Showing results for 
Search instead for 
Did you mean: 

Service TCP-Keepalives-IN/OUT

Level 1
Level 1


I need to know if Service TCP-Keepalives-IN and OUT has any production impact. I am planning to apply this feature for incoming and outgoing TCP connections on my edge routers in a production environment.

As these are the key routers and I am very much concern about the impact of executing these commands.




4 Replies 4

Michael Hubbard
Level 1
Level 1

Hello Zali,
There will not be any impact on production. These two commands are best practices and only come into play if you have a communications problem between your SSH/telnet client and the router. This Cisco document has a good example:

I hope this makes you feel comfortable deploying the commands!

Here are a couple others I use:
no service pad
no service finger
no ip source-route
no ip gratuitous-arps
no service dhcp (only on devices that don't offer DHCP relay or addresses)
no ip finger
no tcp-small-servers (IOS 11.2 and older)
no udp-small-servers (IOS 11.2 and older)

!logging timestamps helps you correlate events across network devices
service timestamps debug datetime msec localtime
service timestamps log datetime msec localtime
service sequence-numbers
service counters max age 5
service password-encryption
service linenumber
service counters max age 5

Here is a good Cisco tutorial on security. Ironically, it requires Flash to view!

Here is a Cisco webpage on hardening devices

Level 1
Level 1

Is it recommended to set this on layer 3 switches with ssh enabled also?

I believe that it is recommended on any layer 3 network device, especially ones with SSH or telnet in use.



Michael Hubbard
Level 1
Level 1

Hello jayage,

I thought I replied back on 9/11 but I don't see it online.

Yes, this setting is a Cisco best practice. It will not interrupt production.

I recently did a blog post on disabling weak crypto ciphers on Cisco switches. I recommend doing that also, especially you will have a PCI_DSS or other security audit on the switch.