map type regex

Creates a regular expression class map.

regex

Creates a regular expression.

show running-config regex

Shows all regular expressions.

test regex

Tests a regular expression.

clear configure route

To remove the route commands from the configuration that do not contain the connect keyword, use the clear configure route command in global configuration mode.

clear configure route [ interface_name ip_address [ netmask gateway_ip ]]

 
Syntax Description

gateway_ip

(Optional) Specifies the IP address of the gateway router (the next hop address for this route).

interface_name

(Optional) Internal or external network interface name.

ip_address

(Optional) Internal or external network IP address.

netmask

(Optional) Specifies a network mask to apply to the ip_address .

 
Defaults

No default behavior or values.

 
Command Modes

The following table shows the modes in which you can enter the command:

 

Command Mode
Firewall Mode
Security Context
Routed
Transparent
Single
Multiple
Context
System

Global configuration

 
Command History

Release
Modification

7.0(1)

Added keyword configure .

 
Usage Guidelines

Use 0.0.0.0 to specify a default route. You can abbreviate the 0.0.0.0 IP address as 0 and the 0.0.0.0 netmask as 0.

Examples

The following example shows how to remove the route commands from the configuration that do not contain the connect keyword:

ciscoasa(config)# clear configure route
 

 
Related Commands

Command
Description

route

Specifies a static or default route for the an interface.

show route

Displays route information.

show running-config route

Displays configured routes.

clear configure route-map

To remove all of the route maps, use the clear configure route-map command in global configuration mode.

clear configure route-map

 
Syntax Description

This command has no arguments or keywords.

 
Defaults

No default behavior or values.

 
Command Modes

The following table shows the modes in which you can enter the command:

 

Command Mode
Firewall Mode
Security Context
Routed
Transparent
Single
Multiple
Context
System

Global configuration

 
Command History

Release
Modification

7.0(1)

This command was introduced.

 
Usage Guidelines

Use the clear configure route-map command in global configuration mode to remove all the route-map commands in the configuration. The route-map command is used to configure conditions of redistributing the routes from one routing protocol into another routing protocol.

To remove the individual route-map commands, use the no route-map command.

Examples

The following example shows how to remove the conditions of redistributing routes from one routing protocol into another routing protocol:

ciscoasa(config)# clear configure route-map
 

 
Related Commands

Command
Description

route-map

Defines the conditions for redistributing routes from one routing protocol into another.

show running-config route-map

Displays information about the route map configuration.

clear configure router

To clear the router configuration commands from the running configuration, use the clear configure router command in global configuration mode.

clear configure router [ ospf [ id ] | rip | eigrp [ as-number ] | bgp [as_number]]

 
Syntax Description

as-number

(Optional) Clears the configuration commands for the specified EIGRP autonomous system number, also known as the process ID. If not specified, the configuration commands for all EIGRP routing processes are cleared. The range of values is 1 through 65535.

Because only one EIGRP routing process is supported on the ASA, including the optional as-number argument has the same effect as omitting it.

as_number

(Optional) Clears the configuration commands for the specified BGP autonomous system number. If not specified, the configuration commands for all BGP routing processes are cleared. The range of values is 1 through 65535.

Because only one BGP routing process is supported on the ASA, including the optional as_number argument has the same effect as omitting it.

bgp

(Optional) Specifies that only BGP configuration commands are removed from the configuration.

eigrp

(Optional) Specifies that only EIGRP router configuration commands are removed from the configuration. EIGRP interface configuration mode commands are not removed.

id

(Optional) Clears the configuration commands for the specified OSPF process ID. If not specified, the configuration commands for all OSPF processes are removed.

ospf

(Optional) Specifies that only OSPF configuration commands are removed from the configuration.

rip

(Optional) Specifies that only RIP configuration commands are removed from the configuration.

 
Defaults

No default behavior or values.

 
Command Modes

The following table shows the modes in which you can enter the command:

 

Command Mode
Firewall Mode
Security Context
Routed
Transparent
Single
Multiple
Context
System

Global configuration

 
Command History

Release
Modification

7.0(1)

This command was changed from the clear router command to the clear configure router command.

7.2(1)

The rip keyword was added to the command.

8.0(2)

The eigrp keyword was added to the command.

9.0(1)

Multiple context mode is supported.

9.2(1)

The bgp keyword was added to the command.

Examples

The following example clears all OSPF commands associated with OSPF process 1 from the running configuration:

ciscoasa(config)# clear configure router ospf 1
 

The following example clears all global configuration mode commands associated with RIP routing process from the running configuration. It does not clear RIP commands entered in interface configuration mode.

ciscoasa(config)# clear configure router rip
 

 
Related Commands

Command
Description

show running-config router

Displays the commands in the global router configuration.

router eigrp

Enables an EIGRP routing process and enters router configuration mode for that process.

router ospf

Enables an OSPF routing process and enters router configuration mode for that process.

router rip

Enables a RIP routing process and enters router configuration mode for that process.

router bgp

Enables a BGP routing process and enters router configuration mode for that process.

clear configure same-security-traffic

To clear the same-security-traffic configuration, use the clear configure same-security-traffic command in global configuration mode.

clear configure same-security-traffic

 
Syntax Description

This command has no arguments or keywords.

 
Defaults

No default behavior or values.

 
Command Modes

The following table shows the modes in which you can enter the command:

 

Command Mode
Firewall Mode
Security Context
Routed
Transparent
Single
Multiple
Context
System

Global configuration

 
Command History

Release
Modification

7.0(1)

This command was introduced.

Examples

The following example clears the configuration when the same-security-traffic command is issued:

ciscoasa(config)# clear configure same-security-traffic
 

 
Related Commands

Command
Description

same-security-traffic

Permits communication between interfaces with equal security levels.

show running-config same-security-traffic

Displays the configuration when the same-security-traffic command is issued.

clear configure service-policy

To clear the service policy configuration, use the clear configure service-policy command in global configuration mode.

clear configure service-policy

 
Syntax Description

This command has no arguments or keywords.

 
Defaults

No default behavior or values.

 
Command Modes

The following table shows the modes in which you can enter the command:

 

Command Mode
Firewall Mode
Security Context
Routed
Transparent
Single
Multiple
Context
System

Global configuration

 
Command History

Release
Modification

7.0(1)

This command was introduced.

Examples

The following is an example of the clear configure service-policy command:

ciscoasa(config)# clear configure service-policy
 

 
Related Commands

Command
Description

show service-policy

Displays the service policy.

show running-config service-policy

Displays the service policies configured in the running configuration.

service-policy

Configures the service policy.

clear service-policy

Clears service policy statistics.

clear configure sla monitor

To remove the sla monitor commands from the running configuration, use the clear configure sla monitor command in global configuration mode.

clear configure sla monitor [ sla-id ]

 
Syntax Description

sla-id

(Optional) The ID of the SLA operation. Valid values are from 1 to 2147483647.

 
Defaults

If the sla-id argument is not specified, all SLA operation configurations are cleared.

 
Command Modes

The following table shows the modes in which you can enter the command:

 

Command Mode
Firewall Mode
Security Context
Routed
Transparent
Single
Multiple
Context
System

Global configuration

 
Command History

Release
Modification

7.2(1)

This command was introduced.

 
Usage Guidelines

This command clears the sla monitor command, associated SLA monitor configuration mode commands, and the associated sla monitor schedule command, if present. It does not remove the track rtr commands from the configuration.

To view the sla monitor commands in the running configuration, use the show running-config sla monitor command.

Examples

The following example clears all sla monitor commands from the configuration:

ciscoasa(config)# clear configure sla monitor
 

The following example clears the sla monitor commands associated with the SLA operation ID 5:

ciscoasa(config)# clear configure sla monitor 5
 

 
Related Commands

Command
Description

show running-config sla monitor

Displays the sla monitor commands in the running configuration.

clear configure smtps

To remove all SMTPS commands from the configuration and revert to default values, use the clear configure smtps command in global configuration mode.

clear configure smtps

 
Syntax Description

This command has no arguments or keywords.

 
Defaults

No default behavior or values.

 
Command Modes

The following table shows the modes in which you can enter the command:

 

Command Mode
Firewall Mode
Security Context
Routed
Transparent
Single
Multiple
Context
System

Global configuration

 
Command History

Release
Modification

7.0(1)

This command was introduced.

Examples

The following example shows how to remove the SMTPS configuration:

ciscoasa(config)# clear configure smtps
 

 
Related Commands

Command
Description

show running-configuration smtps

Displays the running configuration for SMTPS.

smtps

Creates or edits an SMTPS e-mail proxy configuration.

clear configure smtp-server

To clear all of the SMTP server commands and statistics, use the clear configure smtp-server command in global configuration mode.

clear configure smtp-server

 
Syntax Description

This command has no arguments or keywords.

 
Defaults

No default behavior or values.

 
Command Modes

The following table shows the modes in which you can enter the command:

 

Command Mode
Firewall Mode
Security Context
Routed
Transparent
Single
Multiple
Context
System

Global configuration

 
Command History

Release
Modification

7.1(1)

This command was introduced.

9.0(1)

Support for multiple context mode was added.

 
Usage Guidelines

The clear configure smtp-server command clears all of the smtp commands and statistical information.

Examples

The following example shows how to clear all smtp-server commands:

ciscoasa(config)# clear configure smtp-server
 

 
Related Commands

Command
Description

show running-config smtp-server

Displays the current SMTP server configuration.

clear configure snmp-map

To clear the SNMP map configuration, use the clear configure snmp-map command in global configuration mode.

clear configure snmp-map

 
Syntax DescriptionThis command has no arguments or keywords.

This command has no arguments or keywords.

 
Defaults

No default behavior or values.

 
Command Modes

The following table shows the modes in which you can enter the command:

 

Command Mode
Firewall Mode
Security Context
Routed
Transparent
Single
Multiple
Context
System

Global configuration

 
Command History

Release
Modification

7.0(1)

This command was introduced.

 
Usage Guidelines

The clear configure snmp-map command removes the SNMP map configuration.

