10-25-2002 06:26 AM - edited 03-09-2019 12:49 AM
Hi,
We have a 3640 configured with Lock-and-key Security (Dynamic Access List)
Installed IOS is:c3640-is40-mz_120-2a.bin
Here a extract of the config:
aaa authentication login user tacacs+
access-list 158 dynamic coxa permit ip any any
access-list 158 permit tcp any host 172.16.1.1 eq telnet
interface Serial3/1.1 point-to-point
ip unnumbered Loopback199
ip access-group 158 in
bandwidth 512
frame-relay interface-dlci 19
!
line vty 0 1
login authentication user
autocommand access-enable host timeout 30
It seems that the idle timeout defined in autocommand config is never refreshed.
The users are getting disconnected after 30 minutes, even if they are doing interesting traffic.
In the same router we have also dialers.
Dynamic access lists are working well with dialer: dyn access lists disappear only after 30 min of inactivity (I have noticed it with the show access-lists command).
Is this a known bug or something else?
Thanks,
Eng. Leonardo Avella
CCNP Cisco Certified Network Professional
Solved! Go to Solution.
10-25-2002 09:38 AM
Idle timeout works on the access-enable command like you have it and the absolute timeout (the max time limit for each entry within this dynamic list) works on the access-list (eg access-list 101 dynamic test timeout 6 permit ip any any).
Try:
line VTY 0 4
autocommand access-enable timeout 5 (remove the host keyword)
If that doesn't work:
-use login local, do they get disconnected?
-don't put any timeout (default is no timeout - connected indefinitely until manually cleared - for testing only), do they still get disconnected?
As a side note sounds similar to a bug for the as5300: CSCdu30577
Hope it helps.
Steve
10-25-2002 09:38 AM
Idle timeout works on the access-enable command like you have it and the absolute timeout (the max time limit for each entry within this dynamic list) works on the access-list (eg access-list 101 dynamic test timeout 6 permit ip any any).
Try:
line VTY 0 4
autocommand access-enable timeout 5 (remove the host keyword)
If that doesn't work:
-use login local, do they get disconnected?
-don't put any timeout (default is no timeout - connected indefinitely until manually cleared - for testing only), do they still get disconnected?
As a side note sounds similar to a bug for the as5300: CSCdu30577
Hope it helps.
Steve
10-30-2002 12:03 AM
Hi,
Probably IOS c3640-is40-mz_120-2a.bin (IP PLUS 40) has the same bug you showed me for the AS5300.
We upgraded to ver 12.0.(24) and the problem seems solved.
Thank you very much,
Leonardo Avella
CCNP - Cisco Certified Network Professional
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide