clear f - clear z

clear facility-alarm output

To de-energize the output relay and clear the alarm state of the LED in the ISA 3000, use the clear facility-alarm output command

clear facility-alarm output

Command History

Release

Modification

6.3

This command was introduced.

Usage Guidelines

This command de-energizes the output relay and clears the alarm state of the output LED. This turns off the external alarm. However, this command does not fix the alarm condition that triggered the external alarm: you still must resolve the problem. Use the show facility-alarm status command to determine the current alarm conditions.

Examples

The following example de-energizes the output relay and clears the alarm state of the output LED:


> clear facility-alarm output

Related Commands

Command

Description

show alarm settings

Displays all global alarm settings.

show environment alarm-contact

Displays the status of the input alarm contacts.

show facility-alarm

Displays status information for triggered alarms.

clear failover statistics

To clear the high availability statistic counters, use the clear failover statistics command.

clear failover statistics [ dp-clients | cp-clients ]

Command History

Release

Modification

6.1

This command was introduced.

7.2.67.4.1

New keywords dp-clients and cp-clients were added.

Usage Guidelines

This command clears the statistics displayed with the show failover statistics command and the counters in the Stateful Failover Logical Update Statistics section of the show failover command output. The dp-clients and cp-clients keywords clear the data plane and control plane statistics of HA clients displayed in the show failover statistics bulk-sync command.

Examples

The following example shows how to clear the high availability statistics counters: 


> clear failover statistics

Related Commands

Command

Description

show failover

Displays information about the high availability configuration and operational statistics.

clear flow-export counters

To reset runtime counters for NetFlow statistical and error data to zero, use the clear flow-export counters command.

clear flow-export counters

Command History

Release

Modification

6.3

This command was introduced.

Examples

The following example shows how to reset NetFlow runtime counters:


> clear flow-export counters

Related Commands

Command

Description

show flow-export counters

Displays all NetFlow runtime counters.

clear flow-offload

To clear counters and statistics for offloaded flows, use the clear flow-offload command.

This command is available on threat defense on the Firepower 4100/9300 chassis.

clear flow-offload statistics

Syntax Description

statistics

Resets to zero statistics for all offloaded flows.

Command History

Release

Modification

6.3

This command was introduced.

Examples

Following is an example of clearing all flow counters: 


> clear flow-offload statistics

Related Commands

Commands

Description

show flow-offload

Displays dynamic flow offload counters, statistics, and information.

configure flow-offload

Enables or disables dynamic flow offload.

clear flow-offload-ipsec

To clear information related to IPsec flow offload, use the clear flow-offload-ipsec command.

clear flow-offload-ipsec statistics

Syntax Description

statistics

Clear statistics related to IPsec flow offload.

Command History

Release Modification

7.2

This command was introduced.

Examples

The following example clears all IPsec flow offload statistics. 


> clear flow-offload-ipsec statistics

Related Commands

Command

Description

show flow-offload-ipsec

Displays IPsec flow offload statistics and information.

clear fragment

To clear the operational data of the IP fragment reassembly module, enter the clear fragment command.

clear fragment { queue | statistics [ interface_name]}

Syntax Description

queue

Clears the IP fragment reassembly queue.

statistics interface_name

Clears the IP fragment reassembly statistics. You can optionally specify an interface name to clear statistics for that interface only. Otherwise, statistics for all interfaces are cleared.

Command History

Release

Modification

6.1

This command was introduced.

Usage Guidelines

This command clears either the currently queued fragments that are waiting for reassembly (if the queue keyword is entered) or clears all IP fragment reassembly statistics (if the statistics keyword is entered). The statistics are the counters, which tell how many fragments chains were successfully reassembled, how many chains failed to be reassembled, and how many times the maximum size was crossed resulting in overflow of the buffer.

Examples

The following example shows how to clear the operational data of the IP fragment reassembly module: 


> clear fragment queue

Related Commands

Command

Description

show fragment

Displays the operational data of the IP fragment reassembly module.

show running-config fragment

Displays the IP fragment reassembly configuration.

clear gc

To remove the garbage collection (GC) process statistics, use the clear gc command.

clear gc

Command History

Release

Modification

6.1

This command was introduced.

Examples

The following example shows how to remove the GC process statistics: 


> clear gc

Related Commands

Command

Description

show gc

Displays the GC process statistics.

clear igmp

To clear all IGMP counters, group caches, and traffic, use the clear igmp command.

clear igmp { counters [ if_name] | group [ interface name] | traffic}

Syntax Description

counters [if_name]

Clears IGMP statistical counters. You can optionally specify an interface name to clear the counters for that interface only.

group [interface name]

Deletes IGMP group cache entries. You can optionally specify an interface name to delete the groups associated with that interface only.

This command does not clear statically configured groups.

traffic

Clears traffic counters.

Command History

Release

Modification

6.1

This command was introduced.

Examples

The following example clears the IGMP statistical counters: 


> clear igmp counters

The following example shows how to clear all discovered IGMP groups from the IGMP group cache: 


> clear igmp group

The following example clears the IGMP statistical traffic counters: 


> clear igmp traffic

Related Commands

Command

Description

show igmp

Shows IGMP information.

clear ikev1

To remove the IPsec IKEv1 SAs or statistics, use the clear ikev1 command.

clear ikev1 { sa [ ip_address] | stats}

Syntax Description

sa ip_address

Clears the SA. To clear all IKEv1 SAs, use this option without specifying an IP address. Otherwise, specify the IPv4 or IPv6 address of the SA to clear.

stats

Clears the IKEv1 statistics.

Command History

Release

Modification

6.1

This command was introduced.

Examples

The following example removes all of the IPsec IKEv1 statistics from the threat defense device: 


> clear ikev1 stats
>

The following example deletes SAs with a peer IP address of 10.86.1.1: 


> clear ikev1 sa 10.86.1.1
>

Related Commands

Command

Description

show ipsec sa

Displays information about IPSec SAs, including counters, entry, map name, peer IP address and hostname.

show running-config crypto

Displays the entire crypto configuration, including IPsec, crypto maps, dynamic crypto maps, and ISAKMP.

clear ikev2

To remove the IPsec IKEv2 SAs or statistics, use the clear ikev2 command.

clear ikev2 { sa [ ip_address] | stats}

Syntax Description

sa ip_address

Clears the SA. To clear all IKEv2 SAs, use this option without specifying an IP address. Otherwise, specify the IPv4 or IPv6 address of the SA to clear.

stats

Clears the IKEv2 statistics.

Command History

Release

Modification

6.1

This command was introduced.

Examples

The following example removes all of the IPsec IKEv2 statistics from the threat defense device: 


> clear ikev2 stats
>

The following example deletes SAs with a peer IP address of 10.86.1.1: 


> clear ikev2 sa 10.86.1.1
>

Related Commands

Command

Description

show ipsec sa

Displays information about IPSec SAs, including counters, entry, map name, peer IP address and hostname.

show running-config crypto

Displays the entire crypto configuration, including IPsec, crypto maps, dynamic crypto maps, and ISAKMP.

clear interface

To clear interface statistics, use the clear interface command.

clear interface [ physical_interface[ .subinterface] | interface_name]

Syntax Description

interface_name

(Optional) Identifies the interface name.

physical_interface

(Optional) Identifies the interface ID, such as gigabit ethernet0/1.

subinterface

(Optional) Identifies an integer between 1 and 4294967293 designating a logical subinterface.

