Cisco IOS Security Command Reference
clear ip access-list counters through crl-cache none

Table Of Contents

clear ip access-list counters

clear ip access-template

clear ip admission cache

clear ip audit configuration

clear ip audit statistics

clear ip auth-proxy cache

clear ip auth-proxy watch-list

clear ip inspect ha

clear ip inspect session

clear ip ips configuration

clear ip ips statistics

clear ip sdee

clear ip trigger-authentication

clear ip urlfilter cache

clear kerberos creds

clear logging ip access-list cache

clear parameter-map type protocol-info

clear port-security

clear radius local-server

clear webvpn nbns

clear webvpn session

clear webvpn stats

clear zone-pair

clid

client authentication list

client configuration address

client configuration group

client pki authorization list

commands (view)

configuration url

configuration version

content-length

content-type-verification

copy (consent-parameter-map)

copy idconf

copy ips-sdf

crl

crl best-effort

crl optional

crl query

crl-cache delete-after

crl-cache none


clear ip access-list counters

To clear IP access list counters, use the clear ip access-list counters command in privileged EXEC mode.

clear ip access-list counters [access-list-number | access-list-name]

Syntax Description

access-list-number | access-list-name

(Optional) Number or name of the IP access list for which to clear the counters. If no name or number is specified, all IP access list counters are cleared.


Command Modes

Privileged EXEC

Command History

Release
Modification

11.0

This command was introduced.


Usage Guidelines

The counter counts the number of packets that match each permit or deny statement in an access list. You might clear the counters if you want to start at zero to get a more recent count of the packets that are matching an access list. The show ip access-lists command displays the counters as a number of matches.

Examples

The following example clears the counter for access list 150:

Router# clear ip access-list counters 150

Related Commands

Command
Description

show ip access list

Displays the contents of IP access lists.


clear ip access-template

To clear statistical information on the access list, use the clear ip access-template command in privileged EXEC mode.

clear ip access-template access-list

Syntax Description

access-list

Access list number; valid values are from 100 to 199 for an IP extended-access list and from 2000 to 2699 for an expanded-range IP extended-access list.


Defaults

This command has no default settings.

Command Modes

Privileged EXEC

Command History

Release
Modification

12.2(14)SX

Support for this command was introduced on the Supervisor Engine 720.

12.2(17d)SXB

Support for this command on the Supervisor Engine 2 was extended to Cisco IOS Release 12.2(17d)SXB.

12.2(33)SRA

This command was integrated into Cisco IOS Release 12.2(33)SRA.


Examples

This example shows how to clear statistical information on the access list:

Router# clear ip access-template 201

Related Commands

Command
Description

show mls netflow

Displays configuration information about the NetFlow hardware.


clear ip admission cache

To clear IP admission cache entries from the router, use the clear ip admission cache command in privileged EXEC mode.

clear ip admission cache {* | host ip address}

Syntax Description

*

Clears all IP admission cache entries and associated dynamic access lists.

host ip address

Clears all IP admission cache entries and associated dynamic access lists for the specified host.


Command Modes

Privileged EXEC #

Command History

Release
Modification

12.3(8)T

This command was introduced.

12.2(33)SXI

This command was integrated into Cisco IOS Release 12.2(33)SXI.


Usage Guidelines

Use this command to clear entries from the admission control cache before they time out.

Examples

The following example shows that all admission entries are to be deleted:

Router# clear ip admission cache *

The following example shows that the authentication proxy entry for the host with the IP address 192.168.4.5 is to be deleted:

Router# clear ip admission cache 192.168.4.5

Related Commands

Command
Description

show ip admission cache

Displays the admission control entries or the running admission control configuration.


clear ip audit configuration

To disable Cisco IOS Firewall IDS, remove all intrusion detection configuration entries, and release dynamic resources, use the clear ip audit configuration command in EXEC mode.

clear ip audit configuration

Syntax Description

This command has no arguments or keywords.

Command Modes

EXEC

Command History

Release
Modification

12.0(5)T

This command was introduced.

