From: ccie2be (ccie2be@nyc.rr.com)
Date: Sat Jun 18 2005 - 11:47:11 GMT-3
Hi Simon,
After playing around with these commands for a bit, I discovered a couple
interest points which could be important to keep in mind during the lab.
The session commands (there are 3 of them) can be entered under the line
console 0.
AFIAk, there's reason for this. Session commands relate to telnet and one
doesn't telnet into the console port. So, this could be confusing to
someone who wasn't aware of the precise functionality of these commands. So,
even though IOS allows these commands to be entered under the line con 0,
DON'T.
One other minor point might be worth mentioning.
Let's say the task is worded something like this:
All idle telnet sessions will be terminated after 10 minutes.
Configure your router so that users are given a warning 8 minutes after they
telnet in that they will be disconnected.
If you configure session-disconnect-warning 480 ( 8 x 60 = 480),
you'd lose points because this command tracks remaining time, not elapsed
time. As I said, it's a minor point but based on wording, could easily
cause a mistake.
So, thanks again. Your posts are very helpful.
Tim
-----Original Message-----
From: simon hart [mailto:simon.hart@btinternet.com]
Sent: Friday, June 17, 2005 6:17 PM
To: ccie2be; 'Group Study'
Subject: RE: session-timeout vs absolute-timeout
Tim,
As always, there is a difference, sometimes subtle sometimes not.
session-timeout 15
Will timeout your telnet connection after 15 minutes of inactivity. You will
have to telnet back into the router
exec-timeout 15 0
Will timeout your exec level after 15 minutes of inactivity. You will have
to enter enable to get back to exec mode
Simon
-----Original Message-----
From: ccie2be [mailto:ccie2be@nyc.rr.com]
Sent: 17 June 2005 23:03
To: 'simon hart'; 'Group Study'
Subject: RE: session-timeout vs absolute-timeout
Simon,
Thanks.
Now, it sounds like session-timeout is a lot like exec-timeout - they're
both inactivity timers, right?
So, is there a diff between:
session-timeout 15
and
exec-timeout 15 0
Thanks again.
Tim
-----Original Message-----
From: nobody@groupstudy.com [mailto:nobody@groupstudy.com] On Behalf Of
simon hart
Sent: Friday, June 17, 2005 5:08 PM
To: ccie2be; Group Study
Subject: RE: session-timeout vs absolute-timeout
Hi Tim,
No they are not the same and are functionally different. I shall try and
explain:
absolute-timeout 15
In the situation, anyone who has telneted in will only be allowed on for 15
minutes, and now the important part - irrespective of activity. That means
the time is absolute - you got 15 minutes and thats all!!!
session-timeout 15
This is really an inactivity timer - so I telnet into a router, then go get
a beer watch the football, comeback and find that my session has timed out
because I have been inactive for 15 minutes. (incidentally default is zero
which means it will never time-out, so best to leave it to that if you
intent on watching the footie and drinking beer :) )
HTH
Simon
-----Original Message-----
From: nobody@groupstudy.com [mailto:nobody@groupstudy.com]On Behalf Of
ccie2be
Sent: 17 June 2005 20:59
To: Group Study
Subject: session-timeout vs absolute-timeout
Hi guys,
What's the difference between these 2 config's:
line vty 0 4
session-timeout 15
exec-timeout 5 0
session-disconnect-warning 60
login local
line vty 0 4
absolute-timeout 15
exec-timeout 5 0
logout-warning 60
login local
If, in this scenario, these 2 config's are functional equivalent, can
someone explain when and why I would use the first config?
TIA, Tim
This archive was generated by hypermail 2.1.4 : Wed Jul 06 2005 - 14:43:41 GMT-3