Command Default

By default, this command clears all interface statistics.

Command History

Release

Modification

6.1

This command was introduced.

Examples

The following example clears all interface statistics: 


> clear interface

Related Commands

Command

Description

show interface

Displays the runtime status and statistics of interfaces.

show running-config interface

Displays the interface configuration.

clear ip

To clear statistics for certain legacy features, use the clear ip command.

clear ip { audit count [ global] | verify statistics} [ interface interface_name]

Syntax Description

audit count [global]

Clears the count of signature matches for an audit policy. If you do not specify the interface keyword, counts for all signatures are cleared globally. You can optionally include the global keyword to specify this explicitly (you cannot specify both global and interface).

interface interface_name

(Optional) Clear statistics for the specified interface only.

verify statistics

Clears the number of packets dropped for Unicast Reverse Path Forwarding (RPF).

Command History

Release

Modification

6.1

This command was introduced.

Usage Guidelines

These features are normally not enabled, so typically there are no statistics to clear.

Examples

The following example clears the IP audit count for all interfaces. 


> clear ip audit count

Related Commands

Command

Description

show ip audit count

Displays the Unicast RPF statistics.

show ip verify statistics

Displays the Unicast RPF statistics.

show running-config ip audit name

Shows the configuration for the ip audit name command. Besides name , you can check on the interface and signature configuration.

show running-config ip verify reverse-path

Shows the ip verify reverse-path configuration.

clear ipsec sa

To remove the IPsec SA counters, entries, crypto maps or peer connections, use the clear ipsec sa command.

clear ipsec sa [ counters | entry ip_address { esp | ah} spi | inactive | map map_name | peer ip_address]

Syntax Description

ah

Authentication header.

counters

Clears all IPsec per SA statistics.

entry ip_address

Deletes the tunnel that matches the specified IP address/hostname, and protocol, and SPI value.

esp

Encryption security protocol.

inactive

Clears all inactive IPsec SAs.

map map_name

Deletes all tunnels associated with the specified crypto map as identified by map name.

peer ip_address

Deletes all IPsec SAs to a peer as identified by the specified hostname or IP address.

spi

Identifies the Security Parameters Index (a hexidecimal number). This must be the inbound SPI. We do not support this command for the outbound SPI.

Command History

Release

Modification

6.1

This command was introduced.

Usage Guidelines

To clear all IPsec SAs, use this command without arguments.

Examples

The following example, issued in global configuration mode, removes all of the IPsec SAs from the threat defense: 


> clear ipsec sa
>

The following example, entered in global configuration mode, deletes SAs with a peer IP address of 10.86.1.1: 


> clear ipsec sa peer 10.86.1.1

Related Commands

Command

Description

show ipsec sa

Displays information about IPsec SAs, including counters, entry, map name, peer IP address and hostname.

show running-config crypto

Displays the entire crypto configuration, including IPsec, crypto maps, dynamic crypto maps, and ISAKMP.

clear ipv6 dhcp

To clear DHCPv6 statistics, use the clear ipv6 dhcp command.

clear ipv6 dhcp { client [ pd] | interface interface_name | server} statistics

Syntax Description

client [ pd]

Clears the DHCPv6 client statistics. Add the pd keyword to clear the Prefix Delegation client statistics.

interface interface_name

Clears the DHCPv6 statistics for the specified interface.

server

Clears the DHCPv6 server statistics.

Command History

Release

Modification

6.2.1

This command was introduced.

Examples

The following example clears the DHCPv6 client statistics: 


> clear ipv6 dhcp client statistics

Related Commands

Command

Description

show ipv6 dhcp

Shows DHCPv6 statistics.

clear ipv6 dhcprelay

To clear the IPv6 DHCP relay binding entries and statistics, use the clear ipv6 dhcprelay command.

clear ipv6 dhcprelay { binding [ ip_address] | statistics}

Syntax Description

binding

Clears the IPv6 DHCP relay binding entries.

ip_address

(Optional) Specifies the IPv6 address for the DHCP relay binding. If the IP address is specified, only the relay binding entries associated with that IP address are cleared.

statistics

Clears the IPv6 DHCP relay agent statistics.

Command History

Release

Modification

6.1

This command was introduced.

Examples

The following example shows how to clear the statistical data for the IPv6 DHCP relay binding: 


> clear ipv6 dhcprelay binding
>

The following example shows how to clear the statistical data for the IPv6 DHCP relay agent: 


> clear ipv6 dhcprelay statistics

Related Commands

Command

Description

show ipv6 dhcprelay binding

Shows the relay binding entries created by the relay agent.

show ipv6 dhcprelay statistics

Shows the IPv6 DHCP relay agent information.

clear ipv6 mld traffic

To clear the IPv6 Multicast Listener Discovery (MLD) traffic counters and reset them, use the clear ipv6 mld traffic command.

clear ipv6 mld traffic

Command History

Release

Modification

6.1

This command was introduced.

Examples

The following example shows how to clear the traffic counters for IPv6 MLD: 


> clear ipv6 mld traffic
>

Related Commands

Command

Description

show ipv6 mld traffic

Show IPv6 MLD traffic counters.

clear ipv6 neighbors

To clear the IPv6 neighbor discovery cache, use the clear ipv6 neighbors command.

clear ipv6 neighbors

Command History

Release

Modification

6.1

This command was introduced.

Usage Guidelines

This command deletes all discovered IPv6 neighbor from the cache; it does not remove static entries.

Examples

The following example deletes all entries, except static entries, in the IPv6 neighbor discovery cache: 


> clear ipv6 neighbors
>

Related Commands

Command

Description

show ipv6 neighbor

Displays IPv6 neighbor cache information.

clear ipv6 ospf

To clear OSPFv3 routing parameters, use the clear ipv6 ospf command.

clear ipv6 [ process_id] [ counters] [ events] [ force-spf] [ process] [ redistribution] [ traffic]

Syntax Description

counters

Resets the OSPF process counters.

events

Clears the OSPF event log.

force-ospf

Clears the SPF for OSPF processes.

process

Resets the OSPFv3 process.

process_id

Clears the process ID number. Valid values range from 1 to 65535.

redistribution

Clears OSPFv3 route redistribution.

traffic

Clears traffic-related statistics.

Command History

Release

Modification

6.1

This command was introduced.

Examples

The following example shows how to clear all OSPFv3 route redistribution: 


> clear ipv6 ospf redistribution
>

Related Commands

Command

Description

show running-config ipv6 router

Shows the running configuration of OSPFv3 processes.

clear ipv6 prefix-list

To clear routing IPv6 prefix-lists, use the clear ipv6 prefix-list command.

clear ipv6 prefix-list [ name]

Syntax Description

name

Clears the named IPv6 prefix-list.

Command History

Release

Modification

6.1

This command was introduced.