12.2(13)T

This command is no longer supported in Cisco IOS Mainline or Technology-based (T) releases. It may continue to appear in 12.2S-family releases.

12.2(33)SRA

This command was integrated into Cisco IOS Release 12.2(33)SRA.

12.2SX

This command is supported in the Cisco IOS Release 12.2SX train. Support in a specific 12.2SX release of this train depends on your feature set, platform, and platform hardware.


Usage Guidelines

Use the clear ip audit configuration EXEC command to disable Cisco IOS Firewall IDS, remove all intrusion detection configuration entries, and release dynamic resources.

Examples

The following example clears the existing IP audit configuration:

clear ip audit configuration

clear ip audit statistics

To reset statistics on packets analyzed and alarms sent, use the clear ip audit statistics command in EXEC mode.

clear ip audit statistics

Syntax Description

This command has no arguments or keywords.

Command Modes

EXEC

Command History

Release
Modification

12.0(5)T

This command was introduced.

12.2(13)T

This command is no longer supported in Cisco IOS Mainline or Technology-based (T) releases. It may continue to appear in Cisco IOS 12.2S-family releases.

12.2(33)SRA

This command was integrated into Cisco IOS Release 12.2(33)SRA.

12.2SX

This command is supported in the Cisco IOS Release 12.2SX train. Support in a specific 12.2SX release of this train depends on your feature set, platform, and platform hardware.


Usage Guidelines

Use the clear ip audit statistics EXEC command to reset statistics on packets analyzed and alarms sent.

Examples

The following example clears all IP audit statistics:

clear ip audit statistics

clear ip auth-proxy cache

To clear authentication proxy entries from the router, use the clear ip auth-proxy cache command in EXEC mode.

clear ip auth-proxy cache {* | host-ip-address}

Syntax Description

*

Clears all authentication proxy entries, including user profiles and dynamic access lists.

host-ip-address

Clears the authentication proxy entry, including user profiles and dynamic access lists, for the specified host.


Command Modes

EXEC

Command History

Release
Modification

12.0(5)T

This command was introduced.

12.2(33)SRA

This command was integrated into Cisco IOS Release 12.2(33)SRA.

12.2SX

This command is supported in the Cisco IOS Release 12.2SX train. Support in a specific 12.2SX release of this train depends on your feature set, platform, and platform hardware.


Usage Guidelines

Use this command to clear entries from the translation table before they time out.

Examples

The following example deletes all authentication proxy entries:

clear ip auth-proxy cache *

The following example deletes the authentication proxy entry for the host with IP address 192.168.4.5:

clear ip auth-proxy cache 192.168.4.5

Related Commands

Command
Description

show ip auth-proxy

Displays the authentication proxy entries or the running authentication proxy configuration.


clear ip auth-proxy watch-list

To delete a single watch-list entry or all watch-list entries in Privileged EXEC configuration command mode, use the clear ip auth-proxy watch-list command.

clear ip auth-proxy watch-list {ip-addr | *}

Syntax Description

ip-addr

IP address to be deleted from the watch list.

*

All watch-list entries from the watch list.


Defaults

This command has no default settings.

Command Modes

Privileged EXEC.

Command History

Release
Modification

12.2(17d)SXB

Support for this command on the Supervisor Engine 2 was extended to Release 12.2(17d)SXB.

12.2(33)SRA

This command was integrated into Cisco IOS Release 12.2(33)SRA.

12.2SX

This command is supported in the Cisco IOS Release 12.2SX train. Support in a specific 12.2SX release of this train depends on your feature set, platform, and platform hardware.


Usage Guidelines

This command is supported on the systems that are configured with a Supervisor Engine 2 only.

If you see entries in the watch list that you suspect are not valid, you can enter the clear ip auth-proxy watch-list command to clear them manually instead of waiting for the watch list to expire.

