C Commands
This chapter describes the Cisco NX-OS security commands that begin with C.
checkpoint
To take a snapshot of the current running configuration and store the snapshot in the file system in an ASCII format, use the checkpoint command.
checkpoint [checkpoint-name [description descp-text [...description descp-text]] | description descp-text | file {bootflash: | volatile:}[//server][directory/][filename]]
no checkpoint [checkpoint-name | description descp-text | file {bootflash: | volatile:}[//server][directory/][filename]]
Syntax Description
Note There can be no spaces in the filesystem://server/directory/filename string. Individual elements of this string are separated by colons (:) and slashes (/).
Command Default
Automatically generates checkpoint name (user-checkpoint-number).
Command Modes
EXEC mode
Command History
|
|
---|---|
5.0(2)N1(1) |
This command was introduced. |
Usage Guidelines
Checkpoints are local to a switch. When you create a checkpoint, a snapshot of the current running configuration is stored in a checkpoint file. If you do not provide a checkpoint name, Cisco NX-OS sets the checkpoint name to user-checkpoint-number, where the number is from 1 to 10.
If Fibre Channel over Ethernet (FCoE) is enabled on the switch, you cannot restore the active configuration to the checkpoint state. The following error message appears when you create a checkpoint on a FCoE-enabled switch:
switch# checkpoint chkpoint-1
ERROR: ascii-cfg: FCOE is enabled. Disbaling rollback module (err_id 0x405F004C)
switch#
On a switch that has FCoE disabled, you see the following message when you create the checkpoint:
switch# checkpoint chkpoint-1
...Done
switch#
You can create up to ten checkpoints of your configuration per switch. When the number of checkpoints reaches the maximum limit, the oldest entry is removed.
You cannot apply the checkpoint file of one switch into another switch. You cannot start a checkpoint filename with the word system.
The checkpoint files are stored as text files that you cannot directly access or modify. When a checkpoint is cleared from the system, the associated checkpoint configuration file is deleted.
Examples
This example shows how to create a checkpoint:
switch# checkpoint
...
user-checkpoint-4 created Successfully
Done
switch#
This example shows how to create a checkpoint, named chkpnt-1, and define its purpose:
switch# checkpoint chkpnt-1 description Checkpoint to save current configuration, Sep 9 10:02 A.M.
switch#
This example shows how to create a checkpoint configuration file named chkpnt_configSep9-1.txt in the bootflash storage system:
switch# checkpoint file bootflash:///chkpnt_configSep9-1.txt
switch#
This example shows how to delete a checkpoint named chkpnt-1:
switch# no checkpoint chkpnt-1
switch#
Related Commands
clear access-list counters
To clear the counters for all IPv4 access control lists (ACLs) or a single IPv4 ACL, use the clear access-list counters command.
clear access-list counters [access-list-name]
Syntax Description
access-list-name |
(Optional) Name of the IPv4 ACL whose counters the switch clears. The name can be a maximum of 64 alphanumeric characters. |
Command Default
None
Command Modes
EXEC mode
Command History
|
|
4.0(0)N1(1a) |
This command was introduced. |
Examples
This example shows how to clear counters for all IPv4 ACLs:
switch# clear access-list counters
This example shows how to clear counters for an IPv4 ACL named acl-ipv4-01:
switch# clear access-list counters acl-ipv4-01
Related Commands
clear accounting log
To clear the accounting log, use the clear accounting log command.
clear accounting log
Syntax Description
This command has no arguments or keywords.
Command Default
None
Command Modes
EXEC mode
Command History
|
|
4.0(0)N1(1a) |
This command was introduced. |
Examples
This example shows how to clear the accounting log:
switch# clear accounting log
Related Commands
|
|
---|---|
show accounting log |
Displays the accounting log contents. |
clear checkpoint database
To clear the checkpoints configured on the switch, use the clear checkpoint database command.
clear checkpoint database [system | user]
Syntax Description
system |
Clears the configuration rollback checkpoint database for system checkpoints. |
user |
Clears the configuration rollback checkpoint database for user checkpoints. |
Command Default
None
Command Modes
EXEC mode
Command History
|
|
---|---|
5.0(2)N1(1) |
This command was introduced. |
Examples
This example shows how to clear the configured checkpoints:
switch# clear checkpoint database
.Done
switch#
Related Commands
|
|
---|---|
checkpoint |
Creates a checkpoint. |
show checkpoint |
Displays all configured checkpoints. |
clear ip arp
To clear the Address Resolution Protocol (ARP) table and statistics, use the clear ip arp command.
clear ip arp [vlan vlan-id [force-delete | vrf {vrf-name | all | default | management}]]
Syntax Description
Command Default
None
Command Modes
Any command mode
Command History
|
|
4.2(1)N1(1) |
This command was introduced. |
Examples
This example shows how to clear the ARP table statistics:
switch# clear ip arp
switch#
This example shows how to clear the ARP table statistics for VLAN 10 with the VRF vlan-vrf:
switch# clear ip arp vlan 10 vrf vlan-vrf
switch#
Related Commands
|
|
---|---|
show ip arp |
Displays the ARP configuration status. |
clear ip arp inspection log
To clear the Dynamic ARP Inspection (DAI) logging buffer, use the clear ip arp inspection log command.
clear ip arp inspection log
Syntax Description
This command has no arguments or keywords.
Command Default
None
Command Modes
Any command mode
Command History
|
|
5.0(3)N1(1) |
This command was introduced. |
Examples
This example shows how to clear the DAI logging buffer:
switch# clear ip arp inspection log
switch#
Related Commands
clear ip arp inspection statistics vlan
To clear the Dynamic ARP Inspection (DAI) statistics for a specified VLAN, use the clear ip arp inspection statistics vlan command.
clear ip arp inspection statistics vlan vlan-list
Syntax Description
Command Default
None
Command Modes
Any command mode
Command History
|
|
5.0(3)N1(1) |
This command was introduced. |
Examples
This example shows how to clear the DAI statistics for VLAN 2:
switch# clear ip arp inspection statistics vlan 2
switch#
This example shows how to clear the DAI statistics for VLANs 5 through 12:
switch# clear ip arp inspection statistics vlan 5-12
switch#
This example shows how to clear the DAI statistics for VLAN 2 and VLANs 5 through 12:
switch# clear ip arp inspection statistics vlan 2,5-12
switch#
Related Commands
clear ip dhcp snooping binding
To clear the Dynamic Host Configuration Protocol (DHCP) snooping binding database, use the clear ip dhcp snooping binding command.
clear ip dhcp snooping binding [vlan vlan-id [mac mac-address ip ip-address] [interface {ethernet slot/port | port-channel channel-number}]]
Syntax Description
Command Default
None
Command Modes
Any command mode
Command History
|
|
5.0(2)N2(1) |
This command was introduced. |
Examples
This example shows how to clear the DHCP snooping binding database:
switch# clear ip dhcp snooping binding
switch#
This example shows how to clear a specific entry from the DHCP snooping binding database:
switch# clear ip dhcp snooping binding vlan 23 mac 0060.3aeb.54f0 ip 10.34.54.9 interface ethernet 2/11
switch#
Related Commands
clear ip dhcp snooping statistics
To clear the Dynamic Host Configuration Protocol (DHCP) snooping statistics, use the clear ip dhcp snooping statistics command.
clear ip dhcp snooping statistics
Syntax Description
This command has no arguments or keywords.
Command Default
None
Command Modes
Any command mode
Command History
|
|
5.0(2)N2(1) |
This command was introduced. |
Examples
This example shows how to clear the DHCP snooping statistics:
switch# clear ip dhcp snooping statistics
switch#