Examples

The following example clears the SNMP map configuration:

ciscoasa# clear configure snmp-map
 

 
Related Commands

Commands
Description

class-map

Defines the traffic class to which to apply security actions.

deny version

Disallows traffic using a specific version of SNMP.

inspect snmp

Enable SNMP application inspection.

snmp-map

Defines an SNMP map and enables SNMP map configuration mode.

clear configure snmp-server

To disable the SNMP server and remove all SNMP configurations, use the clear configure snmp-server command in global configuration mode.

clear configure snmp-server [ group | host | host-group | user | user-list ]

 
Syntax Description

group

Removes all SNMP groups.

host

Removes all SNMP hosts.

host-group

Removes all SNMP host groups.

user

Removes all SNMP users.

user-list

Removes all SNMP user lists.

 
Defaults

No default behaviors or values.

 
Command Modes

The following table shows the modes in which you can enter the command:

 

Command Mode
Firewall Mode
Security Context
Routed
Transparent
Single
Multiple
Context
System

Global configuration

 
Command History

Release
Modification

7.0(1)

This command was introduced.

9.2(1)

The host-group and user-list options were added.

Examples

The following example shows how to disable the SNMP server:

ciscoasa# clear configure snmp-server
 

 
Related Commands

Command
Description

snmp-server

Provides the ASA event information through SNMP.

show snmp-server statistics

Displays information about the SNMP server configuration.

clear configure ssh

To clear all SSH commands from the running configuration, use the clear configure ssh command in global configuration mode.

clear configure ssh

 
Syntax Description

This command has no arguments or keywords.

 
Defaults

No default behavior or values.

 
Command Modes

The following table shows the modes in which you can enter the command:

 

Command Mode
Firewall Mode
Security Context
Routed
Transparent
Single
Multiple
Context
System

Global configuration

 
Command History

Release
Modification

7.0(1)

This command was changed from the clear ssh command to the clear configure ssh command.

 
Usage Guidelines

This command clears all SSH commands from the configuration. To clear specific commands, use the no form of those commands.

Examples

The following example clears all SSH commands from the configuration:

ciscoasa(config)# clear configure ssh
 

 
Related Commands

Command
Description

show running-config ssh

Displays the current SSH commands in the running configuration.

ssh

Allows SSH connectivity to the ASA from the specified client or network.

ssh scopy enable

Enables a secure copy server on the ASA.

ssh timeout

Sets the timeout value for idle SSH sessions.

ssh version

Restricts the ASA to using either SSH Version 1 or SSH Version 2.

clear configure ssl

To remove all SSL commands from the configuration and revert to default values, use the clear configure ssl command in global configuration mode.

clear configure ssl

 
Syntax Description

This command has no arguments or keywords.

 
Defaults

By default:

  • Both the SSL client and SSL server versions are any .
  • SSL encryption is 3DES-SHA1, DES-SHA1, RC4-MD5, in that order.
  • There is no trustpoint association; the ASA uses the default RSA key-pair certificate.

 
Command Modes

The following table shows the modes in which you can enter the command:

 

Command Mode
Firewall Mode
Security Context
Routed
Transparent
Single
Multiple
Context
System

Global configuration

 
Command History

Release
Modification

7.0(1)

This command was introduced.

Examples

The following example shows how to use the clear configure ssl command:

ciscoasa(config)# clear configure ssl
 

 
Related Commands

Command
Description

show running-config ssl

Displays the current set of configured ssl commands.

ssl client-version

Specifies the SSL/TLS protocol version that the ASA uses when acting as a client.

ssl server-version

Specifies the SSL/TLS protocol version that the ASA uses when acting as a server.

ssl trust-point

Specifies the certificate trustpoint that represents the SSL certificate for an interface.

clear configure static

To remove all the static commands from the configuration, use the clear configure static command in global configuration mode.

clear configure static

 
Syntax Description

This command has no arguments or keywords.

 
Defaults

No default behavior or values.

 
Command Modes

The following table shows the modes in which you can enter the command:

 

Command Mode
Firewall Mode
Security Context
Routed
Transparent
Single
Multiple
Context
System

Global configuration

 
Command History

Release
Modification

7.0(1)

The keyword configure was added.

Examples

This example shows how to remove all the static commands from the configuration:

ciscoasa(config)# clear configure static
 

 
Related Commands

Command
Description

show running-config static

Displays all static commands in the configuration.

static

Configures a persistent one-to-one address translation rule by mapping a local IP address to a global IP address.

clear configure sunrpc-server

To clear the remote processor call services from the ASA, use the clear configure sunrpc-server command in global configuration mode.

clear configure sunrpc-server [active]

 
Syntax Description

active

(Optional) Identifies the SunRPC services that are currently active on the ASA.

 
Defaults

No default behavior or values.

 
Command Modes

The following table shows the modes in which you can enter the command:

 

Command Mode
Firewall Mode
Security Context
Routed
Transparent
Single
Multiple
Context
System

Global configuration

 
Command History

Release
Modification

7.0(1)

This command was introduced.

 
Usage Guidelines

The sunrpc-server command displays the configured router ospf commands.


Note If the highest-level IP address on the ASA is a private address, this address is sent in hello packets and database definitions. To prevent this action, set the router-id ip_address argument to a global address.


