The documentation set for this product strives to use bias-free language. For the purposes of this documentation set, bias-free is defined as language that does not imply discrimination based on age, disability, gender, racial identity, ethnic identity, sexual orientation, socioeconomic status, and intersectionality. Exceptions may be present in the documentation due to language that is hardcoded in the user interfaces of the product software, language used based on RFP documentation, or language that is used by a referenced third-party product. Learn more about how Cisco is using Inclusive Language.
This chapter describes the Cisco NX-OS security commands that begin with C.
To take a snapshot of the current running configuration and store the snapshot in the file system in an ASCII format, use the checkpoint command.
checkpoint [ checkpoint-name [ description descp-text [... description descp-text ]] | description descp-text | file { bootflash: | volatile: }[ // server ][ directory / ][ filename ]]
no checkpoint [ checkpoint-name | description descp-text | file { bootflash: | volatile: }[ // server ][ directory / ][ filename ]]
Note There can be no spaces in the filesystem://server/directory/filename string. Individual elements of this string are separated by colons (:) and slashes (/).
Automatically generates checkpoint name (user-checkpoint- number).
|
|
---|---|
Checkpoints are local to a switch. When you create a checkpoint, a snapshot of the current running configuration is stored in a checkpoint file. If you do not provide a checkpoint name, Cisco NX-OS sets the checkpoint name to user-checkpoint- number, where the number is from 1 to 10.
If Fibre Channel over Ethernet (FCoE) is enabled on the switch, you cannot restore the active configuration to the checkpoint state. The following error message appears when you create a checkpoint on a FCoE-enabled switch:
On a switch that has FCoE disabled, you see the following message when you create the checkpoint:
You can create up to ten checkpoints of your configuration per switch. When the number of checkpoints reaches the maximum limit, the oldest entry is removed.
You cannot apply the checkpoint file of one switch into another switch. You cannot start a checkpoint filename with the word system.
The checkpoint files are stored as text files that you cannot directly access or modify. When a checkpoint is cleared from the system, the associated checkpoint configuration file is deleted.
This example shows how to create a checkpoint:
This example shows how to create a checkpoint, named chkpnt-1, and define its purpose:
This example shows how to create a checkpoint configuration file named chkpnt_configSep9-1.txt in the bootflash storage system:
This example shows how to delete a checkpoint named chkpnt-1:
|
|
---|---|
Displays a summary of all checkpoints configured in the switch. |
|
Displays all checkpoints that were automatically created in the system. |
To clear the blocked local user, use the clear local user blocked command.
clear local user blocked username {all | username}
|
|
The following example shows how to clear all the blocked users.
|
|
---|---|
To clear the counters for all IPv4 access control lists (ACLs) or a single IPv4 ACL, use the clear access-list counters command.
clear access-list counters [ access-list-name ]
(Optional) Name of the IPv4 ACL whose counters the switch clears. The name can be a maximum of 64 alphanumeric characters. |
|
|
This example shows how to clear counters for all IPv4 ACLs:
This example shows how to clear counters for an IPv4 ACL named acl-ipv4-01:
|
|
---|---|
Displays information about one or all IPv4, IPv6, and MAC ACLs. |
|
To clear the accounting log, use the clear accounting log command.
|
|
This example shows how to clear the accounting log:
|
|
---|---|
To clear the checkpoints configured on the switch, use the clear checkpoint database command.
clear checkpoint database [ system | user ]
Clears the configuration rollback checkpoint database for system checkpoints. |
|
Clears the configuration rollback checkpoint database for user checkpoints. |
|
|
---|---|
This example shows how to clear the configured checkpoints:
|
|
---|---|
To clear the Address Resolution Protocol (ARP) table and statistics, use the clear ip arp command.
clear ip arp [ vlan vlan-id [ force-delete | vrf { vrf-name | all | default | management }]]
|
|
This example shows how to clear the ARP table statistics:
This example shows how to clear the ARP table statistics for VLAN 10 with the VRF vlan-vrf:
|
|
---|---|
To clear the Dynamic ARP Inspection (DAI) logging buffer, use the clear ip arp inspection log command.
|
|
This example shows how to clear the DAI logging buffer:
|
|
---|---|
To clear the Dynamic ARP Inspection (DAI) statistics for a specified VLAN, use the clear ip arp inspection statistics vlan command.
clear ip arp inspection statistics vlan vlan-list
|
|
This example shows how to clear the DAI statistics for VLAN 2:
This example shows how to clear the DAI statistics for VLANs 5 through 12:
This example shows how to clear the DAI statistics for VLAN 2 and VLANs 5 through 12:
|
|
---|---|
To clear the Dynamic Host Configuration Protocol (DHCP) snooping binding database, use the clear ip dhcp snooping binding command.
clear ip dhcp snooping binding [ vlan vlan-id [ mac mac-address ip ip-address ] [ interface { ethernet slot /[QSFP-module/] port | port-channel channel-number }]]
|
|
This example shows how to clear the DHCP snooping binding database:
This example shows how to clear a specific entry from the DHCP snooping binding database:
To clear the Dynamic Host Configuration Protocol (DHCP) snooping statistics, use the clear ip dhcp snooping statistics command.
clear ip dhcp snooping statistics
|
|
This example shows how to clear the DHCP snooping statistics:
|
|
---|---|
Copies the running configuration to the startup configuration. |
|
Displays DHCP snooping configuration, including the IP Source Guard configuration. |
To clear Lightweight DHCPv6 Relay Agent (LDRA) related statistics, use the clear ipv6 dhcp-ldra statistics command.
clear ipv6 dhcp-ldra statistics
|
|
To use this command, you must enable the DHCP feature and LDRA feature.
This example shows how to clear the LDRA related statistics:
|
|
---|
To enable CTS batched programming, use the cts role-based batched-programming command.
cts role-based batched-programming
no cts role-based batched-programming
|
|
This example shows how to enable CTS batched programming:
|
|
---|---|