Re: limiting the inactivity period under vty lines

From: Godswill Oletu (oletu@inbox.lv)
Date: Mon Sep 12 2005 - 12:31:52 GMT-3

• Next message: Ali.Huang: "Re: redistribution between eigrp and ospf"
• Previous message: Jens Petter Eikeland: "SV: redistribution between eigrp and ospf"
• Maybe in reply to: Mohammed El-Komy \(moelkomy\): "limiting the inactivity period under vty lines"
• Next in thread: Venkataramanaiah.R: "Re: limiting the inactivity period under vty lines"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Mohammed,

If you had taken Brian Dennis' advice and lab this yourself, you would have
resolved this problem yourself and learn from the experience long ago.

This is the difference:

#line vty 0 4
#exec-timeout 1 0
#session-timeout 1

The 'exec-timeout 1 0' command, tells the router that any telnet into it
should be terminated after 1 minute of idle time.

The 'session-timeout 1' command tells the router that, if the individual
that telnet into it, then initiate a session (eg telnet) to another router,
that session will be terminated after 1 minute of idle time.

The local router (or this router) take all your connections to it as exec
connections and all connections from it to another device (router, switch,
etc) as a session. So, you can see that one of the command deals with the
local router and the other with the remote router.

Venkataramanaiah, did you actually lab what you said in your last post or
that was what your understanding of it was? ie did you lab 'session-timeout
1' on the local router and you were logout after 1 minute of inactivity?
Please post your config & results, the session timeout command do not affect
the local router in any way. Remember that, the default exec-timeout is 10
minutes and you will be knocked out in minutes 10 of idle time even if
'exec-timeout' is not configured. To determine if it was your
'session-timeout 1' command and not the default exec-timeout that log you
out, go ahead and also configure:

#session-disconnect-warning <time in seconds> message <insert your
disconnect message here>

If your are disconnected without the a warning with the text you inserted
above, then sometime else other than the 'session-timeout 1' command
initiated the disconnection.

Note:
exec commands including 'exec-timeout' configured on the the remote router's
vty lines will also affect your sessions from the local router, if this is
the case, there are two things that will initiate your disconnection from
the remote router...

1. session-timeout <from the originating router>
2. exec-timeout <from the local router>

HTH
Godswill Oletu

----- Original Message -----
From: "Venkataramanaiah.R" <vramanaiah@gmail.com>
To: "Mohammed El-Komy (moelkomy)" <moelkomy@cisco.com>
Cc: "Aly, Yasser" <Yasser.Aly@getronics.com>; "Brian Dennis"
<bdennis@internetworkexpert.com>; <ccielab@groupstudy.com>
Sent: Monday, September 12, 2005 3:24 AM
Subject: Re: limiting the inactivity period under vty lines