Examples

The following example shows how to clear the SunRPC services from the ASA:

ciscoasa(config)# clear configure sunrpc-server active
 

 
Related Commands

Command
Description

sunrpc-server

Creates the SunRPC services table.

show running-config sunrpc-server

Displays the information about the SunRPC configuration.

clear configure sysopt

To clear the configuration for all sysopt commands, use the clear configure sysopt command in global configuration mode.

clear configure sysopt

 
Syntax Description

This command has no arguments or keywords.

 
Defaults

No default behavior or values.

 
Command Modes

The following table shows the modes in which you can enter the command:

 

Command Mode
Firewall Mode
Security Context
Routed
Transparent
Single
Multiple
Context
System

Global configuration

 
Command History

Release
Modification

7.0(1)

This command was changed from clear sysopt .

9.0(1)

Support for multiple context mode was added.

Examples

The following example clears all sysopt command configuration:

ciscoasa(config)# clear configure sysopt
 

 
Related Commands

Command
Description

show running-config sysopt

Shows the sysopt command configuration.

sysopt connection permit-ipsec

Permits any packets that come from an IPsec tunnel without checking any ACLs for interfaces.

sysopt connection tcpmss

Overrides the maximum TCP segment size or ensures that the maximum is not less than a specified size.

sysopt connection timewait

Forces each TCP connection to linger in a shortened TIME_WAIT state after the final normal TCP close-down sequence.

sysopt nodnsalias

Disables alteration of the DNS A record address when you use the alias command.

clear configure tcp-map

To clear the TCP map configuration, use the clear configure tcp-map command in global configuration mode.

clear configure tcp-map

 
Syntax Description

This command has no arguments or keywords.

 
Defaults

No default behavior or values.

 
Command Modes

The following table shows the modes in which you can enter the command:

 

Command Mode
Firewall Mode
Security Context
Routed
Transparent
Single
Multiple
Context
System

Global configuration

 
Command History

Release
Modification

7.0(1)

This command was introduced.

Examples

The following example shows how to clear the TCP map configuration:

ciscoasa(config)# clear configure tcp-map
 

 
Related Commands

Command
Description

tcp-map

Creates a TCP map and accesses tcp-map configuration mode.

show running-config tcp-map

Displays the information about the TCP map configuration.

clear configure telnet

To remove the Telnet connection and idle timeout from the configuration, use the clear configure telnet command in global configuration mode.

clear configure telnet

 
Syntax Description

This command has no arguments or keywords.

 
Defaults

No default behavior or values.

 
Command Modes

The following table shows the modes in which you can enter the command:

 

Command Mode
Firewall Mode
Security Context
Routed
Transparent
Single
Multiple
Context
System

Global configuration

 
Command History

Release
Modification

7.0(1)

The keyword configure was added.

Examples

This example shows how to remove the Telnet connection and the idle timeout from the ASA configuration:

ciscoasa(config)# clear configure telnet
 

 
Related Commands

Command
Description

show running-config telnet

Displays the current list of IP addresses that are authorized to use Telnet connections to the ASA.

telnet

Adds Telnet access to the console and sets the idle timeout.

clear configure terminal

To clear the terminal display width setting, use the clear configure terminal command in global configuration mode.

clear configure terminal

 
Syntax Description

This command has no arguments or keywords.

 
Defaults

The default display width is 80 columns.

 
Command Modes

The following table shows the modes in which you can enter the command:

 

Command Mode
Firewall Mode
Security Context
Routed
Transparent
Single
Multiple
Context
System

Global configuration

 
Command History

Release
Modification

7.0(1)

The configure keyword was added.

Examples

The following example clears the display width:

ciscoasa# clear configure terminal
 

 
Related Commands

Command
Description

terminal

Sets the terminal line parameters.

terminal width

Sets the terminal display width.

show running-config terminal

Displays the current terminal settings.

clear configure threat-detection

To clear the threat detection configuration, use the clear configure threat-detection command in global configuration mode.

clear configure threat-detection

 
Syntax Description

This command has no arguments or keywords.

 
Defaults

No default behavior or values.

 
Command Modes

The following table shows the modes in which you can enter the command:

 

Command Mode
Firewall Mode
Security Context
Routed
Transparent
Single
Multiple
Context
System

Global configuration

 
Command History

Release
Modification

8.0(2)

This command was introduced.

 
Usage Guidelines

This command clears all threat-detection configuration commands.

Examples

The following example clears all threat detection commands:

ciscoasa# clear configure threat-detection
 

 
Related Commands

Command
Description

clear threat-detection rate

Clears basic threat detection statistics.

clear threat-detection shun

Releases currently shunned hosts.

show running-config threat-detection

Shows the threat detection configuration.

threat-detection basic-threat

Enables basic threat detection.

threat-detection scanning-threat

Enables scanning threat detection.

clear configure timeout

To restore the default idle time durations in the configuration, use the clear configure timeout command in global configuration mode.

clear configure timeout

 
Syntax Description

This command has no arguments or keywords.

 
Defaults

No default behavior or values.

 
Command Modes

The following table shows the modes in which you can enter the command:

 

Command Mode
Firewall Mode
Security Context
Routed
Transparent
Single
Multiple
Context
System

Global configuration

 
Command History

Release
Modification

7.0(1)

This command was introduced.