Examples

The following example shows how to clear the list1 IPv6 prefix-list: 


> clear ipv6 prefix-list list1
>

Related Commands

Command

Description

show running-config ipv6 prefix-list

Shows the running configuration of IPv6 prefix-lists.

clear ipv6 route

To delete routes from the IPv6 routing table, use the clear ipv6 route command.

clear ipv6 route [ management-only] { all | ipv6-prefix/prefix-length}

Syntax Description

management-only

Clears only the IPv6 management routing table.

ipv6-prefix/prefix-length

Clears routed for the IPv6 prefix.

all

Clears all IPv6 routes.

Command History

Release

Modification

6.1

This command was introduced.

Usage Guidelines

The clear ipv6 route command is similar to the clear ip route command, except that it is IPv6-specific.

The per-destination maximum transmission unit (MTU) cache is also cleared.

Examples

The following example deletes the IPv6 route for 2001:0DB8::/35: 


> clear ipv6 route 2001:0DB8::/35

Related Commands

Command

Description

show ipv6 route

Displays IPv6 routes.

clear ipv6 traffic

To reset the IPv6 traffic counters, use the clear ipv6 traffic command.

clear ipv6 traffic

Command History

Release

Modification

6.1

This command was introduced.

Usage Guidelines

Using this command resets the counters in the output from the show ipv6 traffic command.

Examples

The following example resets the IPv6 traffic counters. 


> clear ipv6 traffic
>

Related Commands

Command

Description

show ipv6 traffic

Displays IPv6 traffic statistics.

clear isakmp

To clear ISAKMP SAs or statistics, use the clear isakmp command.

clear isakmp [ sa | stats]

Syntax Description

sa

(Optional) Clears IKEv1 and IKEv2 SAs.

stats

(Optional) Clears IKEv1 and IKEv2 statistics.

Command History

Release

Modification

6.1

This command was introduced.

Usage Guidelines

To clear all ISAKMP operational data, use this command without arguments.

Examples

The following example removes all of the ISAKMP SAs: 


> clear isakmp sa
>

Related Commands

Command

Description

show isakmp

Displays information about ISAKMP operational data.

show running-config crypto

Displays the entire crypto configuration, including IPsec, crypto maps, dynamic crypto maps, and ISAKMP.

clear isis

To clear the IS-IS data structures, use the clear isis command.

clear isis { * | lspfull | rib redistribution [ level-1 | level-2] [ network_prefixID-3857-0000054f] [ network_maskID-3857-00000551]}

Syntax Description

*

Clears all IS-IS data structures.

level-1

(Optional) Clears Level 1 IS-IS redistributed prefixes from the redistribution cache.

level-2

(Optional) Clears Level 2 IS-IS redistributed prefixes from the redistribution cache.

lspfull

Clears the IS-IS LSPFULL state.

network_mask

(Optional) The network ID in the A.B.C.D format for the network mask for the specific network prefix you want to clear from the RIB. If you do not provide a network mask for the prefix, the major net of the prefix will be used for the network mask.

network_prefix

(Optional) The network ID in the A.B.C.D format for the specific network prefix you want to clear from the redistribution Routing Information Base (RIB). If you do not provide a network mask for the prefix, the major net of the prefix will be used for the network mask.

rib redistribution

Clears prefixes in the IS-IS redistribution cache.

Command History

Release

Modification

6.3

This command was introduced.

Usage Guidelines

If the link-state PDU (LSP) becomes full because too many routes are redistributed, use the clear isis lspfull command to clear the state after the problem has been resolved.

We recommend that you use the clear isis rib command in a troubleshooting situation only when a Cisco Technical Assistance Center representative requests you to do so following a software error.

Examples

The following example clears the LSPFULL state: 


> clear isis lspfull

The following example clears the network prefix 10.1.0.0 from the IP local redistribution cache: 


> clear isis rib redistribution 10.1.0.0 255.255.0.0

Related Commands

Command

Description

show clns

Shows CLNS-specific information.

show isis

Shows IS-IS information.

show route isis

Shows IS-IS routes.

clear kernel cgroup-controller

To clear the kernel’s cgroup controller statistics, use the clear kernel cgroup-controller command.

clear kernel cgroup-controller [ cpu | memory]

Syntax Description

cpu

(Optional) Clears the cpu/cpuacct controller statistics.

memory

(Optional) Clears memory controller statistics.

Command History

Release

Modification

6.1

This command was introduced.

Examples

The following example shows how to clear the cgroup-controller statistics: 


> clear kernel cgroup-controller

Related Commands

Command

Description

show kernel cgroup-controller

Displays cgroup controller statistics.

clear lacp

To clear EtherChannel LACP port channel statistics, use the clear lacp command.

clear lacp [ channel_group_number]

Syntax Description

channel_group_number

(Optional.) Clears the channel group information by number, between 1 and 48.

Command Default

If you do not specify a number, statistics for all port channels are cleared.

Command History

Release

Modification

6.1

This command was introduced.

Examples

The following example shows how to clear the port channel statistics: 


> clear lacp 12

Related Commands

Command

Description

show lacp

Displays port channel information.

clear lisp eid

To clear the Lisp EID table, use the clear list eid command.

clear lisp eid [ ip_address]

Syntax Description

ip_address

Removes the specified IP address from the EID table.

Command History

Release

Modification

6.2

This command was introduced.

Usage Guidelines

The device maintains an EID table that correlates the EID and the site ID. The clear lisp eid command clears EID entries in the table.

Related Commands

Command

Description

clear cluster info flow-mobility counters

Clears the flow mobility counters.

show cluster info flow-mobility counters

Shows flow mobility counters.

show conn

Shows traffic subject to LISP flow-mobility.

show lisp eid

Shows the EID table.

clear local-host (Deprecated)

To reinitalize per-client run-time states such as connection limits and embryonic limits, use the clear local-host command.

clear local-host [ hostname | ip_address] [ all] [ zone]

Syntax Description

all

(Optional) Clears all connections, including to-the-box traffic. Without the all keyword, only through-the-box traffic is cleared.

hostname or ip_address

(Optional) Specifies the local hostname or IPv4 or IPv6 address.

zone

(Optional) Clears all connections in traffic zones.

Command Default

Clears all through-the-box run-time states.

Command History

Release

Modification

6.1

This command was introduced.

7.0

This command was deprecated. Use the clear conn address command to clear connections to local addresses.

Usage Guidelines

When you make security policy changes to the configuration, all new connections use the new security policy. Existing connections continue to use the policy that was configured at the time of the connection establishment. To ensure that all connections use the new policy, you need to disconnect the current connections so they can reconnect using the new policy using the clear local-host command. You can alternatively use the clear conn command for more granular connection clearing, or the clear xlate command for connections that use dynamic NAT.

The clear local-host command releases the hosts from the host license limit. You can see the number of hosts that are counted toward the license limit by entering the show local-host command.

Examples

The following example clears the run-time state and associated connections for the host 10.1.1.15: 


> clear local-host 10.1.1.15

Related Commands

Command

Description

clear conn

Terminates connections in any state.

clear xlate

Clears a dynamic NAT session, and any connections using NAT.

show local-host

Displays the network states of local hosts.

clear logging

To clear the logging buffer, use the clear logging command.

clear logging { buffer | counter option | queue bufferwrap | unified-client}

Syntax Description

buffer

Clears the internal logging buffer.

counter destination

Clears the counters and statistics for the specified logging destination. Specify all to clear the statistics for all logging destinations. Alternatively, you can specify one of the following to limit the action to that one destination: buffer , console , mail , monitor , trap .

queue bufferwrap

Clears the saved FTP and flash logging buffer queues.

unified-client

Clears the logging statistics from the unified logging client, loggerD.