Examples

This example shows how to delete a single watch-list entry:

Router# clear ip auth-proxy watch-list 10.0.0.2

Router# 

This example shows how to delete all watch-list entries:

Router# clear ip auth-proxy watch-list *
Router# 

Related Commands

Command
Description

ip auth-proxy max-login-attempts

Limits the number of login attempts at a firewall interface and QoS filtering and enter the ARP ACL configuration submode.

ip auth-proxy watch-list

Enables and configures an authentication proxy watch list.

show ip auth-proxy watch-list

Displays the information about the authentication proxy watch list.


clear ip inspect ha

To delete the Firewall stateful failover sessions information from a router's memory, use the clear ip inspect ha command in privileged EXEC mode.

clear ip inspect ha [sessions all | statistics]

Syntax Description

sessions all

(Optional) Clears all the firewall HA sessions.

statistics

(Optional) Clears the HA statistics on the device.


Command Modes

Privileged EXEC

Command History

Release
Modification

12.4(6)T

This command was introduced.


Usage Guidelines

If the clear ip inspect ha sessions all command is used on the standby device, the standby HA sessions are cleared. This initiates re-synchronization of all HA sessions from the active device to the standby device.

Examples

The following example shows all sessions being deleted:

Router# clear ip inspect ha sessions all 

The following example shows statitics being deledted.

Router# clear ip inspect ha statistics

clear ip inspect session

To delete Context-Based Access Control (CBAC) configuration and session information from a router's memory, use the clear ip inspect session command in privileged EXEC mode.

clear ip inspect session session-address

Syntax Description

session-address

Deletes a specific session; the format is 0-FFFFFFFF.


Command Modes

Privileged EXEC

Command History

Release
Modification

12.4(4)T

This command was introduced.


Usage Guidelines

Sessions consist of control channels and data channels.

Use the clear ip inspect session command to delete a control channel or a data channel. If you specify a control channel session, then data channel sessions may also be deleted, depending on the application protocols being used. If you specify a data channel session, then only that specific session is deleted.

If you attempt to delete a session and the clear ip inspect session command is not supported for the specified protocol, then an error message is generated.

If you want to delete a specific session, use the show ip inspect session command to display all session addresses.


Note The clear ip inspect session command is recommended for advanced users only because it may disrupt network operations if traffic is still flowing through the session.


Examples

The following example displays the current session addresses:

Router# show ip inspect session

Established Sessions

 Session 25A3318 (10.0.0.1:20)=>(10.1.0.1:46068) ftp-data SIS_OPEN

 Session 25A6E1C (10.1.0.1:46065)=>(10.0.0.1:21) ftp SIS_OPEN

The following example shows a specific session being deleted:

Router# clear ip inspect session 25A6E1C 

Related Commands

Command
Description

show ip inspect

Displays CBAC configuration and session information.


clear ip ips configuration

To disable Cisco IOS Firewall Intrusion Prevention System (IPS), remove all intrusion detection configuration entries, and release dynamic resources, use the clear ip ips configuration command in EXEC mode.

clear ip ips configuration

Syntax Description

This command has no arguments or keywords.

Command Modes

EXEC

Command History

Release
Modification

12.0(5)T

This command was introduced.

12.3(8)T

The command name was changed from the clear ip audit configuration command to the clear ip ips configuration command.

12.2(33)SRA

This command was integrated into Cisco IOS Release 12.2(33)SRA.

12.2SX

This command is supported in the Cisco IOS Release 12.2SX train. Support in a specific 12.2SX release of this train depends on your feature set, platform, and platform hardware.


Examples

The following example clears the existing IPS configuration:

clear ip ips configuration

clear ip ips statistics

To reset statistics on packets analyzed and alarms sent, use the clear ip ips statistics command in privileged EXEC mode.

clear ip ips statistics [vrf vrf-name]

Syntax Description

vrf

(Optional) Resets statistics on packets analyzed and alarms sent per VRF.

vrf-name

User specific VRF.


Command Modes

Privileged EXEC (#)

Command History

Release
Modification

12.0(5)T

This command was introduced.

12.3(8)T

The command name was changed from the clear ip audit statistics command to the clear ip ips statistics command.

12.2(33)SRA

This command was integrated into Cisco IOS Release 12.2(33)SRA.

