Solved: what is the use of this command?

c82_patel · ‎02-20-2008

what is the use of this command?

no service pad

service tcp-keepalives-in

service tcp-keepalives-out

logging buffered 51200 warnings

logging console critical

Danilo Dy · ‎02-20-2008

Hi,

SERVICE PAD

The packet assembler/disassembler (PAD) service supports X.25 links. This service is on by default, but it is not needed unless your router is using X.25. Disable it from global configuration mode as shown below.

TCP-KEEPALIVES-IN and TCP-KEEPALIVES-OUT

if you are going to permit remote administration via Telnet, enable TCP keepalive services. These services will cause the router to generate periodic TCP keepalive messages, thus allowing it to detect and drop orphaned (broken) TCP connections to/from remote systems. Using this service does not remove the need for setting an exec-timeout time as recommended above.

LOGGING BUFFERED 51200 WARNINGS

To turn ON buffered logging for warning messages. Rule of thumb, you should set it to 16K if your router has 16MB RAM. If you set it higher (i.e. 50K), make sure your router has more than 16MB RAM or at least 64MB RAM

LOGGING CONSOLE CRITICAL

To turn ON console logging for critical messages.

for more on securing cisco IOS/Router, check this link http://www.nsa.gov/snac/

Regards,

Dandy

View solution in original post

Danilo Dy · ‎02-20-2008

Hi,

SERVICE PAD

The packet assembler/disassembler (PAD) service supports X.25 links. This service is on by default, but it is not needed unless your router is using X.25. Disable it from global configuration mode as shown below.

TCP-KEEPALIVES-IN and TCP-KEEPALIVES-OUT

if you are going to permit remote administration via Telnet, enable TCP keepalive services. These services will cause the router to generate periodic TCP keepalive messages, thus allowing it to detect and drop orphaned (broken) TCP connections to/from remote systems. Using this service does not remove the need for setting an exec-timeout time as recommended above.

LOGGING BUFFERED 51200 WARNINGS

To turn ON buffered logging for warning messages. Rule of thumb, you should set it to 16K if your router has 16MB RAM. If you set it higher (i.e. 50K), make sure your router has more than 16MB RAM or at least 64MB RAM

LOGGING CONSOLE CRITICAL

To turn ON console logging for critical messages.

for more on securing cisco IOS/Router, check this link http://www.nsa.gov/snac/

Regards,

Dandy

smothuku · ‎02-20-2008

Hi Patel ,

service pad

To enable all packet assembler/disassembler (PAD) commands and connections between PAD devices and access servers, use the service pad command in global configuration mode. To disable this service, use the no form of this command.

service pad [cmns] [from-xot] [to-xot]

no service pad [cmns] [from-xot] [to-xot]

service tcp-keepalives-in

To generate keepalive packets on idle incoming network connections (initiated by the remote host), use the service tcp-keepalives-in command in global configuration mode. To disable the keepalives, use the no form of this command.

service tcp-keepalives-in

no service tcp-keepalives-in

service tcp-keepalives-out

To generate keepalive packets on idle outgoing network connections (initiated by a user), use the service tcp-keepalives-out command in global configuration mode. To disable the keepalives, use the no form of this command.

service tcp-keepalives-out

no service tcp-keepalives-out

logging buffered

To enable system message logging to a local buffer, use the logging buffered command in global configuration mode. To cancel the use of the buffer, use the no form of this command. To return the buffer size to its default value, use the default form of this command.

logging buffered [buffer-size | severity-level | discriminator discr-name [severity-level]]

no logging buffered

default logging buffered

logging console

To send system logging (syslog) messages to all available TTY lines and limit messages based on severity, use the logging console command in global configuration mode. To disable logging to the console terminal, use the no form of this command.

logging console [severity-level | discriminator discr-name [severity-level]]

no logging console

Syntax Description

severity-level

(Optional) The number or name of the desired severity level at which messages should be logged. Messages at or numerically lower than the specified level are logged. Severity levels are as follows (enter the number or the keyword):

[0 | emergencies]-System is unusable

[1 | alerts]-Immediate action needed

[2 | critical]-Critical conditions

[3 | errors]-Error conditions

[4 | warnings]-Warning conditions

[5 | notifications]-Normal but significant conditions

[6 | informational]-Informational messages

[7 | debugging]-Debugging messages

Level 7 is the default.

discriminator

(Optional) Specifies a user-defined filter, via the logging discriminator, for syslog messages.

discr-name

(Optional) String of a maximum of 8 alphanumeric, case-sensitive characters. Blank spaces between characters are not allowed.

Hope it helps you.

Cheers :)MSK

Joseph W. Doherty · ‎02-21-2008

The other posters have explained the meanings, but I recall reading logging to the console can impact performance. If true, I would think only logging critical messages would reduce the impact.

c82_patel · ‎02-21-2008

If I disable the service tcp-keepalives-in/Out then.

Danilo Dy · ‎02-21-2008

Yes, you should disable serice pad. Unless you are using X25.