Examples

This example shows how to remove the maximum idle time durations from the configuration:

ciscoasa(config)# clear configure timeout
 

 
Related Commands

Command
Description

show running-config timeout

Displays the timeout value of the designated protocol.

timeout

Sets the maximum idle time duration.

clear configure time-range

To clear all configured time ranges, use the clear configure time-range command in global configuration mode.

clear configure time-range

 
Syntax Description

This command has no arguments or keywords.

 
Defaults

No default behavior or values.

 
Command Modes

The following table shows the modes in which you can enter the command:

 

Command Mode
Firewall Mode
Security Context
Routed
Transparent
Single
Multiple
Context
System

Global configuration

 
Command History

Release
Modification

7.0(1)

This command was introduced.

Examples

The following example clears all configured time ranges:

ciscoasa(config)# clear configure time-range
 

 
Related Commands

Command
Description

time-range

Enters time-range configuration mode and defines a time range that you can attach to traffic rules, or an action.

clear configure tls-proxy

To remove all configured TLS proxy instances, use the clear configure tls-proxy command in global configuration mode.

clear configure tls-proxy

 
Syntax Description

This command has no arguments or keywords.

 
Defaults

No default behavior or values.

 
Command Modes

The following table shows the modes in which you can enter the command:

 

Command Mode
Firewall Mode
Security Context
Routed
Transparent
Single
Multiple
Context
System

Global configuration

 
Command History

Release
Modification

8.0(2)

This command was introduced.

Examples

The following following example removes all configured TLS proxy instances using the clear configure tls-proxy command:

ciscoasa# clear configure tls-proxy
 

 
Related Commands

Command
Description

client

Defines a cipher suite and sets the local dynamic certificate issuer or keypair.

ctl-provider

Defines a CTL provider instance and enters provider configuration mode.

show running-config tls-proxy

Shows running configuration of all or specified TLS proxies.

tls-proxy

Defines a TLS proxy instance and sets the maximum sessions.

clear configure tunnel-group

To remove all or specified tunnel groups from the configuration, use the clear config tunnel-group command in global configuration.

clear config tunnel-group [ name ]

 
Syntax Description

name

(Optional) Specifies the name of a tunnel group.

 
Defaults

No default behavior or values.

 
Command Modes

The following table shows the modes in which you can enter the command:

Command Mode
Firewall Mode
Security Context
Routed
Transparent
Single
Multiple
Context
System

Global configuration

 
Command History

Release
Modification

7.0(1)

This command was introduced.

9.0(1)

Support for multiple context mode was added.

Examples

The following example entered in global configuration mode, removes the toengineering tunnel group from the configuration:

ciscoasa(config)# clear config tunnel-group toengineering
ciscoasa(config)#

 
Related Commands

Command
Description

show running-config tunnel-group

Displays information about all or selected tunnel-groups.

tunnel-group

Enters tunnel-group configuration mode for the specified type.

clear configure tunnel-group-map

To clear the policy and rules by which the tunnel group name is derived from the content of the certificate, use the clear configure tunnel-group-map command in global configuration mode.

clear configure tunnel-group-map

 
Syntax Description

This command has no arguments or keywords.

 
Defaults

No default behavior or values.

 
Command Modes

The following table shows the modes in which you can enter the command:

 

Command Mode
Firewall Mode
Security Context
Routed
Transparent
Single
Multiple
Context
System

Global configuration

 
Command History

Release
Modification

7.0(1)

This command was introduced.

9.0(1)

Support for multiple context mode was added.

 
Usage Guidelines

The tunnel-group-map commands configure the policy and rules by which certificate-based IKE sessions are mapped to tunnel groups. To associate the certificate map entries created using the crypto ca certificate map command with tunnel groups, use the tunnel-group-map command in global configuration mode. You can invoke this command multiple times as long as each invocation is unique and you do not reference a map index more than once.

The crypto ca certificate map command maintains a prioritized list of certificate mapping rules. There can be only one map. But this map can have up to 65535 rules. See the documentation on the crypto ca certificate map command for more information.

The processing that derives the tunnel group name from the certificate ignores entries in the certificate map that are not associated with a tunnel group (any map rule not identified by this command).

Examples

The following example entered in global configuration mode, specifies a default tunnel group to use when the name cannot be derived by other configured methods:

ciscoasa(config)# clear configure tunnel-group-map
 

 
Related Commands

Command
Description

crypto ca certificate map

Enters crypto ca certificate map configuration mode.

subject-name (crypto ca certificate map)

Identifies the DN from the CA certificate that is to be compared to the rule entry string.

tunnel-group-map default-group

Designates an existing tunnel group name as the default tunnel group.

tunnel-group-map enable

Configures the policy and rules by which certificate-based IKE sessions are mapped to tunnel groups.

clear configure uc-ime

To clear the running configuration for the Cisco Intercompany Media Engine proxy on the ASA, use the clear configure uc-ime command in global configuration mode.

clear configure uc-ime [ name ]

 
Syntax Description

name

(Optional) Specifies the instance name of the Cisco Intercompany Media Engine proxy configured on the ASA. The name argument is limited to 64 characters.

Only one Cisco Intercompany Media Engine proxy can be configured on the ASA.

 
Defaults

No default behavior or values.

 
Command Modes

The following table shows the modes in which you can enter the command:

 

Command Mode
Firewall Mode
Security Context
Routed
Transparent
Single
Multiple
Context
System

Global configuration

 
Command History

Release
Modification

8.3(1)

The command was introduced.