Command History

Release

Modification

6.1

This command was introduced.

6.3

The unified-client keyword was added.

6.6

The counter keyword was added.

Examples

This example shows how to clear the contents of the log buffer: 


> clear logging buffer

The following example shows how to clear the contents of the saved log buffers: 


> clear logging queue bufferwrap

The following example shows how to clear the statistics of loggerD service: 


> clear logging unified-client

Related Commands

Command

Description

logging savelog

Specify an optional flash file name.

show logging

Displays logging information.

clear mac-address-table

To clear dynamic MAC address table entries, use the clear mac-address-table command.

clear mac-address-table [ interface_name]

Syntax Description

interface_name

(Optional) Clears the MAC address table entries for the selected interface.

Command History

Release

Modification

6.1

This command was introduced.

Examples

The following example clears the dynamic MAC address table entries: 


> clear mac-address-table

Related Commands

Command

Description

show mac-address-table

Shows MAC address table entries.

clear memory

To clear the queues and statistics for a memory tool, use the clear memory command.

clear memory { delayed-free-poisoner | profile [ peak] | tracking}

Syntax Description

delayed-free-poisoner

Returns all memory held in the delayed free-memory poisoner tool queue to the system without validation and clears the related statistical counters. You enable this feature using the memory delayed-free-poisoner enable command.

profile [peak]

Clears the memory buffers held by the memory profiling function. Include the optional peak keyword to clear the contents of the peak memory buffer.

Use the no memory profile enable command to stop memory profiling before clearing the profile buffers.

tracking

Clears memory tracking information collected by the memory tracking enable command.

Command History

Release

Modification

6.1

This command was introduced.

Examples

The following example clears the delayed free-memory poisoner tool queue and statistics: 


> clear memory delayed-free-poisoner

Related Commands

Command

Description

memory

Enables the various memory tools.

show memory delayed-free-poisoner

Displays a summary of the delayed free-memory poisoner tool queue usage.

show memory profile

Displays memory profiling results.

show memory tracking

Displays memory tracking results.

clear mfib counters

To clear Multicast Forwarding Information Base (MFIB) router packet counters, use the clear mfib counters command.

clear mfib { cluster-stats | counters [ source_or_group [ source]]}

Syntax Description

cluster-stats

Clears MFIB cluster synchronization statistics.

count

Clears MFIB route and packet count data. When you use count with no arguments, route counters for all routes are cleared.

source_or_group [group]

(Optional) The source or group IPv4, IPv6, or name. If you specify both, specify the source first. The source address is a unicast address.

Command History

Release

Modification

6.1

This command was introduced.

Examples

The following example clears all MFIB router packet counters: 


> clear mfib counters

Related Commands

Command

Description

show mfib

Displays MFIB route and packet count data.

clear nat counters

To clear NAT policy counters, use the clear nat counters command.

clear nat counters [ interface name] [ ip_addr mask | { objectobject-groupname] [ translated [ interface name] [ ip_addr mask | { objectobject-groupname]]]

Syntax Description

interface name

(Optional) Specifies the source or destination (translated) interface.

ip_addr mask

(Optional) Specifies an IP address and subnet mask.

object name

(Optional) Specifies a network object or service object.

object-group name

(Optional) Specifies a network object group

translated

(Optional) Specifies the translated parameters.

Command History

Release

Modification

6.1

This command was introduced.

Examples

This example shows how to clear the NAT policy counters: 


> clear nat counters

Related Commands

Command

Description

show nat

Displays the protocol stack counters.

clear object

To clear the hit counts of network-service objects, use the clear object command.

clear object [ id object_name | network-service ]

Syntax Description

id name

(Optional) Clear the counter of the specified network-service object. Capitalization matters. For example “object-name” does not match “Object-Name.”

network-service

(Optional.) Clear the counters of all network-service objects. This action is the same as you would get by specifying no parameters on the command.

Command Default

Without parameters, all objects hit counts are cleared.

Command History

Release

Modification

7.1

This command was introduced.

Examples

The following example clears the hit counts of all objects.


> clear object

Related Commands

Command

Description

show object

Shows network-service objects and their hit counts.

clear object-group

To clear the hit counts of objects in a network or network-service object group, use the show object-group command.

clear object-group [ object_group_name ]

Syntax Description

object_group_name

The name of the object group whose counters should be cleared. If you do not specify a name, counters for all object groups are cleared.

Command History

Release

Modification

6.1

This command was introduced.

7.1

This command was extended to work with network-service objects.

Examples

The following example shows how to clear the hit count for the object group named “Anet”: 


> clear object-group Anet

Related Commands

Command

Description

show object-group

Shows object group information.

clear ospf

To clear OSPF process information, use the clear ospf command.

clear ospf [ vrf name | all] { counters [ neighbor interface] | events | force-spf | process /noconfirm | redistribution | traffic}

Syntax Description

counters

Clears the OSPF counters.

neighbor interface

(Optional) Clears statistics for that neighbor only.

events

Clears the OSPF event log.

force-spf

Clears the incremental SPF statistics.

process /noconfirm

Restarts the OSPF routing process.

redistribution

Clears OSPF route redistribution statistics.

traffic

Clears OSPF traffic-related statistics.

[ vrf name | all]

If you enable virtual routing and forwarding (VRF), also known as virtual routers, you can limit the command to a specific virtual router using the vrf name keyword. If you want the command to affect all virtual routers, include the all keyword. If you include neither of these VRF-related keywords, the command applies to the global VRF virtual router.

Command History

Release

Modification

6.1

This command was introduced.

6.6

The [ vrf name | all] keywords were added.

Usage Guidelines

This command does not remove any part of the configuration, it clears statistics only.

Examples

The following example shows how to clear all OSPF neighbor counters: 


> clear ospf counters

Related Commands

Command

Description

show ospf

Shows all OSPF information from the running configuration.

clear packet-debugs

To remove the debug logs from the database, use the clear packet-debugs command.

clear packet-debugs

Command History

Release

Modification

6.4

This command was introduced.

6.5

This command was changed from clear packet debugs to clear packet-debugs .

Usage Guidelines

Use the clear packet-debugs command to remove all the debug logs from the database.

Examples

The following example shows how to remove all debug logs stored in the debug logs database. 


> clear packet-debugs

Related Commands

Command

Description

debug packet-start

Starts writing debug logs to the database.

clear packet-tracer

To remove persistent packet tracers, use the clear packet-tracer command.

clear packet-tracer

Command History

Release

Modification

6.3

This command was introduced.

Usage Guidelines

Persistent packet tracers are those you configure with the persist keyword on the packet-tracer command.

Examples

The following example shows how to remove all persistent packet tracers. 


> clear packet-tracer 
>

Related Commands

Command

Description

packet-tracer

Configures packet tracers.

clear path-monitoring

To clear path monitoring settings on the interface, use the clear path-monitoring command.

clear path-monitoring [ interface name ]

Syntax Description

Interface name

Removes the path-monitoring settings configured on the specified interface.

Command History

Release

Modification

7.2

This command was introduced.

