Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
3536
Views
0
Helpful
2
Replies

Difference between exec-timeout and service tcp-keepalives commands

sukhwinderpal
Level 1
Level 1

‎01-06-2008 01:47 AM - edited ‎03-09-2019 07:47 PM

Hi,

With exec-timeout command we can set to disconnect idle sessions after the time specified in this command.By default the timeout is 10 minutes.

But when we use service tcp-keepalives in/out command,then the sessions hung sessions will get disconnected afetr 5 minutes of idle connections(i.e. every one minute keepalive will be sent to the remote host for 5 times).

My understanding is that first the router will wait for the exec-timeout to complete.If even after the exec-timeout the session is still showing established(in show users command in router) then keep alive will be sent to remote host every minute(5 times) and if there is no response the session will be disconnected.Please correct me if I am wrong.

And what exactly is the difference in tcp-keepalives in and out command.Is that keepalives in means if someone telnets the router from outside and keepalive out means router will telnet the remote host.

I am sorry if u get confused---

Actually I tried to find out from many places but the above doubts could not get cleared. Can you please help...

Labels:
0 Helpful
2 Replies 2

Danilo Dy
VIP Alumni
VIP Alumni

‎01-06-2008 06:16 AM

Hi,

If you configure VTY with "exec-timeout 10", this will cause the router to disconnect users after 10 minutes of NO activity (idle).

If "service tcp-keepalive-in" is configured, this will cause the router to generate keepalive messages periodically, it will detect and drop "broken" (not idle) inbound TELNET connection/s (TELNET to the router).

If "service tcp-keepalive-out" is configured, this will cause the router to generate keepalive messages periodically, it will detect and drop "broken" (not idle) outbound TELNET connection/s (TELNET from the router).

This is a good reference http://www.cisco.com/univercd/cc/td/doc/product/software/sdm/22ug/saudt.htm

Regards,

Dandy

0 Helpful

sukhwinderpal
Level 1
Level 1
In response to Danilo Dy

‎01-06-2008 08:35 PM

Thanks a lot for the quick response.Now I am bit clear about the difference.

I am still not clear about the following:-

If exec-timeout is set to 10 minutes and tcp keep alive is set to 5 minutes(i.e. sending keepalives every minute 5 times),then whether the idle network connection will get timed out in 5 minutes only without waiting for exec-timeout period OR First the exec-timeout will be considered and if the connection is idle for 10 minutes then tcp keepalive will start for another 5 minutes(to drop the connections if it is not got disconnected with exec-timeout value)

0 Helpful
Customers Also Viewed These Support Documents