service
Profile Config Commands
Service commands are used to view and manage configurations. The service commands and their corresponding parameters vary from mode to mode.
Supported on the following devices:
- Access Points:
AP3000/X, AP5010, AP310i/e, AP410i/e, AP505i, AP510i, AP510e, AP560i, AP7602, AP7612, AP7622, AP7632,
AP7662, AP8163, AP8533.
- Service Platforms:
NX5500, NX7500, NX9500, NX9600
- Virtual Platforms: CX9000, VX9000
service [captive-portal-server|cluster|critical-resource|fast-switching|enable| global-association-list|lldp|memory|meshpoint|pm|power-config|radius|remote-config|rss-timeout|watchdog|wireless|show]
service captive-portal-server connections-per-ip <3-64>
service cluster master-election immediate
service critical-resource port-mode-source-ip <IP>
service enable [l2tpv3|pppoe|radiusd]
service global-association-list blacklist-interval <1-65535>
service lldp loop-detection
service memory kernel decrease
service meshpoint loop-prevention-port [<L2-INTERFACE-NAME>|ge <1-5>|port-channel <1-2>|up1]
service power-config [3af-out|force-3at]
service radius dynamic-authorization additional-port <1-65535>
service remote-config apply-delay <0-600>
service rss-timeout <0-86400>
service wireless [anqp-frag-always|anqp-frag-size|ap650|client|cred-cache-sync| inter-ap-key|noise-immunity|reconfig-on-tx-stall|test|wispe-controller-port]
service wireless anqp-frag-always
service wireless anqp-frag-size <100-1500>
service wireless ap650 legacy-auto-update-image <FILE>
service wireless client tx-deauth on-radar-detect
service wireless cred-cache-sync [full|interval <30-864000>|never|partial]
service wireless test [max-rate|max-retries|min-rate]
service wireless test [max-rate|min-rate] [1,2,5.5,6,11,12,18,24,36,48,54,mcs0, mcs1,............mcs23]
service wireless inter-ap-key [0 <WORD>|2 <WORD>|<WORD>]
service wireless noise-immunity
service wireless reconfig-on-rx-stall
service wireless test max-retries <0-15>
service wireless wispe-controller-port <1-65535>
Parameters
service captive-portal-server connections-per-ip <3-64>
captive-portal-server connections-per-ip
<3-64> |
Configures the maximum number of simultaneous captive portal connection allowed per IP address |
service cluster master-election immediate
cluster master-election immediate |
Initiates and completes cluster master election as soon as just one cluster member comes on and is active. This option is disabled by default. |
service critical-resource port-mode-source-ip <IP>
critical-resource port-mode-source-ip
<IP> |
Hard codes a source IP for critical resource management The default is 0.0.0.0 Use this option to define the IP address used as the source address in ARP packets used to detect a critical resource on a layer 2 interface. By default, the source address used in ARP packets to detect critical resources is 0.0.0.0. However, some devices do not support the above IP address and drop the ARP packets. Use this field to provide an IP address specifically used for this purpose. The IP address used for port-mode-source-ip monitoring must be different from the IP address configured on the device.
|
service enable [l2tpv3|pppoe|radiusd]
service enable l2tpv3 |
Enables L2TPv3 on this profile The L2TPV3 enable/disable option is not supported on AP6522, AP6562, AP7161, AP8163, AP8432, AP8533, RFS4000, and NX95XX model devices.
|
service enable pppoe |
Enables PPPoE features. When executed on a device, enables PPPoE on the logged device. When executed on a profile, enables PPPoE on all devices using that profile. |
service enable radiusd |
Enables RADIUSD features. When executed on a device, enables RADIUSD on the logged device. When executed on a profile, enables RADIUSD on all devices using that profile. |
service global-association-list blacklist-interval <1-65535>
service global-association-list |
Configures global association list related parameters |
blacklist-interval <1-65535> |
Configures the period for which a client is blacklisted. A client is considered blacklisted after being denied access by the server.
- <1-65535> – Specify a value from 1 - 65535 seconds. The default is 60 seconds.
|
service lldp loop-detection
lldp loop-detection |
Enables network loop detection via LLDP. This option is disabled by default. |
service memory kernel decrease
service memory kernel decrease |
Enables reduction in kernel memory usage. When enabled, firewall flows are reduced by 75% resulting in reduced kernel memory usage. A reboot is required for the option to take effect. This option is disabled by default.
|
service meshpoint loop-prevention-port [<L2-INTERFACE-NAME>|ge <1-4>| port-channel <1-2>]
meshpoint loop-prevention-port |
Limits meshpoint loop prevention to a single port |
<L2-INTERFACE-NAME> |
Limits meshpoint loop prevention on a specified Ethernet interface
- <L2-INTERFACE-NAME> – Specify the layer 2 Ethernet interface name.
|
ge <1-4> |
Limits meshpoint loop prevention on a specified GigabitEthernet interface
- ge <1-4> – Specify the GigabitEthernet interface index from 1 - 4.
|
port-channel <1-2> |
Limits meshpoint loop prevention on a specified port-channel interface
- port-channel <1-2> – Specify the port-channel interface index from 1 - 2.
|
service pm sys-restart
pm sys-restart |
Enables the process monitor (PM) to restart
the system when a process fails. This option is enabled
by default. |
service power-config [3af-out|force-3at]
power-config 3af-out |
Enables LLDP power negotiation, but uses 3af power. This option is disabled by default. |
power-config force-3at |
Disables LLDP negotiation and forces 802.3at power configuration. This option is disabled by default. |
service radius dynamic-authorization additional-port <1-65535>
radius dynamic-authorization
additional-port <1-65535> |
Configures an additional UDP port used by the device to listen for dynamic authorization messages
- <1-65535> – Specify a value from 1 - 65535. The default is 3799.