Examples

The following example clears the path monitoring settings on the outside1 interface: 


> clear path-montoring outside1

Related Commands

Command

Description

show path-monitoring

Shows path-monitoring metric information.

clear pclu

To clear PC logical update statistics, use the clear pclu command.

clear pclu

Command History

Release

Modification

6.1

This command was introduced.

Examples

The following example clears PC information: 


> clear pclu

Related Commands

Command

Description

show pclu

Shows PCLU information.

clear pim

To clear PIM traffic counters and mappings, use the clear pim command.

clear pim { counters | group-map [ rp-address] | reset | topology [ group]}

Syntax Description

counters

Clears the PIM traffic counters.

group-map [rp-address]

Deletes group-to-rendezvous point (RP) mapping entries from the RP mapping cache. You can optionally specify the name of a rendezvous point to clear entries for that RP only. The name can be:

  • Name of the RP, as defined in the Domain Name System (DNS) hosts table.

  • IP address of the RP. This is a multicast IP address in four-part dotted-decimal notation.

reset

Forces MRIB synchronization through reset. All information from the topology table is cleared, and the MRIB connection is reset. You can use this option to synchronize states between the PIM topology table and the MRIB database.

topology [group]

Clears existing PIM routes from the PIM topology table. Information obtained from the MRIB table, such as IGMP local membership, is retained. You can optionally specify the multicast group address or name to be deleted from the topology table. The name can be one of the following:

  • Name of the multicast group, as defined in the DNS hosts table.

  • IPv4 or IPV6 address of the multicast group.

Command History

Release

Modification

6.1

This command was introduced.

Examples

The following example clears the PIM traffic counters: 


> clear pim counters

The following example deletes group-RP mapping entries at the 23.23.23.2 RP address: 


> show pim group-map

Group Range         Proto Client Groups RP address      Info
224.0.1.39/32*      DM    static 0      0.0.0.0
224.0.1.40/32*      DM    static 0      0.0.0.0
224.0.0.0/24*       L-Localstatic 1      0.0.0.0
232.0.0.0/8*        SSM   config 0      0.0.0.0
224.0.0.0/4*        SM    config 0      9.9.9.9         RPF: ,0.0.0.0
224.0.0.0/4         SM    BSR    0      23.23.23.2      RPF: Gi0/3,23.23.23.2
> clear pim group-map 23.23.23.2
> show pim group-map
Group Range         Proto Client Groups RP address      Info
224.0.1.39/32*      DM    static 0      0.0.0.0
224.0.1.40/32*      DM    static 0      0.0.0.0
224.0.0.0/24*       L-Localstatic 1      0.0.0.0
232.0.0.0/8*        SSM   config 0      0.0.0.0
224.0.0.0/4*        SM    config 0      9.9.9.9         RPF: ,0.0.0.0
224.0.0.0/4         SM    static 0      0.0.0.0         RPF: ,0.0.0.0

Related Commands

Command

Description

show pim

Displays PIM traffic information.

clear prefix-list

To reset the hit count of the prefix-list entries, use the clear prefix-list command.

clear prefix-list [ prefix_list_name]

Syntax Description

prefix_list_name

(Optional) The name of the prefix list from which the hit count is to be cleared.

Command History

Release

Modification

6.1

This command was introduced.

Examples

The following example shows how to clear prefix-list information from a list named first_list: 


> clear prefix-list first_list
>

Related Commands

Command

Description

show prefix-list

Displays information about a prefix list or prefix list entries.

clear priority-queue statistics

To clear the priority-queue statistics counters for an interface or for all configured interfaces, use the clear priority-queue statistics command

clear priority-queue statistics interface_name

Syntax Description

interface_name

(Optional) Clears priority-queue statistics for the specified interface.

Command History

Release

Modification

6.3

This command was introduced.

Examples

The following example clears priority-queue statistics for all interfaces.


> clear priority-queue statistics

Related Commands

Command

Description

show priority-queue statistics

Shows the priority queue statistics for a specified interface or for all interfaces.

clear process

To clear statistics for specified processes running on the threat defense device, use the clear process command.

clear process { cpu-hog | internals}

Syntax Description

cpu-hog

Clears CPU hogging statistics.

internals

Clears process internal statistics.

Command History

Release

Modification

6.1

This command was introduced.

Examples

The following example shows how to clear CPU hogging statistics: 


> clear process cpu-hog

Related Commands

Command

Description

cpu hog granular-detection

Triggers real-time CPU hog detection information.

show processes

Displays a list of the processes that are running on the threat defense.

clear resource usage

To clear resource usage statistics, use the clear resource usage command.

clear resource usage [ detail | resource {[ rate] resource_name |  all}]

Syntax Description

detail

Clears all resource usage details.

resource [rate] resource_name

Clears the usage of a specific resource. Specify all (the default) for all resources. Specify rate to clear the rate of usage of a resource. Resources that are measured by rate include conns , inspects , and syslogs . You must specify the rate keyword with these resource types. The conns resource is also measured as concurrent connections; only use the rate keyword to view the connections per second.

Resources include the following types:

  • Conns —TCP or UDP connections between any two hosts, including connections between one host and multiple other hosts.

  • Hosts —Hosts that can connect through the device.

  • IPSec —IPSec management tunnels that connect through the device.

  • Mac-addresses —The number of MAC addresses allowed in the MAC address table.

  • Routes —Routing table entries.

  • SSH —SSH sessions.

  • Storage —Storage limit size of directory in MB.

  • Telnet —Telnet sessions.

  • VPN —VPN resources.

  • Xlates —NAT translations.

Command Default

The default resource name is all , which clears all resource types.

Command History

Release

Modification

6.1

This command was introduced.

Examples

The following example clears the system-wide usage statistics: 


> clear resource usage resource all

Related Commands

Command

Description

show resource types

Shows a list of resource types.

show resource usage

Shows the resource usage of the device.

clear route

To remove dynamically learned routes from the routing table, use the clear route command.

clear route [ vrf name | all ] [ management-only ] [ all | ip_address [ ip_mask_or_prefix ]]

Syntax Description

all

Specifies that all learned routes are to be removed.

ip_address mask_or_prefix

The IPv4 or IPv6 destination address and mask or prefix of the route to be removed. If you do not specify a route, all dynamically learned routes are removed.

management-only

(Optional) Clears the management routing table. You can specify a destination address to clear a specific management route.

[ vrf name | all]

If you enable virtual routing and forwarding (VRF), also known as virtual routers, you can limit the command to a specific virtual router using the vrf name keyword. If you want the command to affect all virtual routers, include the all keyword. If you include neither of these VRF-related keywords, the command applies to the global VRF virtual router.

Command History

Release

Modification

6.1

This command was introduced.

6.6

The [ vrf name | all] keywords were added.

7.1

Starting with version 7.1, for units that are part of a high availability group or cluster, this command is available on the active or control unit only. The command clears routes from all units in the HA group or cluster. In previous releases, the command clears routes on the unit on which it is run only.

Examples

The following example shows how to remove all dynamically learned routes. 


> clear route

Related Commands

Command

Description

show route

Displays route information.

clear rule hits

To clear rule hit information for all evaluated rules of access control policies and prefilter policies and reset them to zero, use the clear rule hits command.

clear rule hits [ id]

Syntax Description

id

(Optional) The ID of a rule. Including this argument clears the rule hit information only of the specified rule .