 
Usage Guidelines

This command has no usage guidelines.

Examples

The following example clears the running configuration for the Cisco Intercompany Media Engine proxy:

ciscoasa(config)# clear configure local-ent-ime
 

 
Related Commands

Command
Description

clear uc-ime

Clears the statistical counters for the Cisco Intercompany Media Engine proxy.

show running-config uc-ime

Shows the running configuration of the Cisco Intercompany Media Engine proxy.

show uc-ime

Displays statistical or detailed information about fallback notifications, mapping service sessions, and signaling sessions.

uc-ime

Creates the Cisco Intercompany Media Engine proxy instance on the ASA.

clear configure url-block

To clear clears URL pending block buffer and long URL support configuration, use the clear configure url-block command in global configuration mode.

clear configure url-block

 
Defaults

No default behavior or values.

 
Command Modes

The following table shows the modes in which you can enter the command:

 

Command Mode
Firewall Mode
Security Context
Routed
Transparent
Single
Multiple
Context
System

Global configuration

 
Command History

Release
Modification

7.0(1)

This command was introduced.

 
Usage Guidelines

The clear configure url-block command clears URL pending block buffer and long URL support configuration.

Examples

The following example clears the URL pending block buffer and long URL support configuration:

ciscoasa# clear configure url-block
 

 
Related Commands

Commands
Description

clear url-block block statistics

Clears the block buffer usage counters.

show url-block

Displays information about the URL cache, which is used for buffering URLs while waiting for responses from an N2H2 or Websense filtering server.

url-block

Manages the URL buffers used for web server responses.

url-cache

Enables URL caching while pending responses from an N2H2 or Websense server and sets the size of the cache.

url-server

Identifies an N2H2 or Websense server for use with the filter command.

clear configure url-cache

To clear the URL cache, use the clear configure url-cache command in global configuration mode.

clear configure url-cache

 
Defaults

No default behavior or values.

 
Command Modes

The following table shows the modes in which you can enter the command:

 

Command Mode
Firewall Mode
Security Context
Routed
Transparent
Single
Multiple
Context
System

Global configuration

 
Command History

Release
Modification

7.0(1)

This command was introduced.

 
Usage Guidelines

The clear configure url-cache command clears the URL cache.

Examples

The following example clears the URL cache:

ciscoasa# clear configure url-cache
 

 
Related Commands

Commands
Description

clear url-cache statistics

Removes url-cache command statements from the configuration.

filter url

Directs traffic to a URL filtering server.

show url-cache statistics

Displays information about the URL cache, which is used for buffering URLs while waiting for responses from an N2H2 or Websense filtering server.

url-cache

Enables URL caching while pending responses from an N2H2 or Websense server and sets the size of the cache.

url-server

Identifies an N2H2 or Websense server for use with the scsc command.

clear configure url-list

To remove a configured set of URLs that WebVPN users can access , use the clear configure url-list command in global configuration mode.

clear configure url-list [ listname ]

 
Syntax Description

listname

Groups the set of URLs that WebVPN users can access. The maximum is 64 characters.

 
Command Modes

The following table shows the modes in which you can enter the command:

 

Command Mode
Firewall Mode
Security Context
Routed
Transparent
Single
Multiple
Context
System

Global configuration

 
Command History

Release
Modification

7.0(1)

This command was introduced.

 
Usage Guidelines

To remove all configured URLs, use this command without the listname argument.

To remove only the URLs for a specific list, use this command with that listname argument.

Examples

The following example shows how to remove the URL list called Marketing URLs.

ciscoasa(config)# clear configure url-list Marketing URLs
 

 
Related Commands

Command
Description

show running-configuration url-list

Displays the current set of configured url-list commands.

url-list

Configures the set of URLs that WebVPN users can access.

url-list

Enables WebVPN URL access for a specific group policy or user.

clear configure url-server

To clear the URL filtering server configuration, use the clear configure url-server command in global configuration mode.

clear configure url-server

 
Defaults

No default behavior or values.

 
Command Modes

The following table shows the modes in which you can enter the command:

 

Command Mode
Firewall Mode
Security Context
Routed
Transparent
Single
Multiple
Context
System

Global configuration

 
Command History

Release
Modification

7.0(1)

This command was introduced.

 
Usage Guidelines

The clear configure url-server command clears the URL filtering server configuration.

Examples

The following example URL filtering server configuration:

ciscoasa# clear configure url-server
 

 
Related Commands

Commands
Description

clear url-server

Clears the URL filtering server statistics.

show url-server

Displays information about the URL cache, which is used for buffering URLs while waiting for responses from an N2H2 or Websense filtering server.

url-cache

Enables URL caching while pending responses from an N2H2 or Websense server and sets the size of the cache.

url-block

Manages the URL buffers used for web server responses while waiting for a filtering decision from the filtering server.

url-server

Identifies an N2H2 or Websense server for use with the filter command.

clear configure user-identity

To clear the configuration for the Identity Firewall, use the clear configure user-identity command in global configuration mode.

clear configure user-identity [ ad-agent | logout-probe | action | domain ]

 
Syntax Description

action

Removes the configuration for the following Identity Firewall actions configured by the following commands:

  • user-identity action ad-agent-down
  • user-identity action domain-controller-down
  • user-identity action mac-address-mismatch
  • user-identity action netbios-response-fail

ad-agent

Removes all configuration for the Active Directory Agent configured for the Identity Firewall.

domain

Removes all domains configured for the Identity Firewall. Specifying this keyword only removes the domains that are not referenced by a domain object (for example, in the object-group or access-list commands).

logout-probe

Removes all configuration for the logout probe configured for the Identity Firewall.

When NetBIOS probing is enabled for the Identity Firewall, the ASA probes the user client IP address to determine whether the client is still active. By default, NetBIOS probing is disabled.

 
Defaults

No default behavior or values.

 
Command Modes

The following table shows the modes in which you can enter the command:

 

Command Mode
Firewall Mode
Security Context
Routed
Transparent
Single
Multiple
Context
System

Global configuration

 
Command History

Release
Modification

8.4(2)

This command was introduced.

Examples

The following example clears the Active Directory Agent configured for the Identity Firewall:

ciscoasa# clear configure user-identity ad-agent
 

 
Related Commands

Commands
Description

user-identity enable

Creates the Cisco Identify Firewall instance.

user-identity logout-probe

Enables NetBIOS probing for the Cisco Identify Firewall instance.

clear configure username

To clear the username database, use the clear configure username command in global configuration mode.

clear configure username [ name ]

 
Syntax Description

name

(Optional) Provides the name of the user.

 
Defaults

No default behavior or values.

 
Command Modes

The following table shows the modes in which you can enter the command:

 

Command Mode
Firewall Mode
Security Context
Routed
Transparent
Single
Multiple
Context
System

Global configuration

 
Command History

Release
Modification

7.0(1)

This command was introduced.

9.1(2)

Password policy authentication changes were added.

 
Usage Guidelines

To clear the configuration for a particular user, use this command and append the username.

The internal user authentication database consists of the users entered with the username command. The login command uses this database for authentication.

When password policy authentication is enabled, this command does not allow users to delete their password. For example:

  • Entering the clear config username your_own _username command is not allowed.
  • Entering the clear config username command is allowed, but the user account is skipped and not deleted.

Examples

The following example shows how to clear the configuration for the user named anyuser:

ciscoasa(config)# clear configure username anyuser
 

 
Related Commands

Command
Description

show running-config username

Displays the running configuration for a particular user or for all users.

username

Adds a user to the ASA database.

username attributes

Lets you configure AVPs for specific users.

clear configure virtual

To remove the authentication virtual server from the configuration, use the clear configure virtual command in global configuration mode.

clear configure virtual

 
Syntax Description

This command has no arguments or keywords.

 
Defaults

No default behavior or values.

 
Command Modes

The following table shows the modes in which you can enter the command:

 

Command Mode
Firewall Mode
Security Context
Routed
Transparent
Single
Multiple
Context
System

Global configuration

 
Command History

Release
Modification

7.0(1)

This command was modified to conform to CLI guidelines.

 
Usage Guidelines

There is no undo.

Examples

The following example shows the clear configure virtual command:

ciscoasa(config)# clear configure virtual
 

 
Related Commands

Command
Description

show running-config virtual

Displays the IP address for the authentication virtual server.

virtual http

Allows separate authentication with the ASA and with the HTTP server.

virtual telnet

Authenticates users with the virtual Telnet server for traffic types for which the ASA does not supply an authentication prompt.

clear configure vpdn group

To remove all vpdn group commands from the configuration, use the clear configure vpdn group command in global configuration mode.

clear configure vpdn group

 
Defaults

No default behavior or values.

 
Command Modes

The following table shows the modes in which you can enter the command:

 

Command Mode
Firewall Mode
Security Context
Routed
Transparent
Single
Multiple
Context
System

Global configuration

 
Command History

Release
Modification

7.2(1)

This command was introduced.

9.0(1)

Support for multiple context mode was added.

 
Usage Guidelines

Entering the clear configure vpdn group command has no affect on active PPPoE connections.

Examples

The following example shows how to clear the VPDN group configuration:

ciscoasa(config)# clear configure vpdn group
 

 
Related Commands

Command
Description

clear configure vpdn username

Removes all vpdn username commands from the configuration.

show running-config vpdn username

Shows the current configuration for VPDN usernames.

clear configure vpdn username

To remove all vpdn username commands from the configuration, use the clear configure vpdn username command in global configuration mode.

clear configure vpdn username

 
Defaults

No default behavior or values.

 
Command Modes

The following table shows the modes in which you can enter the command:

 

Command Mode
Firewall Mode
Security Context
Routed
Transparent
Single
Multiple
Context
System

Global configuration

 
Command History

Release
Modification

7.2(1)

This command was introduced.

 
Usage Guidelines

Entering the clear configure vpdn username command has no affect on active PPPoE connections.

Examples

The following example shows how to clear the VPDN username configuration:

ciscoasa(config)# clear configure vpdn username
 

 
Related Commands

Command
Description

clear configure vpdn group

Removes all vpdn group commands from the configuration.

show running-config vpdn username

Shows the current configuration for VPDN usernames.

clear configure vpn-load-balancing

To remove the previously specified VPN load-balancing configuration, thus disabling VPN load-balancing, use the clear configure vpn load-balancing command in global configuration mode.

clear configure vpn load-balancing

 
Syntax Description

This command has no arguments or keywords.