12.2SX

This command is supported in the Cisco IOS Release 12.2SX train. Support in a specific 12.2SX release of this train depends on your feature set, platform, and platform hardware.

12.4(20)T

The vrf keyword and argument were added.


Examples

The following example clears all Intrusion Protection System (IPS) statistics:

clear ip ips statistics

Sample Output for the clear ip ips statistics vrf Command

The following example displays the output of the clear ip ips statistics vrf vrf-name command:

Router# clear ip ips statistics vrf VRF_600
Router# show ip ips statistics vrf VRF_600
Signature statistics [process switch:fast switch]
  signature 5170:1 packets checked: [0:2]
Interfaces configured for ips 3
Session creations since subsystem startup or last reset 0
Current session counts (estab/half-open/terminating) [0:0:0]
Maxever session counts (estab/half-open/terminating) [0:0:0]
Last session created 00:02:34
Last statistic reset never
TCP reassembly statistics
  received 8 packets out-of-order; dropped 0
  peak memory usage 12 KB; current usage: 0 KB
  peak queue length 6

clear ip sdee

To clear Security Device Event Exchange (SDEE) events or subscriptions, use the clear ip sdee command in privileged EXEC mode.

clear ip sdee {events | subscriptions}

Syntax Description

events

Clears SDEE events from the event buffer.

subscriptions

Clears SDEE subscriptions.


Command Modes

Privileged EXEC

Command History

Release
Modification

12.3(8)T

This command was introduced.


Usage Guidelines

Because subscriptions are properly closed by the Cisco IOS Intrusion Prevention System (IPS) client, this command is typically used only to help with error recovery.

Examples

The following example shows how to clear all open SDEE subscriptions on the router:

Router# clear ip sdee subscriptions

Related Commands

Command
Description

ip ips notify

Specifies the method of event notification.

ip sdee events

Sets the maximum number of SDEE events that can be stored in the event buffer.

ip sdee subscriptions

Sets the maximum number of SDEE subscriptions that can be open simultaneously.


clear ip trigger-authentication

To clear the list of remote hosts for which automated double authentication has been attempted, use the clear ip trigger-authentication command in privileged EXEC mode.

clear ip trigger-authentication

Syntax Description

This command has no arguments or keywords.

Command Modes

Privileged EXEC

Command History

Release
Modification

11.3 T

This command was introduced.

12.2(33)SRA

This command was integrated into Cisco IOS Release 12.2(33)SRA.

12.2SX

This command is supported in the Cisco IOS Release 12.2SX train. Support in a specific 12.2SX release of this train depends on your feature set, platform, and platform hardware.


Usage Guidelines

Use this command when troubleshooting automated double authentication. This command clears the entries in the list of remote hosts displayed by the show ip trigger-authentication command.

Examples

The following example clears the remote host table:

Router# show ip trigger-authentication

Trigger-authentication Host Table:
Remote Host          Time Stamp
172.21.127.114       2940514234
Router# clear ip trigger-authentication
Router# show ip trigger-authentication

Related Commands

Command
Description

show ip trigger-authentication

Displays the list of remote hosts for which automated double authentication has been attempted.


clear ip urlfilter cache

To clear the cache table, use the clear ip urlfilter cache command in user EXEC mode.

clear ip urlfilter cache {ip-address | all} [vrf vrf-name]

Syntax Description

ip-address

Clears the cache table of a specified server IP address.

all

Clears the cache table completely.

vrf vrf-name

(Optional) Clears the cache table only for the specified Virtual Routing and Forwarding (VRF) interface.


Command Modes

User EXEC

Command History

Release
Modification

12.2(11)YU

This command was introduced.

12.2(15)T

This command was integrated into Cisco IOS Release 12.2(15)T.

12.3(14)T

The vrf vrf-name keyword/argument pair was added.

12.2(33)SRA

This command was integrated into Cisco IOS Release 12.2(33)SRA.

12.2SX

This command is supported in the Cisco IOS Release 12.2SX train. Support in a specific 12.2SX release of this train depends on your feature set, platform, and platform hardware.


