Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
3912
Views
0
Helpful
3
Replies

Practical use case of session-timeout on VTY or Console lines

Saint
Level 1
Level 1

‎09-15-2021 01:47 AM

Is anyone able share a practical use case and example outputs of 'session-timeout', actually working, on VTY or Console lines?

 

In my testing on a router using Cisco IOS 15.x, where both 'exec-timeout' and 'session-timeout' are configured on line VTY 0 4, SSH connections (inbound or outbound) to and from VTY lines do not appear to use the 'session-timeout' configured values to close idle connections once they have exceeded the configured timer, however they do use the 'exec-timeout' configured values to close idle connections.

 

It is unclear what useful practical function the command 'session-timeout' command performs when the 'exec-timeout' command is already configured on a terminal line.

 

Is anyone able share a practical use case and perhaps some example outputs of 'session-timeout', actually working, on VTY or Console lines, so it is easier to understand what this command acually does?

 

Please, no theoretical guesses, links to other posts, or command line reference links everyone, unless they show a tested 'practical' working example or use case. This post is seekinkg to understand the answer to a simple question for which it seems to be impossible to find an answer to.

1 person had this problem
Labels:
0 Helpful
3 Replies 3

balaji.bandi
Hall of Fame
Hall of Fame

‎09-15-2021 02:17 AM

 

session-timeout vs exec-timeout

 

session-timeout: This command sets the interval that the Cisco IOS software waits for traffic before closing the connection to a remote computer and returning the terminal to an idle state. The default interval is zero, indicating the device maintains the connection indefinitely.

 

exec-timeout: To configure the length of time that an inactive Telnet or SSH session remains open, use the exec-timeout global configuration command.

 

In short, "session-timeout" is for sessions originated out from this VTY, while "exec-timeout" is for EXEC sessions started when someone logs into this VTY.

 

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

0 Helpful

Saint
Level 1
Level 1
In response to balaji.bandi

‎09-15-2021 02:35 AM - edited ‎09-15-2021 02:54 AM

Thank you for your reply.

 

With regards to your comment: 'In short, "session-timeout" is for sessions originated out from this VTY, while "exec-timeout" is for EXEC sessions started when someone logs into this VTY.'

 

Unfortunately I have tested this and found it not to be the case when using an example configuration of, 'session-timeout 2' on line VTY 0 4. If you can provide evidence or outputs to prove otherwise, I would be grateful.

 

I did previously find one IOS XE command reference, which states 'If the output keyword is not specified, the session timeout interval is based solely on detected input from the user. If the keyword is specified, the interval is based on input and output traffic.'

This could be the reason my testing on IOS, without specifying the optional 'output' keyword at the end of the 'session-timeout' command, means outbound SSH or Telnet connections from the configured device will not use the configured 'session-timeout' timeout values, however further testing/evidence is required to prove this.

0 Helpful

MHM Cisco World
VIP
VIP

‎09-16-2021 05:14 AM

follow

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents