Are you familiar with the Global Configuration Code service command? At first, you might not recognize this command, but if you think about it, some well-known commands start with service.
A quick review
The service command is the beginning of 24 other subcommands. Some of these commands are relatively unimportant, but others are so important that you probably know them by heart. However, as you know, many commands seem unimportant — until you need them.
Again, you must use the service command when in Global Configuration Mode. Here's a look at the 24 subcommands:
TechRepublic-Router# config t TechRepublic-Router(config)# service ?
alignment Control alignment correction and logging
compress-config Compress the nvram configuration file
config TFTP load config files
dhcp Enable DHCP server and relay agent
disable-ip-fast-frag Disable IP particle-based fast fragmentation
exec-callback Enable exec callback
exec-wait Delay EXEC startup on noisy lines
finger Allow responses to finger requests
hide-telnet-addresses Hide destination addresses in telnet command
linenumber enable line number banner for each exec
nagle Enable Nagle's congestion control algorithm
old-slip-prompts Allow old scripts to operate with slip/ppp
pad Enable PAD commands
password-encryption Encrypt system passwords
prompt Enable mode specific prompt
pt-vty-logging Log significant VTY-Async events
sequence-numbers Stamp logger messages with a sequence number
slave-log Enable log capability of slave IPs
tcp-keepalives-in Generate keepalives on idle incoming network connections
tcp-keepalives-out Generate keepalives on idle outgoing network connections
tcp-small-servers Enable small TCP servers (e.g., ECHO)
telnet-zeroidle Set TCP window 0 when connection is idle
timestamps Timestamp debug/log messages
udp-small-servers Enable small UDP servers (e.g., ECHO)
Of course, it's unlikely you're going to spend the time to memorize all 24 subcommands. To help you out, I've chosen the 10 most important commands you should know.
#1: service dhcp
You can use the service dhcp command to enable or disable the Cisco IOS DHCP server and relay agent. The Cisco IOS enables this command by default.
However, if you're turning on DHCP or it isn't functioning, you should check the status of the service dhcp command. (You can disable the server using the no service dhcp command.)
#2: service linenumber
The service linenumber command notifies the user of the router's or switch's async line number used at login. This can come in handy if you're having problems with your VTY line — it reminds you what line you're on. It even works on the console. Here's an example:
TechRepublic-Router con0 is now available
Press RETURN to get started.
TechRepublic-Router line 0
#3: service password-encryption
This command should be one you've already enabled. While disabled by default, the service password-encryption command is one that I recommend everyone turn on.
This command encrypts the Cisco IOS passwords stored in the router's NVRAM configuration files. This helps prevent anyone from browsing the passwords if the configuration finds its ways to something like a TFTP server.
#4: service nagle
Nagle is a congestion control algorithm used to reduce the transmission of small packets. It's a bandwidth-saving feature for keystroke-based applications (such as Telnet). While the Cisco IOS turns off Nagle by default, you can enable it with the service nagle command.
#5: service prompt config
The service prompt config command displays the configuration prompt. To be honest, I never noticed this command before researching this article. (All the hidden commands in the IOS continue to amaze me.)If you enter no service prompt config, you'll get no prompt when going into Global Configuration Mode. In other words, you can still type, but you don't get any kind of prompt. This would really throw off someone who wasn't familiar with this command.
Here's an example:
TechRepublic-Router(config)# no service prompt config
TechRepublic-Router#TechRepublic-Router# conf t
Enter configuration commands, one per line. End with CNTL/Z.
service prompt config
#6: service sequence-numbers
You can use the service sequence-numbers command to insert sequence numbers into log files. This can be important when log entries are coming really quickly. In fact, they can come so quickly that they appear at the same time. Here's an example of sequence numbers:
000377: *Mar 17 23:06:33.609: %SYS-5-CONFIG_I: Configured from console by console
(where the 000377 is the sequence number)
#7: service tcp-keepalives
You can use the service tcp-keepalives-in and the service tcp-keepalives-out commands to monitor TCP connections to and from the router. They can terminate connections if the router or switch doesn't receive a response from the remote device.
#8: service tcp-small-servers
The Cisco IOS disables the service tcp-small-servers command by default. Enabling this command turns on the following services on the router: Echo, Discard, Chargen, and Daytime.
I don't recommend enabling this service because it could be a security concern. If you see any routers that have this command enabled, I suggest disabling it unless there's a purpose for these services.
#9: service timestamps
You can use the service timestamps command to create timestamps on the router's log files. Since version 11.3, the Cisco IOS has enabled certain timestamps by default, so most of us have this on. However, there are additional timestamps options that you can enable as well as places where timestamps are probably off by default.
Here's an example of turning on all timestamp options for logging and debugging:
service timestamps log datetime localtime msec show-timezone year
service timestamps debugging datetime localtime msec show-timezone year
#10: service password-recovery
The service password-recovery command enables the password recovery capability. This lets you recover the enable-mode password if you lose it by changing the config-register.
The no service password-recovery command can be dangerous. If you use this command, there's no way to recover the enable-mode password if you lose it.
The service command offers plenty of options, but these are the 10 I think are the most important — do you agree? What do you use the service command for?
David Davis has worked in the IT industry for 12 years and holds several certifications, including CCIE, MCSE+I, CISSP, CCNA, CCDA, and CCNP. He currently manages a group of systems/network administrators for a privately owned retail company and performs networking/systems consulting on a part-time basis.
Want to learn more about router and switch management? Automatically sign up for our free Cisco Routers and Switches newsletter, delivered each Friday!