Bambang F. Indarto

The Journey… The Shares

Posts Tagged ‘command’

Service Command in Cisco Routers

Posted by bfindarto on June 1, 2008

The service command is the beginning of 24 other subcommands. Some of these commands are relatively unimportant, but others are so important that you probably know them by heart. However, as you know, many commands seem unimportant — until you need them. You may list all the service subcommands by typing service ? at configuration mode.

From all 24 service subcommandshere the list of some most important commands you should know.

1. service dhcp
You can use the service dhcp command to enable or disable the Cisco IOS DHCP server and relay agent. The Cisco IOS enables this command by default.

However, if you’re turning on DHCP or it isn’t functioning, you should check the status of the service dhcp command. (You can disable the server using the no service dhcp command.)

2. service linenumber
This command notifies the user of the router’s or switch’s async line number used at login. This can come in handy if you’re having problems with your VTY line — it reminds you what line you’re on. It even works on the console. Here’s an example:

myRoutercon0 is now available
Press RETURN to get started.

myRouter line 0

myRouter>

3. service password-encryption
This command should be one you’ve already enabled. While disabled by default, the service password-encryption command is one that I recommend everyone turn on.

This command encrypts the Cisco IOS passwords stored in the router’s NVRAM configuration files. This helps prevent anyone from browsing the passwords if the configuration finds its ways to something like a TFTP server.

4. service nagle
Nagle is a congestion control algorithm used to reduce the transmission of small packets. It’s a bandwidth-saving feature for keystroke-based applications (such as Telnet). While the Cisco IOS turns off Nagle by default, you can enable it with the service nagle command.

5. service prompt config
The service prompt config command displays the configuration prompt.

If you enter no service prompt config, you’ll get no prompt when going into Global Configuration Mode. In other words, you can still type, but you don’t get any kind of prompt. This would really throw off someone who wasn’t familiar with this command.

Here’s an example:

myRouter(config)# no service prompt config

^Z
myRouter#
myRouter# conf t
Enter configuration commands, one per line.  End with CNTL/Z.

service prompt config
myRouter(config)#

6. service sequence-numbers
You can use the service sequence-numbers command to insert sequence numbers into log files. This can be important when log entries are coming really quickly. In fact, they can come so quickly that they appear at the same time. Here’s an example of sequence numbers:

000377: *Mar 17 23:06:33.609: %SYS-5-CONFIG_I: Configured from console by console

(where the 000377 is the sequence number)

7. service tcp-keepalives
You can use the service tcp-keepalives-in and the service tcp-keepalives-out commands to monitor TCP connections to and from the router. They can terminate connections if the router or switch doesn’t receive a response from the remote device.

8. service tcp-small-servers
The Cisco IOS disables the service tcp-small-servers command by default. Enabling this command turns on the following services on the router: Echo, Discard, Chargen, and Daytime.

I don’t recommend enabling this service because it could be a security concern. If you see any routers that have this command enabled, I suggest disabling it unless there’s a purpose for these services.

9. service timestamps
You can use the service timestamps command to create timestamps on the router’s log files. Since version 11.3, the Cisco IOS has enabled certain timestamps by default, so most of us have this on. However, there are additional timestamps options that you can enable as well as places where timestamps are probably off by default.

Here’s an example of turning on all timestamp options for logging and debugging:

service timestamps log datetime localtime msec show-timezone year
service timestamps debugging datetime localtime msec show-timezone year

10. service password-recovery
The service password-recovery command enables the password recovery capability. This lets you recover the enable-mode password if you lose it by changing the config-register.

The no service password-recovery command can be dangerous. If you use this command, there’s no way to recover the enable-mode password if you lose it.

Posted in Cisco Networking | Tagged: , , , | Leave a Comment »

Most Useful “Show” Commands in Cisco Router

Posted by bfindarto on March 12, 2008

Show command in cisco routers is the most important and useful tools to see (mostly) recent router’s configuration. Here are about ten show commands that widely used…

  1. show version
    This command shows detailed information about the IOS. It shows the file name of the IOS along with the version of the IOS and value of the configuration register. The configuration register is a set of bits that controls the boot sequence of the router. This command is the only command used to show this register’s value.
  2. show running-config
    This command is your true best friend. It shows the complete configuration that is running currently. Using it you can troubleshoot almost all issues regarding routing, filtering, secure access, and many other issues. Using it before you start configuring the router would give you a clear idea of what services and protocols are operating by default and which are turned off by default.
  3. show startup-config
    This command shows the configuration that is saved on the NVRAM. It is helpful in knowing the configuration that will be applied the next time the routers is reloaded. And also this command is useful in knowing the configuration that was loaded at the start-up of the router before making changes to it.
  4. show ip interface <brief>
    This command displays information about IP protocol and the interface, and if you type “brief”, means show the information briefly. You might be wondering why would you need this command. I will answer that. This command shows which access-lists are applied at the interfaces and in which direction. This kind of information is not shown by the ‘show access-list’ command. However, you can find out which access-list is applied where using ‘show run’.
  5. show interfaces
    This command shows status and statistics regarding interfaces. This command is almost always needed in troubleshooting routing and link issues. Things that are shown using this command include, interface IP address and subnet mask, interface status, encapsulation type, bandwidth, and many other important indicator about the interface operation.
  6. show ip route
    This command shows the routing table. This table helps you in finding out the next hop for each and every routable packet. It is the first indicator to point a problem in routing.
  7. show ip protocols
    This command shows the routing protocols used in the router and what networks are these protocols advertising. It also shows the sources of routing updates received at this router. It is very useful in routing issues troubleshooting.
  8. show access-list
    This command shows the contents of each access-list. It is very useful in troubleshooting filtering issues. Note that this command does not show you where each access-list is applied. 
  9. show cdp neighbor detail
    This command displays detailed information about the neighboring devices like IP addresses, platforms, and host names. This command can be useful in troubleshooting connectivity issues, and also can be used in finding out how devices are connected to each other when you have no clear drawn network map. 
  10. show flash or show slot0
    This command is used to view the contents of the flash and the size of the IOS file(s) and the size of the flash and how much of it is free. It is necessary in upgrading or installing the IOS file.

Posted in Cisco Networking | Tagged: , , , , , , , | Leave a Comment »