Practical use case of session-timeout on VTY or Console lines

Saint · ‎09-15-2021

Is anyone able share a practical use case and example outputs of 'session-timeout', actually working, on VTY or Console lines?

In my testing on a router using Cisco IOS 15.x, where both 'exec-timeout' and 'session-timeout' are configured on line VTY 0 4, SSH connections (inbound or outbound) to and from VTY lines do not appear to use the 'session-timeout' configured values to close idle connections once they have exceeded the configured timer, however they do use the 'exec-timeout' configured values to close idle connections.

It is unclear what useful practical function the command 'session-timeout' command performs when the 'exec-timeout' command is already configured on a terminal line.

Is anyone able share a practical use case and perhaps some example outputs of 'session-timeout', actually working, on VTY or Console lines, so it is easier to understand what this command acually does?

Please, no theoretical guesses, links to other posts, or command line reference links everyone, unless they show a tested 'practical' working example or use case. This post is seekinkg to understand the answer to a simple question for which it seems to be impossible to find an answer to.

balaji.bandi · ‎09-15-2021

session-timeout vs exec-timeout

session-timeout: This command sets the interval that the Cisco IOS software waits for traffic before closing the connection to a remote computer and returning the terminal to an idle state. The default interval is zero, indicating the device maintains the connection indefinitely.

exec-timeout: To configure the length of time that an inactive Telnet or SSH session remains open, use the exec-timeout global configuration command.

In short, "session-timeout" is for sessions originated out from this VTY, while "exec-timeout" is for EXEC sessions started when someone logs into this VTY.

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

Saint · ‎09-15-2021

Thank you for your reply.

With regards to your comment: 'In short, "session-timeout" is for sessions originated out from this VTY, while "exec-timeout" is for EXEC sessions started when someone logs into this VTY.'

Unfortunately I have tested this and found it not to be the case when using an example configuration of, 'session-timeout 2' on line VTY 0 4. If you can provide evidence or outputs to prove otherwise, I would be grateful.

I did previously find one IOS XE command reference, which states 'If the output keyword is not specified, the session timeout interval is based solely on detected input from the user. If the keyword is specified, the interval is based on input and output traffic.'

This could be the reason my testing on IOS, without specifying the optional 'output' keyword at the end of the 'session-timeout' command, means outbound SSH or Telnet connections from the configured device will not use the configured 'session-timeout' timeout values, however further testing/evidence is required to prove this.

Mk12Mod1 · ‎02-11-2025

I've tested both virtual and physical devices with the session-timeout command, with and without the output modifier and it didn't work. Could you let me know if you were able to get this to work?

MHM Cisco World · ‎09-16-2021

follow

Saint · ‎02-11-2025

No, I never did unfortunately, but it sounds like your testing has proven this doesn't work.

Did you try testing without the 'exec-timeout' global configuration command set. Might be worth doing.

Mk12Mod1 · ‎02-11-2025

Just tried that and monitored the TCP TCB uptime as well as idle times on "show users" both went right past the configured session-timeout time.