Usage Guidelines

The cache table consists of the most recently requested IP addresses and the respective authorization status for each IP address.

Examples

The following example shows how to clear the cache table of IP address 172.18.139.21:

clear ip urlfilter cache 172.18.139.21

The following example shows how to clear the cache table of all IP addresses:

clear ip urlfilter cache all

The following example shows how to clear the cache table of all IP addresses in the vrf named bank.

clear ip urlfilter cache all vrf bank

Related Commands

Command
Description

ip urlfilter cache

Configures cache parameters.

show ip urlfilter cache

Displays the destination IP addresses that are cached into the cache table.


clear kerberos creds

To delete the contents of the credentials cache, use the clear kerberos creds command in privileged EXEC mode.

clear kerberos creds

Syntax Description

This command has no arguments or keywords.

Command Modes

Privileged EXEC

Command History

Release
Modification

11.1

This command was introduced.

12.2(33)SRA

This command was integrated into Cisco IOS Release 12.2(33)SRA.

12.2SX

This command is supported in the Cisco IOS Release 12.2SX train. Support in a specific 12.2SX release of this train depends on your feature set, platform, and platform hardware.


Usage Guidelines

Credentials are deleted when this command is issued.

Cisco supports Kerberos 5.

Examples

The following example illustrates the clear kerberos creds command:

Router# show kerberos creds 
Default Principal: chet@cisco.com
Valid Starting          Expires                 Service Principal
18-Dec-1995 16:21:07    19-Dec-1995 00:22:24    krbtgt/CISCO.COM@CISCO.COM

Router# clear kerberos creds
Router# show kerberos creds 
No Kerberos credentials.

Related Commands

Command
Description

show kerberos creds

Displays the contents of your credentials cache.


clear logging ip access-list cache

To clear all the entries from the Optimized ACL Logging (OAL) cache and send them to the syslog, use the clear logging ip access-list cache command in privileged EXEC mode.

clear logging ip access-list cache

Syntax Description

This command has no arguments or keywords.

Defaults

This command has no default settings.

Command Modes

Privileged EXEC

Command History

Release
Modification

12.2(17d)SXB

Support for this command was introduced on the Supervisor Engine 720.

12.2(33)SRA

This command was integrated into Cisco IOS Release 12.2(33)SRA.


Usage Guidelines

This command is supported on Cisco 7600 series routers that are configured with a Supervisor Engine 720 only.

Examples

This example shows how to clear all the entries from the OAL cache and send them to the syslog:

Router# clear logging ip access-list cache

Related Commands

Command
Description

logging ip access-list cache (global configuration )

Configures the OAL parameters globally.

logging ip access-list cache (interface configuration )

Enables an OAL-logging cache on an interface that is based on direction.

show logging ip access-list

Displays information about the logging IP access list.


clear parameter-map type protocol-info

To clear the Domain Name System (DNS) cache for name resolution of servers within a parameter map, use the clear parameter-map type protocol-info command in privileged EXEC mode.

clear parameter-map type protocol-info dns-cache dns-name [ip-address ip-address]

Syntax Description

dns-cache dns-name

Cache of the specified DNS server will be cleared.

ip-address ip-address

(Optional) Specified IP address is removed from the cache of the DNS server.

If an IP address is not specified, all IP addresses from the specified DNS server are cleared from the cache.


Command Default

None

Command Modes

Privileged EXEC

Command History

Release
Modification

12.4(9)T

This command was introduced.


Examples

The following example shows how to clear the cache of the DNS server "sdsc.msg.yahoo.com:

Router# clear parameter-map type protocol-info dns-cache sdsc.msg.yahoo.com

Related Commands

Command
Description

parameter-map type

Creates or modifies a parameter map.


clear port-security

To delete configured secure MAC addresses and sticky MAC addresses from the MAC address table in the Priveleged EXEC configuration command mode, use the clear port-security command.

clear port-security dynamic [address mac-addr | interface interface-id] [vlan vlan-id]

Syntax Description

address mac-addr

(Optional) Deletes the specified secure MAC address or sticky MAC address.

interface interface-id

(Optional) Deletes all secure MAC addresses and sticky MAC addresses on the specified physical port or port channel.

vlan vlan-id

(Optional) Deletes the specified secure MAC address or sticky MAC address from the specified VLAN.


