10 things you can do with the Cisco IOS service command

Are you familiar with the Global Configuration Code service command? At first, you might not recognize this command, but if you think about it, some well-known commands start with service.

A quick review

The service command is the beginning of 24 other subcommands. Some of these commands are relatively unimportant, but others are so important that you probably know them by heart. However, as you know, many commands seem unimportant — until you need them.

Again, you must use the service command when in Global Configuration Mode. Here's a look at the 24 subcommands:

TechRepublic-Router# config t TechRepublic-Router(config)# service ?

TechRepublic-Router(config)#service ?

   alignment              Control alignment correction and logging

   compress-config        Compress the nvram configuration file

   config                 TFTP load config files

   dhcp                   Enable DHCP server and relay agent

   disable-ip-fast-frag   Disable IP particle-based fast fragmentation

   exec-callback          Enable exec callback

   exec-wait              Delay EXEC startup on noisy lines

   finger                 Allow responses to finger requests

   hide-telnet-addresses  Hide destination addresses in telnet command

   linenumber             enable line number banner for each exec

   nagle                  Enable Nagle's congestion control algorithm

   old-slip-prompts       Allow old scripts to operate with slip/ppp

   pad                    Enable PAD commands

   password-encryption    Encrypt system passwords

   prompt                 Enable mode specific prompt

   pt-vty-logging         Log significant VTY-Async events

   sequence-numbers       Stamp logger messages with a sequence number

   slave-log              Enable log capability of slave IPs

   tcp-keepalives-in      Generate keepalives on idle incoming network connections

   tcp-keepalives-out     Generate keepalives on idle outgoing network connections

   tcp-small-servers      Enable small TCP servers (e.g., ECHO)

   telnet-zeroidle        Set TCP window 0 when connection is idle

   timestamps             Timestamp debug/log messages

   udp-small-servers      Enable small UDP servers (e.g., ECHO)TechRepublic-Router(config)#service

Of course, it's unlikely you're going to spend the time to memorize all 24 subcommands. To help you out, I've chosen the 10 most important commands you should know.

#1: service dhcp

You can use the service dhcp command to enable or disable the Cisco IOS DHCP server and relay agent. The Cisco IOS enables this command by default.

However, if you're turning on DHCP or it isn't functioning, you should check the status of the service dhcp command. (You can disable the server using the no service dhcp command.)

#2: service linenumber

The service linenumber command notifies the user of the router's or switch's async line number used at login. This can come in handy if you're having problems with your VTY line — it reminds you what line you're on. It even works on the console. Here's an example:

TechRepublic-Router con0 is now available 

Press RETURN to get started.

TechRepublic-Router line 0


#3: service password-encryption

This command should be one you've already enabled. While disabled by default, the service password-encryption command is one that I recommend everyone turn on.

This command encrypts the Cisco IOS passwords stored in the router's NVRAM configuration files. This helps prevent anyone from browsing the passwords if the configuration finds its ways to something like a TFTP server.

#4: service nagle

Nagle is a congestion control algorithm used to reduce the transmission of small packets. It's a bandwidth-saving feature for keystroke-based applications (such as Telnet). While the Cisco IOS turns off Nagle by default, you can enable it with the service nagle command.

#5: service prompt config

The service prompt config command displays the configuration prompt. To be honest, I never noticed this command before researching this article. (All the hidden commands in the IOS continue to amaze me.)

If you enter no service prompt config, you'll get no prompt when going into Global Configuration Mode. In other words, you can still type, but you don't get any kind of prompt. This would really throw off someone who wasn't familiar with this command.

Here's an example:

TechRepublic-Router(config)# no service prompt config



TechRepublic-Router# conf t

Enter configuration commands, one per line.  End with CNTL/Z.

service prompt config


#6: service sequence-numbers

You can use the service sequence-numbers command to insert sequence numbers into log files. This can be important when log entries are coming really quickly. In fact, they can come so quickly that they appear at the same time. Here's an example of sequence numbers:

000377: *Mar 17 23:06:33.609: %SYS-5-CONFIG_I: Configured from console by console

(where the 000377 is the sequence number)

#7: service tcp-keepalives

You can use the service tcp-keepalives-in and the service tcp-keepalives-out commands to monitor TCP connections to and from the router. They can terminate connections if the router or switch doesn't receive a response from the remote device.

#8: service tcp-small-servers

The Cisco IOS disables the service tcp-small-servers command by default. Enabling this command turns on the following services on the router: Echo, Discard, Chargen, and Daytime.

I don't recommend enabling this service because it could be a security concern. If you see any routers that have this command enabled, I suggest disabling it unless there's a purpose for these services.

#9: service timestamps

You can use the service timestamps command to create timestamps on the router's log files. Since version 11.3, the Cisco IOS has enabled certain timestamps by default, so most of us have this on. However, there are additional timestamps options that you can enable as well as places where timestamps are probably off by default.

Here's an example of turning on all timestamp options for logging and debugging:

service timestamps log datetime localtime msec show-timezone year 

service timestamps debugging datetime localtime msec show-timezone year

#10: service password-recovery

The service password-recovery command enables the password recovery capability. This lets you recover the enable-mode password if you lose it by changing the config-register.

The no service password-recovery command can be dangerous. If you use this command, there's no way to recover the enable-mode password if you lose it.

The service command offers plenty of options, but these are the 10 I think are the most important — do you agree? What do you use the service command for?

David Davis has worked in the IT industry for 12 years and holds several certifications, including CCIE, MCSE+I, CISSP, CCNA, CCDA, and CCNP. He currently manages a group of systems/network administrators for a privately owned retail company and performs networking/systems consulting on a part-time basis.

Want to learn more about router and switch management? Automatically sign up for our free Cisco Routers and Switches newsletter, delivered each Friday!

Editor's Picks