Use the show access-list command to identify a rule ID.

Command Default

If you do not specify a rule ID, the rule hit information for all the rules are cleared and reset to zero.


Note

Exercise caution while using this command as the action is irreversible.

Command History

Release

Modification

6.4

This command was introduced.

Usage Guidelines

The rule hit information covers only the access control rules and prefilter rules.

Examples

Following is an example of clearing all rule hit information: 


> clear rule hits

Related Commands

Command

Description

show rule hits

Displays the rule hit information for all evaluated rules of access control policies and prefilter policies.

show cluster rule hits

Display rule hit information for all evaluated rules of access control policies and prefilter policies from all nodes of a cluster in an aggregated format.

cluster exec show rule hits

Display rule hit information for all evaluated rules of access control policies and prefilter policies from each node of a cluster in a segregated format.

cluster exec clear rule hits

Clears rule hit information for all evaluated rules of access control policies and prefilter policies and reset them to zero, from all nodes in a cluster.

clear service-policy

To clear operational data or statistics for enabled policies, use the clear service-policy command.

clear service-policy [ global | interface intf | shape | user-statistics]

Syntax Description

global

(Optional) Clears the statistics of the global service policy.

interface intf

(Optional) Clears the service policy statistics of a specific interface.

shape

(Optional) Clears the statistics of the shape policy.

user-statistics

(Optional) Clears the global counters for user statistics but does not clear the per-user statistics. This feature is not supported by threat defense.

Command Default

By default, this command clears all the statistics for all enabled service policies.

Command History

Release

Modification

6.1

This command was introduced.

Usage Guidelines

Some inspection engines let you selectively clear statistics. See the clear service-policy inspect commands.

Examples

The following example shows how to clear service policy statistics for the outside interface. 


> clear service-policy interface outside

Related Commands

Command

Description

clear service-policy inspect

Clears service policy statistics for the GTP, M3UA, and RADIUS inspection engines.

show service-policy

Displays the service policy.

show running-config service-policy

Displays the service policies configured in the running configuration.

clear service-policy inspect gtp

To clear GTP inspection statistics, use the clear service-policy inspect gtp command.

clear service-policy inspect gtp { pdp-context { all | apn ap_name | imsi IMSI_value | ms-addr IP_address | tid tunnel_ID | version version_num} | requests [ map name | version version_num] | statistics [ IP_address]}

Syntax Description

pdp-context {all | apn ap_name | imsi IMSI_value | ms-addr IP_address | tid tunnel_ID | version version_num}

Clears Packet Data Protocol (PDP) or bearer context information. You can specify the contexts to clear using the following keywords:

  • all —Clear all contexts.

  • apn ap_name —Clear contexts for the specified access point name.

  • imsi IMSI_value —Clear contexts for the specified IMSI hexadecimal number.

  • ms-addr IP_address —Clear contexts for the specified mobile subscriber (MS) IP address.

  • tid tunnel_ID —Clear contexts for the specified GTP tunnel ID, a hexadecimal number.

  • version version_num —Clear contexts for the specified GTP version (0-255).

requests [map name | version version_num]

Clears GTP requests. You can optionally limit the requests to clear using the following parameters:

  • map name —Clears requests associated with the specified GTP inspection policy map.

  • version version_num —Clears requests for the specified GTP version (0-255).

statistics [IP_address]

Clears GTP statistics for the inspect gtp command. You can clear the statistics for a specific endpoint by specifying the endpoint’s address.

Command History

Release

Modification

6.1

This command was introduced.

Examples

The following example clears GTP statistics: 


> clear service-policy inspect gtp statistics

Related Commands

Command

Description

show service-policy inspect gtp

Displays GTP statistics.

clear service-policy inspect m3ua

To clear M3UA inspection statistics, use the clear service-policy inspect m3ua command.

clear service-policy inspect m3ua { drops | endpoint [ ip_address]}

Syntax Description

drops

Clears M3UA drop statistics.

endpoint [ip_address]

Clears M3UA endpoint statistics. You can optionally include the IP address of an endpoint to clear only the statistics for that endpoint.

Command History

Release

Modification

6.1

This command was introduced.

Usage Guidelines

Use this command to clear statistics from M3UA inspection. Use the show version of this command to view the statistics.

Examples

The following example clears M3UA endpoint statistics: 


> clear service-policy inspect m3ua endpoint

Related Commands

Commands

Description

show service-policy inspect m3ua

Displays the M3UA statistics.

clear service-policy inspect radius-accounting

To clear RADIUS accounting users, use the clear service-policy inspect radius-accounting command.

clear service-policy inspect radius-accounting users { all | ip_address | policy_map}

Syntax Description

all

Clears all users.

ip_address

Clears a user with this IP address.

policy_map

Clears users associated with this policy map.

Command History

Release

Modification

6.1

This command was introduced.

Examples

The following example clears all RADIUS accounting users: 


> clear service-policy inspect radius-accounting users all

clear shun

To disable all the shuns that are currently enabled and clear the shun statistics, use the clear shun command.

clear shun [ statistics]

Syntax Description

statistics

(Optional) Clears the interface counters only.

Command History

Release

Modification

6.1

This command was introduced.

Examples

The following example shows how to disable all the shuns that are currently enabled and clear the shun statistics: 


> clear shun

Related Commands

Command

Description

shun

Enables a dynamic response to an attacking host by preventing new connections and disallowing packets from any existing connection.

show shun

Displays the shun information.

clear snmp-server statistics

To clear SNMP server statistics (SNMP packet input and output counters), use the clear snmp-server statistics command.

clear snmp-server statistics

Command History

Release

Modification

6.1

This command was introduced.

Examples

The following example shows how to clear SNMP server statistics: 


> clear snmp-server statistics

Related Commands

Command

Description

show snmp-server statistics

Displays SNMP server configuration information.

clear snort statistics

To clear Snort statistics (packet counters, flow counters, and event counters), use the clear snort statistics command.

clear snort statistics

Command History

Release

Modification

6.1

This command was introduced.

Examples

The following example shows how to clear Snort statistics: 


> clear snort statistics

Related Commands

Command

Description

show snort statistics

Displays information about the Snort services configuration.

clear snort tls-offload

To clear Snort statistics related to SSL hardware acceleration (connections, encryption, decryption), use the clear snort tls-offload command. Consult Cisco TAC to help you debug your system with this command. This command is available only on the following managed devices, which support SSL hardware acceleration:

  • Firepower 2100 with threat defense

  • Firepower 4100/9300 with threat defense

    For information about TLS crypto acceleration support on Firepower 4100/9300 threat defense container instances, see the FXOS Configuration Guide.

TLS crypto acceleration is not supported on any virtual appliances or on any hardware except for the preceding.

clear snort tls-offload [proxy | tracker]

Syntax Description

proxy

(Optional.) Clears statistics for the proxy only.

tracker

(Optional.) Clears statistics for the tracker only.

Command History

Release

Modification

6.2.3

This command was introduced.

