Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1757
Views
5
Helpful
4
Replies

ASA 5505 how to refresh user|connections when I disconnect a device after it reaches user limit

of1980
Level 1
Level 1

‎01-18-2017 11:58 AM - edited ‎03-12-2019 01:48 AM

I have a problem that when users or connections reach the user license limit, I disconnect one device to let another device connect to Internet. How can I make sure it works. Sometimes it's hard for a new device to connect successfully, or wait for so long time. Is there command to refresh the user or connection to release the occupancy of user?

Thanks a lot.

Labels:
0 Helpful
4 Replies 4

Rahul Govindan
VIP Alumni
VIP Alumni

‎01-18-2017 12:19 PM

You can use the "show local-host" to see the current hosts and host-limit. You can use the "clear local-host x.x.x.x" to clear a specific host from talking up a license. This clears connections and xlates that the host holds. More on that command here:

http://www.cisco.com/c/en/us/td/docs/security/asa/asa-command-reference/A-H/cmdref1/c3.html#pgfId-2249465

0 Helpful

of1980
Level 1
Level 1
In response to Rahul Govindan

‎01-18-2017 02:01 PM

Thank you for your help.

"show local-host" give out too much details of connections.

While "show local-host connection | inc licensed" give only the count of host.

Current host count: 10, towards licensed host limit of: 10

I wonder if some commands can test  whether the inside ip is on line after I unplug Ethernet cable or shut down a device to release connection.

Or, the command can filter inside ip and clear the connection of it.

0 Helpful

Rahul Govindan
VIP Alumni
VIP Alumni
In response to of1980

‎01-18-2017 05:02 PM

You can use "show local-host brief" just to see brief information per host. A host is not going to go away from host table once unplugged from the network. The connections that the ASA has for that host should timeout or be cleared manually. A "clear local-host x.x.x.x" should clear all that for a particular host.

TCAM
Level 1
Level 1
In response to Rahul Govindan

‎03-31-2017 07:33 AM

Hi Rauhul,

Is there a way to change the "local-host " timeout timer? 

Some of my VPN clients disconnected from network but the local-host connection is still showing up and stayed in the table for around 3 minutes then ASA removed it from the table.  I want to speed up the removal process, is there a way to do that?

Thanks

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card