service

Profile Config Commands

Service commands are used to view and manage configurations. The service commands and their corresponding parameters vary from mode to mode.

Supported on the following devices:

Syntax

service [captive-portal-server|cluster|critical-resource|fast-switching|enable| global-association-list|lldp|memory|meshpoint|pm|power-config|radius|remote-config|rss-timeout|watchdog|wireless|show]
service captive-portal-server connections-per-ip <3-64>
service cluster master-election immediate
service critical-resource port-mode-source-ip <IP>
service enable [l2tpv3|pppoe|radiusd]
service global-association-list blacklist-interval <1-65535>
service lldp loop-detection
service memory kernel decrease
service meshpoint loop-prevention-port [<L2-INTERFACE-NAME>|ge <1-5>|port-channel <1-2>|up1]
service pm sys-restart
service power-config [3af-out|force-3at]
service radius dynamic-authorization additional-port <1-65535>
service remote-config apply-delay <0-600>
service rss-timeout <0-86400>
service watchdog
service wireless [anqp-frag-always|anqp-frag-size|ap650|client|cred-cache-sync| inter-ap-key|noise-immunity|reconfig-on-tx-stall|test|wispe-controller-port]
service wireless anqp-frag-always
service wireless anqp-frag-size <100-1500>
service wireless ap650 legacy-auto-update-image <FILE>
service wireless client tx-deauth on-radar-detect
service wireless cred-cache-sync [full|interval <30-864000>|never|partial]
service wireless test [max-rate|max-retries|min-rate]
service wireless test [max-rate|min-rate] [1,2,5.5,6,11,12,18,24,36,48,54,mcs0, mcs1,............mcs23]
service wireless inter-ap-key [0 <WORD>|2 <WORD>|<WORD>]
service wireless noise-immunity
service wireless reconfig-on-rx-stall
service wireless test max-retries <0-15>
service wireless wispe-controller-port <1-65535>
service show cli

Parameters

service captive-portal-server connections-per-ip <3-64>
captive-portal-server connections-per-ip <3-64> Configures the maximum number of simultaneous captive portal connection allowed per IP address
  • <3-64> – Specify the maximum number of connections per IP address from 3 - 64. The default is 3.
    Note: This command is applicable only to the NX9XXX and NX9600 service platform profiles.
service cluster master-election immediate
cluster master-election immediate Initiates and completes cluster master election as soon as just one cluster member comes on and is active. This option is disabled by default.
service critical-resource port-mode-source-ip <IP>
critical-resource port-mode-source-ip <IP> Hard codes a source IP for critical resource management The default is 0.0.0.0

Use this option to define the IP address used as the source address in ARP packets used to detect a critical resource on a layer 2 interface. By default, the source address used in ARP packets to detect critical resources is 0.0.0.0. However, some devices do not support the above IP address and drop the ARP packets. Use this field to provide an IP address specifically used for this purpose. The IP address used for port-mode-source-ip monitoring must be different from the IP address configured on the device.

service enable [l2tpv3|pppoe|radiusd]
service enable l2tpv3 Enables L2TPv3 on this profile

The L2TPV3 enable/disable option is not supported on AP6522, AP6562, AP7161, AP8163, AP8432, AP8533, RFS4000, and NX95XX model devices.

service enable pppoe Enables PPPoE features. When executed on a device, enables PPPoE on the logged device. When executed on a profile, enables PPPoE on all devices using that profile.
service enable radiusd Enables RADIUSD features. When executed on a device, enables RADIUSD on the logged device. When executed on a profile, enables RADIUSD on all devices using that profile.
service global-association-list blacklist-interval <1-65535>
service global-association-list Configures global association list related parameters
blacklist-interval <1-65535> Configures the period for which a client is blacklisted. A client is considered blacklisted after being denied access by the server.
  • <1-65535> – Specify a value from 1 - 65535 seconds. The default is 60 seconds.
service lldp loop-detection
lldp loop-detection Enables network loop detection via LLDP. This option is disabled by default.
service memory kernel decrease
service memory kernel decrease Enables reduction in kernel memory usage. When enabled, firewall flows are reduced by 75% resulting in reduced kernel memory usage. A reboot is required for the option to take effect.

This option is disabled by default.

service meshpoint loop-prevention-port [<L2-INTERFACE-NAME>|ge <1-4>| port-channel <1-2>]
meshpoint loop-prevention-port Limits meshpoint loop prevention to a single port
<L2-INTERFACE-NAME> Limits meshpoint loop prevention on a specified Ethernet interface
  • <L2-INTERFACE-NAME> – Specify the layer 2 Ethernet interface name.
ge <1-4> Limits meshpoint loop prevention on a specified GigabitEthernet interface
  • ge <1-4> – Specify the GigabitEthernet interface index from 1 - 4.
port-channel <1-2> Limits meshpoint loop prevention on a specified port-channel interface
  • port-channel <1-2> – Specify the port-channel interface index from 1 - 2.
service pm sys-restart
pm sys-restart Enables the process monitor (PM) to restart the system when a process fails. This option is enabled by default.
service power-config [3af-out|force-3at]
power-config 3af-out Enables LLDP power negotiation, but uses 3af power. This option is disabled by default.
power-config force-3at Disables LLDP negotiation and forces 802.3at power configuration. This option is disabled by default.
service radius dynamic-authorization additional-port <1-65535>
radius dynamic-authorization additional-port <1-65535> Configures an additional UDP port used by the device to listen for dynamic authorization messages
  • <1-65535> – Specify a value from 1 - 65535. The default is 3799.