> Yes, in fact, i set the session-timeout for 1 minutes, i keep working on
> the
> console, the session does not timeout. The moment stop hitting the keys,
> the
> clock starts and I am thrown out of the session in one minute of
> inactivity.
>
> Interestingly, i came across this documentation which says " The
> *exec-timeout
> *line configuration command can be used to close and clean up an idle
> menu;
> the *session-timeout* command can be used to clean up a menu with an open
> connection." See
> http://www.cisco.com/univercd/cc/td/doc/product/software/ios122/122cgcr/ffun_
> c/ffcprt1/fcf004.htm#1001601
>
>
> I have not fully understand what this means though... See if you guys
> could
> make something out of it.
>
> -Venkat
>
> On 9/12/05, Mohammed El-Komy (moelkomy) <moelkomy@cisco.com> wrote:
>>
>> Hi Yasser,
>>
>> The explanation of the "session-timeout" in the Doc-CD is different from
>> what you're saying
>>
>> Router(config-line)# session-timeout minutes [output]
>>
>> Sets the idle session timeout interval.
>>
>>
>>
>> Router(config-line)# absolute-timeout minutes
>>
>> Sets the absolute timeout interval
>>
>> Regards,
>>
>> -------------------------------------------------------------------
>>
>>
>>
>> Mohamed ElKomy
>>
>> Cisco Systems, Systems Engineer
>>
>>
>>
>> Office: +2024885300
>>
>> GSM: +20121022297
>>
>> FAX: +2024885400
>>
>> moelkomy@cisco.com
>>
>>
>> -----Original Message-----
>> From: Aly, Yasser [mailto:Yasser.Aly@getronics.com]
>> Sent: Monday, September 12, 2005 9:21 AM
>> To: Mohammed El-Komy (moelkomy); Brian Dennis; ccielab@groupstudy.com
>> Subject: RE: limiting the inactivity period under vty lines
>>
>> Hi Mohammed,
>>
>> Actually both command are not the same and have different effects.
>>
>> "Session-timeout 5" command is an absolute value regardless of whether
>> your session is active or not. That's to say, session will disconnect
>> after 5 minutes even if it is still active.
>>
>> "Exec-timeout 5" on the other hand means disconnect the session if 5
>> minutes of inactivity passed, so your session can last more than 5
>> minutes as long as you do not exceed 5 minutes of inactivity.
>>
>> Based on the wording of the question you can tell which one is the
>> correct answer.
>>
>> Regards,
>> Yasser
>>
>> -----Original Message-----
>> From: nobody@groupstudy.com [mailto:nobody@groupstudy.com] On Behalf Of
>> Mohammed El-Komy (moelkomy)
>> Sent: Sunday, September 11, 2005 11:35 PM
>> To: Brian Dennis; ccielab@groupstudy.com
>> Subject: RE: limiting the inactivity period under vty lines
>>
>> Brian,
>>
>> I've already tried those commands before; I'm not asking for the sake of
>> real life cause I know their effects....I'm asking for lab purpose to
>> get the more accurate answer based on the wording of the question.
>>
>> But if both of them fulfill the task wording, that would be fine cause
>> sometimes I feel that more than one command can do the task but the task
>> wording carries a hidden meaning to make you fulfill it with a certain
>> command.
>>
>> Regards,
>> -------------------------------------------------------------------
>>
>>
>>
>> Mohamed ElKomy
>>
>> Cisco Systems, Systems Engineer
>>
>>
>>
>> Office: +2024885300
>>
>> GSM: +20121022297
>>
>> FAX: +2024885400
>>
>> moelkomy@cisco.com
>>
>> -----Original Message-----
>> From: nobody@groupstudy.com [mailto:nobody@groupstudy.com] On Behalf Of
>> Brian Dennis
>> Sent: Sunday, September 11, 2005 11:22 PM
>> To: Mohammed El-Komy (moelkomy); ccielab@groupstudy.com
>> Subject: RE: limiting the inactivity period under vty lines
>>
>> Mohamed,
>> Don't take this the wrong way but you'll learn far more by just
>> doing tasks like this over relying on someone's answer. You just need
>> one router and about 10 minutes to lab both of these up.
>>
>> HTH,
>>
>> Brian Dennis, CCIE #2210 (R&S/ISP-Dial/Security)
>> bdennis@internetworkexpert.com
>>
>> Internetwork Expert, Inc.
>> http://www.InternetworkExpert.com
>> Toll Free: 877-224-8987
>> Direct: 775-745-6404 (Outside the US and Canada)
>>
>>
>> -----Original Message-----
>> From: nobody@groupstudy.com [mailto:nobody@groupstudy.com] On Behalf Of
>> Mohammed El-Komy (moelkomy)
>> Sent: Sunday, September 11, 2005 12:47 PM
>> To: ccielab@groupstudy.com
>> Subject: limiting the inactivity period under vty lines
>>
>> Guys,
>>
>>
>>
>> 1- If I need for example to limit the telnet user to be disconnected
>> after 5 minutes of inactivity, shall I use
>>
>>
>>
>> Line vty 0 4
>>
>> Exec-timeout 5
>>
>>
>>
>> or
>>
>>
>>
>> Line vty 0 4
>>
>> Session-timeout 5
>>
>>
>>
>> Is there a difference or do both of them fulfill the task?
>>
>>
>>
>>
>>
>> 2- If I need a banner message to be displayed to telnet users that says
>> "Access to Network is prohibited", shall I use
>>
>>
>>
>> Banner login "...."
>>
>>
>>
>> Or
>>
>>
>>
>> Banner motd "...."
>>
>>
>>
>> Which of them is more accurate in such a case?
>>
>>
>>
>> Regards,
>>
>> -------------------------------------------------------------------
>>
>>
>>
>> Mohamed ElKomy
>>
>> Cisco Systems, Systems Engineer
>>
>>
>>
>> Office: +2024885300
>>
>> GSM: +20121022297
>>
>> FAX: +2024885400
>>
>> moelkomy@cisco.com
>>
>> _______________________________________________________________________
>> Subscription information may be found at:
>> http://www.groupstudy.com/list/CCIELab.html
>>
>> _______________________________________________________________________
>> Subscription information may be found at:
>> http://www.groupstudy.com/list/CCIELab.html
>>
>> _______________________________________________________________________
>> Subscription information may be found at:
>> http://www.groupstudy.com/list/CCIELab.html
>>
>> _______________________________________________________________________
>> Subscription information may be found at:
>> http://www.groupstudy.com/list/CCIELab.html
>
> _______________________________________________________________________
> Subscription information may be found at:
> http://www.groupstudy.com/list/CCIELab.html

• Next message: Ali.Huang: "Re: redistribution between eigrp and ospf"
• Previous message: Jens Petter Eikeland: "SV: redistribution between eigrp and ospf"
• Maybe in reply to: Mohammed El-Komy \(moelkomy\): "limiting the inactivity period under vty lines"
• Next in thread: Venkataramanaiah.R: "Re: limiting the inactivity period under vty lines"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.4 : Sun Oct 02 2005 - 14:40:14 GMT-3