The Cisco Identity Services Engine (ISE) server uses port 1700.
|
service remote-config apply-delay <0-600>
remote-config apply-delay
<0-600> |
Delays configuration of a remote device
(after it becomes active) by the specified time
period
- <0-600> – Specify a value from 0 - 600
seconds. The default is 0 seconds.
|
service rss-timeout <0-86400>
rss-timeout <0-86400> |
Configures the duration, in seconds, for which an adopted access point will continue to provide wireless functions even after loosing controller adoption.
- <0-86400> – Specify a value from 0 - 86400 seconds. The default is 300 seconds.
|
service watchdog
watchdog |
Enables the watchdog. This feature is enabled by default. Enabling the watchdog option implements heartbeat messages to ensure other associated devices are up and running and capable of effectively inter-operating with the controller.
|
service wireless anqp-frag-always
wireless anqp-frag-always |
Enables fragmentation of all ANQP packets. This option is disabled by default. |
service wireless anqp-frag-size <100-1500>
wireless anqp-frag-size
<100-1500> |
Configures the ANQP packet fragment size
- <100-1500> – Specify a value from 100 - 1500. The default is 1200.
|
service wireless client tx-deauth on-radar-detection
wireless client |
Configures wireless client and stations related settings |
tx-deauth on-radar-detection |
Enables access points to transmit deauth to clients when changing channels on radar detection. This option is enabled by default. |
service wireless cred-cache-sync [full|interval <30-864000>|never|partial]
wireless cred-cache-sync |
Configures the credential cache‘s synchronization parameters. The parameters are: full, interval, never, and partial. |
full |
Enables synchronization of all credential cache entries |
interval <30-864000> |
Sets the interval, in seconds, at which the credential cache is synchronized
- <30-864000> – Specify a value from 30 - 864000 seconds. The default is 1200 seconds.
|
never |
Disables credential cache entry synchronization for all associated clients other than roaming clients. This is the default setting. |
partial |
Enables partial synchronization of parameters for associated clients, with credential cache close to aging out |
service wireless inter-ap-key [0 <WORD>|2 <WORD>|<WORD>]
wireless inter-ap-key |
Configure encryption key used for securing inter-ap messages. This option is disabled by default. |
[0<WORD>|
2<WORD>|<WORD>] |
Specify a clear text or encrypted key. |
service wireless noise-immunity
wireless noise-immunity |
Polls for status and reconfigures radio in case of receive stall. This option is enabled by default. |
service wireless reconfig-on-rx-stall
wireless reconfig-on-rx-stall |
Enables noise immunity on the radio |
service wireless test [max-rate|min-rate] [1,2,5.5,6,11,12,18,24,36,48, 54,mcs0,mcs1,............mcs23]
wireless test |
Configures the serviceability parameters used for testing |
[max-rate|min-rate] |
Configures the maximum and minimum data rates for clients using rate-scaling. The ‘max-rate‘ and min-rate‘ options are disabled by default. |
[1,2,5.5,....mcs23] |
Select the maximum and minimum data rates applicable. |
service wireless test max-retries <0-15>
wireless test |
Configures the serviceability parameters used for testing |
max-retries <0-15> |
Configures the maximum number of retries per packet from 0 - 15. The default is 0. |
service wireless wispe-controller-port <1-65535>
wispe-controller-port
<1-65535> |
Resets the WIreless Switch Protocol Enhanced (WISPe) controller port. This is the UDP port used to listen for WISPe.
- <1-65535> – Specify a value from 1 - 65535. The default is 24756.
|
service show cli
show cli |
Displays running system configuration details
- cli – Displays the CLI tree of the current mode
|
Example
nx9500-6C8809(config-profile-testRFS4000)#service radius dynamic-authorization additional-port 1700
nx9500-6C8809(config-profile-testRFS4000)#show context
profile rfs4000 testRFS4000
service radius dynamic-authorization additional-port 1700
no autoinstall configuration
no autoinstall firmware
crypto ikev1 policy ikev1-default
isakmp-proposal default encryption aes-256 group 2 hash sha
crypto ikev2 policy ikev2-default
isakmp-proposal default encryption aes-256 group 2 hash sha
crypto ipsec transform-set default esp-aes-256 esp-sha-hmac
crypto ikev1 remote-vpn
crypto ikev2 remote-vpn
--More--
nx9500-6C8809(config-profile-testRFS4000)#
Related Commands
no |
Removes or resets service command parameters |