H Commands
This chapter describes the Cisco NX-OS security commands that begin with H.
hardware access-list lou resource threshold
To configure the threshold value for logical operation units (LOUs), use the hardware access-list lou resource threshold command. To remove the threshold value and revert to the default value, use the no form of this command.
hardware access-list lou resource threshold value
no hardware access-list lou resource threshold value
Syntax Description
Threshold value. Valid values are from 1 to 32. The default is 5. |
Command Default
Command Modes
Command History
|
|
Usage Guidelines
Examples
The following example shows how to configure the maximum threshold value of 15 for LOUs.
hardware profile tcam resource service-template
To commit a template in the running image, use the hardware profile tcam resource service-template command. To commit a default template, use the no form of this command.
hardware profile tcam resource service-template user-defined-template
no hardware profile tcam resource service-template currently-committed- template
Syntax Description
Command Default
Command Modes
Command History
Usage Guidelines
Use the show hardware profile tcam resource template command to list the template names to use in this command.
Examples
This example shows how to commit a user defined template:
Related Commands
|
|
---|---|
hardware sup-tcam correction asic
To rewrite a corrupted supervisor-region Ternary Content-Addressable Memory (TCAM) entry content with the content stored in the database, use the hardware sup-tcam correction asic command. To disable continuous periodic detection, use the no form of this command.
hardware sup-tcam correction asic {ASIC-ID | all } entry {TCAM-INDEX | all }
Syntax Description
Command Default
Command Modes
Command History
|
|
Usage Guidelines
Examples
This example shows how to rewrite a corrupted supervisor-region TCAM entry content with the content stored in the database:
Related Commands
hardware sup-tcam monitoring enable
To enable a continuous periodic detection of corrupted supervisor-region Ternary Content-Addressable Memory (TCAM) entries, use the hardware sup-tcam monitoring enable command. To disable continuous periodic detection, use the no form of this command.
hardware sup-tcam monitoring enable
Syntax Description
Command Default
By default, the periodic corruption detection mechanism is set to run once every 1440 minutes or 1 day.
Command Modes
Command History
|
|
Usage Guidelines
Examples
This example shows how to enable continuous periodic detection of corrupted supervisor-region TCAM entries:
This example shows how to disable continuous periodic detection of corrupted supervisor-region TCAM entries:
Related Commands
hardware sup-tcam monitoring timer-expiry
To change the periodic corruption detection mechanism timer value, use the hardware sup-tcam monitoring timer-expiry command. To remove the configuration, use the no form of this command.
hardware sup-tcam monitoring timer-expiry timeout-in-minutes
no hardware sup-tcam monitoring timer-expiry
Syntax Description
Periodic corruption detection mechanism timer value in minutes. The range for the timer is from 5 to 2880 minutes (2 days). |
Command Default
Command Modes
Command History
|
|
Usage Guidelines
Examples
This example shows how to change the periodic corruption detection mechanism timer value:
This example shows how to remove the configured periodic corruption detection mechanism timer value:
Related Commands
hardware sup-tcam monitoring trigger-detection
To initiate an on-demand verification iteration that involves reading each supervisor-region Ternary Content-Addressable Memory (TCAM) entry and comparing this TCAM entry data with the content stored in the database, use the hardware sup-tcam monitoring trigger-detection command.
hardware sup-tcam monitoring trigger-detection
Syntax Description
Command Default
Command Modes
Command History
|
|
Usage Guidelines
This command does not require a license.
A syslog is generated if there is a mismatch between the supervisor-region Ternary Content-Addressable Memory (TCAM) entry content and the content stored in the database.
Examples
This example shows how to initiate an on-demand verification iteration that involves reading each sup-region TCAM entry and comparing this TCAM entry data with content stored in the database:
Related Commands
host (IPv4)
To specify a host or a subnet as a member of an IPv4-address object group, use the host command. To remove a group member from an IPv4-address object group, use the no form of this command.
[ sequence-number ] host IPv4-address
no { sequence-number | host IPv4-address }
[ sequence-number ] IPv4-address network-wildcard
no IPv4-address network-wildcard
[ sequence-number ] IPv4-address / prefix-len
Syntax Description
Defaults
Command Modes
IPv4 address object group configuration
Command History
|
|
Usage Guidelines
To specify a subnet as a group member, use either of the following forms of this command:
[ sequence-number ] IPv4-address network-wildcard
[ sequence-number ] IPv4-address / prefix-len
Regardless of the command form that you use to specify a subnet, the device shows the IP-address / prefix-len form of the group member when you use the show object-group command.
To specify a single IPv4 address as a group member, use any of the following forms of this command:
[ sequence-number ] host IPv4-address
[ sequence-number ] IPv4-address 0.0.0.0
[ sequence-number ] IPv4-address /32
Regardless of the command form that you use to specify a single IPv4 address, the device shows the host IP-address form of the group member when you use the show object-group command.
Examples
This example shows how to configure an IPv4-address object group named ipv4-addr-group-13 with two group members that are specific IPv4 addresses and one group member that is the 10.23.176.0 subnet:
Related Commands
|
|
---|---|
host (IPv6)
To specify a host or a subnet as a member of an IPv6-address object group, use the host command. To remove a group member from an IPv6-address object group, use the no form of this command.
[ sequence-number ] host IPv6-address
no { sequence-number | host IPv6-address }
[ sequence-number ] IPv6-address / network-prefix
no IPv6-address / network-prefix
Syntax Description
Defaults
Command Modes
IPv6 address object group configuration
Command History
|
|
Usage Guidelines
To specify a subnet as a group member, use the following form of this command:
[ sequence-number ] IPv6-address / network-prefix
To specify a single IP address as a group member, use any of the following forms of this command:
[ sequence-number ] host IPv6-address
[ sequence-number ] IPv6-address /128
Regardless of the command form that you use to specify a single IPv6 address, the device shows the host IPv6-address form of the group member when you use the show object-group command.
Examples
This example shows how to configure an IPv6-address object group named ipv6-addr-group-A7 with two group members that are specific IPv6 addresses and one group member that is the 2001:db8:0:3ab7:: subnet:
Related Commands
|
|
---|---|