Examples

The following example shows how to clear statics for the proxy:

> clear snort tls-offload proxy

Related Commands

Command

Description

show snort tls-offload

Show statistics for all Snort processes.

debug snort tls-offload

Displays error debug messages of all types for all Snort processes.

clear ssl

To clear SSL information for debugging purposes, use the clear ssl command.

clear ssl { cache [ all] | errors | mib | objects}

Syntax Description

cache [all]

Clears expired sessions in SSL session cache. Add the optional all keyword to clear all sessions and statistics in SSL session cache.

errors

Clears ssl errors.

mib

Clears SSL MIB statistics.

objects

Clears SSL object statistics.

Command History

Release

Modification

6.1

This command was introduced.

Usage Guidelines

DTLS cache is never cleared because it would impact AnyConnect functionality.

Examples

The following example shows clearing ssl cache and clearing all sessions and statistics in SSL session cache. 


> clear ssl cache
SSL session cache cleared: 2
No SSL VPNLB session cache
No SSLDEV session cache
DLTS caches are not cleared
> clear ssl cache all
Clearing all sessions and statistics
SSL session cache cleared: 5
No SSL VPNLB session cache
No SSLDEV session cache
DLTS caches are not cleared

clear sunrpc-server active

To clear the pinholes opened by Sun RPC application inspection, use the clear sunrpc-server active command.

clear sunrpc-server active

Command History

Release

Modification

6.1

This command was introduced.

Usage Guidelines

Use the clear sunrpc-server active command to clear the pinholes opened by Sun RPC application inspection that allow service traffic, such as NFS or NIS, to pass through the device.

Examples

The following example shows how to clear the SunRPC services table: 


> clear sunrpc-server active

Related Commands

Command

Description

show sunrpc-server active

Displays information about active Sun RPC services.

clear threat-detection rate

To reset threat detection rate statistics to zero, use the clear threat-detection rate command.

clear threat-detection rate

Command History

Release

Modification

6.3

This command was introduced.

Examples


> clear threat-detection rate 
>

Related Commands

Command

Description

show threat-detection rate

Shows threat detection rate statistics.

clear threat-detection portscan

To remove information on the attackers and targets identified through portscan threat detection, including shuns on the attacker, or portscan statistics, use the clear threat-detection portscan command.

clear threat-detection portscan [ attacker | target | shun ] [ ipv4_address mask | ipv6_address/prefix ]

clear threat-detection portscan statistics [ host [ ipv4_address | ipv6_address ]] [ protocol { tcp | udp | ip | icmp } ]

Syntax Description

attacker [ipv4_address mask | ipv6_address/prefix]

(Optional.) Clears attackers only. You can supply an IP address and mask (IPv4), or IPv6 address/prefix, to clear a single attacker. Clearing attackers also unblocks the attacker if it was automatically blocked by the portscan prevention configuration.

shun [ipv4_address mask | ipv6_address/prefix]

(Optional.) Clears shunned attackers only. You can supply an IP address and mask (IPv4), or IPv6 address/prefix, to clear a single shunned attacker. Clearing a shun unblocks the attacker if it was automatically blocked by the portscan prevention configuration.

statistics [ host [ ipv4_address | ipv6_address]] [ protocol [ tcp | udp | ip | icmp ]

(Optional.) Clears statistics related to portscan identification. You can optionally specify a host address to clear statistics for that host only. You can alternatively clear the statistics for a specific protocol (TCP/UDP/IP/ICMP), either for all hosts or for a specified host. The host keyword must come before the protocol keyword.

target [ipv4_address mask | ipv6_address/prefix]

(Optional.) Clears targets only. You can supply an IP address and mask (IPv4), or IPv6 address/prefix, to clear a single target.

Command Default

All attackers, targets, shuns, and statistics are cleared.

Command History

Release

Modification

7.2

This command was introduced.

Usage Guidelines

Configure portscan detection in the advanced settings of the access control policy.

Examples

The following example shows how to clear the information for an attacker and remove the block on that host.


> clear threat-detection portscan attacker 10.2.0.100 255.255.255.255 
1 tracker object deleted and 1 shun entry removed

The following example shows how to clear the statistics for a host.


> show threat-detection portscan statistics host 10.2.0.100 
HOST IP                  PROTOCOL HOST COUNT PORT/PROTO COUNT
=============================================================
10.2.0.100                    TCP           1              45 

> clear threat-detection portscan statistics host 10.2.0.100 
1 tracker object deleted

Related Commands

Command

Description

show threat-detection portscan

Shows portscan threat attackers, targets, and statistics.

clear threat-detection scanning-threat

To remove information on the attackers and targets identified through scanning threat detection, use the clear threat-detection scanning-threat command.

clear threat-detection scanning-threat [ attacker [ ip_address [ mask]] | target [ ip_address [ mask]]]

Syntax Description

attacker [ip_address [mask]]

(Optional.) Clears attackers only. You can supply an IP address and optional mask to clear a single attacker.

target [ip_address [mask]]

(Optional.) Clears targets only. You can supply an IP address and optional mask to clear a single target.

Command Default

All attackers and targets are cleared.

Command History

Release

Modification

6.3

This command was introduced.

Examples

The following example shows current scanning threats, then clears them.


> show threat-detection scanning-threat
Latest Target Host & Subnet List:
    192.168.1.0
    192.168.1.249
   Latest Attacker Host & Subnet List:
    192.168.10.234
    192.168.10.0
    192.168.10.2
    192.168.10.3
    192.168.10.4
    192.168.10.5
    192.168.10.6
    192.168.10.7
    192.168.10.8
    192.168.10.9
> clear threat-detection scanning-threat

Related Commands

Command

Description

show threat-detection scanning-threat

Shows scanning threat attackers and targets.

clear threat-detection service

To remove tracked entries and statistics for Threat Detection for VPN Services, use the clear threat-detection service .

clear threat-detection service [ service ] [ statistics | entries ]

Syntax Description

entries

(Optional.) Clear only the entries being tracked but keep the statistics. For example, clear the list of the IP addresses that have had failed authentication attempts.

service

(Optional.) Clear information for the specified service only. Enter one of the following:

  • remote-access-authentication

  • remote-access-client-initiations

  • invalid-vpn-access

statistics

(Optional.) Clear the statistics but not the entries being tracked.

Command Default

If you specify no options, the command clears all the tracked entries and resets the statistics for all services.

Command History

Release

Modification

7.6

This command was introduced.

Usage Guidelines

This command does not remove any shuns applied by the services. To remove all shuns, use clear shun command. To remove individual shuns, use the no shun ip_address [interface if_name] command.

Examples

The following example clears statistics and entries for all services. 


> clear threat-detection service

Related Commands

Command

Description

clear shun

Removes all shuns.

show threat-detection service

Shows threat detection service entries and statistics.

[no]shun

Shuns an address, or clears the shun on a specific address.

clear threat-detection shun

If you configure scanning threat detection to automatically shun attackers, you can remove hosts from the automatic shun list using the clear threat-detection shun command. Use the clear shun command to stop shunning a manually shunned host.

clear threat-detection shun [ ip_address [ mask]]

Syntax Description

ip_address [mask]

(Optional) Releases a specific IP address from being shunned. The subnet mask is optional. The address can be IPv4 or IPv6 (with optional prefix length).

Command Default

All shunned attackers are released.

Command History

Release

Modification

6.3

This command was introduced.

7.4

Support for IPv6 addresses was added.