Defaults

This command has no default settings.

Command Modes

Privileged EXEC

Command History

Release
Modification

12.2(14)SX

Support for this command was introduced on the Supervisor Engine 720.

12.2(17d)SXB

Support for this command on the Supervisor Engine 2 was extended to Release 12.2(17d)SXB.

12.2(18)SXE

The output of this command was changed to support sticky MAC addresses on the Supervisor Engine 720 only.

12.2(33)SRA

This command was integrated into Cisco IOS Release 12.2(33)SRA.


Usage Guidelines

This command is supported on negotiated trunks only.

If you enter the clear port-security command without adding any keywords or arguments, the switch removes all the secure MAC addresses and sticky MAC addresses from the MAC address table.

If you enter the clear port-security dynamic interface interface-id command, all the secure MAC addresses and sticky MAC addresses on an interface are removed from the MAC address table.

You can verify that the information was deleted by entering the show port-security command.

Examples

This example shows how to remove a specific secure address from the MAC address table:

Router# clear port-security dynamic address 0008.0070.0007
Router# 

This example shows how to remove all the secure MAC addresses and sticky MAC addresses learned on a specific interface:

Router# clear port-security dynamic interface gigabitethernet0/1
Router# 

Related Commands

Command
Description

show port-security

Displays information about the port-security setting.

switchport port-security mac-address

Adds a MAC address to the list of secure MAC addresses.


clear radius local-server

To clear the display on the local server or to unblock a locked username, use the clear radius local-server command in privileged EXEC mode.

clear radius local-server {statistics | user username}

Syntax Description

statistics

Clears the display of statistical information.

user

Unblocks the locked username specified.

username

Locked username.


Command Modes

Privileged EXEC

Command History

Release
Modification

12.2(11)JA

This command was introduced on the Cisco Aironet Access Point 1100 and the Cisco Aironet Access Point 1200.

12.3(11)T

This command was integrated into Cisco IOS Release 12.3(11)T and implemented on the following platforms: Cisco 2600XM, Cisco 2691, Cisco 2811, Cisco 2821, Cisco 2851, Cisco 3700, and Cisco 3800 series routers.


Examples

The following example shows how to unblock the locked username "smith":

Router# clear radius local-server user smith

Related Commands

Command
Description

block count

Configures the parameters for locking out members of a group to help protect against unauthorized attacks.

debug radius local-server

Displays the debug information for the local server.

group

Enters user group configuration mode and configures shared setting for a user group.

nas

Adds an access point or router to the list of devices that use the local authentication server.

radius-server host

Specifies the remote RADIUS server host.

radius-server local

Enables the access point or router to be a local authentication server and enters into configuration mode for the authenticator.

reauthentication time

Specifies the time after which access points or wireless-aware routers must reauthenticate the members of a group.

show radius local-server statistics

Displays statistics for a local network access server.

ssid

Specifies up to 20 SSIDs to be used by a user group.


clear webvpn nbns

To clear the NetBIOS name service (NBNS) cache on a SSL VPN gateway, use the clear webvpn nbns command in privileged EXEC mode.

clear webvpn nbns [context {name | all}]

Syntax Description

context

(Optional) Clears NBNS statistics for a specific context or all contexts.

name

Clears NBNS statistics for a specific context.

all

Clears NBNS statistics for all contexts.


Command Default

No default behavior or values.

Command Modes

Privileged EXEC

Command History

Release
Modification

12.4(6)T

This command was introduced.


Usage Guidelines

Entering this command without any keywords or arguments clears all NBNS counters on the network device.

Examples

The following example clears all NBNS counters:

Router# clear webvpn nbns 

Related Commands

Command
Description

clear webvpn session

Clears remote users sessions on a SSL VPN gateway.

clear webvpn stats

Clears application and access counters on a SSL VPN gateway.


clear webvpn session

To clear SSL VPN remote user sessions, use the clear webvpn session command in privileged EXEC mode.

clear webvpn session [user name] context {name | all}

Syntax Description

user name

(Optional) Clears session information for a specific user.

context {name | all}

Clears session information for a specific context or all contexts.


