Friday, June 13, 2008
Are you familiar with the Global Configuration Code service command? At first, you might not recognize this command, but if you think about it, some well-known commands start with service.
A quick review
The service command is the beginning of 24 other subcommands. Some of these commands are relatively unimportant, but others are so important that you probably know them by heart. Here is a look at the 24 subcommands:
TEK-Router# config t
TEK-Router(config)# service ?
alignment Control alignment correction and logging
compress-config Compress the nvram configuration file
config TFTP load config files
dhcp Enable DHCP server and relay agent
disable-ip-fast-frag Disable IP particle-based fast fragmentation
exec-callback Enable exec callback
exec-wait Delay EXEC startup on noisy lines
finger Allow responses to finger requests
hide-telnet-addresses Hide destination addresses in telnet command
linenumber enable line number banner for each exec
nagle Enable Nagle’s congestion control algorithm
old-slip-prompts Allow old scripts to operate with slip/ppp
pad Enable PAD commands
password-encryption Encrypt system passwords
prompt Enable mode specific prompt
pt-vty-logging Log significant VTY-Async events
sequence-numbers Stamp logger messages with a sequence number
slave-log Enable log capability of slave IPs
tcp-keepalives-in Generate keepalives on idle incoming network connections
tcp-keepalives-out Generate keepalives on idle outgoing network connections
tcp-small-servers Enable small TCP servers (e.g., ECHO)
telnet-zeroidle Set TCP window 0 when connection is idle
timestamps Timestamp debug/log messages
udp-small-servers Enable small UDP servers (e.g., ECHO)TEKsystems-
Of course, it’s unlikely you’re going to spend the time to memorize all 24 subcommands. To help you out, I’ve chosen the 10 most important commands you should know.
#1: service dhcp
You can use the service dhcp command to enable or disable the Cisco IOS DHCP server and relay agent. The Cisco IOS enables this command by default. However, if you’re turning on DHCP or it isn’t functioning, you should check the status of the service dhcp command. (You can disable the service using the no service dhcp command.)
#2: service line number
The service line number command notifies the user of the router’s or switch’s Async line number used at login. This can come in handy if you’re having problems with your VTY line. It reminds you what line you’re on. It even works on the console.
#3: service password-encryption
This command should be one you’ve already enabled. While disabled by default, the service password-encryption command is one that I recommend everyone turn on. This command encrypts the Cisco IOS passwords stored in the router’s NVRAM configuration files. This helps prevent a person from browsing the passwords in clear text.
#4: service nagle
Nagle is a congestion control algorithm used to reduce the transmission of small packets. It’s a bandwidth-saving feature for keystroke-based applications such as Telnet. While the Cisco IOS turns off Nagle by default, you can enable it with the service nagle command.
#5: service prompt config
The service prompt config command displays the configuration prompt. As a practical joke one of my students enabled this command. Up until that then, I never noticed this command. If you enter no service prompt config, you’ll get no prompt when going into Global Configuration Mode. In other words, you can still type, but you don’t get any kind of prompt. This would really throw off someone who wasn’t familiar with the command.
#6: service configuration Error Messages
Occasionally during the boot process of Cisco hardware using Cisco IOS software, error messages appear similar to those below:
%Error opening tftp://255.255.255.255/network-confg (Socket error)
%Error opening tftp://255.255.255.255/cisconet.cfg (Socket error)
These error messages are related to the default service configuration option built into Cisco IOS software which attempts to access the service configuration files from a network Trivial File Transfer Protocol (TFTP) server. Disable this feature by entering the no service config global command.
#7: service tcp-keepalives
You can use the service tcp-keepalives-in and the service tcp-keepalives-out commands to monitor TCP connections to and from the router. They can terminate connections if the router or switch doesn’t receive a response from the remote device.
#8: service tcp-small-servers
The Cisco IOS disables the service tcp-small-servers command by default. Enabling this command turns on the following services on the router: Echo, Discard, Chargen, and Daytime. I don’t recommend enabling this service because it could be a security concern. If you see any routers that have this command enabled, I suggest disabling it unless you have a specific purpose for these services.
#9: service timestamps
You can use the service timestamps command to create timestamps on the router’s log files. Since version 11.3, the Cisco IOS has enabled certain timestamps by default, so most of us have this on. However, there are additional timestamps options that you can enable as well as places where timestamps are probably off by default.
#10: service password-recovery
The service password-recovery command enables the password recovery capability. This lets you recover the enable-mode password if you lose it by changing the config-register. The no service password-recovery command can be dangerous. If you use this command, there’s no way to recover the enable-mode password if you lose it.
The service command offers plenty of options, but these are the 10 I think are the most important — do you agree? What do you use the service command for?
Written by: Sarah Giard: Cisco Curricula Practice Owner, TEKsystems
Please keep your comments relevant to this blog entry. Email addresses are never displayed, but they are required to confirm your comments.