I doubt this is the necessary command. I don’t understand a bit in Cisco ASA but from my networking experience I’m sure that arp tables have nothing to do with routing tables… In fact, in the next sections of the same document:
you can find this:
To remove dynamically learned routes from the configuration, use the clear route command in privileged EXEC mode.
clear route [interface_name]
Good answer if the question was how to clear the ARP table, but it was not. The question was how to clear the ASP routing table (accelerated security path).
It really should be : clear asp table which clears all the stats that are used for this.
Clearing the routes with the ‘clear route’ command will remove any dynamically learned routes in the main routing table, not in the ASP table.
BTW, I’ve been always puzzled by the Cisco “in house” terminology (( Can you explain in couple words how these “accelerated security paths”, their routing and arp tables correspond to the ole networking (firewalling?) terms?
The accelerated security path is the way that the ASA handles packets in a conversation, after the decisions have been made about the first one. The first packet is dealt with by the processor, and is subjected to any filtering, or modification, and then all the subsequent ones have the same things applied to them, and are processed in exactly the same way. This is the accelerated security path. It is a bit like a layer 3 switch, it routes the first packet in a conversation, and then switches the rest using the same decisions as the routed packet.
The routing and arp tables are exactly like in a layer 3 switch or router. They are used to route packets, and to resolve mac to IP addresses respectively.
I hope this helps. More information is on the Cisco site if you want to go deeper.
You cleared a lot of my puzzling. So, “accelerated security path” is closer to the firewall connection tracking in stateful firewalls than to any routing paradigm… Well, why then it needs separate routing and arp tables?
I’m somewhat (severely ))) netfilter-skewed, and my least-favorite part there are also firewall rules-based route and arp rewriting, but to be honest, connection tracking in Linux netfilter does pretty well without these exotics…