Command Default

None

Command Modes

Privileged EXEC

Command History

Release
Modification

12.4(6)T

This command was introduced.


Usage Guidelines

This command is used to clear the session for either the specified remote user or all remote users in the specified context.

Examples

The following example clears all session information:

Router# clear webvpn session context all 

Related Commands

Command
Description

clear webvpn nbns

Clears the NBNS cache on a SSL VPN gateway.

clear webvpn stats

Clears application and access counters on a SSL VPN gateway.


clear webvpn stats

To clear (or reset) SSL VPN application and access counters, use the clear webvpn stats command in privileged EXEC mode.

clear webvpn stats [[cifs | citrix | mangle | port-forward | sso | tunnel] [context {name | all}]]

Syntax Description

cifs

(Optional) Clears Windows file share (CIFS) statistics.

citrix

(Optional) Clears Citrix application statistics.

mangle

(Optional) Clears URL mangling statistics.

port-forward

(Optional) Clears port forwarding statistics.

sso

(Optional) Clears statistics for Single SignOn (SSO) activities.

tunnel

(Optional) Clears Cisco AnyConnect VPN Client tunnel statistics.

context {name | all}

(Optional) Clears information for either a specific context or all contexts.


Command Default

If no keywords are entered, all SSL VPN application and access counters are cleared.

Command Modes

Privileged EXEC

Command History

Release
Modification

12.4(6)T

This command was introduced.

12.4(11)T

The sso keyword was added.


Usage Guidelines

This command is used to clear counters for Windows file shares, Citrix applications, URL mangling, application port forwarding, SSO, and Cisco AnyConnect VPN Client tunnels. The counters are cleared for either the specified context or all contexts on the SSL VPN gateway.

Examples

The following example clears all statistics counters for all SSL VPN processes:

Router# clear webvpn stats

The following example clears statistics for SSO activities:

Router# clear webvpn stats sso

Related Commands

Command
Description

clear webvpn nbns

Clears the NBNS cache on a SSL VPN gateway.

clear webvpn session

Clears remote users sessions on a SSL VPN gateway.


clear zone-pair

To clear the policy map counters, inspect sessions, or the URL filter cache on a zone-pair, use the clear zone-pair command in privileged EXEC mode.

clear zone-pair [zone-pair-name] {counter | inspect session | urlfilter cache}

Syntax Description

zone-pair-name

(Optional) Name of the zone-pair on which counters, inspect sessions, or the uRL filter cache are cleared.

counter

Clears the policy-map counters. Resets the statistics of the inspect type policy map on the specified zone-pair.

inspect session

Deletes the inspect sessions on the specified zone-pair.

urlfilter cache

Clears the URL filter cache on the specified zone-pair.


Command Default

Disabled (it is not necessary to enter this command).

Command Modes

Privileged EXEC (#)

Command History

Release
Modification

12.4(6)T

This command was introduced.

12.4(15)XZ

This command was implemented on the following platforms: Cisco 881 and Cisco 888.


Usage Guidelines

If you do not specify a zone-pair name, the policy map counters, sessions, or the URL filter cache are cleared for all the configured zone-pairs.

Examples

The following example deletes the inspect sessions on the zp zone-pair:

Router# clear zone-pair zp inspect session 

The following example clears the URL filter cache on the zp zone-pair.

Router# clear zone-pair zp urlfilter cache

clid

To preauthenticate calls on the basis of the Calling Line IDentification (CLID) number, use the clid command in AAA preauthentication configuration mode. To remove the clid command from your configuration, use the no form of this command.

clid [if-avail | required] [accept-stop] [password password]

no clid [if-avail | required] [accept-stop] [password password]

Syntax Description

if-avail

(Optional) Implies that if the switch provides the data, RADIUS must be reachable and must accept the string in or