 
Defaults

No default behavior or values.

 
Command Modes

The following table shows the modes in which you can enter the command:

 

Command Mode
Firewall Mode
Security Context
Routed
Transparent
Single
Multiple
Context
System

Global configuration

 
Command History

Release
Modification

7.0(1)

This command was introduced.

9.0(1)

Support for multiple context mode was added.

 
Usage Guidelines

The clear configure vpn load-balancing command also clears the following related commands: cluster encryption , cluster ip address , cluster key , cluster port , nat , participate , and priority .

Examples

The following example removes VPN load-balancing configuration statements from the configuration:

ciscoasa(config)# clear configure vpn load-balancing
 

 
Related Commands

show running-config load-balancing

Displays the current VPN load-balancing configuration.

vpn load-balancing

Enters vpn load-balancing configuration mode.

clear configure wccp

To remove all WCCP configuration, use the clear configure wccp command in global configuration mode.

clear configure wccp

 
Syntax Description

This command has no arguments or keywords.

 
Defaults

No default behavior or values.

 
Command Modes

The following table shows the modes in which you can enter the command:

 

Command Mode
Firewall Mode
Security Context
Routed
Transparent
Single
Multiple
Context
System

Global configuration

 
Command History

Release
Modification

7.2(1)

This command was introduced.

Examples

The following example shows how to clear the WCCP configuration:

ciscoasa(config)# clear configure wccp
 

 
Related Commands

Command
Description

show wccp

Displays the WCCP configuration.

wccp redirect

Enables support of WCCP redirection.

clear configure xlate

To clear the xlate per-session rules, use the clear configure xlate command in global configuration mode.

clear configure xlate

 
Syntax Description

This command has no arguments or keywords.

 
Command Default

No default behavior or values.

 
Command Modes

The following table shows the modes in which you can enter the command:

 

Command Mode
Firewall Mode
Security Context
Routed
Transparent
Single
Multiple
Context
System

Global configuration

 
Command History

Release
Modification

9.0(1)

We introduced this command.

 
Usage Guidelines

This command clears manually-created rules, and keeps the default configuration.

Examples

The following example shows the running configuration plus default rules, and then clears the manually-created rules:

ciscoasa(config)# show running-config all xlate
xlate per-session deny tcp any4 any4
xlate per-session deny tcp any4 any6
xlate per-session deny tcp any6 any4
xlate per-session deny tcp any6 any6
xlate per-session deny udp any4 any4 eq domain
xlate per-session deny udp any4 any6 eq domain
xlate per-session deny udp any6 any4 eq domain
xlate per-session deny udp any6 any6 eq domain
xlate per-session permit tcp any4 any4
xlate per-session permit tcp any4 any6
xlate per-session permit tcp any6 any4
xlate per-session permit tcp any6 any6
xlate per-session permit udp any4 any4 eq domain
xlate per-session permit udp any4 any6 eq domain
xlate per-session permit udp any6 any4 eq domain
xlate per-session permit udp any6 any6 eq domain
ciscoasa(config)# clear configure xlate
ciscoasa(config)# show running-config xlate
ciscoasa(config)# show running-config all xlate
xlate per-session permit tcp any4 any4
xlate per-session permit tcp any4 any6
xlate per-session permit tcp any6 any4
xlate per-session permit tcp any6 any6
xlate per-session permit udp any4 any4 eq domain
xlate per-session permit udp any4 any6 eq domain
xlate per-session permit udp any6 any4 eq domain
xlate per-session permit udp any6 any6 eq domain
ciscoasa(config)#
 

 
Related Commands

Command
Description

nat (global)

Adds a twice NAT rule.

nat (object)

Adds an object NAT rule.

show running-config xlate

Shows the xlate per-session rules.

xlate per-session

Adds a per-session PAT rule.

clear configure zonelabs-integrity

To remove all Zone Labs Integrity servers from the running configuration, use the clear configure zonelabs-integrity command in global configuration mode.

clear configure zonelabs-integrity

 
Syntax Description

This command has no arguments or keywords.

 
Defaults

Removes all Zone Labs Integrity servers.

 
Command Modes

The following table shows the modes in which you can enter the command:

 

Command Mode
Firewall Mode
Security Context
Routed
Transparent
Single
Multiple
Context
System

Global configuration

 
Command History

Release
Modification

7.2.(1)

This command was introduced.

 
Usage Guidelines

The clear configure zonelabs-integrity command removes all Zone Labs Integrity servers from the running configuration, including active and standby Integrity servers.

Examples

The following example shows the removal of two configured Zone Labs Integrity servers:
 
ciscoasa(config)# show running-config zonelabs-integrity
zonelabs-integrity server-address 10.0.9.1 10.0.9.2
ciscoasa(config)# clear configure zonelabs-integrity
ciscoasa(config)# show running-config zonelabs-integrity
ciscoasa(config)#

 
Related Commands

Command
Description

show running-config [all] zonelabs-integrity

Displays the configured Zone Labs Integrity servers.