Examples

The following example shows the shun list, then releases host 10.1.1.6. 


> show threat-detection shun
Shunned Host List:
10.1.1.6
198.1.6.7
> clear threat-detection shun 10.1.1.6

Related Commands

Command

Description

show threat-detection shun

Shows shunned hosts.

clear threat-detection statistics

To reset threat detection statistics to zero, use the clear threat-detection statistics command.

clear threat-detection statistics [ tcp-intercept]

Syntax Description

tcp-intercept

(Optional) Clears TCP Intercept statistics.

Command History

Release

Modification

6.3

This command was introduced.

Examples

The following example clears all threat detection statistics. 


> clear threat-detection statistics

Related Commands

Command

Description

show threat-detection statistics

Shows threat detection statistics.

clear traffic

To reset the counters for transmit and receive activity, use the clear traffic command.

clear traffic

Command History

Release

Modification

6.1

This command was introduced.

Usage Guidelines

The clear traffic command resets the counters for transmit and receive activity that is displayed with the show traffic command. The counters indicate the number of packets and bytes moving through each interface since the last clear traffic command was entered or since the device came online. And the number of seconds indicate the duration the device has been online since the last reboot.

Examples

The following example shows the clear traffic command: 


> clear traffic

Related Commands

Command

Description

show traffic

Displays the counters for transmit and receive activity.

clear vpn-sessiondb statistics

To clear statistics for VPN sessions, use the clear vpn-sessiondb statistics command.

clear vpn-sessiondb statistics { all | anyconnect | failover | global | index number | ipaddress IP_address | l2l | name username | ospfv3 | protocol protocol | ra-ikev1-ipsec | ra-ikev2-ipsec | tunnel-group name | vpn-lb | webvpn}

Syntax Description

all

Clears statistics for all sessions.

anyconnect

Clears statistics for AnyConnect VPN client sessions.

failover

Clears statistics for failover IPsec sessions.

global

Clears statistics for global session data.

index index_number

Clears statistics of a single session by index number. The output of the show vpn-sessiondb detail command displays index numbers for each session.

ipaddress IP_address

Clears statistics for sessions of the IP address that you specify.

l2l

Clears statistics for VPN LAN-to-LAN sessions.

protocol protocol

Clears statistics for specific protocols. Enter "?" to see the list of protocols.

ra-ikev1-ipsec

Clears statistics for IPsec IKEv1 sessions.

ra-ikev2-ipsec

Clears statistics for IPsec IKEv2 sessions.

tunnel-group groupname

Clears statistics for sessions for the tunnel group (connection profile) that you specify.

vpn-lb

Clears statistics for VPN load balancing management sessions.

webvpn

Clears statistics for clientless SSL VPN sessions.

Command History

Release Modification
6.1

This command was introduced.

Examples

The following example clears statistics for all VPN sessions: 


> clear vpn-sessiondb statistics all
INFO: Number of sessions cleared : 20

Related Commands

Commands

Description

show vpn-sessiondb

Displays information about VPN sessions.

clear wccp

To reset Web Cache Communication Protocol (WCCP) information, use the clear wccp command.

clear wccp [ web-cache | service_number]

Syntax Description

web-cache

Specifies the web-cache service.

service-number

A dynamic service identifier, which means the service definition is dictated by the cache. The dynamic service number can be from 0 to 254.

Command History

Release

Modification

6.1

This command was introduced.

Examples

The following example shows how to reset the WCCP information for the web-cache service: 


> clear wccp web-cache

Related Commands

Command

Description

show wccp

Displays the WCCP configuration.

clear webvpn statistics

To clear statistics for remote access VPN, use the clear webvpn statistics command.

clear webvpn statistics

Command History

Release Modification
6.2.1 This command was introduced.

Examples

The following example clears remote access VPN statistics: 


> clear webvpn statistics

Related Commands

Commands

Description

show webvpn

Displays information about remote access VPN.

clear xlate

To clear current dynamic NAT translation and connection information, use the clear xlate command.

clear xlate [ global ip1[ -ip2] [ netmask mask]] [ local ip1[ -ip2] [ netmask mask]] 
[ gport port1[ -port2]] [ lport port1[ -port2]] [ interface if_name] [ type type]

Syntax Description

global ip1[-ip2]

(Optional) Clears the active translations by global IP address or range of addresses.

gport port1[-port2]

(Optional) Clears the active translations by the global port or range of ports.

interface if_name

(Optional) Displays the active translations by interface.

local ip1[-ip2]

(Optional) Clears the active translations by local IP address or range of addresses.

lport port1[-port2]

(Optional) Clears the active translations by local port or range of ports.

netmask mask

(Optional) Specifies the network mask or IPv6 prefix to qualify the global or local IP addresses.

type type

(Optional) Clears the active translations by type. You can enter one of the following types:

  • dynamic —Specifies dynamic translations.

  • portmap —Specifies PAT global translations.

  • static —Specifies static translations.

  • twice-nat —Specifies a manual NAT translation.

Command History

Release

Modification

6.1

This command was introduced.

Usage Guidelines

The clear xlate command clears the contents of the translation slots (“xlate” refers to the translation slot). Translation slots can persist after key changes have been made. Always use the clear xlate command after adding, changing, or removing NAT rules.

An xlate describes a NAT or PAT session. These sessions can be viewed with the show xlate detail command.

There are two types of xlates: static and dynamic. A static xlate is a persistent xlate that is created using a static NAT rule. The clear xlate command does not clear static entries. Static xlates can only be removed by removing the static NAT rule from the configuration. If you remove a static rule from the configuration, preexisting connections that use the static rule can still forward traffic. Use the clear local-host or clear conn command to deactivate these connections.

A dynamic xlate is an xlate that is created on demand with traffic processing. The clear xlate command removes dynamic xlates and their associated connections. You can also use the clear local-host or clear conn command to clear the xlate and associated connections. If you remove a dynamic NAT rule from the configuration, the dynamic xlate and associated connections may remain active. Use the clear xlate command to remove these connections.

Examples

The following example shows how to clear the current translation and connection slot information: 


> clear xlate global

Related Commands

Command

Description

clear local-host

Clears local host network information.

show conn

Displays all active connections.

show local-host

Displays the local host network information.

show xlate

Displays the current translation information.

clear zero-trust

To clear the zero trust sessions and statistics, use the clear zero-trust command.

When a session is cleared, all existing cookies in the browser are deemed invalid and the users are redirected for authentication. This helps the administrator to block access to a rogue user or a compromised application. The user still has access to the application even if the session is cleared by the administrator. The user is redirected for authentication only when the user tries to navigate inside the page or the browser refreshes the page.

clear zero-trust sessions [ application | application-group | user ]

clear zero-trust statistics

Syntax Description

application

Clears zero trust sessions for an application

application-group

Clears zero trust sessions for an application group

user

Clears zero trust sessions for an user

Command Default

None

Command History

Release

Modification

7.4

This command was introduced.

Usage Guidelines

None

Related Commands

Command

Description

show zero-trust

Displays the run-time zero trust statistics and session information

show cluster zero-trust

Displays cluster statistics

show running-config zero-trust

Displays the zero trust running configuration

show counters protocol zero_trust

Displays the counters that are hit for zero trust flow