The Cisco Identity Services Engine (ISE) server uses port 1700.

service remote-config apply-delay <0-600>
remote-config apply-delay <0-600> Delays configuration of a remote device (after it becomes active) by the specified time period
  • <0-600> – Specify a value from 0 - 600 seconds. The default is 0 seconds.
service rss-timeout <0-86400>
rss-timeout <0-86400> Configures the duration, in seconds, for which an adopted access point will continue to provide wireless functions even after loosing controller adoption.
  • <0-86400> – Specify a value from 0 - 86400 seconds. The default is 300 seconds.
service watchdog
watchdog Enables the watchdog. This feature is enabled by default.

Enabling the watchdog option implements heartbeat messages to ensure other associated devices are up and running and capable of effectively inter-operating with the controller.

service wireless anqp-frag-always
wireless anqp-frag-always Enables fragmentation of all ANQP packets. This option is disabled by default.
service wireless anqp-frag-size <100-1500>
wireless anqp-frag-size <100-1500> Configures the ANQP packet fragment size
  • <100-1500> – Specify a value from 100 - 1500. The default is 1200.
service wireless client tx-deauth on-radar-detection
wireless client Configures wireless client and stations related settings
tx-deauth on-radar-detection Enables access points to transmit deauth to clients when changing channels on radar detection. This option is enabled by default.
service wireless cred-cache-sync [full|interval <30-864000>|never|partial]
wireless cred-cache-sync Configures the credential cache‘s synchronization parameters. The parameters are: full, interval, never, and partial.
full Enables synchronization of all credential cache entries
interval <30-864000> Sets the interval, in seconds, at which the credential cache is synchronized
  • <30-864000> – Specify a value from 30 - 864000 seconds. The default is 1200 seconds.
never Disables credential cache entry synchronization for all associated clients other than roaming clients. This is the default setting.
partial Enables partial synchronization of parameters for associated clients, with credential cache close to aging out
service wireless inter-ap-key [0 <WORD>|2 <WORD>|<WORD>]
wireless inter-ap-key Configure encryption key used for securing inter-ap messages. This option is disabled by default.
[0<WORD>| 2<WORD>|<WORD>] Specify a clear text or encrypted key.
service wireless noise-immunity
wireless noise-immunity Polls for status and reconfigures radio in case of receive stall. This option is enabled by default.
service wireless reconfig-on-rx-stall
wireless reconfig-on-rx-stall Enables noise immunity on the radio
service wireless test [max-rate|min-rate] [1,2,5.5,6,11,12,18,24,36,48, 54,mcs0,mcs1,............mcs23]
wireless test Configures the serviceability parameters used for testing
[max-rate|min-rate] Configures the maximum and minimum data rates for clients using rate-scaling. The ‘max-rate‘ and min-rate‘ options are disabled by default.
[1,2,5.5,....mcs23] Select the maximum and minimum data rates applicable.
service wireless test max-retries <0-15>
wireless test Configures the serviceability parameters used for testing
max-retries <0-15> Configures the maximum number of retries per packet from 0 - 15. The default is 0.
service wireless wispe-controller-port <1-65535>
wispe-controller-port <1-65535> Resets the WIreless Switch Protocol Enhanced (WISPe) controller port. This is the UDP port used to listen for WISPe.
  • <1-65535> – Specify a value from 1 - 65535. The default is 24756.
service show cli
show cli Displays running system configuration details
  • cli – Displays the CLI tree of the current mode

Example

nx9500-6C8809(config-profile-testRFS4000)#service radius dynamic-authorization additional-port 1700

nx9500-6C8809(config-profile-testRFS4000)#show context
profile rfs4000 testRFS4000
 service radius dynamic-authorization additional-port 1700
 no autoinstall configuration
 no autoinstall firmware
 crypto ikev1 policy ikev1-default
  isakmp-proposal default encryption aes-256 group 2 hash sha
 crypto ikev2 policy ikev2-default
  isakmp-proposal default encryption aes-256 group 2 hash sha
 crypto ipsec transform-set default esp-aes-256 esp-sha-hmac
 crypto ikev1 remote-vpn
 crypto ikev2 remote-vpn
--More--
nx9500-6C8809(config-profile-testRFS4000)#

Related Commands

no Removes or resets service command parameters